package org.iplass.mtp.impl.web.interceptors;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import org.iplass.mtp.ApplicationException;
import org.iplass.mtp.SystemException;
import org.iplass.mtp.auth.NeedTrustedAuthenticationException;
import org.iplass.mtp.auth.NoPermissionException;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.command.RequestContextWrapper;
import org.iplass.mtp.impl.auth.AuthContextHolder;
import org.iplass.mtp.impl.auth.AuthService;
import org.iplass.mtp.impl.auth.UserContext;
import org.iplass.mtp.impl.auth.authenticate.AnonymousUserContext;
import org.iplass.mtp.impl.auth.authenticate.AuthenticationProvider;
import org.iplass.mtp.impl.auth.authenticate.AutoLoginHandler;
import org.iplass.mtp.impl.auth.authenticate.AutoLoginInstruction;
import org.iplass.mtp.impl.core.ExecuteContext;
import org.iplass.mtp.impl.tenant.MetaTenantService;
import org.iplass.mtp.impl.tenant.web.MetaTenantWebInfo;
import org.iplass.mtp.impl.web.ErrorUrlSelector;
import org.iplass.mtp.impl.web.LoginUrlSelector;
import org.iplass.mtp.impl.web.WebFrontendService;
import org.iplass.mtp.impl.web.WebProcessRuntimeException;
import org.iplass.mtp.impl.web.WebRequestStack;
import org.iplass.mtp.impl.web.WebResourceBundleUtil;
import org.iplass.mtp.impl.web.WebUtil;
import org.iplass.mtp.impl.web.actionmapping.ActionMappingService;
import org.iplass.mtp.impl.web.actionmapping.MetaActionMapping;
import org.iplass.mtp.impl.web.actionmapping.WebInvocationImpl;
import org.iplass.mtp.impl.web.i18n.LangSelector;
import org.iplass.mtp.impl.web.template.MetaTemplate;
import org.iplass.mtp.impl.web.template.TemplateService;
import org.iplass.mtp.spi.Config;
import org.iplass.mtp.spi.ServiceInitListener;
import org.iplass.mtp.spi.ServiceRegistry;
import org.iplass.mtp.util.StringUtil;
import org.iplass.mtp.web.WebRequestConstants;
import org.iplass.mtp.web.actionmapping.definition.HttpMethodType;
import org.iplass.mtp.web.actionmapping.permission.ActionPermission;
import org.iplass.mtp.web.actionmapping.permission.RequestContextActionParameter;
import org.iplass.mtp.web.interceptor.RequestInterceptor;
import org.iplass.mtp.web.interceptor.RequestInvocation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/iplass/mtp/impl/web/interceptors/AuthInterceptor.class */
public class AuthInterceptor implements RequestInterceptor, ServiceInitListener<ActionMappingService> {
    private static Logger logger = LoggerFactory.getLogger(AuthInterceptor.class);
    public static final String LOGOUT_FLAG = "mtp.auth.loggedout";
    public static final String TEMPLATE_AFTER_LOGOUT = "templateAfterLogout";
    public static final String REDIRECT_PATH_AFTER_LOGOUT = "redirectPathAfterLogout";
    public static final String REDIRECT_BY_AUTH_INTERCEPTOR = "mtp.auth.redirectByAuthInterceptor";
    private static final String AUTO_LOGIN_PROCESSED_FLAG = "mtp.auth.AutoLoginProcessed";
    private ActionMappingService amService;
    private LangSelector lang = new LangSelector();
    private WebFrontendService wfService = (WebFrontendService) ServiceRegistry.getRegistry().getService(WebFrontendService.class);
    private AuthService authService = ServiceRegistry.getRegistry().getService(AuthService.class);
    private MetaTenantService metaTenantService = ServiceRegistry.getRegistry().getService(MetaTenantService.class);
    private TemplateService ts = (TemplateService) ServiceRegistry.getRegistry().getService(TemplateService.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.iplass.mtp.impl.web.interceptors.AuthInterceptor$1, reason: invalid class name */
    /* loaded from: input_file:org/iplass/mtp/impl/web/interceptors/AuthInterceptor$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$iplass$mtp$impl$auth$authenticate$AutoLoginInstruction$Instruction = new int[AutoLoginInstruction.Instruction.values().length];

        static {
            try {
                $SwitchMap$org$iplass$mtp$impl$auth$authenticate$AutoLoginInstruction$Instruction[AutoLoginInstruction.Instruction.DO_AUTH.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$iplass$mtp$impl$auth$authenticate$AutoLoginInstruction$Instruction[AutoLoginInstruction.Instruction.LOGOUT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$iplass$mtp$impl$auth$authenticate$AutoLoginInstruction$Instruction[AutoLoginInstruction.Instruction.ERROR.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$iplass$mtp$impl$auth$authenticate$AutoLoginInstruction$Instruction[AutoLoginInstruction.Instruction.THROUGH.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public void inited(ActionMappingService actionMappingService, Config config) {
        this.amService = actionMappingService;
    }

    public void destroyed() {
    }

    private AuthContextHolder getAuthContextHolder(MetaActionMapping.ActionMappingRuntime actionMappingRuntime) {
        if (!actionMappingRuntime.m86getMetaData().isPrivilaged()) {
            return AuthContextHolder.getAuthContext();
        }
        if (logger.isDebugEnabled()) {
            logger.debug("do as privilaged action:" + actionMappingRuntime.m86getMetaData().getName());
        }
        return AuthContextHolder.getAuthContext().privilegedAuthContextHolder();
    }

    private void processAutoLogin(RequestInvocation requestInvocation, AuthService authService) {
        UserContext currentSessionUserContext = authService.getCurrentSessionUserContext();
        if (currentSessionUserContext != null && !(currentSessionUserContext instanceof AnonymousUserContext)) {
            AutoLoginHandler autoLoginHandler = authService.getAuthenticationProvider().getAutoLoginHandler();
            if (autoLoginHandler != null) {
                AutoLoginInstruction handle = autoLoginHandler.handle(requestInvocation.getRequest(), true, currentSessionUserContext);
                switch (AnonymousClass1.$SwitchMap$org$iplass$mtp$impl$auth$authenticate$AutoLoginInstruction$Instruction[handle.getInstruction().ordinal()]) {
                    case 1:
                        try {
                            authService.login(handle.getCredential());
                            autoLoginHandler.handleSuccess(handle, requestInvocation.getRequest(), authService.getCurrentSessionUserContext());
                            return;
                        } catch (ApplicationException e) {
                            ApplicationException handleException = autoLoginHandler.handleException(handle, e, requestInvocation.getRequest(), true, currentSessionUserContext);
                            if (handleException instanceof ApplicationException) {
                                throw handleException;
                            }
                            if (handleException != null) {
                                throw new WebProcessRuntimeException("auto login fail. cause:" + handleException, handleException);
                            }
                            if (logger.isDebugEnabled()) {
                                logger.debug("auto login fail. cause:" + e);
                                return;
                            }
                            return;
                        }
                    case 2:
                        authService.logout();
                        return;
                    case 3:
                        authService.logout();
                        throw new ApplicationException(WebResourceBundleUtil.resourceString("auth.Login.noLogin", new Object[0]));
                    case 4:
                        return;
                    default:
                        return;
                }
            }
            return;
        }
        for (AuthenticationProvider authenticationProvider : authService.getAuthenticationProviders()) {
            AutoLoginHandler autoLoginHandler2 = authenticationProvider.getAutoLoginHandler();
            if (autoLoginHandler2 != null) {
                AutoLoginInstruction handle2 = autoLoginHandler2.handle(requestInvocation.getRequest(), false, (UserContext) null);
                switch (AnonymousClass1.$SwitchMap$org$iplass$mtp$impl$auth$authenticate$AutoLoginInstruction$Instruction[handle2.getInstruction().ordinal()]) {
                    case 1:
                        try {
                            authService.login(handle2.getCredential());
                            autoLoginHandler2.handleSuccess(handle2, requestInvocation.getRequest(), authService.getCurrentSessionUserContext());
                            return;
                        } catch (ApplicationException e2) {
                            ApplicationException handleException2 = autoLoginHandler2.handleException(handle2, e2, requestInvocation.getRequest(), false, (UserContext) null);
                            if (handleException2 instanceof ApplicationException) {
                                throw handleException2;
                            }
                            if (handleException2 != null) {
                                throw new WebProcessRuntimeException("auto login fail. cause:" + handleException2, handleException2);
                            }
                            if (logger.isDebugEnabled()) {
                                logger.debug("auto login fail. cause:" + e2);
                                break;
                            } else {
                                break;
                            }
                        }
                    case 2:
                        authService.logout();
                        return;
                    case 3:
                        authService.logout();
                        throw new ApplicationException(WebResourceBundleUtil.resourceString("auth.Login.noLogin", new Object[0]));
                }
            }
        }
    }

    @Override // org.iplass.mtp.web.interceptor.RequestInterceptor
    public void intercept(RequestInvocation requestInvocation) {
        WebInvocationImpl webInvocationImpl = (WebInvocationImpl) requestInvocation;
        ExecuteContext currentContext = ExecuteContext.getCurrentContext();
        if (currentContext.getAttribute(AUTO_LOGIN_PROCESSED_FLAG) == null) {
            try {
                currentContext.setAttribute(AUTO_LOGIN_PROCESSED_FLAG, true, false);
                processAutoLogin(webInvocationImpl, this.authService);
            } catch (ApplicationException e) {
                requestInvocation.getRequest().setAttribute(WebRequestConstants.EXCEPTION, e);
                try {
                    showLoginForm(webInvocationImpl, this.wfService);
                    return;
                } catch (ServletException | IOException e2) {
                    throw new WebProcessRuntimeException("can not forword to login form:" + e2.getMessage(), e2);
                }
            }
        }
        AuthContextHolder authContextHolder = getAuthContextHolder(webInvocationImpl.getAction());
        this.authService.doSecuredAction(authContextHolder, () -> {
            boolean checkPermission;
            this.lang.selectLangByUser(webInvocationImpl.getRequest(), ExecuteContext.getCurrentContext());
            if (webInvocationImpl.getAction().m86getMetaData().isPublicAction()) {
                checkPermission = true;
                if (logger.isDebugEnabled()) {
                    logger.debug("do as public action:" + webInvocationImpl.getAction().m86getMetaData().getName());
                }
            } else {
                checkPermission = authContextHolder.checkPermission(new ActionPermission(requestInvocation.getActionName(), new RequestContextActionParameter(requestInvocation.getRequest())));
            }
            if (!checkPermission) {
                if (webInvocationImpl.isInclude()) {
                    return null;
                }
                if (authContextHolder.getUserContext() instanceof AnonymousUserContext) {
                    try {
                        showLoginForm(webInvocationImpl, this.wfService);
                        return null;
                    } catch (ServletException e3) {
                        throw new WebProcessRuntimeException("can not forword to login form:" + e3.getMessage(), e3);
                    } catch (IOException e4) {
                        throw new WebProcessRuntimeException("can not forword to login form:" + e4.getMessage(), e4);
                    }
                }
                try {
                    showPermissionError(webInvocationImpl, this.wfService);
                    return null;
                } catch (ServletException e5) {
                    throw new WebProcessRuntimeException("can not forword to permission error page:" + e5.getMessage(), e5);
                } catch (IOException e6) {
                    throw new WebProcessRuntimeException("can not forword to permission error page:" + e6.getMessage(), e6);
                }
            }
            try {
                if (webInvocationImpl.getAction().m86getMetaData().isNeedTrustedAuthenticate() && !this.authService.checkCurrentSessionTrusted().isTrusted()) {
                    throw new NeedTrustedAuthenticationException();
                }
                requestInvocation.proceedRequest();
                return null;
            } catch (NeedTrustedAuthenticationException e7) {
                if (authContextHolder.getUserContext() instanceof AnonymousUserContext) {
                    try {
                        showLoginForm(webInvocationImpl, this.wfService);
                        return null;
                    } catch (IOException e8) {
                        throw new WebProcessRuntimeException("can not forword to login form:" + e8.getMessage(), e8);
                    } catch (ServletException e9) {
                        throw new WebProcessRuntimeException("can not forword to login form:" + e9.getMessage(), e9);
                    }
                }
                try {
                    showReAuthForm(webInvocationImpl, this.authService);
                    return null;
                } catch (IOException e10) {
                    throw new WebProcessRuntimeException("can not forword to permission error page:" + e10.getMessage(), e10);
                } catch (ServletException e11) {
                    throw new WebProcessRuntimeException("can not forword to permission error page:" + e11.getMessage(), e11);
                }
            }
        });
    }

    private void showLoginForm(WebInvocationImpl webInvocationImpl, WebFrontendService webFrontendService) throws ServletException, IOException {
        ExecuteContext currentContext = ExecuteContext.getCurrentContext();
        if (webFrontendService.isRedirectAfterLogin() && webInvocationImpl.getAction().getRequestRestriction().isAllowedMethod(HttpMethodType.GET.toString())) {
            webInvocationImpl.getRequest().setAttribute(WebRequestConstants.REDIRECT_PATH, createReRequestPath(webInvocationImpl.getRequestStack().getRequest()));
        }
        WebUtil.setCacheControlHeader(webInvocationImpl.getRequestStack(), false, -1L);
        MetaTenantWebInfo.MetaTenantWebInfoRuntime metaTenantWebInfoRuntime = (MetaTenantWebInfo.MetaTenantWebInfoRuntime) this.metaTenantService.getRuntimeByName(currentContext.getCurrentTenant().getName()).getConfigRuntime(MetaTenantWebInfo.MetaTenantWebInfoRuntime.class);
        RequestContextWrapper requestContextWrapper = new RequestContextWrapper(webInvocationImpl.getRequest(), RequestContextWrapper.Mode.SHARED);
        String loginUrlSelector = metaTenantWebInfoRuntime != null ? metaTenantWebInfoRuntime.loginUrlSelector(requestContextWrapper, webInvocationImpl.getRequestStack().getRequestPath().getTargetPath(true)) : null;
        if (StringUtil.isNotEmpty(loginUrlSelector) && this.amService.getByPathHierarchy(loginUrlSelector) == null) {
            logger.error("can not find login action:" + loginUrlSelector + ", so use default login action");
            loginUrlSelector = null;
        }
        if (StringUtil.isEmpty(loginUrlSelector)) {
            LoginUrlSelector loginUrlSelector2 = webFrontendService.getLoginUrlSelector();
            if (loginUrlSelector2 == null) {
                logger.error("LoginUrlSelector must specified on WebFrontendService");
                throw new SystemException("LoginUrlSelector must specified on WebFrontendService");
            }
            loginUrlSelector = loginUrlSelector2.getLoginActionName(requestContextWrapper, webInvocationImpl.getRequestStack().getRequestPath().getTargetPath(true));
            if (StringUtil.isEmpty(loginUrlSelector)) {
                throw new NullPointerException("LoginUrlSelector's loginActionName is null or blank");
            }
        }
        try {
            requestContextWrapper.setAttribute(REDIRECT_BY_AUTH_INTERCEPTOR, Boolean.TRUE);
            webInvocationImpl.redirectAction(loginUrlSelector, requestContextWrapper);
        } catch (Exception e) {
            logger.error("can not proceed login action:" + loginUrlSelector + ", cause:" + e, e);
            throw e;
        }
    }

    private void showReAuthForm(WebInvocationImpl webInvocationImpl, AuthService authService) throws ServletException, IOException {
        ExecuteContext currentContext = ExecuteContext.getCurrentContext();
        if (webInvocationImpl.getAction().getRequestRestriction().isAllowedMethod(HttpMethodType.GET.toString())) {
            webInvocationImpl.getRequest().setAttribute(WebRequestConstants.REDIRECT_PATH, createReRequestPath(webInvocationImpl.getRequestStack().getRequest()));
        }
        WebUtil.setCacheControlHeader(webInvocationImpl.getRequestStack(), false, -1L);
        MetaTenantWebInfo.MetaTenantWebInfoRuntime metaTenantWebInfoRuntime = (MetaTenantWebInfo.MetaTenantWebInfoRuntime) this.metaTenantService.getRuntimeByName(currentContext.getCurrentTenant().getName()).getConfigRuntime(MetaTenantWebInfo.MetaTenantWebInfoRuntime.class);
        RequestContext requestContextWrapper = new RequestContextWrapper(webInvocationImpl.getRequest(), RequestContextWrapper.Mode.SHARED);
        String reAuthUrlSelector = metaTenantWebInfoRuntime != null ? metaTenantWebInfoRuntime.reAuthUrlSelector(requestContextWrapper, webInvocationImpl.getRequestStack().getRequestPath().getTargetPath(true)) : null;
        if (StringUtil.isEmpty(reAuthUrlSelector)) {
            LoginUrlSelector loginUrlSelector = this.wfService.getLoginUrlSelector();
            if (loginUrlSelector == null) {
                logger.error("LoginUrlSelector must specified on WebFrontendService");
                throw new SystemException("LoginUrlSelector must specified on WebFrontendService");
            }
            reAuthUrlSelector = loginUrlSelector.getReAuthActionName(requestContextWrapper, webInvocationImpl.getRequestStack().getRequestPath().getTargetPath(true));
        }
        requestContextWrapper.setAttribute(REDIRECT_BY_AUTH_INTERCEPTOR, Boolean.TRUE);
        webInvocationImpl.redirectAction(reAuthUrlSelector, requestContextWrapper);
    }

    private void showPermissionError(WebInvocationImpl webInvocationImpl, WebFrontendService webFrontendService) throws ServletException, IOException {
        ExecuteContext currentContext = ExecuteContext.getCurrentContext();
        WebUtil.setCacheControlHeader(webInvocationImpl.getRequestStack(), false, -1L);
        Throwable noPermissionException = new NoPermissionException(WebResourceBundleUtil.resourceString("impl.web.interceptors.AuthInterceptor.noPermission", new Object[0]));
        webInvocationImpl.getRequest().setAttribute(WebRequestConstants.EXCEPTION, noPermissionException);
        MetaTenantWebInfo.MetaTenantWebInfoRuntime metaTenantWebInfoRuntime = (MetaTenantWebInfo.MetaTenantWebInfoRuntime) this.metaTenantService.getRuntimeByName(currentContext.getCurrentTenant().getName()).getConfigRuntime(MetaTenantWebInfo.MetaTenantWebInfoRuntime.class);
        String errorUrlSelector = metaTenantWebInfoRuntime != null ? metaTenantWebInfoRuntime.errorUrlSelector(noPermissionException, webInvocationImpl.getRequest(), webInvocationImpl.getRequestStack().getRequestPath().getTargetPath(true)) : null;
        MetaTemplate.TemplateRuntime templateRuntime = null;
        if (StringUtil.isNotEmpty(errorUrlSelector)) {
            templateRuntime = (MetaTemplate.TemplateRuntime) this.ts.getRuntimeByName(errorUrlSelector);
            if (templateRuntime == null) {
                logger.error("can not find permission error template:" + errorUrlSelector + ", so use default permission error template");
            }
        }
        if (templateRuntime == null) {
            String str = null;
            ErrorUrlSelector errorUrlSelector2 = webFrontendService.getErrorUrlSelector();
            if (errorUrlSelector2 != null) {
                str = errorUrlSelector2.getErrorTemplateName(noPermissionException, webInvocationImpl.getRequest(), webInvocationImpl.getRequestStack().getRequestPath().getTargetPath(true));
            }
            if (str != null) {
                templateRuntime = (MetaTemplate.TemplateRuntime) this.ts.getRuntimeByName(str);
            }
            if (templateRuntime == null) {
                logger.error("can not find default permission error template:" + str);
            }
        }
        if (templateRuntime == null) {
            logger.error("can not find permission error template, so throw exception.");
            throw noPermissionException;
        }
        templateRuntime.handle(webInvocationImpl.getRequestStack());
    }

    private String createReRequestPath(HttpServletRequest httpServletRequest) {
        StringBuilder createParameter = createParameter(httpServletRequest);
        if (createParameter.length() > 0) {
            createParameter.insert(0, "?");
        }
        WebRequestStack current = WebRequestStack.getCurrent();
        createParameter.insert(0, current.getRequestPath().getTargetPath());
        createParameter.insert(0, current.getRequestPath().getTenantContextPath(httpServletRequest));
        return createParameter.toString();
    }

    private StringBuilder createParameter(HttpServletRequest httpServletRequest) {
        Map parameterMap = httpServletRequest.getParameterMap();
        StringBuilder sb = new StringBuilder();
        for (Map.Entry entry : parameterMap.entrySet()) {
            String str = (String) entry.getKey();
            String[] strArr = (String[]) entry.getValue();
            int length = strArr.length;
            if (length == 1) {
                try {
                    sb.append(str).append("=").append(URLEncoder.encode(strArr[0], "UTF-8")).append("&");
                } catch (UnsupportedEncodingException e) {
                    throw new IllegalStateException(e);
                }
            } else if (length != 0) {
                for (String str2 : strArr) {
                    sb.append(str).append("=").append(URLEncoder.encode(str2, "UTF-8")).append("&");
                }
            }
        }
        return sb;
    }

    @Override // org.iplass.mtp.web.interceptor.RequestInterceptor
    public void interceptResult(RequestInvocation requestInvocation) {
        RequestContext request = requestInvocation.getRequest();
        Boolean bool = (Boolean) request.getAttribute(LOGOUT_FLAG);
        if (bool != null && bool.booleanValue()) {
            String str = (String) request.getAttribute(TEMPLATE_AFTER_LOGOUT);
            if (str != null) {
                doTemplate(str, requestInvocation);
                return;
            }
            String str2 = (String) request.getAttribute(REDIRECT_PATH_AFTER_LOGOUT);
            if (str2 != null) {
                doRedirect(str2, requestInvocation);
                return;
            }
        }
        requestInvocation.proceedResult();
    }

    private void doRedirect(String str, RequestInvocation requestInvocation) {
        if (logger.isDebugEnabled()) {
            logger.debug("after loggedout redirect URL specified, so redirect to " + str);
        }
        try {
            ((WebInvocationImpl) requestInvocation).getRequestStack().getResponse().sendRedirect(StringUtil.removeLineFeedCode(str));
        } catch (IOException e) {
            throw new WebProcessRuntimeException(e);
        }
    }

    private void doTemplate(String str, RequestInvocation requestInvocation) {
        if (logger.isDebugEnabled()) {
            logger.debug("after loggedout template specified, so do template:" + str);
        }
        MetaTemplate.TemplateRuntime runtimeByName = ((TemplateService) ServiceRegistry.getRegistry().getService(TemplateService.class)).getRuntimeByName(str);
        if (runtimeByName == null) {
            throw new WebProcessRuntimeException("after loggedout template specified, but " + str + " not defined.");
        }
        try {
            runtimeByName.handle(((WebInvocationImpl) requestInvocation).getRequestStack());
        } catch (ServletException | IOException e) {
            throw new WebProcessRuntimeException((Throwable) e);
        }
    }
}
