package org.structr.web.auth;

import java.io.IOException;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.structr.cloud.CloudService;
import org.structr.common.AccessMode;
import org.structr.common.PathHelper;
import org.structr.common.SecurityContext;
import org.structr.common.error.FrameworkException;
import org.structr.core.Services;
import org.structr.core.app.StructrApp;
import org.structr.core.auth.Authenticator;
import org.structr.core.auth.exception.AuthenticationException;
import org.structr.core.auth.exception.UnauthorizedException;
import org.structr.core.entity.AbstractNode;
import org.structr.core.entity.Person;
import org.structr.core.entity.Principal;
import org.structr.core.entity.ResourceAccess;
import org.structr.core.entity.SuperUser;
import org.structr.core.property.PropertyKey;
import org.structr.rest.auth.AuthHelper;
import org.structr.rest.auth.SessionHelper;
import org.structr.web.entity.User;
import org.structr.web.resource.RegistrationResource;
import org.structr.web.servlet.HtmlServlet;

/* loaded from: input_file:org/structr/web/auth/UiAuthenticator.class */
public class UiAuthenticator implements Authenticator {
    protected boolean examined = false;
    protected static boolean userAutoCreate;
    protected static boolean userAutoLogin;
    private static Class userClass;
    public static final long FORBIDDEN = 0;
    public static final long AUTH_USER_GET = 1;
    public static final long AUTH_USER_PUT = 2;
    public static final long AUTH_USER_POST = 4;
    public static final long AUTH_USER_DELETE = 8;
    public static final long NON_AUTH_USER_GET = 16;
    public static final long NON_AUTH_USER_PUT = 32;
    public static final long NON_AUTH_USER_POST = 64;
    public static final long NON_AUTH_USER_DELETE = 128;
    public static final long AUTH_USER_OPTIONS = 256;
    public static final long NON_AUTH_USER_OPTIONS = 512;
    public static final long AUTH_USER_HEAD = 1024;
    public static final long NON_AUTH_USER_HEAD = 2048;
    private static final Logger logger = Logger.getLogger(UiAuthenticator.class.getName());
    private static final Map<String, Method> methods = new LinkedHashMap();

    /* renamed from: org.structr.web.auth.UiAuthenticator$1, reason: invalid class name */
    /* loaded from: input_file:org/structr/web/auth/UiAuthenticator$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$structr$web$auth$UiAuthenticator$Method = new int[Method.values().length];

        static {
            try {
                $SwitchMap$org$structr$web$auth$UiAuthenticator$Method[Method.GET.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$structr$web$auth$UiAuthenticator$Method[Method.PUT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$structr$web$auth$UiAuthenticator$Method[Method.POST.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$structr$web$auth$UiAuthenticator$Method[Method.DELETE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$structr$web$auth$UiAuthenticator$Method[Method.OPTIONS.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$structr$web$auth$UiAuthenticator$Method[Method.HEAD.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    /* loaded from: input_file:org/structr/web/auth/UiAuthenticator$Method.class */
    private enum Method {
        GET,
        PUT,
        POST,
        DELETE,
        HEAD,
        OPTIONS
    }

    public SecurityContext initializeAndExamineRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws FrameworkException {
        getUserClass();
        Principal checkSessionAuthentication = SessionHelper.checkSessionAuthentication(httpServletRequest);
        if (checkSessionAuthentication == null) {
            checkSessionAuthentication = checkExternalAuthentication(httpServletRequest, httpServletResponse);
        }
        if (checkSessionAuthentication == null) {
            checkSessionAuthentication = getUser(httpServletRequest, true);
        }
        SecurityContext securityContext = checkSessionAuthentication == null ? SecurityContext.getInstance(checkSessionAuthentication, httpServletRequest, AccessMode.Frontend) : checkSessionAuthentication instanceof SuperUser ? SecurityContext.getSuperUserInstance(httpServletRequest) : SecurityContext.getInstance(checkSessionAuthentication, httpServletRequest, AccessMode.Backend);
        securityContext.setAuthenticator(this);
        String header = httpServletRequest.getHeader("Origin");
        if (!StringUtils.isBlank(header)) {
            Services services = Services.getInstance();
            httpServletResponse.setHeader("Access-Control-Allow-Origin", header);
            String configurationValue = services.getConfigurationValue("access.control.max.age");
            if (StringUtils.isNotBlank(configurationValue)) {
                httpServletResponse.setHeader("Access-Control-MaxAge", configurationValue);
            }
            String configurationValue2 = services.getConfigurationValue("access.control.allow.methods");
            if (StringUtils.isNotBlank(configurationValue2)) {
                httpServletResponse.setHeader("Access-Control-Allow-Methods", configurationValue2);
            }
            String configurationValue3 = services.getConfigurationValue("access.control.allow.headers");
            if (StringUtils.isNotBlank(configurationValue3)) {
                httpServletResponse.setHeader("Access-Control-Allow-Headers", configurationValue3);
            }
            String configurationValue4 = services.getConfigurationValue("access.control.allow.credentials");
            if (StringUtils.isNotBlank(configurationValue4)) {
                httpServletResponse.setHeader("Access-Control-Allow-Credentials", configurationValue4);
            }
            String configurationValue5 = services.getConfigurationValue("access.control.expose.headers");
            if (StringUtils.isNotBlank(configurationValue5)) {
                httpServletResponse.setHeader("Access-Control-Expose-Headers", configurationValue5);
            }
        }
        this.examined = true;
        securityContext.setResponse(httpServletResponse);
        return securityContext;
    }

    public boolean hasExaminedRequest() {
        return this.examined;
    }

    public void setUserAutoCreate(boolean z) {
        userAutoCreate = z;
    }

    public void setUserAutoLogin(boolean z) {
        userAutoLogin = z;
    }

    public void checkResourceAccess(SecurityContext securityContext, HttpServletRequest httpServletRequest, String str, String str2) throws FrameworkException {
        ResourceAccess findGrant = ResourceAccess.findGrant(securityContext, str);
        Method method = methods.get(httpServletRequest.getMethod());
        Principal user = securityContext.getUser(false);
        boolean z = user != null;
        if (z && ((user instanceof SuperUser) || ((Boolean) user.getProperty(Principal.isAdmin)).booleanValue())) {
            return;
        }
        if (findGrant == null) {
            logger.log(Level.INFO, "No resource access grant found for signature {0}. (URI: {1})", new Object[]{str, securityContext.getCompoundRequestURI()});
            throw new UnauthorizedException("Forbidden");
        }
        switch (AnonymousClass1.$SwitchMap$org$structr$web$auth$UiAuthenticator$Method[method.ordinal()]) {
            case 1:
                if (!z && findGrant.hasFlag(16L)) {
                    return;
                }
                if (z && findGrant.hasFlag(1L)) {
                    return;
                }
                break;
            case 2:
                if (!z && findGrant.hasFlag(32L)) {
                    return;
                }
                if (z && findGrant.hasFlag(2L)) {
                    return;
                }
                break;
            case 3:
                if (!z && findGrant.hasFlag(64L)) {
                    return;
                }
                if (z && findGrant.hasFlag(4L)) {
                    return;
                }
                break;
            case CloudService.PROTOCOL_VERSION /* 4 */:
                if (!z && findGrant.hasFlag(128L)) {
                    return;
                }
                if (z && findGrant.hasFlag(8L)) {
                    return;
                }
                break;
            case 5:
                if (!z && findGrant.hasFlag(512L)) {
                    return;
                }
                if (z && findGrant.hasFlag(256L)) {
                    return;
                }
                break;
            case 6:
                if (!z && findGrant.hasFlag(NON_AUTH_USER_HEAD)) {
                    return;
                }
                if (z && findGrant.hasFlag(AUTH_USER_HEAD)) {
                    return;
                }
                break;
        }
        Logger logger2 = logger;
        Level level = Level.INFO;
        Object[] objArr = new Object[3];
        objArr[0] = str;
        objArr[1] = method;
        objArr[2] = z ? "authenticated users" : "public users";
        logger2.log(level, "Resource access grant found for signature {0}, but method {1} not allowed for {2}.", objArr);
        throw new UnauthorizedException("Forbidden");
    }

    public Principal doLogin(HttpServletRequest httpServletRequest, String str, String str2) throws AuthenticationException, FrameworkException {
        Principal principalForPassword = AuthHelper.getPrincipalForPassword(Person.eMail, str, str2);
        if (principalForPassword != null) {
            String configurationValue = Services.getInstance().getConfigurationValue(RegistrationResource.ALLOW_LOGIN_BEFORE_CONFIRMATION);
            if (principalForPassword.getProperty(User.confirmationKey) != null && Boolean.FALSE.equals(Boolean.valueOf(Boolean.parseBoolean(configurationValue)))) {
                logger.log(Level.WARNING, "Login as {0} not allowed before confirmation.", principalForPassword);
                throw new AuthenticationException("Wrong username or password, or user is blocked. Check caps lock. Note: Username is case sensitive!");
            }
            AuthHelper.doLogin(httpServletRequest, principalForPassword);
        }
        return principalForPassword;
    }

    public void doLogout(HttpServletRequest httpServletRequest) {
        try {
            Principal user = getUser(httpServletRequest, false);
            if (user != null) {
                AuthHelper.doLogout(httpServletRequest, user);
            }
            HttpSession session = httpServletRequest.getSession(false);
            if (session != null) {
                session.invalidate();
            }
        } catch (IllegalStateException | FrameworkException e) {
            logger.log(Level.WARNING, "Error while logging out user", (Throwable) e);
        }
    }

    protected static Principal checkExternalAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws FrameworkException {
        String clean = PathHelper.clean(httpServletRequest.getPathInfo());
        String[] parts = PathHelper.getParts(clean);
        logger.log(Level.FINE, "Checking external authentication ...");
        if (parts == null || parts.length != 3 || !"oauth".equals(parts[0])) {
            logger.log(Level.FINE, "Incorrect URI parts for OAuth process, need /oauth/<name>/<action>");
            return null;
        }
        String str = parts[1];
        String str2 = parts[2];
        StructrOAuthClient server = StructrOAuthClient.getServer(str);
        if (server == null) {
            logger.log(Level.FINE, "No OAuth2 authentication server configured for {0}", clean);
            return null;
        }
        if ("login".equals(str2)) {
            try {
                httpServletResponse.sendRedirect(server.getEndUserAuthorizationRequestUri(httpServletRequest));
                return null;
            } catch (Exception e) {
                logger.log(Level.SEVERE, "Could not send redirect to authorization server", (Throwable) e);
            }
        } else if ("auth".equals(str2)) {
            String accessToken = server.getAccessToken(httpServletRequest);
            SecurityContext superUserInstance = SecurityContext.getSuperUserInstance();
            if (accessToken != null) {
                logger.log(Level.FINE, "Got access token {0}", accessToken);
                String credential = server.getCredential(httpServletRequest);
                logger.log(Level.FINE, "Got credential value: {0}", new Object[]{credential});
                if (credential != null) {
                    PropertyKey credentialKey = server.getCredentialKey();
                    Principal principalForCredential = AuthHelper.getPrincipalForCredential(credentialKey, credential);
                    if (principalForCredential == null && userAutoCreate) {
                        principalForCredential = RegistrationResource.createUser(superUserInstance, credentialKey, credential, true, userClass);
                    }
                    if (principalForCredential != null) {
                        AuthHelper.doLogin(httpServletRequest, principalForCredential);
                        HtmlServlet.setNoCacheHeaders(httpServletResponse);
                        try {
                            logger.log(Level.FINE, "Response status: {0}", Integer.valueOf(httpServletResponse.getStatus()));
                            httpServletResponse.sendRedirect(server.getReturnUri());
                        } catch (IOException e2) {
                            logger.log(Level.SEVERE, "Could not redirect to {0}: {1}", new Object[]{server.getReturnUri(), e2});
                        }
                        return principalForCredential;
                    }
                }
            }
        }
        try {
            httpServletResponse.sendRedirect(server.getErrorUri());
            return null;
        } catch (IOException e3) {
            logger.log(Level.SEVERE, "Could not redirect to {0}: {1}", new Object[]{server.getReturnUri(), e3});
            return null;
        }
    }

    public static void writeUnauthorized(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("WWW-Authenticate", "BASIC realm=\"Restricted Access\"");
        httpServletResponse.sendError(401);
    }

    public static void writeNotFound(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendError(404);
    }

    public static void writeInternalServerError(HttpServletResponse httpServletResponse) {
        try {
            httpServletResponse.sendError(500);
        } catch (IOException e) {
        }
    }

    public boolean getUserAutoCreate() {
        return userAutoCreate;
    }

    public boolean getUserAutoLogin() {
        return userAutoLogin;
    }

    public Class getUserClass() {
        if (userClass == null) {
            String configurationValue = StructrApp.getConfigurationValue("Registration.customUserClass");
            if (StringUtils.isEmpty(configurationValue)) {
                configurationValue = User.class.getSimpleName();
            }
            userClass = StructrApp.getConfiguration().getNodeEntityClass(configurationValue);
        }
        return userClass;
    }

    public Principal getUser(HttpServletRequest httpServletRequest, boolean z) throws FrameworkException {
        HttpSession session;
        Principal principal = null;
        if (httpServletRequest.getAttribute("SESSION_IS_NEW") != null && (session = httpServletRequest.getSession(false)) != null) {
            principal = AuthHelper.getPrincipalForSessionId(session.getId());
        }
        if (principal == null) {
            String header = httpServletRequest.getHeader("X-User");
            String header2 = httpServletRequest.getHeader("X-Password");
            String header3 = httpServletRequest.getHeader("X-StructrSessionToken");
            if (header3 != null) {
                principal = AuthHelper.getPrincipalForSessionId(header3);
            } else if (header != null && header2 != null && z) {
                principal = AuthHelper.getPrincipalForPassword(AbstractNode.name, header, header2);
            }
        }
        return principal;
    }

    static {
        methods.put("GET", Method.GET);
        methods.put("PUT", Method.PUT);
        methods.put("POST", Method.POST);
        methods.put("HEAD", Method.HEAD);
        methods.put("DELETE", Method.DELETE);
        methods.put("OPTIONS", Method.OPTIONS);
    }
}
