package org.eclipse.scout.rt.server.commons.authentication;

import java.nio.charset.StandardCharsets;
import java.security.Principal;
import javax.annotation.PostConstruct;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.eclipse.scout.rt.platform.BEANS;
import org.eclipse.scout.rt.platform.config.AbstractBooleanConfigProperty;
import org.eclipse.scout.rt.platform.config.AbstractLongConfigProperty;
import org.eclipse.scout.rt.platform.config.AbstractStringConfigProperty;
import org.eclipse.scout.rt.platform.config.CONFIG;
import org.eclipse.scout.rt.platform.exception.PlatformException;
import org.eclipse.scout.rt.platform.security.SecurityUtility;
import org.eclipse.scout.rt.platform.security.SimplePrincipal;
import org.eclipse.scout.rt.platform.util.Base64Utility;
import org.eclipse.scout.rt.shared.SharedConfigProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/scout/rt/server/commons/authentication/CookieAccessController.class */
public class CookieAccessController implements IAccessController {
    private static final Logger LOG = LoggerFactory.getLogger(CookieAccessController.class);
    private static final String SESSION_ATTRIBUTE_COOKIE_SENT = String.valueOf(CookieAccessController.class.getName()) + "#cookieSent";
    private boolean m_enabled;
    private String m_cookieName;
    private long m_maxAge;
    private byte[] m_signKey;

    /* loaded from: input_file:org/eclipse/scout/rt/server/commons/authentication/CookieAccessController$EnabledProperty.class */
    public static class EnabledProperty extends AbstractBooleanConfigProperty {
        public String getKey() {
            return "scout.auth.cookieEnabled";
        }

        public String description() {
            return String.format("Specifies if the '%s' is enabled.", CookieAccessController.class.getSimpleName());
        }

        /* renamed from: getDefaultValue, reason: merged with bridge method [inline-methods] */
        public Boolean m8getDefaultValue() {
            return false;
        }
    }

    /* loaded from: input_file:org/eclipse/scout/rt/server/commons/authentication/CookieAccessController$MaxAgeProperty.class */
    public static class MaxAgeProperty extends AbstractLongConfigProperty {
        public String getKey() {
            return "scout.auth.cookieMaxAge";
        }

        public String description() {
            return String.format("If the '%s' is enabled, specifies the maximum age in seconds for the cookie.\nA positive value indicates that the cookie will expire after that many seconds have passed.\nA negative value means that the cookie is not stored persistently and will be deleted when the Web browser exits. A zero value causes the cookie to be deleted.\nThe default value is 10 hours.", CookieAccessController.class.getSimpleName());
        }

        /* renamed from: getDefaultValue, reason: merged with bridge method [inline-methods] */
        public Long m9getDefaultValue() {
            return 36000L;
        }
    }

    /* loaded from: input_file:org/eclipse/scout/rt/server/commons/authentication/CookieAccessController$NameProperty.class */
    public static class NameProperty extends AbstractStringConfigProperty {
        public String getKey() {
            return "scout.auth.cookieName";
        }

        public String description() {
            return String.format("If the '%s' is enabled, specifies the name for the cookie.\nThe name must conform to RFC 2109. However, vendors may provide a configuration option that allows cookie names conforming to the original Netscape Cookie Specification to be accepted.\nBy default 'sso.user.id' is used as cookie name.", CookieAccessController.class.getSimpleName());
        }

        /* renamed from: getDefaultValue, reason: merged with bridge method [inline-methods] */
        public String m10getDefaultValue() {
            return "sso.user.id";
        }
    }

    @PostConstruct
    protected void init() {
        this.m_enabled = ((Boolean) CONFIG.getPropertyValue(EnabledProperty.class)).booleanValue();
        this.m_cookieName = (String) CONFIG.getPropertyValue(NameProperty.class);
        this.m_maxAge = ((Long) CONFIG.getPropertyValue(MaxAgeProperty.class)).longValue();
        this.m_signKey = (byte[]) CONFIG.getPropertyValue(SharedConfigProperties.AuthTokenPrivateKeyProperty.class);
        if (this.m_signKey == null) {
            throw new PlatformException("Missing config.properties entry used for signing auth data: '{}'", new Object[]{((SharedConfigProperties.AuthTokenPrivateKeyProperty) BEANS.get(SharedConfigProperties.AuthTokenPrivateKeyProperty.class)).getKey()});
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x0050, code lost:
    
        return false;
     */
    /* JADX WARN: Code restructure failed: missing block: B:12:0x0044, code lost:
    
        if (r0.equals("/logout") == false) goto L16;
     */
    /* JADX WARN: Code restructure failed: missing block: B:8:0x0037, code lost:
    
        if (r0.equals("/login") == false) goto L16;
     */
    /* JADX WARN: Code restructure failed: missing block: B:9:0x004a, code lost:
    
        clearPrincipalOnCookie(r7);
     */
    @Override // org.eclipse.scout.rt.server.commons.authentication.IAccessController
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean handle(javax.servlet.http.HttpServletRequest r6, javax.servlet.http.HttpServletResponse r7, javax.servlet.FilterChain r8) throws java.io.IOException, javax.servlet.ServletException {
        /*
            r5 = this;
            r0 = r5
            boolean r0 = r0.m_enabled
            if (r0 != 0) goto L9
            r0 = 0
            return r0
        L9:
            r0 = r5
            r1 = r6
            java.lang.String r0 = r0.getTarget(r1)
            r1 = r0
            r9 = r1
            int r0 = r0.hashCode()
            switch(r0) {
                case 1448719514: goto L30;
                case 1960638073: goto L3d;
                default: goto L51;
            }
        L30:
            r0 = r9
            java.lang.String r1 = "/login"
            boolean r0 = r0.equals(r1)
            if (r0 != 0) goto L4a
            goto L51
        L3d:
            r0 = r9
            java.lang.String r1 = "/logout"
            boolean r0 = r0.equals(r1)
            if (r0 != 0) goto L4a
            goto L51
        L4a:
            r0 = r5
            r1 = r7
            r0.clearPrincipalOnCookie(r1)
            r0 = 0
            return r0
        L51:
            java.lang.Class<org.eclipse.scout.rt.server.commons.authentication.ServletFilterHelper> r0 = org.eclipse.scout.rt.server.commons.authentication.ServletFilterHelper.class
            java.lang.Object r0 = org.eclipse.scout.rt.platform.BEANS.get(r0)
            org.eclipse.scout.rt.server.commons.authentication.ServletFilterHelper r0 = (org.eclipse.scout.rt.server.commons.authentication.ServletFilterHelper) r0
            r10 = r0
            r0 = r10
            r1 = r6
            java.security.Principal r0 = r0.getPrincipalOnSession(r1)
            r11 = r0
            r0 = r11
            if (r0 != 0) goto L7e
            r0 = r5
            r1 = r6
            java.security.Principal r0 = r0.loadPrincipalFromCookie(r1)
            r11 = r0
            r0 = r11
            if (r0 == 0) goto L7e
            r0 = r10
            r1 = r6
            r2 = r11
            r0.putPrincipalOnSession(r1, r2)
            r0 = 0
            return r0
        L7e:
            r0 = r11
            if (r0 == 0) goto L8d
            r0 = r5
            r1 = r6
            r2 = r7
            r3 = r11
            r0.storePrincipalToCookie(r1, r2, r3)
            r0 = 0
            return r0
        L8d:
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.scout.rt.server.commons.authentication.CookieAccessController.handle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.FilterChain):boolean");
    }

    @Override // org.eclipse.scout.rt.server.commons.authentication.IAccessController
    public void destroy() {
    }

    protected String getTarget(HttpServletRequest httpServletRequest) {
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo != null) {
            return pathInfo;
        }
        String requestURI = httpServletRequest.getRequestURI();
        return requestURI.substring(requestURI.lastIndexOf(47));
    }

    protected String signValue(String str) {
        try {
            return String.valueOf(Base64Utility.encode(SecurityUtility.createMac(this.m_signKey, str.getBytes(StandardCharsets.UTF_8)))) + ":" + str;
        } catch (Exception e) {
            throw new PlatformException("Failed signing value '{}'", new Object[]{str, e});
        }
    }

    protected String verifyValue(String str) {
        if (str == null || str.indexOf(58) <= -1) {
            return null;
        }
        String substring = str.substring(str.indexOf(58) + 1);
        if (signValue(substring).equals(str)) {
            return substring;
        }
        return null;
    }

    protected Principal loadPrincipalFromCookie(HttpServletRequest httpServletRequest) {
        String verifyValue;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null || cookies.length <= 0) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (this.m_cookieName.equals(cookie.getName()) && (verifyValue = verifyValue(cookie.getValue())) != null) {
                LOG.info("Load signed cookie '{}' for '{}'", this.m_cookieName, verifyValue);
                HttpSession session = httpServletRequest.getSession(false);
                if (session != null) {
                    session.setAttribute(SESSION_ATTRIBUTE_COOKIE_SENT, Boolean.TRUE);
                }
                return new SimplePrincipal(verifyValue);
            }
        }
        return null;
    }

    protected void storePrincipalToCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Principal principal) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || Boolean.TRUE.equals(session.getAttribute(SESSION_ATTRIBUTE_COOKIE_SENT))) {
            return;
        }
        session.setAttribute(SESSION_ATTRIBUTE_COOKIE_SENT, Boolean.TRUE);
        String signValue = signValue(principal.getName());
        LOG.info("Store signed cookie '{}' for '{}'", this.m_cookieName, principal.getName());
        Cookie cookie = new Cookie(this.m_cookieName, signValue);
        cookie.setMaxAge((int) this.m_maxAge);
        httpServletResponse.addCookie(cookie);
    }

    protected void clearPrincipalOnCookie(HttpServletResponse httpServletResponse) {
        LOG.info("Remove cookie '{}'", this.m_cookieName);
        Cookie cookie = new Cookie(this.m_cookieName, "");
        cookie.setMaxAge(0);
        httpServletResponse.addCookie(cookie);
    }
}
