package org.dspace.app.rest.security.jwt;

import com.nimbusds.jose.JOSEException;
import java.io.IOException;
import java.sql.SQLException;
import java.text.ParseException;
import java.util.Iterator;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.dspace.app.rest.model.wrapper.AuthenticationToken;
import org.dspace.app.rest.security.DSpaceAuthentication;
import org.dspace.app.rest.security.RestAuthenticationService;
import org.dspace.app.rest.utils.ContextUtil;
import org.dspace.authenticate.AuthenticationMethod;
import org.dspace.authenticate.service.AuthenticationService;
import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.service.EPersonService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.http.ResponseCookie;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/dspace/app/rest/security/jwt/JWTTokenRestAuthenticationServiceImpl.class */
public class JWTTokenRestAuthenticationServiceImpl implements RestAuthenticationService, InitializingBean {
    private static final Logger log = LoggerFactory.getLogger(RestAuthenticationService.class);
    private static final String AUTHORIZATION_COOKIE = "Authorization-cookie";
    private static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String AUTHORIZATION_TYPE = "Bearer";
    private static final String AUTHORIZATION_TOKEN_PARAMETER = "authentication-token";

    @Autowired
    private LoginJWTTokenHandler loginJWTTokenHandler;

    @Autowired
    private ShortLivedJWTTokenHandler shortLivedJWTTokenHandler;

    @Autowired
    private EPersonService ePersonService;

    @Autowired
    private AuthenticationService authenticationService;

    @Autowired
    @Lazy
    private CsrfTokenRepository csrfTokenRepository;

    public void afterPropertiesSet() throws Exception {
    }

    @Override // org.dspace.app.rest.security.RestAuthenticationService
    public void addAuthenticationDataForUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, DSpaceAuthentication dSpaceAuthentication, boolean z) throws IOException {
        try {
            Context obtainContext = ContextUtil.obtainContext(httpServletRequest);
            obtainContext.setCurrentUser(this.ePersonService.findByEmail(obtainContext, dSpaceAuthentication.getName()));
            String createTokenForEPerson = this.loginJWTTokenHandler.createTokenForEPerson(obtainContext, httpServletRequest, dSpaceAuthentication.getPreviousLoginDate());
            obtainContext.commit();
            addTokenToResponse(httpServletRequest, httpServletResponse, createTokenForEPerson, Boolean.valueOf(z));
        } catch (JOSEException e) {
            log.error("JOSE Exception", e);
        } catch (SQLException e2) {
            log.error("SQL error when adding authentication", e2);
        }
    }

    @Override // org.dspace.app.rest.security.RestAuthenticationService
    public AuthenticationToken getShortLivedAuthenticationToken(Context context, HttpServletRequest httpServletRequest) {
        try {
            String createTokenForEPerson = this.shortLivedJWTTokenHandler.createTokenForEPerson(context, httpServletRequest, null);
            context.commit();
            return new AuthenticationToken(createTokenForEPerson);
        } catch (JOSEException e) {
            log.error("JOSE Exception", e);
            return null;
        } catch (SQLException e2) {
            log.error("SQL error when adding authentication", e2);
            return null;
        }
    }

    @Override // org.dspace.app.rest.security.RestAuthenticationService
    public EPerson getAuthenticatedEPerson(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Context context) {
        EPerson parseEPersonFromToken;
        try {
            String loginToken = getLoginToken(httpServletRequest, httpServletResponse);
            if (loginToken == null) {
                parseEPersonFromToken = this.shortLivedJWTTokenHandler.parseEPersonFromToken(getShortLivedToken(httpServletRequest), httpServletRequest, context);
            } else {
                parseEPersonFromToken = this.loginJWTTokenHandler.parseEPersonFromToken(loginToken, httpServletRequest, context);
            }
            return parseEPersonFromToken;
        } catch (SQLException e) {
            log.error("SQL error while retrieving EPerson from token", e);
            return null;
        } catch (ParseException e2) {
            log.error("Error parsing EPerson from token", e2);
            return null;
        } catch (JOSEException e3) {
            log.error("Jose error", e3);
            return null;
        }
    }

    @Override // org.dspace.app.rest.security.RestAuthenticationService
    public boolean hasAuthenticationData(HttpServletRequest httpServletRequest) {
        return StringUtils.isNotBlank(httpServletRequest.getHeader(AUTHORIZATION_HEADER)) || StringUtils.isNotBlank(getAuthorizationCookie(httpServletRequest)) || StringUtils.isNotBlank(httpServletRequest.getParameter(AUTHORIZATION_TOKEN_PARAMETER));
    }

    @Override // org.dspace.app.rest.security.RestAuthenticationService
    public void invalidateAuthenticationData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Context context) throws Exception {
        this.loginJWTTokenHandler.invalidateToken(getLoginToken(httpServletRequest, httpServletResponse), httpServletRequest, context);
        resetCSRFToken(httpServletRequest, httpServletResponse);
    }

    @Override // org.dspace.app.rest.security.RestAuthenticationService
    public void invalidateAuthenticationCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletResponse.addHeader("Set-Cookie", ResponseCookie.from(AUTHORIZATION_COOKIE, "").maxAge(0L).httpOnly(true).secure(true).sameSite("None").build().toString());
        resetCSRFToken(httpServletRequest, httpServletResponse);
    }

    @Override // org.dspace.app.rest.security.RestAuthenticationService
    public AuthenticationService getAuthenticationService() {
        return this.authenticationService;
    }

    @Override // org.dspace.app.rest.security.RestAuthenticationService
    public String getWwwAuthenticateHeaderValue(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Iterator authenticationMethodIterator = this.authenticationService.authenticationMethodIterator();
        Context obtainContext = ContextUtil.obtainContext(httpServletRequest);
        StringBuilder sb = new StringBuilder();
        while (authenticationMethodIterator.hasNext()) {
            AuthenticationMethod authenticationMethod = (AuthenticationMethod) authenticationMethodIterator.next();
            if (sb.length() > 0) {
                sb.append(", ");
            }
            sb.append(authenticationMethod.getName()).append(" realm=\"DSpace REST API\"");
            String loginPageURL = authenticationMethod.loginPageURL(obtainContext, httpServletRequest, httpServletResponse);
            if (StringUtils.isNotBlank(loginPageURL)) {
                sb.append(", location=\"").append(loginPageURL).append("\"");
            }
        }
        return sb.toString();
    }

    private void addTokenToResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Boolean bool) {
        if (bool.booleanValue()) {
            httpServletResponse.addHeader("Set-Cookie", ResponseCookie.from(AUTHORIZATION_COOKIE, str).httpOnly(true).secure(true).sameSite("None").build().toString());
        } else if (hasAuthorizationCookie(httpServletRequest)) {
            invalidateAuthenticationCookie(httpServletRequest, httpServletResponse);
        } else {
            resetCSRFToken(httpServletRequest, httpServletResponse);
        }
        httpServletResponse.setHeader(AUTHORIZATION_HEADER, String.format("%s %s", AUTHORIZATION_TYPE, str));
    }

    private String getLoginToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String str = null;
        String header = httpServletRequest.getHeader(AUTHORIZATION_HEADER);
        String authorizationCookie = getAuthorizationCookie(httpServletRequest);
        if (StringUtils.isNotBlank(header)) {
            str = header.replace(AUTHORIZATION_TYPE, "").trim();
        } else if (StringUtils.isNotBlank(authorizationCookie)) {
            str = authorizationCookie;
        }
        return str;
    }

    private String getShortLivedToken(HttpServletRequest httpServletRequest) {
        String str = null;
        if (StringUtils.isNotBlank(httpServletRequest.getParameter(AUTHORIZATION_TOKEN_PARAMETER))) {
            str = httpServletRequest.getParameter(AUTHORIZATION_TOKEN_PARAMETER);
        }
        return str;
    }

    private String getAuthorizationCookie(HttpServletRequest httpServletRequest) {
        String str = "";
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            int length = cookies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Cookie cookie = cookies[i];
                if (cookie.getName().equals(AUTHORIZATION_COOKIE) && StringUtils.isNotEmpty(cookie.getValue())) {
                    str = cookie.getValue();
                    break;
                }
                i++;
            }
        }
        return str;
    }

    private boolean hasAuthorizationCookie(HttpServletRequest httpServletRequest) {
        return StringUtils.isNotEmpty(getAuthorizationCookie(httpServletRequest));
    }

    private void resetCSRFToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.csrfTokenRepository.saveToken((CsrfToken) null, httpServletRequest, httpServletResponse);
        this.csrfTokenRepository.saveToken(this.csrfTokenRepository.generateToken(httpServletRequest), httpServletRequest, httpServletResponse);
    }
}
