package com.blazebit.weblink.core.impl.security;

import com.blazebit.weblink.core.api.spi.WeblinkSecurityConstraint;
import com.blazebit.weblink.core.model.jpa.WeblinkId;
import java.util.logging.Logger;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Response;
import javax.xml.bind.DatatypeConverter;

/* loaded from: input_file:com/blazebit/weblink/core/impl/security/HttpBasicSecurityConstraint.class */
public class HttpBasicSecurityConstraint implements WeblinkSecurityConstraint {
    private static final Logger LOG = Logger.getLogger(HttpBasicSecurityConstraint.class.getName());
    private final String user;
    private final String password;

    @Inject
    private HttpServletRequest request;

    public HttpBasicSecurityConstraint(String str, String str2) {
        this.user = str;
        this.password = str2;
    }

    public Response validate(WeblinkId weblinkId) {
        if (isAuthorized(this.request.getHeader("Authorization"))) {
            return null;
        }
        return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "BASIC realm=\"weblink\"").build();
    }

    private boolean isAuthorized(String str) {
        if (str == null || !str.toUpperCase().startsWith("BASIC ")) {
            return false;
        }
        String str2 = new String(DatatypeConverter.parseBase64Binary(str.substring(6)));
        int indexOf = str2.indexOf(58);
        return this.user.equals(str2.substring(0, indexOf)) && this.password.equals(str2.substring(indexOf + 1));
    }
}
