package com.orientechnologies.orient.server.network.protocol.http.command;

import com.orientechnologies.orient.server.network.protocol.http.OHttpRequest;
import com.orientechnologies.orient.server.network.protocol.http.OHttpResponse;
import com.orientechnologies.orient.server.network.protocol.http.OHttpUtils;
import java.io.IOException;

/* loaded from: input_file:com/orientechnologies/orient/server/network/protocol/http/command/OServerCommandAuthenticatedServerAbstract.class */
public abstract class OServerCommandAuthenticatedServerAbstract extends OServerCommandAbstract {
    private static final String SESSIONID_UNAUTHORIZED = "-";
    private static final String SESSIONID_LOGOUT = "!";
    private final String resource;
    protected String serverUser;
    protected String serverPassword;

    /* JADX INFO: Access modifiers changed from: protected */
    public OServerCommandAuthenticatedServerAbstract(String str) {
        this.resource = str;
    }

    @Override // com.orientechnologies.orient.server.network.protocol.http.command.OServerCommandAbstract, com.orientechnologies.orient.server.network.protocol.http.command.OServerCommand
    public boolean beforeExecute(OHttpRequest oHttpRequest, OHttpResponse oHttpResponse) throws IOException {
        super.beforeExecute(oHttpRequest, oHttpResponse);
        return authenticate(oHttpRequest, oHttpResponse, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean authenticate(OHttpRequest oHttpRequest, OHttpResponse oHttpResponse, boolean z) throws IOException {
        if (checkGuestAccess()) {
            oHttpResponse.sessionId = null;
            return true;
        }
        if (z && (oHttpRequest.authorization == null || "!".equals(oHttpRequest.sessionId))) {
            sendAuthorizationRequest(oHttpRequest, oHttpResponse);
            return false;
        }
        if (oHttpRequest.authorization != null) {
            String[] split = oHttpRequest.authorization.split(":");
            if (split.length != 2) {
                sendAuthorizationRequest(oHttpRequest, oHttpResponse);
                return false;
            }
            this.serverUser = split[0];
            this.serverPassword = split[1];
            if (split.length == 2 && this.server.authenticate(this.serverUser, this.serverPassword, this.resource)) {
                return true;
            }
        }
        sendNotAuthorizedResponse(oHttpRequest, oHttpResponse);
        return false;
    }

    protected boolean checkGuestAccess() {
        return this.server.isAllowed("guest", this.resource);
    }

    protected void sendNotAuthorizedResponse(OHttpRequest oHttpRequest, OHttpResponse oHttpResponse) throws IOException {
        sendAuthorizationRequest(oHttpRequest, oHttpResponse);
    }

    protected void sendAuthorizationRequest(OHttpRequest oHttpRequest, OHttpResponse oHttpResponse) throws IOException {
        oHttpRequest.sessionId = "-";
        String str = null;
        String header = oHttpRequest.getHeader("X-Requested-With");
        if (header == null || !header.equals("XMLHttpRequest")) {
            str = this.server.getSecurity().getAuthenticationHeader(null);
        }
        if (isJsonResponse(oHttpResponse)) {
            sendJsonError(oHttpResponse, 401, OHttpUtils.STATUS_AUTH_DESCRIPTION, OHttpUtils.CONTENT_TEXT_PLAIN, "401 Unauthorized.", str);
        } else {
            oHttpResponse.send(401, OHttpUtils.STATUS_AUTH_DESCRIPTION, OHttpUtils.CONTENT_TEXT_PLAIN, "401 Unauthorized.", str);
        }
    }
}
