package org.elasticsearch.xpack.core.security.authc.support;

import java.nio.CharBuffer;
import java.util.Arrays;
import java.util.Base64;
import java.util.Objects;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.core.CharArrays;
import org.elasticsearch.xpack.core.security.authc.AuthenticationToken;
import org.elasticsearch.xpack.core.security.support.Exceptions;

/* loaded from: input_file:org/elasticsearch/xpack/core/security/authc/support/UsernamePasswordToken.class */
public class UsernamePasswordToken implements AuthenticationToken {
    public static final String BASIC_AUTH_PREFIX = "Basic ";
    public static final String BASIC_AUTH_HEADER = "Authorization";
    private static final boolean IGNORE_CASE_AUTH_HEADER_MATCH = true;
    private final String username;
    private final SecureString password;

    public UsernamePasswordToken(String str, SecureString secureString) {
        this.username = str;
        this.password = secureString;
    }

    public static String basicAuthHeaderValue(String str, SecureString secureString) {
        CharBuffer allocate = CharBuffer.allocate(str.length() + secureString.length() + 1);
        byte[] bArr = null;
        try {
            allocate.put(str).put(':').put(secureString.getChars());
            bArr = CharArrays.toUtf8Bytes(allocate.array());
            String str2 = BASIC_AUTH_PREFIX + Base64.getEncoder().encodeToString(bArr);
            Arrays.fill(allocate.array(), (char) 0);
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            return str2;
        } catch (Throwable th) {
            Arrays.fill(allocate.array(), (char) 0);
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            throw th;
        }
    }

    @Override // org.elasticsearch.xpack.core.security.authc.AuthenticationToken
    public String principal() {
        return this.username;
    }

    @Override // org.elasticsearch.xpack.core.security.authc.AuthenticationToken
    public SecureString credentials() {
        return this.password;
    }

    @Override // org.elasticsearch.xpack.core.security.authc.AuthenticationToken
    public void clearCredentials() {
        this.password.close();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) obj;
        return Objects.equals(this.password, usernamePasswordToken.password) && Objects.equals(this.username, usernamePasswordToken.username);
    }

    public int hashCode() {
        return Objects.hash(this.username, Integer.valueOf(this.password.hashCode()));
    }

    public static UsernamePasswordToken extractToken(ThreadContext threadContext) {
        return extractToken(threadContext.getHeader(BASIC_AUTH_HEADER));
    }

    private static UsernamePasswordToken extractToken(String str) {
        if (Strings.isNullOrEmpty(str) || !str.regionMatches(true, 0, BASIC_AUTH_PREFIX, 0, BASIC_AUTH_PREFIX.length())) {
            return null;
        }
        if (str.length() == BASIC_AUTH_PREFIX.length()) {
            throw Exceptions.authenticationError("invalid basic authentication header value", new Object[0]);
        }
        try {
            char[] utf8BytesToChars = CharArrays.utf8BytesToChars(Base64.getDecoder().decode(str.substring(BASIC_AUTH_PREFIX.length()).trim()));
            int indexOfColon = indexOfColon(utf8BytesToChars);
            if (indexOfColon < 0) {
                throw Exceptions.authenticationError("invalid basic authentication header value", new Object[0]);
            }
            return new UsernamePasswordToken(new String(Arrays.copyOfRange(utf8BytesToChars, 0, indexOfColon)), new SecureString(Arrays.copyOfRange(utf8BytesToChars, indexOfColon + 1, utf8BytesToChars.length)));
        } catch (IllegalArgumentException e) {
            throw Exceptions.authenticationError("invalid basic authentication header encoding", e, new Object[0]);
        }
    }

    public static void putTokenHeader(ThreadContext threadContext, UsernamePasswordToken usernamePasswordToken) {
        threadContext.putHeader(BASIC_AUTH_HEADER, basicAuthHeaderValue(usernamePasswordToken.username, usernamePasswordToken.password));
    }

    public static int indexOfColon(char[] cArr) {
        for (int i = 0; i < cArr.length; i++) {
            if (cArr[i] == ':') {
                return i;
            }
        }
        return -1;
    }
}
