package org.alfresco.web.scripts;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.util.Base64;
import org.alfresco.web.app.AlfrescoNavigationHandler;
import org.alfresco.web.scripts.WebScriptDescription;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:org/alfresco/web/scripts/BasicHttpAuthenticator.class */
public class BasicHttpAuthenticator implements WebScriptServletAuthenticator {
    private static final Log logger = LogFactory.getLog(BasicHttpAuthenticator.class);
    private AuthenticationService authenticationService;

    public void setAuthenticationService(AuthenticationService authenticationService) {
        this.authenticationService = authenticationService;
    }

    @Override // org.alfresco.web.scripts.WebScriptServletAuthenticator
    public boolean authenticate(WebScriptDescription.RequiredAuthentication requiredAuthentication, boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean z2 = false;
        String header = httpServletRequest.getHeader("Authorization");
        String parameter = httpServletRequest.getParameter("alf_ticket");
        if (logger.isDebugEnabled()) {
            logger.debug("HTTP Authorization provided: " + (header != null && header.length() > 0));
            logger.debug("URL ticket provided: " + (parameter != null && parameter.length() > 0));
        }
        if (z && WebScriptDescription.RequiredAuthentication.guest == requiredAuthentication) {
            if (logger.isDebugEnabled()) {
                logger.debug("Authenticating as Guest");
            }
            this.authenticationService.authenticateAsGuest();
            z2 = true;
        } else if (parameter != null && parameter.length() > 0) {
            try {
                if (logger.isDebugEnabled()) {
                    logger.debug("Authenticating (URL argument) ticket " + parameter);
                }
                this.authenticationService.validate(parameter);
                z2 = true;
            } catch (AuthenticationException e) {
            }
        } else if (header != null && header.length() > 0) {
            try {
                String[] split = header.split(" ");
                if (!split[0].equalsIgnoreCase("basic")) {
                    throw new WebScriptException("Authorization '" + split[0] + "' not supported.");
                }
                String[] split2 = new String(Base64.decode(split[1])).split(AlfrescoNavigationHandler.OUTCOME_SEPARATOR);
                if (split2.length == 1) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Authenticating (BASIC HTTP) ticket " + split2[0]);
                    }
                    this.authenticationService.validate(split2[0]);
                    z2 = true;
                } else {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Authenticating (BASIC HTTP) user " + split2[0]);
                    }
                    if (!split2[0].equals(AuthenticationUtil.getGuestUserName())) {
                        this.authenticationService.authenticate(split2[0], split2[1].toCharArray());
                        z2 = true;
                    } else if (requiredAuthentication == WebScriptDescription.RequiredAuthentication.guest) {
                        this.authenticationService.authenticateAsGuest();
                        z2 = true;
                    }
                }
            } catch (AuthenticationException e2) {
            }
        }
        if (!z2) {
            if (logger.isDebugEnabled()) {
                logger.debug("Requesting authorization credentials");
            }
            httpServletResponse.setStatus(401);
            httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Alfresco\"");
        }
        return z2;
    }
}
