package electric.servlet.authorizers.servlet;

import electric.glue.IGLUELoggingConstants;
import electric.security.ICredentials;
import electric.security.IRealm;
import electric.servlet.HTTPContext;
import electric.servlet.InboundHTTPRequest;
import electric.servlet.OutboundHTTPResponse;
import electric.servlet.authorizers.IHTTPAuthorizer;
import electric.servlet.security.SecurityConstraint;
import electric.util.http.IHTTPConstants;
import java.io.IOException;

/* loaded from: input_file:electric/servlet/authorizers/servlet/ServletAuthorizer.class */
public class ServletAuthorizer implements IHTTPAuthorizer, IHTTPConstants, IGLUELoggingConstants {
    protected HTTPContext httpContext;

    public ServletAuthorizer(HTTPContext hTTPContext) {
        this.httpContext = hTTPContext;
    }

    @Override // electric.servlet.authorizers.IHTTPAuthorizer
    public boolean authorize(InboundHTTPRequest inboundHTTPRequest, OutboundHTTPResponse outboundHTTPResponse, String str, SecurityConstraint securityConstraint) throws IOException {
        if (securityConstraint == null) {
            return true;
        }
        String[] authConstraintRoleNames = securityConstraint.getAuthConstraintRoleNames();
        ICredentials[] authenticatedCredentials = inboundHTTPRequest.getAuthenticatedCredentials();
        if (authenticatedCredentials == null || authenticatedCredentials.length == 0) {
            outboundHTTPResponse.sendError(403);
            return false;
        }
        ICredentials iCredentials = authenticatedCredentials[0];
        IRealm realm = this.httpContext.getRealm();
        if (realm == null) {
            outboundHTTPResponse.sendError(403);
            return false;
        }
        String userName = iCredentials.getUserName();
        if (realm.isUserInRole(userName, authConstraintRoleNames)) {
            inboundHTTPRequest.setRemoteUser(userName);
            return true;
        }
        outboundHTTPResponse.sendError(403);
        return false;
    }
}
