package org.nuxeo.duoweb.authentication;

import com.duosecurity.DuoWeb;
import java.io.IOException;
import java.security.Principal;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Random;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.common.utils.URIUtils;
import org.nuxeo.ecm.core.api.ClientException;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
import org.nuxeo.ecm.platform.login.LoginPlugin;
import org.nuxeo.ecm.platform.login.LoginPluginDescriptor;
import org.nuxeo.ecm.platform.login.LoginPluginRegistry;
import org.nuxeo.ecm.platform.ui.web.auth.plugins.FormAuthenticator;
import org.nuxeo.ecm.platform.usermanager.NuxeoPrincipalImpl;
import org.nuxeo.ecm.platform.usermanager.UserManager;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/duoweb/authentication/DuoFactorsAuthenticator.class */
public class DuoFactorsAuthenticator extends FormAuthenticator {
    private static final Log log = LogFactory.getLog(FormAuthenticator.class);
    private static final String DUO_FACTOR_PAGE = "duofactors.jsp";
    private static final String POST_URL = "nxstartup.faces";
    private static final String SIG_REQUEST = "sig_request";
    private static final String SIG_RESPONSE = "sig_response";
    private static final String HOST_REQUEST = "host";
    private static final String POST_ACTION = "post_action";
    private static final String ONE_FACTOR_CHECK = "oneFactorCheck";
    private static final String TWO_FACTORS_CHECK = "twoFactorsCheck";
    private UserIdentificationInfo userIdent;
    private String IKEY;
    private String SKEY;
    private String AKEY;
    private String HOST;

    public Boolean handleLoginPrompt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || session.getAttribute(ONE_FACTOR_CHECK) == null || !((Boolean) session.getAttribute(ONE_FACTOR_CHECK)).booleanValue()) {
            super.handleLoginPrompt(httpServletRequest, httpServletResponse, str);
            return Boolean.TRUE;
        }
        if (((Boolean) session.getAttribute(ONE_FACTOR_CHECK)).booleanValue() && (session.getAttribute(TWO_FACTORS_CHECK) == null || !((Boolean) session.getAttribute(TWO_FACTORS_CHECK)).booleanValue())) {
            String str2 = str + DUO_FACTOR_PAGE;
            String str3 = str + POST_URL;
            HashMap hashMap = new HashMap();
            try {
                String parameter = httpServletRequest.getParameter(this.usernameKey);
                if (parameter == null) {
                    session.setAttribute(ONE_FACTOR_CHECK, Boolean.FALSE);
                    return Boolean.FALSE;
                }
                hashMap.put(SIG_REQUEST, DuoWeb.signRequest(this.IKEY, this.SKEY, this.AKEY, parameter));
                hashMap.put(HOST_REQUEST, this.HOST);
                hashMap.put(POST_ACTION, str3);
                httpServletResponse.sendRedirect(URIUtils.addParametersToURIQuery(str2, hashMap));
            } catch (IOException e) {
                log.error(e, e);
                return Boolean.FALSE;
            }
        }
        return Boolean.TRUE;
    }

    public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        if (session.getAttribute(ONE_FACTOR_CHECK) != null && ((Boolean) session.getAttribute(ONE_FACTOR_CHECK)).booleanValue()) {
            if (session.getAttribute(TWO_FACTORS_CHECK) != null && ((Boolean) session.getAttribute(TWO_FACTORS_CHECK)).booleanValue()) {
                return this.userIdent;
            }
            String verifyResponse = DuoWeb.verifyResponse(this.IKEY, this.SKEY, this.AKEY, httpServletRequest.getParameter(SIG_RESPONSE));
            session.setAttribute(TWO_FACTORS_CHECK, verifyResponse != null ? Boolean.TRUE : Boolean.FALSE);
            if (verifyResponse == null) {
                return null;
            }
            return this.userIdent;
        }
        this.userIdent = super.handleRetrieveIdentity(httpServletRequest, httpServletResponse);
        if (this.userIdent == null) {
            session.setAttribute(ONE_FACTOR_CHECK, Boolean.FALSE);
            return null;
        }
        try {
            if (validateUserIdentity() != null) {
                session.setAttribute(ONE_FACTOR_CHECK, Boolean.TRUE);
                return null;
            }
            httpServletRequest.setAttribute("org.nuxeo.ecm.login.error", "loginFailed");
            return null;
        } catch (LoginException | ClientException e) {
            log.error(e, e);
            return null;
        }
    }

    public Boolean needLoginPrompt(HttpServletRequest httpServletRequest) {
        return true;
    }

    public void initPlugin(Map<String, String> map) {
        if (map.get("IKEY") != null) {
            this.IKEY = map.get("IKEY");
        }
        if (map.get("SKEY") != null) {
            this.SKEY = map.get("SKEY");
        }
        if (map.get("AKEY") != null) {
            this.AKEY = map.get("AKEY");
        }
        if (map.get("HOST") != null) {
            this.HOST = map.get("HOST");
        }
    }

    public List<String> getUnAuthenticatedURLPrefix() {
        return null;
    }

    public Principal createIdentity(String str) throws LoginException {
        NuxeoPrincipalImpl principal;
        UserManager userManager = (UserManager) Framework.getService(UserManager.class);
        Random random = new Random(System.currentTimeMillis());
        log.debug("createIdentity: " + str);
        try {
            if (userManager == null) {
                principal = new NuxeoPrincipalImpl(str);
            } else {
                principal = userManager.getPrincipal(str);
                if (principal == null) {
                    throw new LoginException(String.format("principal %s does not exist", str));
                }
            }
            principal.setPrincipalId(String.valueOf(random.nextLong()));
            return principal;
        } catch (LoginException | ClientException e) {
            log.error("createIdentity failed", e);
            LoginException loginException = new LoginException("createIdentity failed for user " + str);
            loginException.initCause(e);
            throw loginException;
        }
    }

    protected NuxeoPrincipal validateUserIdentity() throws LoginException {
        UserManager userManager = (UserManager) Framework.getService(UserManager.class);
        LoginPluginRegistry loginPluginRegistry = (LoginPluginRegistry) Framework.getRuntime().getComponent(LoginPluginRegistry.NAME);
        String loginPluginName = this.userIdent.getLoginPluginName();
        if (loginPluginName == null) {
            if (userManager.checkUsernamePassword(this.userIdent.getUserName(), this.userIdent.getPassword())) {
                return createIdentity(this.userIdent.getUserName());
            }
            return null;
        }
        LoginPlugin plugin = loginPluginRegistry.getPlugin(loginPluginName);
        if (plugin == null) {
            log.error("Can't authenticate against a null loginModule plugin");
            return null;
        }
        LoginPluginDescriptor pluginDescriptor = loginPluginRegistry.getPluginDescriptor(loginPluginName);
        if (!pluginDescriptor.getInitialized()) {
            Map parameters = plugin.getParameters();
            if (parameters == null) {
                parameters = new HashMap();
            }
            Map loginParameters = this.userIdent.getLoginParameters();
            if (loginParameters != null) {
                parameters.putAll(loginParameters);
            }
            if (!plugin.initLoginModule().booleanValue()) {
                log.error("Unable to initialize LoginModulePlugin " + plugin.getName());
                return null;
            }
            pluginDescriptor.setInitialized(true);
        }
        String validatedUserIdentity = plugin.validatedUserIdentity(this.userIdent);
        if (validatedUserIdentity == null) {
            return null;
        }
        return createIdentity(validatedUserIdentity);
    }
}
