package fathom.rest.security;

import com.google.common.base.Strings;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import fathom.conf.Settings;
import fathom.rest.Context;
import fathom.security.SecurityManager;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import ro.pippo.core.route.RouteHandler;

@Singleton
/* loaded from: input_file:fathom-rest-security-0.8.4.jar:fathom/rest/security/BasicAuthenticationHandler.class */
public class BasicAuthenticationHandler extends StandardCredentialsHandler implements RouteHandler<Context> {
    private final boolean createSessions;
    private final boolean isPassive;
    private final String challenge;

    @Inject
    public BasicAuthenticationHandler(SecurityManager securityManager, Settings settings) {
        this(securityManager, false, false, settings.getApplicationName());
    }

    public BasicAuthenticationHandler(SecurityManager securityManager, boolean z, boolean z2, String str) {
        super(securityManager);
        this.createSessions = z;
        this.isPassive = z2;
        this.challenge = "Basic realm=\"" + str + "\"";
    }

    @Override // fathom.rest.security.StandardCredentialsHandler
    protected boolean isCreateSessions() {
        return this.createSessions;
    }

    @Override // ro.pippo.core.route.RouteHandler
    public void handle(Context context) {
        if (isAuthenticated(context)) {
            if (isCreateSessions()) {
                context.touchSession();
            }
            context.next();
            return;
        }
        String header = context.getRequest().getHeader("Authorization");
        if (!Strings.isNullOrEmpty(header) && header.startsWith("Basic")) {
            String[] split = new String(Base64.getDecoder().decode(header.substring("Basic".length()).trim()), StandardCharsets.UTF_8).split(":", 2);
            if (setupContext(context, authenticate(split[0], split[1]))) {
                context.next();
                return;
            }
        }
        if (this.isPassive) {
            return;
        }
        context.setHeader("WWW-Authenticate", this.challenge);
        context.getResponse().unauthorized();
    }
}
