package org.codehaus.plexus.security.ui.web.interceptor;

import com.opensymphony.webwork.ServletActionContext;
import com.opensymphony.xwork.ActionInvocation;
import com.opensymphony.xwork.interceptor.Interceptor;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpSession;
import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.security.authentication.AuthenticationException;
import org.codehaus.plexus.security.authentication.TokenBasedAuthenticationDataSource;
import org.codehaus.plexus.security.keys.AuthenticationKey;
import org.codehaus.plexus.security.keys.KeyManager;
import org.codehaus.plexus.security.keys.KeyManagerException;
import org.codehaus.plexus.security.keys.KeyNotFoundException;
import org.codehaus.plexus.security.policy.AccountLockedException;
import org.codehaus.plexus.security.system.SecuritySession;
import org.codehaus.plexus.security.system.SecuritySystem;
import org.codehaus.plexus.security.system.SecuritySystemConstants;
import org.codehaus.plexus.security.ui.web.util.CookieUtils;
import org.codehaus.plexus.security.user.UserNotFoundException;
import org.codehaus.plexus.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/plexus-security-ui-web-integration-1.0-alpha-4.jar:org/codehaus/plexus/security/ui/web/interceptor/AutoLoginInterceptor.class */
public class AutoLoginInterceptor extends AbstractLogEnabled implements Interceptor {
    static final String PASSWORD_CHANGE = "must-change-password";
    static final String ACCOUNT_LOCKED = "security-login-locked";
    private SecuritySystem securitySystem;
    private boolean isRememberMeEnabled = false;
    private boolean isSingleSignOnEnabled = false;

    @Override // com.opensymphony.xwork.interceptor.Interceptor
    public void destroy() {
    }

    @Override // com.opensymphony.xwork.interceptor.Interceptor
    public void init() {
        this.isRememberMeEnabled = this.securitySystem.getPolicy().getRememberMeSettings().isEnabled();
        this.isSingleSignOnEnabled = this.securitySystem.getPolicy().getSingleSignOnSettings().isEnabled();
        getLogger().info(new StringBuffer().append("Remember Me (enabled) : ").append(this.isRememberMeEnabled).toString());
        getLogger().info(new StringBuffer().append("Single Sign On (enabled) : ").append(this.isSingleSignOnEnabled).toString());
    }

    @Override // com.opensymphony.xwork.interceptor.Interceptor
    public String intercept(ActionInvocation actionInvocation) throws Exception {
        SecuritySession securitySession = getSecuritySession();
        if (securitySession != null && securitySession.isAuthenticated()) {
            getLogger().info("User already authenticated.");
            return actionInvocation.invoke();
        }
        if (this.isRememberMeEnabled) {
            Cookie cookie = CookieUtils.getCookie(ServletActionContext.getRequest(), SecuritySystemConstants.REMEMBER_ME_KEY);
            if (cookie != null) {
                String value = cookie.getValue();
                getLogger().info(new StringBuffer().append("Found remember me cookie : ").append(value).toString());
                String populateAuthTokens = populateAuthTokens(SecuritySystemConstants.REMEMBER_ME_KEY, value);
                if (StringUtils.isNotEmpty(populateAuthTokens)) {
                    return populateAuthTokens;
                }
            } else {
                getLogger().info("Cookie Not Found: Remember Me Cookie: securityRememberMe");
            }
        }
        if (this.isSingleSignOnEnabled) {
            Cookie cookie2 = CookieUtils.getCookie(ServletActionContext.getRequest(), SecuritySystemConstants.SINGLE_SIGN_ON_KEY);
            if (cookie2 != null) {
                String value2 = cookie2.getValue();
                getLogger().info(new StringBuffer().append("Found sso cookie : ").append(value2).toString());
                String populateAuthTokens2 = populateAuthTokens(SecuritySystemConstants.SINGLE_SIGN_ON_KEY, value2);
                if (StringUtils.isNotEmpty(populateAuthTokens2)) {
                    return populateAuthTokens2;
                }
            } else {
                getLogger().info("Cookie Not Found: Single Sign On Cookie: securitySingleSignOn");
            }
        }
        return actionInvocation.invoke();
    }

    private String populateAuthTokens(String str, String str2) {
        setAuthTokens(null);
        try {
            AuthenticationKey findKey = this.securitySystem.getKeyManager().findKey(str2);
            if (findKey == null) {
                getLogger().info(new StringBuffer().append("Authkey not found - ").append(str2).toString());
                CookieUtils.removeCookie(ServletActionContext.getRequest(), ServletActionContext.getResponse(), str);
            } else {
                getLogger().info("Performing Login.");
                TokenBasedAuthenticationDataSource tokenBasedAuthenticationDataSource = new TokenBasedAuthenticationDataSource();
                tokenBasedAuthenticationDataSource.setPrincipal(findKey.getForPrincipal());
                tokenBasedAuthenticationDataSource.setToken(findKey.getKey());
                SecuritySession authenticate = this.securitySystem.authenticate(tokenBasedAuthenticationDataSource);
                if (authenticate.getAuthenticationResult().isAuthenticated()) {
                    getLogger().info("Login success.");
                    setAuthTokens(authenticate);
                    if (authenticate.getUser().isPasswordChangeRequired()) {
                        return PASSWORD_CHANGE;
                    }
                } else {
                    getLogger().info(new StringBuffer().append("Login Action failed against principal : ").append(authenticate.getAuthenticationResult().getPrincipal()).toString(), authenticate.getAuthenticationResult().getException());
                }
            }
            return null;
        } catch (AuthenticationException e) {
            getLogger().info("Authentication Exception.", e);
            return null;
        } catch (KeyNotFoundException e2) {
            getLogger().info(new StringBuffer().append("Key ").append(str2).append(" not found.").toString());
            return null;
        } catch (KeyManagerException e3) {
            getLogger().warn(new StringBuffer().append("KeyManager error on ").append(str2).append(".").toString(), e3);
            return null;
        } catch (AccountLockedException e4) {
            getLogger().info(new StringBuffer().append("Account Locked : Username [").append(e4.getUser().getUsername()).append("]").toString(), e4);
            return ACCOUNT_LOCKED;
        } catch (UserNotFoundException e5) {
            getLogger().info("User Not Found.", e5);
            return null;
        }
    }

    private void setAuthTokens(SecuritySession securitySession) {
        ServletActionContext.getRequest().getSession(true).setAttribute(SecuritySystemConstants.SECURITY_SESSION_KEY, securitySession);
        getLogger().debug(new StringBuffer().append("Setting session:securitySession to ").append(securitySession).toString());
        if (this.isSingleSignOnEnabled) {
            try {
                int cookieTimeout = this.securitySystem.getPolicy().getSingleSignOnSettings().getCookieTimeout();
                KeyManager keyManager = this.securitySystem.getKeyManager();
                if (securitySession != null) {
                    CookieUtils.setCookie(ServletActionContext.getResponse(), SecuritySystemConstants.SINGLE_SIGN_ON_KEY, keyManager.createKey(securitySession.getUser().getPrincipal().toString(), "Single Sign On Key", cookieTimeout).getKey(), cookieTimeout);
                }
            } catch (KeyManagerException e) {
                getLogger().warn("Unable  ");
            }
        }
    }

    private SecuritySession getSecuritySession() {
        HttpSession session = ServletActionContext.getRequest().getSession();
        if (session == null) {
            getLogger().debug("No Security Session exists.");
            return null;
        }
        SecuritySession securitySession = (SecuritySession) session.getAttribute(SecuritySystemConstants.SECURITY_SESSION_KEY);
        getLogger().debug(new StringBuffer().append("Returning Security Session: ").append(securitySession).toString());
        return securitySession;
    }
}
