package org.structr.web.auth;

import java.io.IOException;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.structr.common.AccessMode;
import org.structr.common.PathHelper;
import org.structr.common.SecurityContext;
import org.structr.common.error.FrameworkException;
import org.structr.core.auth.AuthHelper;
import org.structr.core.auth.Authenticator;
import org.structr.core.auth.exception.AuthenticationException;
import org.structr.core.auth.exception.UnauthorizedException;
import org.structr.core.entity.AbstractNode;
import org.structr.core.entity.Person;
import org.structr.core.entity.Principal;
import org.structr.core.entity.ResourceAccess;
import org.structr.core.entity.SuperUser;
import org.structr.core.property.PropertyKey;
import org.structr.web.resource.RegistrationResource;
import org.structr.web.servlet.HtmlServlet;

/* loaded from: input_file:org/structr/web/auth/UiAuthenticator.class */
public class UiAuthenticator implements Authenticator {
    protected boolean examined = false;
    protected static boolean userAutoCreate;
    protected static boolean userAutoLogin;
    protected static Class userClass;
    public static final long FORBIDDEN = 0;
    public static final long AUTH_USER_GET = 1;
    public static final long AUTH_USER_PUT = 2;
    public static final long AUTH_USER_POST = 4;
    public static final long AUTH_USER_DELETE = 8;
    public static final long NON_AUTH_USER_GET = 16;
    public static final long NON_AUTH_USER_PUT = 32;
    public static final long NON_AUTH_USER_POST = 64;
    public static final long NON_AUTH_USER_DELETE = 128;
    public static final long AUTH_USER_OPTIONS = 256;
    public static final long NON_AUTH_USER_OPTIONS = 512;
    private static final Logger logger = Logger.getLogger(UiAuthenticator.class.getName());
    private static final Map<String, Method> methods = new LinkedHashMap();

    /* loaded from: input_file:org/structr/web/auth/UiAuthenticator$Method.class */
    private enum Method {
        GET,
        PUT,
        POST,
        DELETE,
        OPTIONS
    }

    public SecurityContext initializeAndExamineRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws FrameworkException {
        Principal checkSessionAuthentication = checkSessionAuthentication(httpServletRequest);
        if (checkSessionAuthentication == null) {
            checkSessionAuthentication = checkExternalAuthentication(httpServletRequest, httpServletResponse);
        }
        if (checkSessionAuthentication == null) {
            checkSessionAuthentication = getUser(httpServletRequest, true);
        }
        SecurityContext securityContext = checkSessionAuthentication == null ? SecurityContext.getInstance(checkSessionAuthentication, httpServletRequest, AccessMode.Frontend) : checkSessionAuthentication instanceof SuperUser ? SecurityContext.getSuperUserInstance(httpServletRequest) : SecurityContext.getInstance(checkSessionAuthentication, httpServletRequest, AccessMode.Backend);
        securityContext.setAuthenticator(this);
        String header = httpServletRequest.getHeader("Origin");
        if (!StringUtils.isBlank(header)) {
            httpServletResponse.setHeader("Access-Control-Allow-Origin", header);
            httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,PUT,POST");
            httpServletResponse.setHeader("Access-Control-Allow-Headers", "Content-Type");
        }
        this.examined = true;
        return securityContext;
    }

    public boolean hasExaminedRequest() {
        return this.examined;
    }

    public void setUserAutoCreate(boolean z, Class cls) {
        userAutoCreate = z;
        userClass = cls;
    }

    public void setUserAutoLogin(boolean z, Class cls) {
        userAutoLogin = z;
        userClass = cls;
    }

    public void checkResourceAccess(HttpServletRequest httpServletRequest, String str, String str2) throws FrameworkException {
        ResourceAccess findGrant = ResourceAccess.findGrant(str);
        Method method = methods.get(httpServletRequest.getMethod());
        Principal user = getUser(httpServletRequest, true);
        boolean z = user != null;
        if (z && ((user instanceof SuperUser) || ((Boolean) user.getProperty(Principal.isAdmin)).booleanValue())) {
            return;
        }
        if (findGrant == null) {
            throw new UnauthorizedException("Forbidden");
        }
        switch (method) {
            case GET:
                if (!z && findGrant.hasFlag(16L)) {
                    return;
                }
                if (z && findGrant.hasFlag(1L)) {
                    return;
                }
                break;
            case PUT:
                if (!z && findGrant.hasFlag(32L)) {
                    return;
                }
                if (z && findGrant.hasFlag(2L)) {
                    return;
                }
                break;
            case POST:
                if (!z && findGrant.hasFlag(64L)) {
                    return;
                }
                if (z && findGrant.hasFlag(4L)) {
                    return;
                }
                break;
            case DELETE:
                if (!z && findGrant.hasFlag(128L)) {
                    return;
                }
                if (z && findGrant.hasFlag(8L)) {
                    return;
                }
                break;
            case OPTIONS:
                if (!z && findGrant.hasFlag(512L)) {
                    return;
                }
                if (z && findGrant.hasFlag(256L)) {
                    return;
                }
                break;
        }
        throw new UnauthorizedException("Forbidden");
    }

    public Principal doLogin(HttpServletRequest httpServletRequest, String str, String str2) throws AuthenticationException {
        Principal principalForPassword = AuthHelper.getPrincipalForPassword(Person.eMail, str, str2);
        if (principalForPassword != null) {
            String str3 = null;
            try {
                str3 = httpServletRequest.getRequestedSessionId();
            } catch (UnsupportedOperationException e) {
            }
            if (str3 != null) {
                AuthHelper.clearSession(str3);
                principalForPassword.addSessionId(str3);
            }
        }
        return principalForPassword;
    }

    public void doLogout(HttpServletRequest httpServletRequest) {
        String requestedSessionId;
        try {
            Principal user = getUser(httpServletRequest, false);
            if (user != null && (requestedSessionId = httpServletRequest.getRequestedSessionId()) != null) {
                AuthHelper.clearSession(requestedSessionId);
                user.removeSessionId(requestedSessionId);
            }
            HttpSession session = httpServletRequest.getSession(false);
            if (session != null) {
                session.invalidate();
            }
            httpServletRequest.logout();
        } catch (ServletException | FrameworkException e) {
            logger.log(Level.WARNING, "Error while logging out user", e);
        }
    }

    protected static Principal checkExternalAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String clean = PathHelper.clean(httpServletRequest.getPathInfo());
        String[] parts = PathHelper.getParts(clean);
        logger.log(Level.FINE, "Checking external authentication ...");
        if (parts == null || parts.length != 3 || !"oauth".equals(parts[0])) {
            logger.log(Level.FINE, "Incorrect URI parts for OAuth process, need /oauth/<name>/<action>");
            return null;
        }
        String str = parts[1];
        String str2 = parts[2];
        StructrOAuthClient server = StructrOAuthClient.getServer(str);
        if (server == null) {
            logger.log(Level.FINE, "No OAuth2 authentication server configured for {0}", clean);
            return null;
        }
        if ("login".equals(str2)) {
            try {
                httpServletResponse.sendRedirect(server.getEndUserAuthorizationRequestUri(httpServletRequest));
                return null;
            } catch (Exception e) {
                logger.log(Level.SEVERE, "Could not send redirect to authorization server", (Throwable) e);
            }
        } else if ("auth".equals(str2)) {
            String accessToken = server.getAccessToken(httpServletRequest);
            SecurityContext superUserInstance = SecurityContext.getSuperUserInstance();
            if (accessToken != null) {
                logger.log(Level.FINE, "Got access token {0}", accessToken);
                String credential = server.getCredential(httpServletRequest);
                logger.log(Level.FINE, "Got credential value: {0}", new Object[]{credential});
                if (credential != null) {
                    PropertyKey credentialKey = server.getCredentialKey();
                    Principal principalForCredential = AuthHelper.getPrincipalForCredential(credentialKey, credential);
                    if (principalForCredential == null && userAutoCreate) {
                        principalForCredential = RegistrationResource.createUser(superUserInstance, credentialKey, credential, true, userClass);
                    }
                    if (principalForCredential != null) {
                        String sessionId = getSessionId(httpServletRequest);
                        AuthHelper.clearSession(sessionId);
                        principalForCredential.addSessionId(sessionId);
                        HtmlServlet.setNoCacheHeaders(httpServletResponse);
                        try {
                            logger.log(Level.FINE, "Response status: {0}", Integer.valueOf(httpServletResponse.getStatus()));
                            httpServletResponse.sendRedirect(server.getReturnUri());
                        } catch (IOException e2) {
                            logger.log(Level.SEVERE, "Could not redirect to {0}: {1}", new Object[]{server.getReturnUri(), e2});
                        }
                        return principalForCredential;
                    }
                }
            }
        }
        try {
            httpServletResponse.sendRedirect(server.getErrorUri());
            return null;
        } catch (IOException e3) {
            logger.log(Level.SEVERE, "Could not redirect to {0}: {1}", new Object[]{server.getReturnUri(), e3});
            return null;
        }
    }

    protected static Principal checkSessionAuthentication(HttpServletRequest httpServletRequest) {
        String requestedSessionId = httpServletRequest.getRequestedSessionId();
        if (requestedSessionId == null) {
            httpServletRequest.getSession(true);
            return null;
        }
        Principal principalForSessionId = AuthHelper.getPrincipalForSessionId(requestedSessionId);
        if (principalForSessionId != null) {
            return principalForSessionId;
        }
        return null;
    }

    public static void writeUnauthorized(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("WWW-Authenticate", "BASIC realm=\"Restricted Access\"");
        httpServletResponse.sendError(401);
    }

    public static void writeNotFound(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendError(404);
    }

    public static void writeInternalServerError(HttpServletResponse httpServletResponse) {
        try {
            httpServletResponse.sendError(500);
        } catch (IOException e) {
        }
    }

    private static String getSessionId(HttpServletRequest httpServletRequest) {
        String requestedSessionId = httpServletRequest.getRequestedSessionId();
        if (requestedSessionId != null) {
            return requestedSessionId;
        }
        HttpSession session = httpServletRequest.getSession(true);
        logger.log(Level.INFO, "Created new HTTP session: {0}", session.toString());
        return session.getId();
    }

    public boolean getUserAutoCreate() {
        return userAutoCreate;
    }

    public boolean getUserAutoLogin() {
        return userAutoLogin;
    }

    public Class getUserClass() {
        return userClass;
    }

    public Principal getUser(HttpServletRequest httpServletRequest, boolean z) throws FrameworkException {
        Principal checkSessionAuthentication = checkSessionAuthentication(httpServletRequest);
        if (checkSessionAuthentication == null) {
            String header = httpServletRequest.getHeader("X-User");
            String header2 = httpServletRequest.getHeader("X-Password");
            String header3 = httpServletRequest.getHeader("X-StructrSessionToken");
            if (header3 != null) {
                checkSessionAuthentication = AuthHelper.getPrincipalForSessionId(header3);
            } else if (header != null && header2 != null && z) {
                checkSessionAuthentication = AuthHelper.getPrincipalForPassword(AbstractNode.name, header, header2);
            }
        }
        return checkSessionAuthentication;
    }

    static {
        methods.put("GET", Method.GET);
        methods.put("PUT", Method.PUT);
        methods.put("POST", Method.POST);
        methods.put("DELETE", Method.DELETE);
        methods.put("OPTIONS", Method.OPTIONS);
    }
}
