package org.structr.web.auth;

import java.util.LinkedHashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.structr.common.AccessMode;
import org.structr.common.SecurityContext;
import org.structr.common.error.FrameworkException;
import org.structr.core.app.App;
import org.structr.core.app.StructrApp;
import org.structr.core.auth.AuthHelper;
import org.structr.core.auth.exception.AuthenticationException;
import org.structr.core.auth.exception.UnauthorizedException;
import org.structr.core.entity.AbstractNode;
import org.structr.core.entity.Person;
import org.structr.core.entity.Principal;
import org.structr.core.entity.ResourceAccess;
import org.structr.core.entity.SuperUser;

/* loaded from: input_file:org/structr/web/auth/UiAuthenticator.class */
public class UiAuthenticator extends HttpAuthenticator {
    private static final Map<String, Method> methods = new LinkedHashMap();
    private static final Logger logger = Logger.getLogger(HttpAuthenticator.class.getName());
    public static final long FORBIDDEN = 0;
    public static final long AUTH_USER_GET = 1;
    public static final long AUTH_USER_PUT = 2;
    public static final long AUTH_USER_POST = 4;
    public static final long AUTH_USER_DELETE = 8;
    public static final long NON_AUTH_USER_GET = 16;
    public static final long NON_AUTH_USER_PUT = 32;
    public static final long NON_AUTH_USER_POST = 64;
    public static final long NON_AUTH_USER_DELETE = 128;
    public static final long AUTH_USER_OPTIONS = 256;
    public static final long NON_AUTH_USER_OPTIONS = 512;

    /* loaded from: input_file:org/structr/web/auth/UiAuthenticator$Method.class */
    private enum Method {
        GET,
        PUT,
        POST,
        DELETE,
        OPTIONS
    }

    @Override // org.structr.web.auth.HttpAuthenticator
    public SecurityContext initializeAndExamineRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws FrameworkException {
        Principal checkSessionAuthentication = checkSessionAuthentication(httpServletRequest);
        if (checkSessionAuthentication == null) {
            checkSessionAuthentication = checkExternalAuthentication(httpServletRequest, httpServletResponse);
        }
        if (checkSessionAuthentication == null) {
            checkSessionAuthentication = getUser(httpServletRequest, true);
        }
        SecurityContext securityContext = checkSessionAuthentication == null ? SecurityContext.getInstance(checkSessionAuthentication, httpServletRequest, AccessMode.Frontend) : checkSessionAuthentication instanceof SuperUser ? SecurityContext.getSuperUserInstance(httpServletRequest) : SecurityContext.getInstance(checkSessionAuthentication, httpServletRequest, AccessMode.Backend);
        securityContext.setAuthenticator(this);
        String header = httpServletRequest.getHeader("Origin");
        if (!StringUtils.isBlank(header)) {
            httpServletResponse.setHeader("Access-Control-Allow-Origin", header);
            httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,PUT,POST");
            httpServletResponse.setHeader("Access-Control-Allow-Headers", "Content-Type");
        }
        this.examined = true;
        return securityContext;
    }

    @Override // org.structr.web.auth.HttpAuthenticator
    public void checkResourceAccess(HttpServletRequest httpServletRequest, String str, String str2) throws FrameworkException {
        ResourceAccess findGrant = ResourceAccess.findGrant(str);
        Method method = methods.get(httpServletRequest.getMethod());
        Principal user = getUser(httpServletRequest, true);
        boolean z = user != null;
        if (z && ((user instanceof SuperUser) || ((Boolean) user.getProperty(Principal.isAdmin)).booleanValue())) {
            return;
        }
        if (findGrant == null) {
            throw new UnauthorizedException("Forbidden");
        }
        switch (method) {
            case GET:
                if (!z && findGrant.hasFlag(16L)) {
                    return;
                }
                if (z && findGrant.hasFlag(1L)) {
                    return;
                }
                break;
            case PUT:
                if (!z && findGrant.hasFlag(32L)) {
                    return;
                }
                if (z && findGrant.hasFlag(2L)) {
                    return;
                }
                break;
            case POST:
                if (!z && findGrant.hasFlag(64L)) {
                    return;
                }
                if (z && findGrant.hasFlag(4L)) {
                    return;
                }
                break;
            case DELETE:
                if (!z && findGrant.hasFlag(128L)) {
                    return;
                }
                if (z && findGrant.hasFlag(8L)) {
                    return;
                }
                break;
            case OPTIONS:
                if (!z && findGrant.hasFlag(512L)) {
                    return;
                }
                if (z && findGrant.hasFlag(256L)) {
                    return;
                }
                break;
        }
        throw new UnauthorizedException("Forbidden");
    }

    @Override // org.structr.web.auth.HttpAuthenticator
    public Principal doLogin(HttpServletRequest httpServletRequest, String str, String str2) throws AuthenticationException {
        Principal principalForPassword = AuthHelper.getPrincipalForPassword(Person.eMail, str, str2);
        if (principalForPassword != null) {
            String requestedSessionId = httpServletRequest.getRequestedSessionId();
            App structrApp = StructrApp.getInstance();
            if (requestedSessionId != null) {
                try {
                    try {
                        structrApp.beginTx();
                        principalForPassword.setProperty(Principal.sessionId, requestedSessionId);
                        structrApp.commitTx();
                        structrApp.finishTx();
                    } catch (Exception e) {
                        logger.log(Level.SEVERE, (String) null, (Throwable) e);
                        structrApp.finishTx();
                    }
                } catch (Throwable th) {
                    structrApp.finishTx();
                    throw th;
                }
            }
        }
        return principalForPassword;
    }

    @Override // org.structr.web.auth.HttpAuthenticator
    public Principal getUser(HttpServletRequest httpServletRequest, boolean z) throws FrameworkException {
        Principal checkSessionAuthentication = checkSessionAuthentication(httpServletRequest);
        if (checkSessionAuthentication != null) {
            return checkSessionAuthentication;
        }
        String header = httpServletRequest.getHeader("X-User");
        String header2 = httpServletRequest.getHeader("X-Password");
        String header3 = httpServletRequest.getHeader("X-StructrSessionToken");
        if (header3 != null) {
            checkSessionAuthentication = AuthHelper.getPrincipalForSessionId(header3);
        } else if (header != null && header2 != null && z) {
            checkSessionAuthentication = AuthHelper.getPrincipalForPassword(AbstractNode.name, header, header2);
        }
        return checkSessionAuthentication;
    }

    static {
        methods.put("GET", Method.GET);
        methods.put("PUT", Method.PUT);
        methods.put("POST", Method.POST);
        methods.put("DELETE", Method.DELETE);
        methods.put("OPTIONS", Method.OPTIONS);
    }
}
