package com.liferay.portal.security.auth;

import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.Base64;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.MapUtil;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.security.auth.AuthVerifierResult;
import com.liferay.portlet.login.util.LoginUtil;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.osgi.service.upnp.UPnPException;

/* loaded from: input_file:com/liferay/portal/security/auth/BasicAuthHeaderAutoLogin.class */
public class BasicAuthHeaderAutoLogin extends BaseAutoLogin implements AuthVerifier {
    private static final String _BASIC_REALM = "Basic realm=\"PortalRealm\"";
    private static Log _log = LogFactoryUtil.getLog(BasicAuthHeaderAutoLogin.class);

    public String getAuthType() {
        return "BASIC";
    }

    public AuthVerifierResult verify(AccessControlContext accessControlContext, Properties properties) throws AuthException {
        try {
            AuthVerifierResult authVerifierResult = new AuthVerifierResult();
            String[] login = login(accessControlContext.getRequest(), accessControlContext.getResponse());
            if (login != null) {
                authVerifierResult.setPassword(login[1]);
                authVerifierResult.setState(AuthVerifierResult.State.SUCCESS);
                authVerifierResult.setUserId(Long.valueOf(login[0]).longValue());
            } else if (MapUtil.getBoolean(accessControlContext.getSettings(), "basic_auth")) {
                HttpServletResponse response = accessControlContext.getResponse();
                response.setHeader("WWW-Authenticate", _BASIC_REALM);
                response.setStatus(UPnPException.INVALID_ACTION);
                authVerifierResult.setState(AuthVerifierResult.State.INVALID_CREDENTIALS);
            }
            return authVerifierResult;
        } catch (AutoLoginException e) {
            throw new AuthException(e);
        }
    }

    protected String[] doLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(header);
        if (!stringTokenizer.hasMoreTokens() || !StringUtil.equalsIgnoreCase(stringTokenizer.nextToken(), "BASIC")) {
            return null;
        }
        String nextToken = stringTokenizer.nextToken();
        if (_log.isDebugEnabled()) {
            _log.debug("Encoded credentials are " + nextToken);
        }
        String str = new String(Base64.decode(nextToken));
        if (_log.isDebugEnabled()) {
            _log.debug("Decoded credentials are " + str);
        }
        int indexOf = str.indexOf(58);
        if (indexOf == -1) {
            return null;
        }
        String string = GetterUtil.getString(str.substring(0, indexOf));
        String substring = str.substring(indexOf + 1);
        return new String[]{String.valueOf(LoginUtil.getAuthenticatedUserId(httpServletRequest, string, substring, null)), substring, Boolean.TRUE.toString()};
    }
}
