package org.exist.http.servlets;

import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.exist.security.User;
import org.exist.storage.BrokerPool;
import org.exist.util.Base64Decoder;
import org.exist.xquery.XQueryContext;

/* loaded from: input_file:WEB-INF/lib/exist-optional-1_4_1_dev_orbeon_20110104.jar:org/exist/http/servlets/BasicAuthenticator.class */
public class BasicAuthenticator implements Authenticator {
    protected static final Logger LOG = Logger.getLogger(BasicAuthenticator.class);
    private BrokerPool pool;

    public BasicAuthenticator(BrokerPool brokerPool) {
        this.pool = brokerPool;
    }

    @Override // org.exist.http.servlets.Authenticator
    public User authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String header = httpServletRequest.getHeader("Authorization");
        String str = null;
        String str2 = null;
        if (header != null) {
            Base64Decoder base64Decoder = new Base64Decoder();
            base64Decoder.translate(header.substring("Basic ".length()));
            String str3 = new String(base64Decoder.getByteArray());
            int indexOf = str3.indexOf(58);
            str = indexOf < 0 ? str3 : str3.substring(0, indexOf);
            str2 = indexOf < 0 ? null : str3.substring(indexOf + 1);
        }
        HttpSession session = httpServletRequest.getSession(false);
        User user = null;
        if (session != null) {
            user = (User) session.getAttribute(XQueryContext.HTTP_SESSIONVAR_XMLDB_USER);
            if (user != null && (str == null || user.getName().equals(str))) {
                return user;
            }
        }
        if (user != null) {
            session.removeAttribute(XQueryContext.HTTP_SESSIONVAR_XMLDB_USER);
        }
        if (header == null) {
            sendChallenge(httpServletRequest, httpServletResponse);
            return null;
        }
        User user2 = this.pool.getSecurityManager().getUser(str);
        if (user2 == null) {
            sendChallenge(httpServletRequest, httpServletResponse);
            return null;
        }
        if (!user2.validate(str2)) {
            sendChallenge(httpServletRequest, httpServletResponse);
            return null;
        }
        if (session != null) {
            session.setAttribute(XQueryContext.HTTP_SESSIONVAR_XMLDB_USER, user2);
        }
        return user2;
    }

    @Override // org.exist.http.servlets.Authenticator
    public void sendChallenge(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"exist\"");
        httpServletResponse.setStatus(401);
    }
}
