package io.confluent.common.security.jetty;

import com.google.auth.http.AuthHttpConstants;
import io.confluent.common.security.auth.RestUserPrincipal;
import java.io.IOException;
import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.UserAuthentication;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.security.authentication.DeferredAuthentication;
import org.eclipse.jetty.security.authentication.LoginAuthenticator;
import org.eclipse.jetty.server.Authentication;

/* loaded from: input_file:io/confluent/common/security/jetty/OAuthOrBasicAuthenticator.class */
public class OAuthOrBasicAuthenticator extends LoginAuthenticator {
    private static final OAuthBearerAuthenticator oauth = new OAuthBearerAuthenticator();
    private static final BasicAuthenticator basic = new BasicAuthenticator();
    private static final String BASIC_KEYWORD = "basic";
    private static final String METADATA_RESOURCE_URI = "/v1/metadata/id";

    /* loaded from: input_file:io/confluent/common/security/jetty/OAuthOrBasicAuthenticator$MdsResponse.class */
    public class MdsResponse extends HttpServletResponseWrapper {
        private HttpServletResponse response;

        public MdsResponse(HttpServletResponse httpServletResponse) {
            super(httpServletResponse);
            this.response = httpServletResponse;
        }

        @Override // javax.servlet.http.HttpServletResponseWrapper, javax.servlet.http.HttpServletResponse
        public void sendError(int i) throws IOException {
            if (this.response.getHeader(HttpHeader.WWW_AUTHENTICATE.asString()) != null) {
                this.response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "none");
            }
            super.sendError(i);
        }
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public String getAuthMethod() {
        return "BEARER+BASIC";
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        int indexOf;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (httpServletRequest.getRequestURI().equalsIgnoreCase(METADATA_RESOURCE_URI)) {
            return new UserAuthentication(getAuthMethod(), this._identityService.newUserIdentity(new Subject(), new RestUserPrincipal(""), new String[0]));
        }
        String authHeader = oauth.getAuthHeader(httpServletRequest);
        return !z ? new DeferredAuthentication(this) : httpServletRequest.getParameter("access_token") != null ? oauth.validateRequest(servletRequest, servletResponse, true) : (authHeader == null || (indexOf = authHeader.indexOf(32)) <= 0 || !AuthHttpConstants.BEARER.equals(authHeader.substring(0, indexOf))) ? basic.validateRequest(servletRequest, new MdsResponse((HttpServletResponse) servletResponse), true) : oauth.validateRequest(servletRequest, servletResponse, true);
    }

    @Override // org.eclipse.jetty.security.authentication.LoginAuthenticator, org.eclipse.jetty.security.Authenticator
    public void setConfiguration(Authenticator.AuthConfiguration authConfiguration) {
        super.setConfiguration(authConfiguration);
        basic.setConfiguration(authConfiguration);
        oauth.setConfiguration(authConfiguration);
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public boolean secureResponse(ServletRequest servletRequest, ServletResponse servletResponse, boolean z, Authentication.User user) {
        return true;
    }
}
