package org.nuxeo.ecm.platform.ui.web.auth.proxy;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.DocumentModelList;
import org.nuxeo.ecm.directory.DirectoryException;
import org.nuxeo.ecm.directory.Session;
import org.nuxeo.ecm.directory.api.DirectoryService;
import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
import org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin;
import org.nuxeo.ecm.platform.usermanager.UserManager;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/platform/ui/web/auth/proxy/ProxyAuthenticator.class */
public class ProxyAuthenticator implements NuxeoAuthenticationPlugin {
    private static final Log log = LogFactory.getLog(ProxyAuthenticator.class);
    private static final String HEADER_NAME_KEY = "ssoHeaderName";
    private static final String HEADER_NOREDIRECT_KEY = "ssoNeverRedirect";
    public static final String USERNAME_REMOVE_EXPRESSION = "usernameUnwantedPartExpression";
    protected String userIdHeaderName = "remote_user";
    protected String regexp = null;
    protected boolean noRedirect;
    public static final String HTTP_CREDENTIAL_DIRECTORY_FIELD_PROPERTY_NAME = "org.nuxeo.ecm.platform.login.mod_sso.credentialDirectoryField";
    private Pattern usernamePartRemovalPattern;

    public List<String> getUnAuthenticatedURLPrefix() {
        return null;
    }

    public Boolean handleLoginPrompt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        return false;
    }

    public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader(this.userIdHeaderName);
        if (header == null) {
            return null;
        }
        if (this.regexp != null && this.usernamePartRemovalPattern != null) {
            header = this.usernamePartRemovalPattern.matcher(header).replaceAll("");
            log.debug(String.format("userName changed from '%s' to '%s'", header, header));
        }
        String property = Framework.getRuntime().getProperty(HTTP_CREDENTIAL_DIRECTORY_FIELD_PROPERTY_NAME);
        if (property != null) {
            Session session = null;
            try {
                try {
                    String userDirectoryName = ((UserManager) Framework.getService(UserManager.class)).getUserDirectoryName();
                    Session open = ((DirectoryService) Framework.getService(DirectoryService.class)).open(userDirectoryName);
                    HashMap hashMap = new HashMap();
                    hashMap.put(property, header);
                    DocumentModelList query = open.query(hashMap);
                    if (query.isEmpty()) {
                        log.error(String.format("could not find any user with %s='%s' in directory %s", property, header, userDirectoryName));
                        if (open != null) {
                            try {
                                open.close();
                            } catch (DirectoryException e) {
                                log.error("error while closing directory session: " + e.getMessage(), e);
                            }
                        }
                        return null;
                    }
                    if (query.size() > 1) {
                        log.error(String.format("found more than one entry for  %s='%s' in directory %s", property, header, userDirectoryName));
                        if (open != null) {
                            try {
                                open.close();
                            } catch (DirectoryException e2) {
                                log.error("error while closing directory session: " + e2.getMessage(), e2);
                            }
                        }
                        return null;
                    }
                    header = ((DocumentModel) query.get(0)).getId();
                    if (open != null) {
                        try {
                            open.close();
                        } catch (DirectoryException e3) {
                            log.error("error while closing directory session: " + e3.getMessage(), e3);
                        }
                    }
                } catch (Exception e4) {
                    log.error(String.format("could not retrieve user entry with %s='%s':  %s", property, header, e4.getMessage()), e4);
                    if (0 != 0) {
                        try {
                            session.close();
                        } catch (DirectoryException e5) {
                            log.error("error while closing directory session: " + e5.getMessage(), e5);
                        }
                    }
                    return null;
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        session.close();
                    } catch (DirectoryException e6) {
                        log.error("error while closing directory session: " + e6.getMessage(), e6);
                    }
                }
                throw th;
            }
        }
        if (!this.noRedirect) {
            handleRedirectToValidStartPage(httpServletRequest, httpServletResponse);
        }
        return new UserIdentificationInfo(header, header);
    }

    protected void handleRedirectToValidStartPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean z = false;
        if (httpServletRequest.getMethod().equals("GET") || httpServletRequest.getMethod().equals("POST")) {
            z = new NuxeoAuthenticationFilter().saveRequestedURLBeforeRedirect(httpServletRequest, httpServletResponse);
        }
        HttpSession session = httpServletResponse.isCommitted() ? httpServletRequest.getSession(false) : httpServletRequest.getSession(true);
        if (session == null || z) {
            return;
        }
        session.setAttribute("Nuxeo5_Start_Page", "nxstartup.faces?loginRedirection=true");
    }

    public void initPlugin(Map<String, String> map) {
        if (map.containsKey(HEADER_NAME_KEY)) {
            this.userIdHeaderName = map.get(HEADER_NAME_KEY);
        }
        if (map.containsKey(HEADER_NOREDIRECT_KEY)) {
            this.noRedirect = Boolean.parseBoolean(map.get(HEADER_NOREDIRECT_KEY));
        }
        if (map.containsKey(USERNAME_REMOVE_EXPRESSION)) {
            this.regexp = map.get(USERNAME_REMOVE_EXPRESSION);
            log.debug(String.format("Will remove all instances of '%s' from userName string.", this.regexp));
            this.usernamePartRemovalPattern = Pattern.compile(this.regexp);
        }
    }

    public Boolean needLoginPrompt(HttpServletRequest httpServletRequest) {
        return false;
    }
}
