package de.svws_nrw.server.jetty;

import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.UserAuthentication;
import org.eclipse.jetty.security.authentication.LoginAuthenticator;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.UserIdentity;

/* loaded from: input_file:de/svws_nrw/server/jetty/SVWSAuthenticator.class */
public final class SVWSAuthenticator extends LoginAuthenticator {
    public String getAuthMethod() {
        return "BASIC";
    }

    public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        int indexOf;
        String str;
        int indexOf2;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader(HttpHeader.AUTHORIZATION.asString());
        String str2 = "";
        String str3 = "";
        if (header != null && (indexOf = header.indexOf(32)) > 0 && "basic".equalsIgnoreCase(header.substring(0, indexOf)) && (indexOf2 = (str = new String(Base64.getDecoder().decode(header.substring(indexOf + 1)), StandardCharsets.ISO_8859_1)).indexOf(58)) > 0) {
            str2 = str.substring(0, indexOf2);
            str3 = str.substring(indexOf2 + 1);
        }
        if ("OPTIONS".equals(httpServletRequest.getMethod()) && httpServletRequest.getRequestURI().contains("/dav")) {
            httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET, POST, PATCH, PUT, DELETE, OPTIONS, HEAD, PROPFIND, REPORT");
            httpServletResponse.setHeader("DAV", "addressbook, calendar-access");
        }
        UserIdentity login = login(str2, str3, httpServletRequest);
        if (login != null) {
            return new UserAuthentication(getAuthMethod(), login);
        }
        try {
            httpServletResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + this._loginService.getName() + "\"");
            String header2 = httpServletRequest.getHeader("Origin");
            httpServletResponse.setHeader("Vary", "Origin");
            httpServletResponse.setHeader("Access-Control-Allow-Origin", (header2 == null || "".equals(header2)) ? "*" : header2);
            httpServletResponse.setHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
            httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
            httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET, POST, PATCH, PUT, DELETE, OPTIONS, HEAD");
            httpServletResponse.setIntHeader("Access-Control-Max-Age", 43200);
            httpServletResponse.sendError("OPTIONS".equals(httpServletRequest.getMethod()) ? 200 : 401);
            return Authentication.SEND_CONTINUE;
        } catch (IOException e) {
            throw new ServerAuthException(e);
        }
    }

    public boolean secureResponse(ServletRequest servletRequest, ServletResponse servletResponse, boolean z, Authentication.User user) throws ServerAuthException {
        return true;
    }
}
