package org.apache.sling.auth.core.impl;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.batik.util.XMLConstants;
import org.apache.commons.codec.binary.Base64;
import org.apache.sling.auth.core.AuthUtil;
import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler;
import org.eclipse.jdt.internal.compiler.impl.CompilerOptions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/resources/install/0/org.apache.sling.auth.core-1.3.10.jar:org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.class */
class HttpBasicAuthenticationHandler extends DefaultAuthenticationFeedbackHandler implements AuthenticationHandler {
    private static final String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
    private static final String HEADER_AUTHORIZATION = "Authorization";
    private static final String AUTHENTICATION_SCHEME_BASIC = "Basic";
    private final Logger log = LoggerFactory.getLogger(getClass());
    private final String realm;
    private final boolean fullSupport;

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpBasicAuthenticationHandler(String str, boolean z) {
        this.realm = str;
        this.fullSupport = z;
    }

    @Override // org.apache.sling.auth.core.spi.AuthenticationHandler
    public AuthenticationInfo extractCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AuthenticationInfo extractCredentials = extractCredentials(httpServletRequest);
        if (extractCredentials != null) {
            return extractCredentials;
        }
        if (forceAuthentication(httpServletRequest, httpServletResponse)) {
            return AuthenticationInfo.DOING_AUTH;
        }
        return null;
    }

    @Override // org.apache.sling.auth.core.spi.AuthenticationHandler
    public boolean requestCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this.fullSupport) {
            return sendUnauthorized(httpServletResponse);
        }
        return false;
    }

    @Override // org.apache.sling.auth.core.spi.AuthenticationHandler
    public void dropCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!this.fullSupport || httpServletRequest.getHeader("Authorization") == null) {
            return;
        }
        sendUnauthorized(httpServletResponse);
    }

    @Override // org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler, org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler
    public void authenticationFailed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationInfo authenticationInfo) {
        if (AuthUtil.isValidateRequest(httpServletRequest)) {
            return;
        }
        sendUnauthorized(httpServletResponse);
    }

    private boolean isLoginRequested(HttpServletRequest httpServletRequest) {
        return AuthUtil.getAttributeOrParameter(httpServletRequest, AuthenticationHandler.REQUEST_LOGIN_PARAMETER, null) != null;
    }

    private boolean forceAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean z = false;
        if (isLoginRequested(httpServletRequest)) {
            z = sendUnauthorized(httpServletResponse);
        } else {
            this.log.debug("forceAuthentication: Not forcing authentication because request parameter {} is not set", AuthenticationHandler.REQUEST_LOGIN_PARAMETER);
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean sendUnauthorized(HttpServletResponse httpServletResponse) {
        if (httpServletResponse.isCommitted()) {
            this.log.error("sendUnauthorized: Cannot send 401/UNAUTHORIZED; response is already committed");
            return false;
        }
        httpServletResponse.resetBuffer();
        httpServletResponse.setStatus(401);
        httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"" + this.realm + XMLConstants.XML_DOUBLE_QUOTE);
        try {
            httpServletResponse.flushBuffer();
            return true;
        } catch (IOException e) {
            this.log.error("sendUnauthorized: Failed requesting authentication", (Throwable) e);
            return false;
        }
    }

    public String toString() {
        return "HTTP Basic Authentication Handler (" + (this.fullSupport ? CompilerOptions.ENABLED : "preemptive") + ")";
    }

    protected AuthenticationInfo extractCredentials(HttpServletRequest httpServletRequest) {
        String trim;
        int indexOf;
        String substring;
        char[] charArray;
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || header.length() == 0 || (indexOf = (trim = header.trim()).indexOf(32)) <= 0) {
            return null;
        }
        String substring2 = trim.substring(0, indexOf);
        String trim2 = trim.substring(indexOf).trim();
        if (!substring2.equalsIgnoreCase("Basic")) {
            return null;
        }
        try {
            String str = new String(Base64.decodeBase64(trim2.getBytes("ISO-8859-1")), "ISO-8859-1");
            int indexOf2 = str.indexOf(58);
            if (indexOf2 < 0) {
                substring = str;
                charArray = new char[0];
            } else {
                substring = str.substring(0, indexOf2);
                charArray = str.substring(indexOf2 + 1).toCharArray();
            }
            return new AuthenticationInfo("BASIC", substring, charArray);
        } catch (UnsupportedEncodingException e) {
            this.log.error("extractAuthentication: Cannot en/decode authentication info", (Throwable) e);
            return null;
        }
    }
}
