package org.iplass.mtp.impl.auth.authenticate.builtin.web;

import javax.servlet.http.HttpServletRequest;
import org.iplass.mtp.ApplicationException;
import org.iplass.mtp.auth.login.IdPasswordCredential;
import org.iplass.mtp.auth.login.LoginFailedException;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.impl.auth.UserContext;
import org.iplass.mtp.impl.auth.authenticate.AutoLoginHandler;
import org.iplass.mtp.impl.auth.authenticate.AutoLoginInstruction;
import org.iplass.mtp.impl.webapi.rest.RestRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/iplass/mtp/impl/auth/authenticate/builtin/web/IdPasswordAutoLoginHandler.class */
public class IdPasswordAutoLoginHandler implements AutoLoginHandler {
    private static Logger logger = LoggerFactory.getLogger(IdPasswordAutoLoginHandler.class);
    public static final String AUTH_ID_HEADER = "X-Auth-Id";
    public static final String AUTH_PASSWORD_HEADER = "X-Auth-Password";
    private boolean enableBasicAuthentication;
    private boolean rejectAmbiguousRequest;

    public boolean isRejectAmbiguousRequest() {
        return this.rejectAmbiguousRequest;
    }

    public void setRejectAmbiguousRequest(boolean z) {
        this.rejectAmbiguousRequest = z;
    }

    public boolean isEnableBasicAuthentication() {
        return this.enableBasicAuthentication;
    }

    public void setEnableBasicAuthentication(boolean z) {
        this.enableBasicAuthentication = z;
    }

    private IdPasswordCredential idPassFromHeader(RequestContext requestContext) {
        IdPasswordCredential decodeFromHeader;
        HttpServletRequest httpServletRequest = (HttpServletRequest) requestContext.getAttribute("servletRequest");
        String header = httpServletRequest.getHeader(AUTH_ID_HEADER);
        if (header != null && header.length() > 0) {
            logger.debug("handle custom header authentication");
            return new IdPasswordCredential(header, httpServletRequest.getHeader(AUTH_PASSWORD_HEADER));
        }
        if (!this.enableBasicAuthentication || (decodeFromHeader = BasicAuthUtil.decodeFromHeader(requestContext)) == null) {
            return null;
        }
        logger.debug("handle basic authentication");
        return decodeFromHeader;
    }

    public AutoLoginInstruction handle(RequestContext requestContext, boolean z, UserContext userContext) {
        IdPasswordCredential idPassFromHeader;
        if ((requestContext instanceof RestRequestContext) && (idPassFromHeader = idPassFromHeader(requestContext)) != null) {
            if (!z) {
                return new AutoLoginInstruction(idPassFromHeader);
            }
            if (!idPassFromHeader.getId().equals(userContext.getAccount().getCredential().getId())) {
                if (this.rejectAmbiguousRequest) {
                    throw new LoginFailedException("another login session is avaliable");
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("login session is avaliable, but another id/pass is specified. current id:" + userContext.getAccount().getCredential().getId() + ", request id:" + idPassFromHeader.getId());
                } else {
                    logger.warn("login session is avaliable, but another id/pass is specified.");
                }
            }
            return AutoLoginInstruction.THROUGH;
        }
        return AutoLoginInstruction.THROUGH;
    }

    public void handleSuccess(AutoLoginInstruction autoLoginInstruction, RequestContext requestContext, UserContext userContext) {
    }

    public Exception handleException(AutoLoginInstruction autoLoginInstruction, ApplicationException applicationException, RequestContext requestContext, boolean z, UserContext userContext) {
        if (isBasicAuth(requestContext)) {
            throw new WWWAuthenticateException(BasicAuthUtil.AUTH_SCHEME_BASIC, null, "Login with BASIC Authentication failed.");
        }
        throw applicationException;
    }

    private boolean isBasicAuth(RequestContext requestContext) {
        return this.enableBasicAuthentication && ((HttpServletRequest) requestContext.getAttribute("servletRequest")).getHeader(AUTH_ID_HEADER) == null;
    }
}
