package org.alfresco.repo.web.scripts.servlet;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.util.Base64;
import org.alfresco.web.scripts.Authenticator;
import org.alfresco.web.scripts.Description;
import org.alfresco.web.scripts.WebScriptException;
import org.alfresco.web.scripts.servlet.ServletAuthenticatorFactory;
import org.alfresco.web.scripts.servlet.WebScriptServletRequest;
import org.alfresco.web.scripts.servlet.WebScriptServletResponse;
import org.apache.commons.httpclient.auth.AuthState;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:WEB-INF/lib/alfresco-remote-api-3.2r2.jar:org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory.class */
public class BasicHttpAuthenticatorFactory implements ServletAuthenticatorFactory {
    private static Log logger = LogFactory.getLog(BasicHttpAuthenticator.class);
    private AuthenticationService authenticationService;

    /* loaded from: input_file:WEB-INF/lib/alfresco-remote-api-3.2r2.jar:org/alfresco/repo/web/scripts/servlet/BasicHttpAuthenticatorFactory$BasicHttpAuthenticator.class */
    public class BasicHttpAuthenticator implements Authenticator {
        private WebScriptServletRequest servletReq;
        private WebScriptServletResponse servletRes;
        private String authorization;
        private String ticket;

        public BasicHttpAuthenticator(WebScriptServletRequest webScriptServletRequest, WebScriptServletResponse webScriptServletResponse) {
            this.servletReq = webScriptServletRequest;
            this.servletRes = webScriptServletResponse;
            HttpServletRequest httpServletRequest = this.servletReq.getHttpServletRequest();
            this.authorization = httpServletRequest.getHeader("Authorization");
            this.ticket = httpServletRequest.getParameter("alf_ticket");
        }

        @Override // org.alfresco.web.scripts.Authenticator
        public boolean authenticate(Description.RequiredAuthentication requiredAuthentication, boolean z) {
            boolean z2 = false;
            HttpServletResponse httpServletResponse = this.servletRes.getHttpServletResponse();
            if (BasicHttpAuthenticatorFactory.logger.isDebugEnabled()) {
                BasicHttpAuthenticatorFactory.logger.debug("HTTP Authorization provided: " + (this.authorization != null && this.authorization.length() > 0));
                BasicHttpAuthenticatorFactory.logger.debug("URL ticket provided: " + (this.ticket != null && this.ticket.length() > 0));
            }
            if (z && Description.RequiredAuthentication.guest == requiredAuthentication) {
                if (BasicHttpAuthenticatorFactory.logger.isDebugEnabled()) {
                    BasicHttpAuthenticatorFactory.logger.debug("Authenticating as Guest");
                }
                BasicHttpAuthenticatorFactory.this.authenticationService.authenticateAsGuest();
                z2 = true;
            } else if (this.ticket != null && this.ticket.length() > 0) {
                try {
                    if (BasicHttpAuthenticatorFactory.logger.isDebugEnabled()) {
                        BasicHttpAuthenticatorFactory.logger.debug("Authenticating (URL argument) ticket " + this.ticket);
                    }
                    BasicHttpAuthenticatorFactory.this.authenticationService.validate(this.ticket);
                    z2 = true;
                } catch (AuthenticationException e) {
                }
            } else if (this.authorization != null && this.authorization.length() > 0) {
                try {
                    String[] split = this.authorization.split(" ");
                    if (!split[0].equalsIgnoreCase(AuthState.PREEMPTIVE_AUTH_SCHEME)) {
                        throw new WebScriptException("Authorization '" + split[0] + "' not supported.");
                    }
                    String[] split2 = new String(Base64.decode(split[1])).split(":");
                    if (split2.length == 1) {
                        if (BasicHttpAuthenticatorFactory.logger.isDebugEnabled()) {
                            BasicHttpAuthenticatorFactory.logger.debug("Authenticating (BASIC HTTP) ticket " + split2[0]);
                        }
                        BasicHttpAuthenticatorFactory.this.authenticationService.validate(split2[0]);
                        z2 = true;
                    } else {
                        if (BasicHttpAuthenticatorFactory.logger.isDebugEnabled()) {
                            BasicHttpAuthenticatorFactory.logger.debug("Authenticating (BASIC HTTP) user " + split2[0]);
                        }
                        BasicHttpAuthenticatorFactory.this.authenticationService.authenticate(split2[0], split2[1].toCharArray());
                        z2 = true;
                    }
                } catch (AuthenticationException e2) {
                }
            }
            if (!z2) {
                if (BasicHttpAuthenticatorFactory.logger.isDebugEnabled()) {
                    BasicHttpAuthenticatorFactory.logger.debug("Requesting authorization credentials");
                }
                httpServletResponse.setStatus(401);
                httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Alfresco\"");
            }
            return z2;
        }

        @Override // org.alfresco.web.scripts.Authenticator
        public boolean emptyCredentials() {
            return (this.ticket == null || this.ticket.length() == 0) && (this.authorization == null || this.authorization.length() == 0);
        }
    }

    public void setAuthenticationService(AuthenticationService authenticationService) {
        this.authenticationService = authenticationService;
    }

    @Override // org.alfresco.web.scripts.servlet.ServletAuthenticatorFactory
    public Authenticator create(WebScriptServletRequest webScriptServletRequest, WebScriptServletResponse webScriptServletResponse) {
        return new BasicHttpAuthenticator(webScriptServletRequest, webScriptServletResponse);
    }
}
