package org.apache.clerezza.platform.security.auth.basic;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.channels.Channels;
import java.nio.channels.ReadableByteChannel;
import java.security.AccessControlException;
import javax.security.auth.Subject;
import org.apache.clerezza.platform.security.UserUtil;
import org.apache.clerezza.platform.security.auth.AuthenticationService;
import org.apache.clerezza.platform.security.auth.LoginException;
import org.apache.clerezza.platform.security.auth.NoSuchAgent;
import org.apache.clerezza.platform.security.auth.PrincipalImpl;
import org.apache.clerezza.platform.security.auth.WeightedAuthenticationMethod;
import org.osgi.service.component.ComponentContext;
import org.wymiwyg.commons.util.Base64;
import org.wymiwyg.wrhapi.HandlerException;
import org.wymiwyg.wrhapi.HeaderName;
import org.wymiwyg.wrhapi.Request;
import org.wymiwyg.wrhapi.Response;
import org.wymiwyg.wrhapi.ResponseStatus;
import org.wymiwyg.wrhapi.util.MessageBody2Read;

/* loaded from: input_file:bundles/startlevel-3/org/apache/clerezza/platform.security.auth.basic/0.4-incubating/platform.security.auth.basic-0.4-incubating.jar:org/apache/clerezza/platform/security/auth/basic/BasicAuthentication.class */
public class BasicAuthentication implements WeightedAuthenticationMethod {
    private int weight = 10;
    AuthenticationService authenticationService;

    public void activate(ComponentContext componentContext) {
        this.weight = ((Integer) componentContext.getProperties().get("weight")).intValue();
    }

    @Override // org.apache.clerezza.platform.security.auth.AuthenticationMethod
    public boolean authenticate(Request request, Subject subject) throws LoginException, HandlerException {
        String[] headerValues = request.getHeaderValues(HeaderName.AUTHORIZATION);
        if (headerValues == null || headerValues.length <= 0) {
            return false;
        }
        String str = headerValues[0];
        String[] split = new String(Base64.decode(str.substring(str.indexOf(32) + 1))).split(":");
        String str2 = split[0];
        try {
            if (!this.authenticationService.authenticateUser(str2, split.length > 1 ? split[1] : "")) {
                throw new LoginException(LoginException.PASSWORD_NOT_MATCHING);
            }
            subject.getPrincipals().remove(UserUtil.ANONYMOUS);
            subject.getPrincipals().add(new PrincipalImpl(str2));
            return true;
        } catch (NoSuchAgent e) {
            throw new LoginException(LoginException.USER_NOT_EXISTING);
        }
    }

    @Override // org.apache.clerezza.platform.security.auth.AuthenticationMethod
    public boolean writeLoginResponse(Request request, Response response, Throwable th) throws HandlerException {
        if (th == null || (th instanceof AccessControlException)) {
            setUnauthorizedResponse(response, "<html><body>unauthorized</body></html>");
            return true;
        }
        if (!(th instanceof LoginException)) {
            return false;
        }
        String type = ((LoginException) th).getType();
        if (type.equals(LoginException.PASSWORD_NOT_MATCHING)) {
            setUnauthorizedResponse(response, "<html><body>Username and password do not match</body></html>");
            return true;
        }
        if (!type.equals(LoginException.USER_NOT_EXISTING)) {
            return false;
        }
        setUnauthorizedResponse(response, "<html><body>User does not exist</body></html>");
        return true;
    }

    private void setUnauthorizedResponse(Response response, String str) throws HandlerException {
        response.setResponseStatus(ResponseStatus.UNAUTHORIZED);
        response.addHeader(HeaderName.WWW_AUTHENTICATE, "Basic realm=\"Clerezza Platform authentication needed\"");
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
        response.setHeader(HeaderName.CONTENT_LENGTH, Integer.valueOf(str.getBytes().length));
        response.setBody(new MessageBody2Read() { // from class: org.apache.clerezza.platform.security.auth.basic.BasicAuthentication.1
            @Override // org.wymiwyg.wrhapi.MessageBody
            public ReadableByteChannel read() throws IOException {
                return Channels.newChannel(byteArrayInputStream);
            }
        });
    }

    @Override // org.apache.clerezza.platform.security.auth.WeightedAuthenticationMethod
    public int getWeight() {
        return this.weight;
    }

    protected void bindAuthenticationService(AuthenticationService authenticationService) {
        this.authenticationService = authenticationService;
    }

    protected void unbindAuthenticationService(AuthenticationService authenticationService) {
        if (this.authenticationService == authenticationService) {
            this.authenticationService = null;
        }
    }
}
