package org.apache.sling.httpauth.impl;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import javax.jcr.SimpleCredentials;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.sling.engine.auth.AuthenticationHandler;
import org.apache.sling.engine.auth.AuthenticationInfo;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:resources/bundles/0/org.apache.sling.httpauth-2.0.4-incubator.jar:org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.class */
public class AuthorizationHeaderAuthenticationHandler implements AuthenticationHandler {
    public static final String PAR_REALM_NAME = "auth.http.realm";
    static final String REQUEST_LOGIN_PARAMETER = "sling:authRequestLogin";
    static final String NOT_LOGGED_IN_USER = "__forced_logout_user__";
    private static final String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
    private static final String HEADER_AUTHORIZATION = "Authorization";
    private static final String AUTHENTICATION_SCHEME_BASIC = "Basic";
    private static final String DEFAULT_REALM = "Sling (Development)";
    private static final String LOGIN_FORM_TEMPLATE = "LoginFormTemplate.html";
    private final Logger log = LoggerFactory.getLogger(getClass());
    private String realm = DEFAULT_REALM;
    private String loginFormTemplate;

    public AuthorizationHeaderAuthenticationHandler() {
        this.log.info("AuthorizationHeaderAuthenticationHandler created");
    }

    @Override // org.apache.sling.engine.auth.AuthenticationHandler
    public AuthenticationInfo authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AuthenticationInfo extractAuthentication = extractAuthentication(httpServletRequest);
        if (extractAuthentication != null) {
            return extractAuthentication;
        }
        if (forceAuthentication(httpServletRequest, httpServletResponse)) {
            return AuthenticationInfo.DOING_AUTH;
        }
        return null;
    }

    @Override // org.apache.sling.engine.auth.AuthenticationHandler
    public boolean requestAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (httpServletResponse.isCommitted()) {
            this.log.error("requestAuthentication: Response is committed, cannot request authentication");
            return true;
        }
        httpServletResponse.reset();
        httpServletResponse.setStatus(200);
        String loginForm = getLoginForm();
        if (loginForm == null) {
            sendUnauthorized(httpServletResponse);
            return true;
        }
        String replaceVariables = replaceVariables(replaceVariables(replaceVariables(loginForm, "@@contextPath@@", httpServletRequest.getContextPath(), "/"), "@@authType@@", httpServletRequest.getAuthType(), ""), "@@user@@", httpServletRequest.getRemoteUser(), "");
        httpServletResponse.setContentType("text/html");
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.getWriter().print(replaceVariables);
        return true;
    }

    private boolean forceAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean z = false;
        if (httpServletRequest.getParameter(REQUEST_LOGIN_PARAMETER) == null) {
            this.log.debug("forceAuthentication: Not forcing authentication because request parameter {} is not set", REQUEST_LOGIN_PARAMETER);
        } else if (httpServletResponse.isCommitted()) {
            this.log.error("forceAuthentication: Response is committed, cannot request authentication");
        } else {
            z = sendUnauthorized(httpServletResponse);
        }
        return z;
    }

    private boolean sendUnauthorized(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"" + this.realm + "\"");
        try {
            httpServletResponse.sendError(401);
            return true;
        } catch (IOException e) {
            this.log.error("sendUnauthorized: Failed requesting authentication", (Throwable) e);
            return false;
        }
    }

    protected void activate(ComponentContext componentContext) {
        String str = (String) componentContext.getProperties().get(PAR_REALM_NAME);
        if (str == null || str.length() == 0) {
            str = DEFAULT_REALM;
        }
        if (str.equals(this.realm)) {
            return;
        }
        this.log.info("Setting new realm name {} (was {})", str, this.realm);
        this.realm = str;
    }

    protected AuthenticationInfo extractAuthentication(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || header.length() == 0) {
            Cookie[] cookies = httpServletRequest.getCookies();
            if (cookies != null) {
                int i = 0;
                while (true) {
                    if (i >= cookies.length) {
                        break;
                    }
                    if ("Authorization".equalsIgnoreCase(cookies[i].getName())) {
                        header = cookies[i].getValue();
                        break;
                    }
                    i++;
                }
            }
            if (header == null || header.length() == 0) {
                return null;
            }
        }
        String trim = header.trim();
        int indexOf = trim.indexOf(32);
        if (indexOf <= 0) {
            return null;
        }
        String substring = trim.substring(0, indexOf);
        String trim2 = trim.substring(indexOf).trim();
        if (!substring.equalsIgnoreCase(AUTHENTICATION_SCHEME_BASIC)) {
            return null;
        }
        try {
            String str = new String(Base64.decodeBase64(trim2.getBytes("ISO-8859-1")), "ISO-8859-1");
            int indexOf2 = str.indexOf(58);
            SimpleCredentials simpleCredentials = indexOf2 < 0 ? new SimpleCredentials(str, new char[0]) : new SimpleCredentials(str.substring(0, indexOf2), str.substring(indexOf2 + 1).toCharArray());
            if (NOT_LOGGED_IN_USER.equals(simpleCredentials.getUserID())) {
                return null;
            }
            return new AuthenticationInfo("BASIC", simpleCredentials);
        } catch (UnsupportedEncodingException e) {
            this.log.error("extractAuthentication: Cannot en/decode authentication info", (Throwable) e);
            return null;
        }
    }

    private String getLoginForm() {
        if (this.loginFormTemplate == null) {
            InputStream resourceAsStream = getClass().getResourceAsStream(LOGIN_FORM_TEMPLATE);
            try {
                if (resourceAsStream != null) {
                    try {
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        byte[] bArr = new byte[3000];
                        while (true) {
                            int read = resourceAsStream.read(bArr);
                            if (read < 0) {
                                break;
                            }
                            byteArrayOutputStream.write(bArr, 0, read);
                        }
                        byteArrayOutputStream.close();
                        this.loginFormTemplate = new String(byteArrayOutputStream.toByteArray(), "UTF-8");
                        try {
                            resourceAsStream.close();
                        } catch (IOException e) {
                        }
                    } catch (IOException e2) {
                        this.log.error("getLoginForm: Failure reading login form template", (Throwable) e2);
                        try {
                            resourceAsStream.close();
                        } catch (IOException e3) {
                        }
                    }
                } else {
                    this.log.error("getLoginForm: Cannot access login form template at LoginFormTemplate.html");
                }
            } catch (Throwable th) {
                try {
                    resourceAsStream.close();
                } catch (IOException e4) {
                }
                throw th;
            }
        }
        return this.loginFormTemplate;
    }

    private String replaceVariables(String str, String str2, String str3, String str4) {
        if (str3 == null || str3.length() == 0) {
            str3 = str4;
        }
        return str.replaceAll(str2, str3);
    }
}
