package org.springframework.extensions.webscripts;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.httpclient.auth.AuthState;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.surf.RequestContext;
import org.springframework.extensions.surf.UserFactory;
import org.springframework.extensions.surf.support.ThreadLocalRequestContext;
import org.springframework.extensions.surf.util.Base64;
import org.springframework.extensions.webscripts.Description;
import org.springframework.extensions.webscripts.connector.ConnectorService;
import org.springframework.extensions.webscripts.connector.Credentials;
import org.springframework.extensions.webscripts.connector.CredentialsImpl;
import org.springframework.extensions.webscripts.servlet.ServletAuthenticatorFactory;
import org.springframework.extensions.webscripts.servlet.WebScriptServletRequest;
import org.springframework.extensions.webscripts.servlet.WebScriptServletResponse;

/* loaded from: input_file:WEB-INF/lib/spring-surf-8.12.jar:org/springframework/extensions/webscripts/BasicHttpAuthenticatorFactory.class */
public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactory {
    private static Log logger = LogFactory.getLog(BasicHttpAuthenticatorFactory.class);
    private ConnectorService connectorService;
    private String endpointId;
    private boolean delegate = false;

    /* loaded from: input_file:WEB-INF/lib/spring-surf-8.12.jar:org/springframework/extensions/webscripts/BasicHttpAuthenticatorFactory$BasicHttpAuthenticator.class */
    public class BasicHttpAuthenticator implements Authenticator {
        private WebScriptServletRequest servletReq;
        private WebScriptServletResponse servletRes;
        private String authorization;
        private String ticket;

        public BasicHttpAuthenticator(WebScriptServletRequest webScriptServletRequest, WebScriptServletResponse webScriptServletResponse) {
            this.servletReq = webScriptServletRequest;
            this.servletRes = webScriptServletResponse;
            HttpServletRequest httpServletRequest = this.servletReq.getHttpServletRequest();
            this.authorization = httpServletRequest.getHeader("Authorization");
            this.ticket = httpServletRequest.getParameter("alf_ticket");
        }

        @Override // org.springframework.extensions.webscripts.Authenticator
        public boolean authenticate(Description.RequiredAuthentication requiredAuthentication, boolean z) {
            boolean z2 = false;
            HttpServletRequest httpServletRequest = this.servletReq.getHttpServletRequest();
            HttpServletResponse httpServletResponse = this.servletRes.getHttpServletResponse();
            if (BasicHttpAuthenticatorFactory.logger.isDebugEnabled()) {
                BasicHttpAuthenticatorFactory.logger.debug("HTTP Authorization provided: " + ((this.authorization == null || this.authorization.length() == 0) ? false : true));
            }
            if (this.authorization != null && this.authorization.length() != 0) {
                String[] split = this.authorization.split(StringUtils.SPACE);
                if (!split[0].equalsIgnoreCase(AuthState.PREEMPTIVE_AUTH_SCHEME)) {
                    throw new WebScriptException("Authorization '" + split[0] + "' not supported.");
                }
                String[] split2 = new String(Base64.decode(split[1])).split(":");
                if (split2.length == 2) {
                    String str = split2[0];
                    if (BasicHttpAuthenticatorFactory.logger.isDebugEnabled()) {
                        BasicHttpAuthenticatorFactory.logger.debug("Authenticating (BASIC HTTP) user " + split2[0]);
                    }
                    try {
                        HttpSession session = httpServletRequest.getSession();
                        CredentialsImpl credentialsImpl = new CredentialsImpl(BasicHttpAuthenticatorFactory.this.endpointId);
                        credentialsImpl.setProperty(Credentials.CREDENTIAL_USERNAME, str);
                        credentialsImpl.setProperty(Credentials.CREDENTIAL_PASSWORD, split2[1]);
                        BasicHttpAuthenticatorFactory.this.connectorService.getCredentialVault(session, str).store(credentialsImpl);
                        if (BasicHttpAuthenticatorFactory.this.delegate) {
                            session.setAttribute(UserFactory.SESSION_ATTRIBUTE_KEY_USER_ID, str);
                            z2 = true;
                        } else {
                            z2 = BasicHttpAuthenticatorFactory.this.connectorService.getConnector(BasicHttpAuthenticatorFactory.this.endpointId, str, session).call("/touch").getStatus().getCode() == 200;
                            if (Description.RequiredAuthentication.admin == requiredAuthentication) {
                                RequestContext requestContext = ThreadLocalRequestContext.getRequestContext();
                                z2 = requestContext.getServiceRegistry().getUserFactory().loadUser(requestContext, str, BasicHttpAuthenticatorFactory.this.endpointId).isAdmin();
                            }
                        }
                    } catch (Throwable th) {
                        BasicHttpAuthenticatorFactory.logger.warn("Failed during authorization: " + th.getMessage(), th);
                    }
                }
            }
            if (!z2) {
                if (BasicHttpAuthenticatorFactory.logger.isDebugEnabled()) {
                    BasicHttpAuthenticatorFactory.logger.debug("Requesting authorization credentials");
                }
                httpServletResponse.setStatus(401);
                httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Alfresco\"");
            }
            return z2;
        }

        @Override // org.springframework.extensions.webscripts.Authenticator
        public boolean emptyCredentials() {
            return (this.ticket == null || this.ticket.length() == 0) && (this.authorization == null || this.authorization.length() == 0);
        }
    }

    public void setConnectorService(ConnectorService connectorService) {
        this.connectorService = connectorService;
    }

    public void setEndpointId(String str) {
        this.endpointId = str;
    }

    public void setDelegate(boolean z) {
        this.delegate = z;
    }

    @Override // org.springframework.extensions.webscripts.servlet.ServletAuthenticatorFactory
    public Authenticator create(WebScriptServletRequest webScriptServletRequest, WebScriptServletResponse webScriptServletResponse) {
        return new BasicHttpAuthenticator(webScriptServletRequest, webScriptServletResponse);
    }
}
