package org.exist.http.servlets;

import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.xmlrpc.Base64;
import org.exist.security.User;
import org.exist.storage.BrokerPool;

/* loaded from: input_file:WEB-INF/lib/exist-optional-1_0b2_build_1107.jar:org/exist/http/servlets/BasicAuthenticator.class */
public class BasicAuthenticator implements Authenticator {
    private BrokerPool pool;

    public BasicAuthenticator(BrokerPool brokerPool) {
        this.pool = brokerPool;
    }

    @Override // org.exist.http.servlets.Authenticator
    public User authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            sendChallenge(httpServletRequest, httpServletResponse);
            return null;
        }
        String str = new String(Base64.decode(header.substring("Basic ".length()).getBytes()));
        int indexOf = str.indexOf(58);
        String substring = str.substring(0, indexOf);
        String substring2 = str.substring(indexOf + 1);
        User user = this.pool.getSecurityManager().getUser(substring);
        if (user == null) {
            httpServletResponse.sendError(401);
            return null;
        }
        if (user.validate(substring2)) {
            return user;
        }
        httpServletResponse.sendError(401);
        return null;
    }

    @Override // org.exist.http.servlets.Authenticator
    public void sendChallenge(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"exist\"");
        httpServletResponse.sendError(401);
    }
}
