package org.apache.tuscany.sca.policy.security.http.util;

import java.util.Iterator;
import java.util.StringTokenizer;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.apache.tuscany.sca.invocation.Message;
import org.apache.tuscany.sca.policy.authentication.basic.BasicAuthenticationPrincipal;

/* loaded from: input_file:org/apache/tuscany/sca/policy/security/http/util/HttpSecurityUtil.class */
public class HttpSecurityUtil {
    public static boolean hasAuthorizationHeader(HttpServletRequest httpServletRequest) {
        boolean z = false;
        if (httpServletRequest.getHeader("Authorization") != null) {
            z = true;
        }
        return z;
    }

    public static String getAuthorizationHeader(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader("Authorization");
    }

    public static Subject getSubject(Message message) {
        Subject subject = null;
        HttpServletRequest httpServletRequest = null;
        Iterator<Object> it = message.getHeaders().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            if (next instanceof Subject) {
                subject = (Subject) next;
                break;
            }
            if (next instanceof HttpServletRequest) {
                httpServletRequest = (HttpServletRequest) next;
            }
        }
        if (((subject == null) & (httpServletRequest != null)) && hasAuthorizationHeader(httpServletRequest)) {
            subject = getSubject(getAuthorizationHeader(httpServletRequest));
        }
        if (subject == null) {
            subject = new Subject();
            message.getHeaders().add(subject);
        }
        return subject;
    }

    public static Subject getSubject(String str) {
        String str2;
        int indexOf;
        Subject subject = new Subject();
        String str3 = null;
        String str4 = null;
        if (str != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str);
            if (stringTokenizer.hasMoreTokens() && stringTokenizer.nextToken().equalsIgnoreCase("Basic") && (indexOf = (str2 = new String(Base64.decodeBase64(stringTokenizer.nextToken().getBytes()))).indexOf(":")) != -1) {
                str3 = str2.substring(0, indexOf);
                str4 = str2.substring(indexOf + 1);
            }
        }
        if (str3 != null && str4 != null) {
            subject.getPrincipals().add(new BasicAuthenticationPrincipal(str3, str4));
        }
        return subject;
    }
}
