package winstone.auth;

import java.io.IOException;
import java.util.List;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.w3c.dom.Node;
import winstone.AuthenticationHandler;
import winstone.AuthenticationRealm;
import winstone.Logger;
import winstone.WebAppConfiguration;
import winstone.WinstoneResourceBundle;

/* loaded from: input_file:winstone/auth/BaseAuthenticationHandler.class */
public abstract class BaseAuthenticationHandler implements AuthenticationHandler {
    static final String ELEM_REALM_NAME = "realm-name";
    protected SecurityConstraint[] constraints;
    protected AuthenticationRealm realm;
    protected String realmName;
    public static final WinstoneResourceBundle AUTH_RESOURCES = new WinstoneResourceBundle("winstone.auth.LocalStrings");

    /* JADX INFO: Access modifiers changed from: protected */
    public BaseAuthenticationHandler(Node node, List list, Set set, AuthenticationRealm authenticationRealm) {
        this.realm = authenticationRealm;
        for (int i = 0; i < node.getChildNodes().getLength(); i++) {
            Node item = node.getChildNodes().item(i);
            if (item.getNodeType() == 1 && item.getNodeName().equals(ELEM_REALM_NAME)) {
                this.realmName = WebAppConfiguration.getTextFromNode(item);
            }
        }
        this.constraints = new SecurityConstraint[list.size()];
        for (int i2 = 0; i2 < this.constraints.length; i2++) {
            this.constraints[i2] = new SecurityConstraint((Node) list.get(i2), set, i2);
        }
    }

    @Override // winstone.AuthenticationHandler
    public boolean processAuthentication(ServletRequest servletRequest, ServletResponse servletResponse, String str) throws IOException, ServletException {
        Logger.log(Logger.FULL_DEBUG, AUTH_RESOURCES, "BaseAuthenticationHandler.StartAuthCheck");
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (validatePossibleAuthenticationResponse(httpServletRequest, httpServletResponse, str)) {
            return doRoleCheck(httpServletRequest, httpServletResponse, str);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean doRoleCheck(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException, ServletException {
        boolean z = false;
        for (int i = 0; i < this.constraints.length && !z; i++) {
            Logger.log(Logger.FULL_DEBUG, AUTH_RESOURCES, "BaseAuthenticationHandler.EvalConstraint", this.constraints[i].getName());
            if (this.constraints[i].isApplicable(str, httpServletRequest.getMethod())) {
                Logger.log(Logger.FULL_DEBUG, AUTH_RESOURCES, "BaseAuthenticationHandler.ApplicableConstraint", this.constraints[i].getName());
                z = true;
                if (this.constraints[i].needsSSL() && !httpServletRequest.isSecure()) {
                    Logger.log(Logger.DEBUG, AUTH_RESOURCES, "BaseAuthenticationHandler.ConstraintNeedsSSL", this.constraints[i].getName());
                    httpServletResponse.sendError(403, AUTH_RESOURCES.getString("BaseAuthenticationHandler.ConstraintNeedsSSL", this.constraints[i].getName()));
                    return false;
                }
                if (!this.constraints[i].isAllowed(httpServletRequest)) {
                    requestAuthentication(httpServletRequest, httpServletResponse, str);
                    return false;
                }
                setNoCache(httpServletResponse);
            }
        }
        Logger.log(Logger.FULL_DEBUG, AUTH_RESOURCES, "BaseAuthenticationHandler.PassedAuthCheck");
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setNoCache(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("Pragma", "No-cache");
        httpServletResponse.setHeader("Cache-Control", "No-cache");
        httpServletResponse.setDateHeader("Expires", 1L);
    }

    protected abstract void requestAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException, ServletException;

    protected abstract boolean validatePossibleAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws ServletException, IOException;
}
