package net.sf.jguard.jee.provisioning;

import com.google.inject.Inject;
import java.io.IOException;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.Permission;
import java.security.Permissions;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.jguard.core.authentication.credentials.JGuardCredential;
import net.sf.jguard.core.authentication.exception.AuthenticationException;
import net.sf.jguard.core.authentication.manager.AuthenticationManager;
import net.sf.jguard.core.authorization.permissions.URLPermission;
import net.sf.jguard.core.lifecycle.Request;
import net.sf.jguard.core.lifecycle.Response;
import net.sf.jguard.core.principals.SubjectTemplate;
import net.sf.jguard.core.provisioning.ProvisioningServicePoint;
import net.sf.jguard.core.util.CryptUtils;
import net.sf.jguard.core.util.XMLUtils;
import net.sf.jguard.jee.HttpConstants;
import net.sf.jguard.jee.HttpServletRequestAdapter;
import net.sf.jguard.jee.lifecycle.AnonymizerRequestWrapper;
import org.dom4j.Element;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/sf/jguard/jee/provisioning/HttpServletProvisioningServicePoint.class */
public class HttpServletProvisioningServicePoint implements ProvisioningServicePoint<HttpServletRequest, HttpServletResponse> {
    private static final Logger logger = LoggerFactory.getLogger(HttpServletProvisioningServicePoint.class.getName());
    private String registerURI;
    private URLPermission registerProcessPermission;
    private URLPermission registerPermission;
    private static final String J_GUARD_FILTER_2_0_0_XSD = "jGuardFilter_2.0.0.xsd";
    private AuthenticationManager authenticationManager;

    @Inject
    public HttpServletProvisioningServicePoint(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void init(URL url) {
        setSettings(loadFilterConfiguration(url));
    }

    public Permission getRegisterPermission() {
        return this.registerPermission;
    }

    public Permission getRegisterProcessPermission() {
        return this.registerProcessPermission;
    }

    public boolean registerProcess(Request<HttpServletRequest> request, Response<HttpServletResponse> response) {
        boolean z;
        boolean registerCoreProcess = registerCoreProcess(request);
        HttpServletRequest httpServletRequest = (HttpServletRequest) request.get();
        HttpServletResponse httpServletResponse = (HttpServletResponse) response.get();
        if (registerCoreProcess) {
            logger.debug(" registration succeed ", " registerProcess phase ");
            httpServletRequest.getSession(true).removeAttribute("loginContextWrapper");
            httpServletRequest.getSession(true).removeAttribute("lastAccessDeniedPermission");
            z = true;
        } else {
            logger.debug(" registration failed ", " registerProcess phase ");
            if (httpServletResponse.isCommitted()) {
                logger.warn(" we cannot redirect to " + httpServletRequest.getContextPath() + this.registerURI + " because response is already commited ");
            } else {
                try {
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(httpServletRequest.getContextPath() + this.registerURI));
                } catch (IOException e) {
                    logger.warn(" we cannot redirect to " + httpServletRequest.getContextPath() + this.registerURI + " because " + e.getMessage());
                }
            }
            z = false;
        }
        return z;
    }

    public boolean registerCoreProcess(Request<HttpServletRequest> request) {
        boolean z;
        try {
            SubjectTemplate buildSubjectTemplate = buildSubjectTemplate((HttpServletRequest) request.get());
            Set requiredCredentials = buildSubjectTemplate.getRequiredCredentials();
            JGuardCredential jGuardCredential = null;
            Iterator it = requiredCredentials.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                JGuardCredential jGuardCredential2 = (JGuardCredential) it.next();
                if (jGuardCredential2.getName().equals("password")) {
                    jGuardCredential = jGuardCredential2;
                    break;
                }
            }
            if (jGuardCredential == null) {
                logger.warn("JGuardTagCredential matching  passwordField not found in the SubjectTemplate");
                return false;
            }
            char[] charArray = jGuardCredential.getValue().toString().toCharArray();
            try {
                requiredCredentials.remove(jGuardCredential);
                requiredCredentials.add(new JGuardCredential(jGuardCredential.getName(), CryptUtils.cryptPassword(charArray).toString()));
                try {
                    this.authenticationManager.createUser(buildSubjectTemplate, this.authenticationManager.getDefaultOrganization());
                    z = true;
                } catch (AuthenticationException e) {
                    logger.debug(" registrationProcess failed ");
                    z = false;
                }
                return z;
            } catch (NoSuchAlgorithmException e2) {
                logger.warn(e2.getMessage());
                return false;
            }
        } catch (AuthenticationException e3) {
            logger.error(" subject template cannot be built ", e3);
            return false;
        }
    }

    public Request<HttpServletRequest> anonymize(Request<HttpServletRequest> request) {
        return new HttpServletRequestAdapter(new AnonymizerRequestWrapper((HttpServletRequest) request.get()));
    }

    private SubjectTemplate buildSubjectTemplate(HttpServletRequest httpServletRequest) throws AuthenticationException {
        SubjectTemplate subjectTemplate = this.authenticationManager.getDefaultOrganization().getSubjectTemplate();
        SubjectTemplate subjectTemplate2 = new SubjectTemplate();
        subjectTemplate2.setPrivateRequiredCredentials(grabRegistrationForm(httpServletRequest, subjectTemplate.getPrivateRequiredCredentials()));
        subjectTemplate2.setPublicRequiredCredentials(grabRegistrationForm(httpServletRequest, subjectTemplate.getPublicRequiredCredentials()));
        subjectTemplate2.setPublicOptionalCredentials(grabRegistrationForm(httpServletRequest, subjectTemplate.getPublicOptionalCredentials()));
        subjectTemplate2.setPrivateOptionalCredentials(grabRegistrationForm(httpServletRequest, subjectTemplate.getPrivateOptionalCredentials()));
        return subjectTemplate2;
    }

    private static Set<JGuardCredential> grabRegistrationForm(HttpServletRequest httpServletRequest, Set set) {
        Iterator it = set.iterator();
        HashSet hashSet = new HashSet();
        while (it.hasNext()) {
            JGuardCredential jGuardCredential = (JGuardCredential) it.next();
            if (httpServletRequest.getParameter(jGuardCredential.getName()) != null) {
                try {
                    hashSet.add(new JGuardCredential(jGuardCredential.getName(), httpServletRequest.getParameter(jGuardCredential.getName())));
                } catch (IllegalArgumentException e) {
                    logger.warn(" the property " + jGuardCredential.getName() + " doesn't exist in the HttpServletRequest ");
                }
            }
        }
        return hashSet;
    }

    private Map<String, String> loadFilterConfiguration(URL url) {
        Element rootElement = XMLUtils.read(url, J_GUARD_FILTER_2_0_0_XSD).getRootElement();
        HashMap hashMap = new HashMap();
        if (rootElement.element(HttpConstants.REGISTER_PROCESS_URI) != null) {
            hashMap.put(HttpConstants.REGISTER_PROCESS_URI, rootElement.element(HttpConstants.REGISTER_PROCESS_URI).getTextTrim());
        }
        if (rootElement.element(HttpConstants.REGISTER_URI) != null) {
            hashMap.put(HttpConstants.REGISTER_URI, rootElement.element(HttpConstants.REGISTER_URI).getTextTrim());
        }
        hashMap.put(HttpConstants.AUTH_SCHEME, rootElement.element(HttpConstants.AUTH_SCHEME).getTextTrim());
        Element element = rootElement.element("loginField");
        if (element != null) {
            hashMap.put("loginField", element.getTextTrim());
        }
        Element element2 = rootElement.element("passwordField");
        if (element2 != null) {
            hashMap.put("passwordField", element2.getTextTrim());
        }
        return hashMap;
    }

    private void setSettings(Map<String, String> map) {
        this.registerProcessPermission = new URLPermission(HttpConstants.REGISTER_PROCESS_URI, map.get(HttpConstants.REGISTER_PROCESS_URI));
        this.registerURI = map.get(HttpConstants.REGISTER_URI);
        this.registerPermission = new URLPermission(HttpConstants.REGISTER_URI, this.registerURI);
    }

    public Permissions getGrantedPermissions() {
        Permissions permissions = new Permissions();
        permissions.add(getRegisterPermission());
        permissions.add(getRegisterProcessPermission());
        return permissions;
    }
}
