package org.craftercms.social.util.support.security;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.text.DateFormat;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.UUID;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.craftercms.profile.constants.ProfileConstants;
import org.craftercms.profile.impl.domain.Profile;
import org.craftercms.profile.impl.domain.Tenant;
import org.craftercms.social.exceptions.AuthenticationException;
import org.craftercms.social.util.support.CrafterProfileService;
import org.craftercms.social.util.support.security.crypto.SimpleDesCipher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:org/craftercms/social/util/support/security/CrafterProfileFilter.class */
public class CrafterProfileFilter extends GenericFilterBean {
    public static final String CRAFTER_SOCIAL_COOKIE_PATH = "/crafter-social";
    private CrafterProfileService profile;

    @Value("#{socialSettings['security.token.tokenRequestParamKey']}")
    private String tokenRequestParamKey;

    @Value("#{socialSettings['security.tenant.tenantRequestParamKey']}")
    private String tenantRequestParamKey;

    @Value("#{socialSettings['security.cipher.key']}")
    private String cipherkey;

    @Value("#{socialSettings['security.cipher.cipherTokenCookieKey']}")
    private String cipherTokenCookieKey;

    @Value("#{socialSettings['security.cipher.expires']}")
    private int cipherTokenExpires;

    @Autowired
    private AuthenticationEntryPoint authenticationEntryPoint;
    private static final String ERROR_ENCRYPTED_TOKEN = "Error creating encrypted token";
    private static final String ERROR_DESCYPTING_TOKEN = "Error decrypting token";
    private static final int TOKEN = 0;
    private static final int PROFILE_ID = 1;
    private static final int DATE = 2;
    private static final int ROLES = 3;
    private static final int TENANT_NAME = 4;
    public static final String TOKEN_SEPARATOR = "|";
    private static final Logger log = LoggerFactory.getLogger(CrafterProfileFilter.class);

    /* loaded from: input_file:org/craftercms/social/util/support/security/CrafterProfileFilter$CrafterProfileAutenticationToken.class */
    public class CrafterProfileAutenticationToken extends AbstractAuthenticationToken {
        private static final long serialVersionUID = 1142799805748917562L;
        private Profile profile;

        public CrafterProfileAutenticationToken(Collection<? extends GrantedAuthority> collection, Profile profile) {
            super(collection);
            this.profile = profile;
        }

        public Object getCredentials() {
            return null;
        }

        public Object getPrincipal() {
            return this.profile.getId();
        }

        public String getName() {
            return this.profile.getUserName();
        }

        public boolean isAuthenticated() {
            return true;
        }

        public Object getDetails() {
            return this.profile;
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String paramFromRequest = getParamFromRequest(httpServletRequest, this.tokenRequestParamKey);
        String paramFromRequest2 = getParamFromRequest(httpServletRequest, this.tenantRequestParamKey);
        try {
            String cipherTokenCookie = getCipherTokenCookie(httpServletRequest);
            SimpleDesCipher simpleDesCipher = new SimpleDesCipher(this.cipherkey);
            if (cipherTokenCookie == null || cipherTokenCookie.isEmpty()) {
                authenticateWithSimpleToken(filterChain, httpServletRequest, httpServletResponse, paramFromRequest, paramFromRequest2, simpleDesCipher);
            } else {
                String[] profileValues = getProfileValues(cipherTokenCookie, simpleDesCipher);
                String str = profileValues[0];
                if (str.equals(paramFromRequest) && this.profile.validateUserToken(str)) {
                    authenticateWithCipherToken(filterChain, httpServletRequest, httpServletResponse, paramFromRequest2, simpleDesCipher, profileValues, str);
                } else {
                    authenticateWithSimpleToken(filterChain, httpServletRequest, httpServletResponse, paramFromRequest, paramFromRequest2, simpleDesCipher);
                }
            }
        } catch (AuthenticationException e) {
            failRequest(httpServletRequest, httpServletResponse, new BadCredentialsException(e.getMessage()));
        }
    }

    private void authenticateWithCipherToken(FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, SimpleDesCipher simpleDesCipher, String[] strArr, String str2) throws IOException, ServletException, AuthenticationException {
        Profile profile;
        validateTenant(httpServletRequest.getServerName(), str, strArr[TENANT_NAME], strArr[PROFILE_ID]);
        try {
            if (DateFormat.getInstance().parse(strArr[DATE]).before(new Date())) {
                profile = this.profile.getUserInformation(str2);
            } else {
                profile = new Profile();
                profile.setId(strArr[PROFILE_ID]);
                profile.setRoles(Arrays.asList(strArr[ROLES].split(",")));
                profile.setTenantName(strArr[TENANT_NAME]);
            }
            SecurityContextHolder.getContext().setAuthentication(getCrafterAuthToken(profile));
            httpServletResponse.addCookie(getCipherCookie(simpleDesCipher, str2, profile));
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (ParseException e) {
            String str3 = "Error parsing date: '" + strArr[DATE] + "' ";
            log.error(str3 + e);
            throw new AuthenticationException(str3, e);
        }
    }

    private Cookie getCipherCookie(SimpleDesCipher simpleDesCipher, String str, Profile profile) throws AuthenticationException {
        Cookie cookie = new Cookie(this.cipherTokenCookieKey, generateEncryptedToken(simpleDesCipher, str, profile));
        cookie.setMaxAge(28800);
        cookie.setPath(CRAFTER_SOCIAL_COOKIE_PATH);
        return cookie;
    }

    private void authenticateWithSimpleToken(FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, SimpleDesCipher simpleDesCipher) throws IOException, ServletException, AuthenticationException {
        if (str == null || str.isEmpty()) {
            if (!str.isEmpty()) {
                failRequest(httpServletRequest, httpServletResponse, new AuthenticationCredentialsNotFoundException("Need param is not on the request"));
                return;
            } else {
                SecurityContextHolder.getContext().setAuthentication(getCrafterAuthAnonymousToken());
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
        }
        if (!this.profile.validateUserToken(str)) {
            this.profile.resetAppToken();
            failRequest(httpServletRequest, httpServletResponse, new BadCredentialsException("Token is no longer valid"));
            return;
        }
        Profile userInformation = this.profile.getUserInformation(str);
        validateTenant(httpServletRequest.getServerName(), str2, userInformation.getTenantName(), userInformation.getId());
        SecurityContextHolder.getContext().setAuthentication(getCrafterAuthToken(userInformation));
        httpServletResponse.addCookie(getCipherCookie(simpleDesCipher, str, userInformation));
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private String generateEncryptedToken(SimpleDesCipher simpleDesCipher, String str, Profile profile) throws AuthenticationException {
        try {
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(new Date());
            calendar.add(13, this.cipherTokenExpires);
            return new String(Base64.encodeBase64(simpleDesCipher.encrypt((str + TOKEN_SEPARATOR + profile.getId() + TOKEN_SEPARATOR + DateFormat.getInstance().format(calendar.getTime()) + TOKEN_SEPARATOR + StringUtils.join(profile.getRoles().toArray(), ',') + TOKEN_SEPARATOR + profile.getTenantName() + TOKEN_SEPARATOR + UUID.randomUUID().toString()).getBytes())));
        } catch (InvalidKeyException e) {
            log.error(ERROR_ENCRYPTED_TOKEN, e);
            throw new AuthenticationException(ERROR_ENCRYPTED_TOKEN, e);
        } catch (BadPaddingException e2) {
            log.error(ERROR_ENCRYPTED_TOKEN, e2);
            throw new AuthenticationException(ERROR_ENCRYPTED_TOKEN, e2);
        } catch (IllegalBlockSizeException e3) {
            log.error(ERROR_ENCRYPTED_TOKEN, e3);
            throw new AuthenticationException(ERROR_ENCRYPTED_TOKEN, e3);
        }
    }

    private void validateTenant(String str, String str2, String str3, String str4) throws IOException, ServletException, AuthenticationException {
        Tenant tenant = this.profile.getTenant(str2);
        if (tenant == null) {
            String str5 = "Tenant: '" + str2 + "' is not a valid entry in Tenant collection.";
            log.error(str5);
            throw new AuthenticationException(str5);
        }
        if (!tenant.getDomains().contains(str)) {
            String str6 = "Tenant: '" + str2 + "' is not valid for domain: '" + str + "'";
            log.error(str6);
            throw new AuthenticationException(str6);
        }
        if (tenant.getTenantName().equals(str3)) {
            return;
        }
        String str7 = "Tenant: '" + str2 + "' is not valid for user profile: '" + str4 + "'";
        log.error(str7);
        throw new AuthenticationException(str7);
    }

    private String[] getProfileValues(String str, SimpleDesCipher simpleDesCipher) throws AuthenticationException {
        try {
            return new String(simpleDesCipher.decrypt(Base64.decodeBase64(str))).split("[|]");
        } catch (InvalidKeyException e) {
            log.error(ERROR_DESCYPTING_TOKEN, e);
            throw new AuthenticationException(ERROR_DESCYPTING_TOKEN, e);
        } catch (BadPaddingException e2) {
            log.error(ERROR_DESCYPTING_TOKEN, e2);
            throw new AuthenticationException(ERROR_DESCYPTING_TOKEN, e2);
        } catch (IllegalBlockSizeException e3) {
            log.error(ERROR_DESCYPTING_TOKEN, e3);
            throw new AuthenticationException(ERROR_DESCYPTING_TOKEN, e3);
        }
    }

    private String getCipherTokenCookie(HttpServletRequest httpServletRequest) {
        String str = null;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            int length = cookies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Cookie cookie = cookies[i];
                if (cookie.getName().equals(this.cipherTokenCookieKey)) {
                    str = cookie.getValue();
                    break;
                }
                i += PROFILE_ID;
            }
        }
        return str;
    }

    private Authentication getCrafterAuthToken(Profile profile) {
        ArrayList arrayList = new ArrayList();
        if (profile.getRoles() != null) {
            Iterator it = profile.getRoles().iterator();
            while (it.hasNext()) {
                arrayList.add(new SimpleGrantedAuthority(((String) it.next()).toUpperCase()));
            }
        }
        return new CrafterProfileAutenticationToken(arrayList, profile);
    }

    private Authentication getCrafterAuthAnonymousToken() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new SimpleGrantedAuthority("anonymous"));
        return new CrafterProfileAutenticationToken(arrayList, ProfileConstants.ANONYMOUS);
    }

    private void failRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, org.springframework.security.core.AuthenticationException authenticationException) throws IOException, ServletException {
        this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, authenticationException);
    }

    private String getParamFromRequest(HttpServletRequest httpServletRequest, String str) {
        return httpServletRequest.getParameter(str);
    }

    public void setProfile(CrafterProfileService crafterProfileService) {
        this.profile = crafterProfileService;
    }
}
