package org.iplass.mtp.impl.webapi.interceptors;

import java.util.HashMap;
import java.util.Map;
import org.iplass.mtp.ApplicationException;
import org.iplass.mtp.auth.NeedTrustedAuthenticationException;
import org.iplass.mtp.auth.NoPermissionException;
import org.iplass.mtp.command.interceptor.CommandInterceptor;
import org.iplass.mtp.command.interceptor.CommandInvocation;
import org.iplass.mtp.impl.auth.AuthContextHolder;
import org.iplass.mtp.impl.auth.AuthService;
import org.iplass.mtp.impl.auth.UserContext;
import org.iplass.mtp.impl.auth.authenticate.AnonymousUserContext;
import org.iplass.mtp.impl.auth.authenticate.AuthenticationProvider;
import org.iplass.mtp.impl.auth.authenticate.AutoLoginHandler;
import org.iplass.mtp.impl.auth.authenticate.AutoLoginInstruction;
import org.iplass.mtp.impl.auth.authenticate.token.web.AuthorizationRequiredException;
import org.iplass.mtp.impl.core.ExecuteContext;
import org.iplass.mtp.impl.session.SessionService;
import org.iplass.mtp.impl.web.WebResourceBundleUtil;
import org.iplass.mtp.impl.web.i18n.LangSelector;
import org.iplass.mtp.impl.web.token.TokenStore;
import org.iplass.mtp.impl.webapi.MetaWebApi;
import org.iplass.mtp.impl.webapi.WebApiInvocationImpl;
import org.iplass.mtp.impl.webapi.rest.RestRequestContext;
import org.iplass.mtp.spi.ServiceRegistry;
import org.iplass.mtp.web.actionmapping.ResponseHeader;
import org.iplass.mtp.webapi.WebApiRuntimeException;
import org.iplass.mtp.webapi.definition.RequestType;
import org.iplass.mtp.webapi.permission.RequestContextWebApiParameter;
import org.iplass.mtp.webapi.permission.WebApiPermission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/iplass/mtp/impl/webapi/interceptors/AuthInterceptor.class */
public class AuthInterceptor implements CommandInterceptor {
    private static Logger logger = LoggerFactory.getLogger(AuthInterceptor.class);
    private LangSelector lang = new LangSelector();
    private AuthService authService = ServiceRegistry.getRegistry().getService(AuthService.class);
    private SessionService sessionService = ServiceRegistry.getRegistry().getService(SessionService.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.iplass.mtp.impl.webapi.interceptors.AuthInterceptor$1, reason: invalid class name */
    /* loaded from: input_file:org/iplass/mtp/impl/webapi/interceptors/AuthInterceptor$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$iplass$mtp$impl$auth$authenticate$AutoLoginInstruction$Instruction;

        static {
            try {
                $SwitchMap$org$iplass$mtp$webapi$definition$RequestType[RequestType.REST_JSON.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$iplass$mtp$webapi$definition$RequestType[RequestType.REST_XML.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $SwitchMap$org$iplass$mtp$impl$auth$authenticate$AutoLoginInstruction$Instruction = new int[AutoLoginInstruction.Instruction.values().length];
            try {
                $SwitchMap$org$iplass$mtp$impl$auth$authenticate$AutoLoginInstruction$Instruction[AutoLoginInstruction.Instruction.DO_AUTH.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$iplass$mtp$impl$auth$authenticate$AutoLoginInstruction$Instruction[AutoLoginInstruction.Instruction.LOGOUT.ordinal()] = 2;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$iplass$mtp$impl$auth$authenticate$AutoLoginInstruction$Instruction[AutoLoginInstruction.Instruction.ERROR.ordinal()] = 3;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$iplass$mtp$impl$auth$authenticate$AutoLoginInstruction$Instruction[AutoLoginInstruction.Instruction.THROUGH.ordinal()] = 4;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    private AuthContextHolder getAuthContextHolder(MetaWebApi.WebApiRuntime webApiRuntime) {
        if (!webApiRuntime.m134getMetaData().isPrivilaged()) {
            return AuthContextHolder.getAuthContext();
        }
        if (logger.isDebugEnabled()) {
            logger.debug("do as privilaged webapi:" + webApiRuntime.m134getMetaData().getName());
        }
        return AuthContextHolder.getAuthContext().privilegedAuthContextHolder();
    }

    private void processAutoLogin(WebApiInvocationImpl webApiInvocationImpl) {
        UserContext currentSessionUserContext = this.authService.getCurrentSessionUserContext();
        if (currentSessionUserContext != null && !(currentSessionUserContext instanceof AnonymousUserContext)) {
            AutoLoginHandler autoLoginHandler = this.authService.getAuthenticationProvider().getAutoLoginHandler();
            if (autoLoginHandler != null) {
                AutoLoginInstruction handle = autoLoginHandler.handle(webApiInvocationImpl.getRequest(), true, currentSessionUserContext);
                switch (AnonymousClass1.$SwitchMap$org$iplass$mtp$impl$auth$authenticate$AutoLoginInstruction$Instruction[handle.getInstruction().ordinal()]) {
                    case 1:
                        try {
                            this.authService.login(handle.getCredential());
                            autoLoginHandler.handleSuccess(handle, webApiInvocationImpl.getRequest(), this.authService.getCurrentSessionUserContext());
                            responseToken(webApiInvocationImpl);
                            return;
                        } catch (ApplicationException e) {
                            Exception handleException = autoLoginHandler.handleException(handle, e, webApiInvocationImpl.getRequest(), true, currentSessionUserContext);
                            if (handleException != null) {
                                if (!(handleException instanceof RuntimeException)) {
                                    throw new WebApiRuntimeException(handleException);
                                }
                                throw ((RuntimeException) handleException);
                            }
                            if (logger.isDebugEnabled()) {
                                logger.debug("auto login fail. cause:" + e);
                                return;
                            }
                            return;
                        }
                    case 2:
                        this.authService.logout();
                        return;
                    case 3:
                        this.authService.logout();
                        if (logger.isDebugEnabled()) {
                            logger.debug("auto login fail. AutoLoginHandler return ERROR.");
                        }
                        throw new ApplicationException(resourceString("auth.Login.noLogin", new Object[0]));
                    case 4:
                    default:
                        return;
                }
            }
            return;
        }
        for (AuthenticationProvider authenticationProvider : this.authService.getAuthenticationProviders()) {
            AutoLoginHandler autoLoginHandler2 = authenticationProvider.getAutoLoginHandler();
            if (autoLoginHandler2 != null) {
                AutoLoginInstruction handle2 = autoLoginHandler2.handle(webApiInvocationImpl.getRequest(), false, (UserContext) null);
                switch (AnonymousClass1.$SwitchMap$org$iplass$mtp$impl$auth$authenticate$AutoLoginInstruction$Instruction[handle2.getInstruction().ordinal()]) {
                    case 1:
                        try {
                            this.authService.login(handle2.getCredential());
                            autoLoginHandler2.handleSuccess(handle2, webApiInvocationImpl.getRequest(), this.authService.getCurrentSessionUserContext());
                            responseToken(webApiInvocationImpl);
                            return;
                        } catch (ApplicationException e2) {
                            Exception handleException2 = autoLoginHandler2.handleException(handle2, e2, webApiInvocationImpl.getRequest(), false, (UserContext) null);
                            if (handleException2 != null) {
                                if (!(handleException2 instanceof RuntimeException)) {
                                    throw new WebApiRuntimeException(handleException2);
                                }
                                throw ((RuntimeException) handleException2);
                            }
                            if (logger.isDebugEnabled()) {
                                logger.debug("auto login fail. cause:" + e2);
                                break;
                            } else {
                                break;
                            }
                        }
                    case 2:
                        this.authService.logout();
                        return;
                    case 3:
                        this.authService.logout();
                        if (logger.isDebugEnabled()) {
                            logger.debug("auto login fail. AutoLoginHandler return ERROR.");
                        }
                        throw new ApplicationException(resourceString("auth.Login.noLogin", new Object[0]));
                }
            }
        }
    }

    private void responseToken(WebApiInvocationImpl webApiInvocationImpl) {
        if (this.sessionService.isSessionStateless()) {
            return;
        }
        ((ResponseHeader) webApiInvocationImpl.getRequest().getAttribute("responseHeader")).setHeader(TokenStore.TOKEN_HEADER_NAME, TokenStore.getFixedToken(webApiInvocationImpl.getRequest().getSession()));
    }

    public String intercept(CommandInvocation commandInvocation) {
        WebApiInvocationImpl webApiInvocationImpl = (WebApiInvocationImpl) commandInvocation;
        processAutoLogin(webApiInvocationImpl);
        AuthContextHolder authContextHolder = getAuthContextHolder(webApiInvocationImpl.getWebApiRuntime());
        return (String) this.authService.doSecuredAction(authContextHolder, () -> {
            boolean checkPermission;
            this.lang.selectLangByUser(webApiInvocationImpl.getRequest(), ExecuteContext.getCurrentContext());
            if (webApiInvocationImpl.getWebApiRuntime().m134getMetaData().isPublicWebApi()) {
                checkPermission = true;
                if (logger.isDebugEnabled()) {
                    logger.debug("do as public webapi:" + webApiInvocationImpl.getWebApiRuntime().m134getMetaData().getName());
                }
            } else {
                checkPermission = authContextHolder.checkPermission(new WebApiPermission(webApiInvocationImpl.getWebApiRuntime().m134getMetaData().getName(), new RequestContextWebApiParameter(webApiInvocationImpl.getRequest(), additionalParam(webApiInvocationImpl))));
            }
            if (checkPermission) {
                if (!webApiInvocationImpl.getWebApiRuntime().m134getMetaData().isNeedTrustedAuthenticate() || this.authService.checkCurrentSessionTrusted().isTrusted()) {
                    return commandInvocation.proceedCommand();
                }
                throw new NeedTrustedAuthenticationException("need trusted authentication");
            }
            if ((authContextHolder.getUserContext() instanceof AnonymousUserContext) && webApiInvocationImpl.getWebApiRuntime().m134getMetaData().isSupportBearerToken()) {
                throw new AuthorizationRequiredException("Bearer", null, AuthorizationRequiredException.CODE_NONE, null);
            }
            throw new NoPermissionException(resourceString("impl.webapi.WebAPIUtil.noPermission", new Object[0]));
        });
    }

    private Map<String, Object> additionalParam(WebApiInvocationImpl webApiInvocationImpl) {
        MetaWebApi m134getMetaData = webApiInvocationImpl.getWebApiRuntime().m134getMetaData();
        RestRequestContext restRequestContext = (RestRequestContext) webApiInvocationImpl.getRequest();
        String str = null;
        switch (restRequestContext.requestType()) {
            case REST_JSON:
                str = m134getMetaData.getRestJsonParameterName();
                break;
            case REST_XML:
                str = m134getMetaData.getRestXmlParameterName();
                break;
        }
        if (str == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(str, restRequestContext.getAttribute(str));
        return hashMap;
    }

    private static String resourceString(String str, Object... objArr) {
        return WebResourceBundleUtil.resourceString(str, objArr);
    }
}
