package org.apache.catalina.authenticator;

import java.io.IOException;
import java.nio.charset.Charset;
import java.security.Principal;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.connector.Request;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.tomcat.util.buf.B2CConverter;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.codec.binary.Base64;

/* loaded from: input_file:lib/tomcat-catalina-7.0.93.jar:org/apache/catalina/authenticator/BasicAuthenticator.class */
public class BasicAuthenticator extends AuthenticatorBase {
    protected static final String info = "org.apache.catalina.authenticator.BasicAuthenticator/1.0";
    private Charset charset = B2CConverter.ISO_8859_1;
    private String charsetString = null;

    @Override // org.apache.catalina.authenticator.AuthenticatorBase, org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public String getInfo() {
        return info;
    }

    public String getCharset() {
        return this.charsetString;
    }

    public void setCharset(String str) {
        if (str == null || str.isEmpty()) {
            this.charset = B2CConverter.ISO_8859_1;
        } else {
            if (!"UTF-8".equalsIgnoreCase(str)) {
                throw new IllegalArgumentException(sm.getString("basicAuthenticator.invalidCharset"));
            }
            this.charset = B2CConverter.UTF_8;
        }
        this.charsetString = str;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase, org.apache.catalina.Authenticator
    public boolean authenticate(Request request, HttpServletResponse httpServletResponse, LoginConfig loginConfig) throws IOException {
        if (checkForCachedAuthentication(request, httpServletResponse, true)) {
            return true;
        }
        String str = null;
        String str2 = null;
        MessageBytes value = request.getCoyoteRequest().getMimeHeaders().getValue("authorization");
        if (value != null) {
            value.toBytes();
            ByteChunk byteChunk = value.getByteChunk();
            if (byteChunk.startsWithIgnoreCase("basic ", 0)) {
                byteChunk.setOffset(byteChunk.getOffset() + 6);
                byte[] decodeBase64 = Base64.decodeBase64(byteChunk.getBuffer(), byteChunk.getOffset(), byteChunk.getLength());
                int i = -1;
                int i2 = 0;
                while (true) {
                    if (i2 >= decodeBase64.length) {
                        break;
                    }
                    if (decodeBase64[i2] == 58) {
                        i = i2;
                        break;
                    }
                    i2++;
                }
                if (i < 0) {
                    str = new String(decodeBase64, this.charset);
                } else {
                    str = new String(decodeBase64, 0, i, this.charset);
                    str2 = new String(decodeBase64, i + 1, (decodeBase64.length - i) - 1, this.charset);
                }
                byteChunk.setOffset(byteChunk.getOffset() - 6);
            }
            Principal authenticate = this.context.getRealm().authenticate(str, str2);
            if (authenticate != null) {
                register(request, httpServletResponse, authenticate, "BASIC", str, str2);
                return true;
            }
        }
        StringBuilder sb = new StringBuilder(16);
        sb.append("Basic realm=\"");
        if (loginConfig.getRealmName() == null) {
            sb.append("Authentication required");
        } else {
            sb.append(loginConfig.getRealmName());
        }
        sb.append('\"');
        if (this.charsetString != null && !this.charsetString.isEmpty()) {
            sb.append(", charset=");
            sb.append(this.charsetString);
        }
        httpServletResponse.setHeader("WWW-Authenticate", sb.toString());
        httpServletResponse.sendError(401);
        return false;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    protected String getAuthMethod() {
        return "BASIC";
    }
}
