package electric.servlet.authorizers.guard;

import electric.glue.IGLUELoggingConstants;
import electric.security.ICredentials;
import electric.security.IGuard;
import electric.servlet.HTTPContext;
import electric.servlet.InboundHTTPRequest;
import electric.servlet.OutboundHTTPResponse;
import electric.servlet.authorizers.IHTTPAuthorizer;
import electric.servlet.security.SecurityConstraint;
import electric.servlet.security.WebResourceCollection;
import electric.util.log.Log;
import java.io.IOException;
import java.util.Enumeration;

/* loaded from: input_file:electric/servlet/authorizers/guard/GuardAuthorizer.class */
public class GuardAuthorizer implements IHTTPAuthorizer {
    protected HTTPContext context;

    public GuardAuthorizer(HTTPContext hTTPContext) {
        this.context = hTTPContext;
    }

    @Override // electric.servlet.authorizers.IHTTPAuthorizer
    public boolean authorize(InboundHTTPRequest inboundHTTPRequest, OutboundHTTPResponse outboundHTTPResponse, String str, SecurityConstraint securityConstraint) throws IOException {
        Enumeration allGuards = this.context.getAllGuards(str);
        if (allGuards == null || !allGuards.hasMoreElements()) {
            return true;
        }
        if (this.context.getRealm() != null) {
            return authenticate(inboundHTTPRequest, outboundHTTPResponse, str) && guardAuthorize(inboundHTTPRequest, outboundHTTPResponse, str, allGuards);
        }
        outboundHTTPResponse.sendError(403);
        return false;
    }

    private boolean guardAuthorize(InboundHTTPRequest inboundHTTPRequest, OutboundHTTPResponse outboundHTTPResponse, String str, Enumeration enumeration) throws IOException {
        ICredentials[] authenticatedCredentials = inboundHTTPRequest.getAuthenticatedCredentials();
        while (enumeration.hasMoreElements()) {
            if (!isAuthorized((IGuard) enumeration.nextElement(), authenticatedCredentials)) {
                return this.context.authenticator.sendNoAuthenticationResponse(inboundHTTPRequest, outboundHTTPResponse, this.context.getRealm());
            }
        }
        inboundHTTPRequest.setRemoteUser(authenticatedCredentials[0].getUserName());
        return true;
    }

    private boolean isAuthorized(IGuard iGuard, ICredentials[] iCredentialsArr) {
        if (iCredentialsArr == null || this.context.getRealm() == null) {
            return false;
        }
        for (ICredentials iCredentials : iCredentialsArr) {
            try {
                iGuard.check(this.context.getRealm(), iCredentials.getUserName());
                return true;
            } catch (SecurityException e) {
                if (Log.isLogging(IGLUELoggingConstants.SECURITY_DEBUG_EVENT)) {
                    Log.log(IGLUELoggingConstants.SECURITY_DEBUG_EVENT, "ServletAuthorizer", (Throwable) e);
                }
            }
        }
        return false;
    }

    private boolean authenticate(InboundHTTPRequest inboundHTTPRequest, OutboundHTTPResponse outboundHTTPResponse, String str) throws IOException {
        ICredentials[] authenticatedCredentials = inboundHTTPRequest.getAuthenticatedCredentials();
        if (authenticatedCredentials != null && authenticatedCredentials.length != 0) {
            return true;
        }
        WebResourceCollection webResourceCollection = new WebResourceCollection(null);
        webResourceCollection.addHttpMethod("*");
        webResourceCollection.addUrlPattern("/*");
        return this.context.authenticator.authenticate(inboundHTTPRequest, outboundHTTPResponse, str, webResourceCollection);
    }
}
