package com.caucho.security;

import com.caucho.util.Base64;
import java.io.IOException;
import java.security.Principal;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:BOOT-INF/lib/resin-4.0.65.jar:com/caucho/security/BasicLogin.class */
public class BasicLogin extends AbstractLogin {
    private static final Logger log = Logger.getLogger(BasicLogin.class.getName());
    private String _realm;

    public void setRealmName(String str) {
        this._realm = str;
    }

    public String getRealmName() {
        return this._realm;
    }

    @Override // com.caucho.security.AbstractLogin, com.caucho.security.Login
    public String getAuthType() {
        return "Basic";
    }

    @Override // com.caucho.security.AbstractLogin, com.caucho.security.Login
    public boolean isPasswordBased() {
        return true;
    }

    @Override // com.caucho.security.AbstractLogin, com.caucho.security.Login
    public boolean isLoginUsedForRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader("authorization") != null;
    }

    @Override // com.caucho.security.AbstractLogin
    protected Principal getUserPrincipalImpl(HttpServletRequest httpServletRequest) {
        String decode;
        int indexOf;
        String header = httpServletRequest.getHeader("authorization");
        String str = (String) httpServletRequest.getAttribute(Login.LOGIN_USER_NAME);
        char[] cArr = null;
        if (header != null) {
            int indexOf2 = header.indexOf(32);
            if (indexOf2 <= 0 || (indexOf = (decode = Base64.decode(header.substring(indexOf2 + 1))).indexOf(58)) < 0) {
                return null;
            }
            str = decode.substring(0, indexOf);
            cArr = decode.substring(indexOf + 1).toCharArray();
        } else {
            if (str == null) {
                return null;
            }
            String str2 = (String) httpServletRequest.getAttribute(Login.LOGIN_PASSWORD);
            if (str2 != null) {
                cArr = str2.toCharArray();
            }
        }
        Authenticator authenticator = getAuthenticator();
        BasicPrincipal basicPrincipal = new BasicPrincipal(str);
        Principal authenticate = authenticator.authenticate(basicPrincipal, new PasswordCredentials(cArr), httpServletRequest);
        if (log.isLoggable(Level.FINE)) {
            log.fine("basic: " + basicPrincipal + " -> " + authenticate + " (" + authenticator + ")");
        }
        return authenticate;
    }

    @Override // com.caucho.security.AbstractLogin
    protected boolean isSavedUserValid(HttpServletRequest httpServletRequest, Principal principal) {
        int indexOf;
        String decode;
        int indexOf2;
        String header = httpServletRequest.getHeader("authorization");
        if (header != null && (indexOf = header.indexOf(32)) > 0 && (indexOf2 = (decode = Base64.decode(header.substring(indexOf + 1))).indexOf(58)) >= 0) {
            return principal.getName().equals(decode.substring(0, indexOf2));
        }
        return true;
    }

    @Override // com.caucho.security.AbstractLogin
    protected void loginChallenge(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String realmName = getRealmName();
        if (realmName == null) {
            realmName = "resin";
        }
        httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
        httpServletResponse.sendError(401);
    }
}
