package org.codehaus.plexus.security.ui.web.interceptor;

import com.opensymphony.webwork.ServletActionContext;
import com.opensymphony.xwork.ActionInvocation;
import com.opensymphony.xwork.interceptor.Interceptor;
import javax.servlet.http.HttpSession;
import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.security.authentication.AuthenticationException;
import org.codehaus.plexus.security.authentication.TokenBasedAuthenticationDataSource;
import org.codehaus.plexus.security.keys.AuthenticationKey;
import org.codehaus.plexus.security.policy.AccountLockedException;
import org.codehaus.plexus.security.system.SecuritySession;
import org.codehaus.plexus.security.system.SecuritySystem;
import org.codehaus.plexus.security.system.SecuritySystemConstants;
import org.codehaus.plexus.security.ui.web.util.AutoLoginCookies;
import org.codehaus.plexus.security.user.UserNotFoundException;
import org.codehaus.plexus.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/plexus-security-ui-web-integration-1.0-alpha-5.jar:org/codehaus/plexus/security/ui/web/interceptor/AutoLoginInterceptor.class */
public class AutoLoginInterceptor extends AbstractLogEnabled implements Interceptor {
    static final String PASSWORD_CHANGE = "must-change-password";
    static final String ACCOUNT_LOCKED = "security-login-locked";
    private SecuritySystem securitySystem;
    private AutoLoginCookies autologinCookies;

    @Override // com.opensymphony.xwork.interceptor.Interceptor
    public void destroy() {
    }

    @Override // com.opensymphony.xwork.interceptor.Interceptor
    public void init() {
    }

    @Override // com.opensymphony.xwork.interceptor.Interceptor
    public String intercept(ActionInvocation actionInvocation) throws Exception {
        AuthenticationKey singleSignonKey;
        AuthenticationKey rememberMeKey;
        SecuritySession securitySession = getSecuritySession();
        if (securitySession != null && securitySession.isAuthenticated()) {
            getLogger().info("User already authenticated.");
            return actionInvocation.invoke();
        }
        if (this.autologinCookies.isRememberMeEnabled() && (rememberMeKey = this.autologinCookies.getRememberMeKey()) != null) {
            String performLogin = performLogin(rememberMeKey);
            if (StringUtils.isNotEmpty(performLogin)) {
                return performLogin;
            }
        }
        if (this.autologinCookies.isSingleSignonEnabled() && (singleSignonKey = this.autologinCookies.getSingleSignonKey()) != null) {
            String performLogin2 = performLogin(singleSignonKey);
            if (StringUtils.isNotEmpty(performLogin2)) {
                return performLogin2;
            }
        }
        return actionInvocation.invoke();
    }

    private String performLogin(AuthenticationKey authenticationKey) {
        setAuthTokens(null);
        try {
            getLogger().info("Performing Login.");
            TokenBasedAuthenticationDataSource tokenBasedAuthenticationDataSource = new TokenBasedAuthenticationDataSource();
            tokenBasedAuthenticationDataSource.setPrincipal(authenticationKey.getForPrincipal());
            tokenBasedAuthenticationDataSource.setToken(authenticationKey.getKey());
            SecuritySession authenticate = this.securitySystem.authenticate(tokenBasedAuthenticationDataSource);
            if (authenticate.getAuthenticationResult().isAuthenticated()) {
                getLogger().info("Login success.");
                setAuthTokens(authenticate);
                if (authenticate.getUser().isPasswordChangeRequired()) {
                    return PASSWORD_CHANGE;
                }
            } else {
                getLogger().info(new StringBuffer().append("Login Action failed against principal : ").append(authenticate.getAuthenticationResult().getPrincipal()).toString(), authenticate.getAuthenticationResult().getException());
            }
            return null;
        } catch (AuthenticationException e) {
            getLogger().info("Authentication Exception.", e);
            return null;
        } catch (AccountLockedException e2) {
            getLogger().info(new StringBuffer().append("Account Locked : Username [").append(e2.getUser().getUsername()).append("]").toString(), e2);
            return ACCOUNT_LOCKED;
        } catch (UserNotFoundException e3) {
            getLogger().info("User Not Found.", e3);
            return null;
        }
    }

    private void setAuthTokens(SecuritySession securitySession) {
        Object principal;
        ServletActionContext.getRequest().getSession(true).setAttribute(SecuritySystemConstants.SECURITY_SESSION_KEY, securitySession);
        getLogger().debug(new StringBuffer().append("Setting session:securitySession to ").append(securitySession).toString());
        if (securitySession == null || securitySession.getUser() == null || (principal = securitySession.getUser().getPrincipal()) == null) {
            return;
        }
        this.autologinCookies.setSingleSignon(principal.toString());
    }

    private SecuritySession getSecuritySession() {
        HttpSession session = ServletActionContext.getRequest().getSession();
        if (session == null) {
            getLogger().debug("No Security Session exists.");
            return null;
        }
        SecuritySession securitySession = (SecuritySession) session.getAttribute(SecuritySystemConstants.SECURITY_SESSION_KEY);
        getLogger().debug(new StringBuffer().append("Returning Security Session: ").append(securitySession).toString());
        return securitySession;
    }
}
