package org.exist.http.servlets;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.binary.Base64;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.security.AuthenticationException;
import org.exist.security.Subject;
import org.exist.storage.BrokerPool;
import org.exist.xquery.XQueryContext;

/* loaded from: input_file:org/exist/http/servlets/BasicAuthenticator.class */
public class BasicAuthenticator implements Authenticator {
    protected static final Logger LOG = LogManager.getLogger(BasicAuthenticator.class);
    private BrokerPool pool;

    public BasicAuthenticator(BrokerPool brokerPool) {
        this.pool = brokerPool;
    }

    @Override // org.exist.http.servlets.Authenticator
    public Subject authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException {
        String header = httpServletRequest.getHeader("Authorization");
        String str = null;
        String str2 = null;
        if (header != null) {
            try {
                if (header.toLowerCase().startsWith("basic ")) {
                    String str3 = new String(Base64.decodeBase64(header.substring("basic ".length())), StandardCharsets.UTF_8);
                    int indexOf = str3.indexOf(58);
                    str = indexOf < 0 ? str3 : str3.substring(0, indexOf);
                    str2 = indexOf < 0 ? null : str3.substring(indexOf + 1);
                }
            } catch (IllegalArgumentException e) {
                LOG.warn("Invalid Basic Authentication header received: {}", e.getMessage(), e);
                header = null;
            }
        }
        HttpSession session = httpServletRequest.getSession(false);
        Subject subject = null;
        if (session != null) {
            subject = (Subject) session.getAttribute(XQueryContext.HTTP_SESSIONVAR_XMLDB_USER);
            if (subject != null && (str == null || subject.getName().equals(str))) {
                return subject;
            }
        }
        if (subject != null) {
            session.removeAttribute(XQueryContext.HTTP_SESSIONVAR_XMLDB_USER);
        }
        if (header == null) {
            if (!z) {
                return null;
            }
            sendChallenge(httpServletRequest, httpServletResponse);
            return null;
        }
        try {
            Subject authenticate = this.pool.getSecurityManager().authenticate(str, str2);
            if (session != null) {
                session.setAttribute(XQueryContext.HTTP_SESSIONVAR_XMLDB_USER, authenticate);
            }
            return authenticate;
        } catch (AuthenticationException unused) {
            if (!z) {
                return null;
            }
            sendChallenge(httpServletRequest, httpServletResponse);
            return null;
        }
    }

    @Override // org.exist.http.servlets.Authenticator
    public void sendChallenge(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"exist\"");
        httpServletResponse.setStatus(401);
    }
}
