package org.clazzes.login.adapter.http;

import java.net.URI;
import java.security.Principal;
import java.util.List;
import java.util.Locale;
import java.util.TimeZone;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.clazzes.login.adapter.http.MFAState;
import org.clazzes.util.aop.ThreadLocalManager;
import org.clazzes.util.http.LocaleHelper;
import org.clazzes.util.http.RequestHelper;
import org.clazzes.util.http.UrlHelper;
import org.clazzes.util.http.sec.HttpLoginService;
import org.clazzes.util.sec.DomainGroup;
import org.clazzes.util.sec.DomainPasswordLoginService;
import org.clazzes.util.sec.DomainPrincipal;
import org.clazzes.util.sec.MFAPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/clazzes/login/adapter/http/DomainHttpLoginService.class */
public class DomainHttpLoginService implements HttpLoginService {
    private static final Logger log = LoggerFactory.getLogger(DomainHttpLoginService.class);
    private DomainPasswordLoginService domainPasswordLoginService;
    private MFAService mfaService;
    private String loginMechanism;
    private int sessionTimeout;
    private long failureTimeout;
    private boolean doTimeZoneDetection;
    private String sessionCookie;
    private boolean secureCookie;
    private SameSitePolicy sameSitePolicy;
    private boolean logoutAllMechanisms = true;
    private boolean doGroupsCheck;
    private int ephemeralOtpSeconds;
    private String loginUrl;
    private LoginInfoCache loginInfoCache;

    public String getLoginUrl() {
        return this.loginUrl;
    }

    private final String parseCookie(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Cookie");
        if (header == null) {
            return null;
        }
        for (String str : header.split("\\s*;\\s*")) {
            String[] split = str.split("\\s*=\\s*", 2);
            if (split.length == 2 && split[0].equals(this.sessionCookie)) {
                return split[1];
            }
        }
        return null;
    }

    private LoginInfo getLoginInfoFromCookie(HttpServletRequest httpServletRequest) {
        String parseCookie = parseCookie(httpServletRequest);
        if (parseCookie == null) {
            return null;
        }
        return this.loginInfoCache.getLoginInfo(parseCookie);
    }

    public Principal checkLogin(HttpServletRequest httpServletRequest) {
        MFAState mFAState;
        LoginInfo loginInfoFromCookie = getLoginInfoFromCookie(httpServletRequest);
        if (loginInfoFromCookie == null || (mFAState = loginInfoFromCookie.getMFAState(this.loginMechanism)) == null || mFAState.getState() != MFAState.State.AUTHENTICATED) {
            return null;
        }
        DomainPrincipal principal = mFAState.getPrincipal();
        if (principal != null) {
            loginInfoFromCookie.touch(this.sessionTimeout * 60000);
        }
        return principal;
    }

    public List<? extends Principal> checkLoginGroups(HttpServletRequest httpServletRequest) {
        MFAState mFAState;
        LoginInfo loginInfoFromCookie = getLoginInfoFromCookie(httpServletRequest);
        if (loginInfoFromCookie == null || (mFAState = loginInfoFromCookie.getMFAState(this.loginMechanism)) == null || mFAState.getState() != MFAState.State.AUTHENTICATED) {
            return null;
        }
        return mFAState.getGroups();
    }

    public MFAState checkMFALogin(HttpServletRequest httpServletRequest) {
        LoginInfo loginInfoFromCookie = getLoginInfoFromCookie(httpServletRequest);
        if (loginInfoFromCookie == null) {
            return null;
        }
        MFAState mFAState = loginInfoFromCookie.getMFAState(this.loginMechanism);
        if (mFAState != null) {
            loginInfoFromCookie.touch(this.sessionTimeout * 60000);
        }
        return mFAState;
    }

    public Locale getLocale(HttpServletRequest httpServletRequest) {
        Locale locale = null;
        LoginInfo loginInfoFromCookie = getLoginInfoFromCookie(httpServletRequest);
        if (loginInfoFromCookie != null) {
            locale = loginInfoFromCookie.getLocale();
        }
        String stringParameter = UrlHelper.getStringParameter(httpServletRequest.getQueryString(), "locale");
        if (stringParameter != null) {
            locale = LocaleHelper.localeFromXsLanguage(stringParameter);
        }
        if (locale == null) {
            locale = httpServletRequest.getLocale();
        }
        if (locale == null) {
            locale = Locale.getDefault();
        }
        return locale;
    }

    public TimeZone getTimeZone(HttpServletRequest httpServletRequest) {
        LoginInfo loginInfoFromCookie = getLoginInfoFromCookie(httpServletRequest);
        TimeZone timeZone = null;
        if (loginInfoFromCookie != null) {
            timeZone = loginInfoFromCookie.getTimeZone();
        }
        if (timeZone == null) {
            timeZone = TimeZone.getDefault();
        }
        return timeZone;
    }

    public boolean checkPermission(HttpServletRequest httpServletRequest, String str) {
        return str.equals(this.loginUrl);
    }

    public void logout(HttpServletRequest httpServletRequest) {
        String parseCookie = parseCookie(httpServletRequest);
        if (parseCookie == null) {
            return;
        }
        if (this.logoutAllMechanisms) {
            LoginInfo removeLoginInfo = this.loginInfoCache.removeLoginInfo(parseCookie);
            if (removeLoginInfo != null) {
                log.info("Logout of [{}] from all mechanisms.", removeLoginInfo.getPrincipalsInfo());
                return;
            }
            return;
        }
        LoginInfo loginInfo = this.loginInfoCache.getLoginInfo(parseCookie);
        if (loginInfo != null) {
            log.info("Logout of [{}] from mechanism [{}].", loginInfo.getPrincipalsInfo(), this.loginMechanism);
            if (loginInfo.removeMFAState(this.loginMechanism) == null) {
                log.info("User [{}] is areay logged out from mechanism [{}].", loginInfo.getPrincipalsInfo(), this.loginMechanism);
            }
        }
    }

    public String getDefaultDomain() {
        return this.domainPasswordLoginService.getDefaultDomain();
    }

    public List<String> getDomains() {
        return this.domainPasswordLoginService.getDomains();
    }

    public MFAState checkTokenOtp(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Locale locale) {
        MFAState mFAState;
        LoginInfo loginInfoFromCookie = getLoginInfoFromCookie(httpServletRequest);
        if (loginInfoFromCookie == null || (mFAState = loginInfoFromCookie.getMFAState(this.loginMechanism)) == null) {
            return null;
        }
        MFAPrincipal mfaPrincipal = mFAState.getMfaPrincipal();
        if (mfaPrincipal == null) {
            return mFAState;
        }
        log.info("Checking token OTP for user [{}]...", mFAState.getPrincipal().getName());
        boolean checkTokenOtp = this.mfaService.checkTokenOtp(str, mfaPrincipal.getKnownTokenIds());
        log.info("Check of token OTP for user [{}] returned [{}].", mFAState.getPrincipal().getName(), Boolean.valueOf(checkTokenOtp));
        if (!checkTokenOtp) {
            return mFAState;
        }
        MFAState mFAState2 = new MFAState(mFAState);
        loginInfoFromCookie.addMFAState(this.loginMechanism, mFAState2);
        return mFAState2;
    }

    public MFAState checkEphemeralOtp(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Locale locale) {
        MFAState mFAState;
        LoginInfo loginInfoFromCookie = getLoginInfoFromCookie(httpServletRequest);
        if (loginInfoFromCookie == null || (mFAState = loginInfoFromCookie.getMFAState(this.loginMechanism)) == null) {
            return null;
        }
        if (mFAState.getMfaPrincipal() == null) {
            return mFAState;
        }
        if (System.currentTimeMillis() > mFAState.getEphemeralOtpExpiry()) {
            log.error("Ephemeral OTP for user [{}] has already expired.", mFAState.getPrincipal().getName());
            return null;
        }
        log.info("Checking ephemeral OTP for user [{}]...", mFAState.getPrincipal().getName());
        boolean z = str != null && str.equals(mFAState.getEphemeralOtp());
        log.info("Check of ephemeral OTP for user [{}] returned [{}].", mFAState.getPrincipal().getName(), Boolean.valueOf(z));
        if (!z) {
            return mFAState;
        }
        MFAState mFAState2 = new MFAState(mFAState);
        loginInfoFromCookie.addMFAState(this.loginMechanism, mFAState2);
        return mFAState2;
    }

    public MFAState generateSmsToken(HttpServletRequest httpServletRequest, Locale locale) {
        MFAState mFAState;
        String str;
        LoginInfo loginInfoFromCookie = getLoginInfoFromCookie(httpServletRequest);
        if (loginInfoFromCookie == null || (mFAState = loginInfoFromCookie.getMFAState(this.loginMechanism)) == null) {
            return null;
        }
        DomainPrincipal principal = mFAState.getPrincipal();
        List<? extends Principal> groups = mFAState.getGroups();
        MFAPrincipal mfaPrincipal = mFAState.getMfaPrincipal();
        if (mfaPrincipal == null) {
            return mFAState;
        }
        try {
            URI originalRequestUri = RequestHelper.getOriginalRequestUri(httpServletRequest);
            str = originalRequestUri.getHost();
            log.info("Generating OTP for user [{}] for original URI [{}].", principal.getName(), originalRequestUri);
        } catch (Exception e) {
            log.error("Unable to determine original request URI, generating OTP for user [" + principal.getName() + "] unknown host.", e);
            str = "<unkown>";
        }
        MFAState mFAState2 = new MFAState(principal, groups, this.mfaService.generateEmphemeralOtp(locale, str, principal, mfaPrincipal), System.currentTimeMillis() + (this.ephemeralOtpSeconds * 1000));
        loginInfoFromCookie.addMFAState(this.loginMechanism, mFAState2);
        return mFAState2;
    }

    public MFAState tryLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, Locale locale, TimeZone timeZone) {
        String str4;
        if (locale != null) {
            ThreadLocalManager.bindLoginLocale(locale);
        }
        List<DomainGroup> list = null;
        try {
            if (log.isDebugEnabled()) {
                log.debug("Checking password of user [{}] with domain [{}]...", str2, str);
            }
            DomainPrincipal tryLogin = this.domainPasswordLoginService.tryLogin(str, str2, str3);
            if (tryLogin != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Successfully logged on as [{}].", tryLogin.getName());
                }
                if (isDoGroupsCheck() && (this.domainPasswordLoginService.getSupportedFeatures(str) & 16) != 0) {
                    if (log.isDebugEnabled()) {
                        log.debug("Checking groups of user [{}] with domain [{}]...", str2, str);
                    }
                    list = LegacyGroupAdapter.wrapGroups(this.domainPasswordLoginService.getGroups(str, str2));
                    if (log.isDebugEnabled()) {
                        log.debug("Successfully checked groups as [{}].", list);
                    }
                }
            }
            if (tryLogin == null) {
                log.error("Invalid initial login of user [{}] to domain [{}].", str2, str);
                return null;
            }
            String parseCookie = parseCookie(httpServletRequest);
            MFAState mFAState = new MFAState(tryLogin, list);
            MFAPrincipal mfaPrincipal = mFAState.getMfaPrincipal();
            if (mfaPrincipal != null && mfaPrincipal.getKnownTokenIds() == null) {
                try {
                    URI originalRequestUri = RequestHelper.getOriginalRequestUri(httpServletRequest);
                    str4 = originalRequestUri.getHost();
                    log.info("Generating OTP for user [{}] for original URI [{}].", tryLogin.getName(), originalRequestUri);
                } catch (Exception e) {
                    log.error("Unable to determine original request URI, generating OTP for user [" + tryLogin.getName() + "] unknown host.", e);
                    str4 = "<unkown>";
                }
                mFAState = new MFAState(tryLogin, list, this.mfaService.generateEmphemeralOtp(locale, str4, tryLogin, mfaPrincipal), System.currentTimeMillis() + (this.ephemeralOtpSeconds * 1000));
            }
            LoginInfo createLoginInfo = this.loginInfoCache.createLoginInfo(parseCookie, this.loginMechanism, mFAState, locale, timeZone, this.sessionTimeout * 60000);
            Logger logger = log;
            Object[] objArr = new Object[3];
            objArr[0] = tryLogin.getName();
            objArr[1] = locale;
            objArr[2] = timeZone == null ? null : timeZone.getID();
            logger.info("Successful login of user [{}] with locale [{}] and timezone [{}].", objArr);
            if (list != null) {
                log.info("Login groups of user [{}] are [{}].", tryLogin.getName(), list);
            }
            if (!createLoginInfo.getSessionId().equals(parseCookie)) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append(this.sessionCookie);
                stringBuffer.append("=");
                stringBuffer.append(createLoginInfo.getSessionId());
                stringBuffer.append("; Path=/; ");
                if (this.sameSitePolicy != null) {
                    stringBuffer.append("SameSite=");
                    stringBuffer.append(this.sameSitePolicy);
                    stringBuffer.append("; ");
                }
                if (this.secureCookie) {
                    stringBuffer.append("Secure; ");
                }
                stringBuffer.append("HttpOnly");
                httpServletResponse.setHeader("Set-Cookie", stringBuffer.toString());
            }
            return mFAState;
        } finally {
            if (locale != null) {
                ThreadLocalManager.unbindLoginLocale();
            }
        }
    }

    public boolean mayReveiceEphemeralOtp(MFAState mFAState) {
        return this.mfaService.mayReceiveEphemeralOtp(mFAState.getPrincipal(), mFAState.getMfaPrincipal());
    }

    public DomainPasswordLoginService getDomainPasswordLoginService() {
        return this.domainPasswordLoginService;
    }

    public void setDomainPasswordLoginService(DomainPasswordLoginService domainPasswordLoginService) {
        this.domainPasswordLoginService = domainPasswordLoginService;
    }

    public LoginInfoCache getLoginInfoCache() {
        return this.loginInfoCache;
    }

    public void setLoginInfoCache(LoginInfoCache loginInfoCache) {
        this.loginInfoCache = loginInfoCache;
    }

    public void setMfaService(MFAService mFAService) {
        this.mfaService = mFAService;
    }

    public String getLoginMechanism() {
        return this.loginMechanism;
    }

    public void setLoginMechanism(String str) {
        this.loginMechanism = str;
        this.loginUrl = "/http-login/" + this.loginMechanism + "/login";
    }

    public synchronized boolean isLogoutAllMechanisms() {
        return this.logoutAllMechanisms;
    }

    public synchronized void setLogoutAllMechanisms(boolean z) {
        this.logoutAllMechanisms = z;
    }

    public static Logger getLog() {
        return log;
    }

    public synchronized void setSessionTimeout(int i) {
        this.sessionTimeout = i;
    }

    public synchronized int getSessionTimeout() {
        return this.sessionTimeout;
    }

    public synchronized long getFailureTimeout() {
        return this.failureTimeout;
    }

    public synchronized void setFailureTimeout(long j) {
        this.failureTimeout = j;
    }

    public synchronized boolean isDoTimeZoneDetection() {
        return this.doTimeZoneDetection;
    }

    public synchronized void setDoTimeZoneDetection(boolean z) {
        this.doTimeZoneDetection = z;
    }

    public synchronized boolean isDoGroupsCheck() {
        return this.doGroupsCheck;
    }

    public synchronized void setDoGroupsCheck(boolean z) {
        this.doGroupsCheck = z;
    }

    public synchronized void setSessionCookie(String str) {
        this.sessionCookie = str;
    }

    public synchronized void setSecureCookie(boolean z) {
        this.secureCookie = z;
    }

    public synchronized void setSameSitePolicy(SameSitePolicy sameSitePolicy) {
        this.sameSitePolicy = sameSitePolicy;
    }

    public synchronized void setEphemeralOtpSeconds(int i) {
        this.ephemeralOtpSeconds = i;
    }
}
