package org.apache.felix.webconsole.internal.servlet;

import java.io.IOException;
import java.net.URL;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.felix.webconsole.WebConsoleSecurityProvider;
import org.apache.felix.webconsole.WebConsoleSecurityProvider2;
import org.apache.felix.webconsole.servlet.User;
import org.osgi.framework.Bundle;
import org.osgi.service.http.context.ServletContextHelper;
import org.osgi.util.tracker.ServiceTracker;

/* loaded from: input_file:org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContext.class */
final class OsgiManagerHttpContext extends ServletContextHelper {
    private final ServiceTracker<WebConsoleSecurityProvider, WebConsoleSecurityProvider> tracker;
    private final String realm;
    private final Bundle bundle;

    /* JADX INFO: Access modifiers changed from: package-private */
    public OsgiManagerHttpContext(Bundle bundle, ServiceTracker<WebConsoleSecurityProvider, WebConsoleSecurityProvider> serviceTracker, String str) {
        super(bundle);
        this.tracker = serviceTracker;
        this.realm = str;
        this.bundle = bundle;
    }

    public URL getResource(String str) {
        URL resource = this.bundle.getResource(str);
        if (resource == null && str.endsWith("/")) {
            resource = this.bundle.getResource(str.substring(0, str.length() - 1));
        }
        return resource;
    }

    public boolean handleSecurity(final HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        final WebConsoleSecurityProvider webConsoleSecurityProvider = (WebConsoleSecurityProvider) this.tracker.getService();
        final HttpServletRequest httpServletRequest2 = new HttpServletRequestWrapper(httpServletRequest) { // from class: org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.1
            public String getContextPath() {
                return "";
            }

            public String getServletPath() {
                return httpServletRequest.getContextPath();
            }

            public String getPathInfo() {
                return httpServletRequest.getServletPath();
            }
        };
        boolean authenticate = webConsoleSecurityProvider instanceof WebConsoleSecurityProvider2 ? ((WebConsoleSecurityProvider2) webConsoleSecurityProvider).authenticate(httpServletRequest2, httpServletResponse) : handleSecurity(webConsoleSecurityProvider, httpServletRequest2, httpServletResponse);
        if (authenticate) {
            httpServletRequest2.setAttribute(User.USER_ATTRIBUTE, new org.apache.felix.webconsole.User() { // from class: org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.2
                @Override // org.apache.felix.webconsole.servlet.User
                public boolean authorize(String str) {
                    Object userObject = getUserObject();
                    if (userObject == null) {
                        return false;
                    }
                    if (webConsoleSecurityProvider == null) {
                        return true;
                    }
                    return webConsoleSecurityProvider.authorize(userObject, str);
                }

                @Override // org.apache.felix.webconsole.servlet.User
                public Object getUserObject() {
                    return httpServletRequest2.getAttribute(WebConsoleSecurityProvider2.USER_ATTRIBUTE);
                }
            });
            httpServletRequest2.setAttribute(org.apache.felix.webconsole.User.USER_ATTRIBUTE, httpServletRequest2.getAttribute(User.USER_ATTRIBUTE));
        }
        return authenticate;
    }

    private boolean handleSecurity(WebConsoleSecurityProvider webConsoleSecurityProvider, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String trim;
        int indexOf;
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null && header.length() > 0 && (indexOf = (trim = header.trim()).indexOf(32)) > 0) {
            String substring = trim.substring(0, indexOf);
            String trim2 = trim.substring(indexOf).trim();
            if (substring.equalsIgnoreCase("Basic")) {
                try {
                    byte[][] base64Decode = BasicWebConsoleSecurityProvider.base64Decode(trim2);
                    String basicWebConsoleSecurityProvider = BasicWebConsoleSecurityProvider.toString(base64Decode[0]);
                    if (authenticate(webConsoleSecurityProvider, basicWebConsoleSecurityProvider, base64Decode[1])) {
                        httpServletRequest.setAttribute("org.osgi.service.http.authentication.type", "BASIC");
                        httpServletRequest.setAttribute("org.osgi.service.http.authentication.remote.user", basicWebConsoleSecurityProvider);
                        httpServletRequest.setAttribute(WebConsoleSecurityProvider2.USER_ATTRIBUTE, basicWebConsoleSecurityProvider);
                        return true;
                    }
                } catch (Exception e) {
                }
            }
        }
        try {
            httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"" + this.realm + "\"");
            httpServletResponse.setStatus(401);
            httpServletResponse.setContentLength(0);
            httpServletResponse.flushBuffer();
            return false;
        } catch (IOException e2) {
            return false;
        }
    }

    private boolean authenticate(WebConsoleSecurityProvider webConsoleSecurityProvider, String str, byte[] bArr) {
        return (webConsoleSecurityProvider == null || webConsoleSecurityProvider.authenticate(str, BasicWebConsoleSecurityProvider.toString(bArr)) == null) ? false : true;
    }
}
