package org.nuxeo.ecm.platform.ui.web.auth.service;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
import org.nuxeo.ecm.platform.api.login.UserIdentificationInfoCallbackHandler;
import org.nuxeo.ecm.platform.ui.web.auth.CachableUserIdentificationInfo;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthPreFilter;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPropagator;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationSessionManager;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoCallbackHandlerFactory;
import org.nuxeo.ecm.platform.ui.web.auth.plugins.DefaultSessionManager;
import org.nuxeo.ecm.platform.web.common.session.NuxeoHttpSessionMonitor;
import org.nuxeo.ecm.platform.web.common.vh.VirtualHostHelper;
import org.nuxeo.runtime.api.login.LoginAs;
import org.nuxeo.runtime.model.ComponentContext;
import org.nuxeo.runtime.model.ComponentInstance;
import org.nuxeo.runtime.model.DefaultComponent;

/* loaded from: input_file:org/nuxeo/ecm/platform/ui/web/auth/service/PluggableAuthenticationService.class */
public class PluggableAuthenticationService extends DefaultComponent {
    public static final String NAME = "org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService";
    public static final String EP_AUTHENTICATOR = "authenticators";
    public static final String EP_SESSIONMANAGER = "sessionManager";
    public static final String EP_CHAIN = "chain";
    public static final String EP_SPECIFIC_CHAINS = "specificChains";
    public static final String EP_PROPAGATOR = "propagator";
    public static final String EP_CBFACTORY = "JbossCallbackfactory";
    public static final String EP_STARTURL = "startURL";
    public static final String EP_OPENURL = "openUrl";
    public static final String EP_PREFILTER = "preFilter";
    private static final Log log = LogFactory.getLog(PluggableAuthenticationService.class);
    private Map<String, AuthenticationPluginDescriptor> authenticatorsDescriptors;
    private Map<String, NuxeoAuthenticationPlugin> authenticators;
    private Map<String, AuthPreFilterDescriptor> preFiltersDesc;
    private List<NuxeoAuthPreFilter> preFilters;
    private Map<String, NuxeoAuthenticationSessionManager> sessionManagers;
    private NuxeoAuthenticationSessionManager defaultSessionManager;
    private NuxeoAuthenticationPropagator propagator;
    private NuxeoCallbackHandlerFactory cbhFactory;
    private List<String> authChain;
    private final Map<String, SpecificAuthChainDescriptor> specificAuthChains = new HashMap();
    private final List<OpenUrlDescriptor> openUrls = new ArrayList();
    private final List<String> startupURLs = new ArrayList();

    public void activate(ComponentContext componentContext) {
        this.authenticatorsDescriptors = new HashMap();
        this.authChain = new ArrayList();
        this.authenticators = new HashMap();
        this.sessionManagers = new HashMap();
        this.defaultSessionManager = new DefaultSessionManager();
    }

    public void deactivate(ComponentContext componentContext) {
        this.authenticatorsDescriptors = null;
        this.authenticators = null;
        this.authChain = null;
        this.sessionManagers = null;
        this.defaultSessionManager = null;
    }

    public void registerContribution(Object obj, String str, ComponentInstance componentInstance) {
        if (str.equals(EP_AUTHENTICATOR)) {
            AuthenticationPluginDescriptor authenticationPluginDescriptor = (AuthenticationPluginDescriptor) obj;
            if (this.authenticatorsDescriptors.containsKey(authenticationPluginDescriptor.getName())) {
                mergeDescriptors(authenticationPluginDescriptor);
                log.debug("merged AuthenticationPluginDescriptor: " + authenticationPluginDescriptor.getName());
            } else {
                this.authenticatorsDescriptors.put(authenticationPluginDescriptor.getName(), authenticationPluginDescriptor);
                log.debug("registered AuthenticationPluginDescriptor: " + authenticationPluginDescriptor.getName());
            }
            AuthenticationPluginDescriptor authenticationPluginDescriptor2 = this.authenticatorsDescriptors.get(authenticationPluginDescriptor.getName());
            try {
                NuxeoAuthenticationPlugin newInstance = authenticationPluginDescriptor2.getClassName().newInstance();
                newInstance.initPlugin(authenticationPluginDescriptor2.getParameters());
                this.authenticators.put(authenticationPluginDescriptor2.getName(), newInstance);
                return;
            } catch (IllegalAccessException e) {
                log.error("Unable to create AuthPlugin for : " + authenticationPluginDescriptor2.getName() + "Error : " + e.getMessage(), e);
                return;
            } catch (InstantiationException e2) {
                log.error("Unable to create AuthPlugin for : " + authenticationPluginDescriptor2.getName() + "Error : " + e2.getMessage(), e2);
                return;
            }
        }
        if (str.equals(EP_CHAIN)) {
            this.authChain.clear();
            this.authChain.addAll(((AuthenticationChainDescriptor) obj).getPluginsNames());
            return;
        }
        if (str.equals(EP_OPENURL)) {
            this.openUrls.add((OpenUrlDescriptor) obj);
            return;
        }
        if (str.equals(EP_STARTURL)) {
            this.startupURLs.addAll(((StartURLPatternDescriptor) obj).getStartURLPatterns());
            return;
        }
        if (str.equals(EP_PROPAGATOR)) {
            try {
                this.propagator = ((AuthenticationPropagatorDescriptor) obj).getClassName().newInstance();
                return;
            } catch (IllegalAccessException e3) {
                log.error("Unable to create propagator", e3);
                return;
            } catch (InstantiationException e4) {
                log.error("Unable to create propagator", e4);
                return;
            }
        }
        if (str.equals(EP_CBFACTORY)) {
            try {
                this.cbhFactory = ((CallbackHandlerFactoryDescriptor) obj).getClassName().newInstance();
                return;
            } catch (IllegalAccessException e5) {
                log.error("Unable to create callback handler factory", e5);
                return;
            } catch (InstantiationException e6) {
                log.error("Unable to create callback handler factory", e6);
                return;
            }
        }
        if (str.equals(EP_SESSIONMANAGER)) {
            SessionManagerDescriptor sessionManagerDescriptor = (SessionManagerDescriptor) obj;
            if (!sessionManagerDescriptor.enabled) {
                this.sessionManagers.remove(sessionManagerDescriptor.getName());
                return;
            }
            try {
                this.sessionManagers.put(sessionManagerDescriptor.getName(), sessionManagerDescriptor.getClassName().newInstance());
                return;
            } catch (Exception e7) {
                log.error("Unable to create session manager", e7);
                return;
            }
        }
        if (str.equals(EP_SPECIFIC_CHAINS)) {
            SpecificAuthChainDescriptor specificAuthChainDescriptor = (SpecificAuthChainDescriptor) obj;
            this.specificAuthChains.put(specificAuthChainDescriptor.name, specificAuthChainDescriptor);
        } else if (str.equals(EP_PREFILTER)) {
            AuthPreFilterDescriptor authPreFilterDescriptor = (AuthPreFilterDescriptor) obj;
            if (this.preFiltersDesc == null) {
                this.preFiltersDesc = new HashMap();
            }
            this.preFiltersDesc.put(authPreFilterDescriptor.getName(), authPreFilterDescriptor);
        }
    }

    public void unregisterContribution(Object obj, String str, ComponentInstance componentInstance) {
        if (str.equals(EP_AUTHENTICATOR)) {
            AuthenticationPluginDescriptor authenticationPluginDescriptor = (AuthenticationPluginDescriptor) obj;
            this.authenticatorsDescriptors.remove(authenticationPluginDescriptor.getName());
            log.debug("unregistered AuthenticationPlugin: " + authenticationPluginDescriptor.getName());
        }
    }

    private void mergeDescriptors(AuthenticationPluginDescriptor authenticationPluginDescriptor) {
        AuthenticationPluginDescriptor authenticationPluginDescriptor2 = this.authenticatorsDescriptors.get(authenticationPluginDescriptor.getName());
        authenticationPluginDescriptor2.setEnabled(authenticationPluginDescriptor.getEnabled());
        Map<String, String> parameters = authenticationPluginDescriptor2.getParameters();
        parameters.putAll(authenticationPluginDescriptor.getParameters());
        authenticationPluginDescriptor2.setParameters(parameters);
        if (authenticationPluginDescriptor.getLoginModulePlugin() != null && authenticationPluginDescriptor.getLoginModulePlugin().length() > 0) {
            authenticationPluginDescriptor2.setLoginModulePlugin(authenticationPluginDescriptor.getLoginModulePlugin());
        }
        authenticationPluginDescriptor2.setStateful(authenticationPluginDescriptor.getStateful());
        if (authenticationPluginDescriptor.getClassName() != null) {
            authenticationPluginDescriptor2.setClassName(authenticationPluginDescriptor.getClassName());
        }
        authenticationPluginDescriptor2.setNeedStartingURLSaving(authenticationPluginDescriptor.getNeedStartingURLSaving());
    }

    public List<String> getStartURLPatterns() {
        return this.startupURLs;
    }

    public List<String> getAuthChain() {
        return this.authChain;
    }

    public List<String> getAuthChain(HttpServletRequest httpServletRequest) {
        if (this.specificAuthChains == null || this.specificAuthChains.isEmpty()) {
            return this.authChain;
        }
        SpecificAuthChainDescriptor specificAuthChainDescriptor = this.specificAuthChains.get(getSpecificAuthChainName(httpServletRequest));
        return specificAuthChainDescriptor != null ? specificAuthChainDescriptor.computeResultingChain(this.authChain) : this.authChain;
    }

    public String getSpecificAuthChainName(HttpServletRequest httpServletRequest) {
        for (String str : this.specificAuthChains.keySet()) {
            SpecificAuthChainDescriptor specificAuthChainDescriptor = this.specificAuthChains.get(str);
            List<Pattern> urlPatterns = specificAuthChainDescriptor.getUrlPatterns();
            if (!urlPatterns.isEmpty()) {
                String requestURI = httpServletRequest.getRequestURI();
                Iterator<Pattern> it = urlPatterns.iterator();
                while (it.hasNext()) {
                    if (it.next().matcher(requestURI).matches()) {
                        return str;
                    }
                }
            }
            Map<String, Pattern> headerPatterns = specificAuthChainDescriptor.getHeaderPatterns();
            for (String str2 : headerPatterns.keySet()) {
                String header = httpServletRequest.getHeader(str2);
                if (header != null && headerPatterns.get(str2).matcher(header).matches()) {
                    return str;
                }
            }
        }
        return null;
    }

    public UserIdentificationInfoCallbackHandler getCallbackHandler(UserIdentificationInfo userIdentificationInfo) {
        return this.cbhFactory == null ? new UserIdentificationInfoCallbackHandler(userIdentificationInfo) : this.cbhFactory.createCallbackHandler(userIdentificationInfo);
    }

    public void propagateUserIdentificationInformation(CachableUserIdentificationInfo cachableUserIdentificationInfo) {
        if (this.propagator != null) {
            this.propagator.propagateUserIdentificationInformation(cachableUserIdentificationInfo);
        }
    }

    public List<NuxeoAuthenticationPlugin> getPluginChain() {
        ArrayList arrayList = new ArrayList();
        for (String str : this.authChain) {
            if (this.authenticatorsDescriptors.containsKey(str) && this.authenticatorsDescriptors.get(str).getEnabled() && this.authenticators.containsKey(str)) {
                arrayList.add(this.authenticators.get(str));
            }
        }
        return arrayList;
    }

    public NuxeoAuthenticationPlugin getPlugin(String str) {
        if (this.authenticatorsDescriptors.containsKey(str) && this.authenticatorsDescriptors.get(str).getEnabled() && this.authenticators.containsKey(str)) {
            return this.authenticators.get(str);
        }
        return null;
    }

    public AuthenticationPluginDescriptor getDescriptor(String str) {
        if (this.authenticatorsDescriptors.containsKey(str)) {
            return this.authenticatorsDescriptors.get(str);
        }
        log.error("Plugin " + str + " not registered or not created");
        return null;
    }

    public void invalidateSession(ServletRequest servletRequest) {
        if (!this.sessionManagers.isEmpty()) {
            Iterator<String> it = this.sessionManagers.keySet().iterator();
            while (it.hasNext()) {
                this.sessionManagers.get(it.next()).onBeforeSessionInvalidate(servletRequest);
            }
        }
        HttpSession session = ((HttpServletRequest) servletRequest).getSession(false);
        if (session != null) {
            session.invalidate();
        }
    }

    public HttpSession reinitSession(HttpServletRequest httpServletRequest) {
        if (!this.sessionManagers.isEmpty()) {
            Iterator<String> it = this.sessionManagers.keySet().iterator();
            while (it.hasNext()) {
                this.sessionManagers.get(it.next()).onBeforeSessionReinit(httpServletRequest);
            }
        }
        HttpSession session = httpServletRequest.getSession(true);
        if (!this.sessionManagers.isEmpty()) {
            Iterator<String> it2 = this.sessionManagers.keySet().iterator();
            while (it2.hasNext()) {
                this.sessionManagers.get(it2.next()).onAfterSessionReinit(httpServletRequest);
            }
        }
        return session;
    }

    public boolean canBypassRequest(ServletRequest servletRequest) {
        if (this.sessionManagers.isEmpty()) {
            return false;
        }
        Iterator<String> it = this.sessionManagers.keySet().iterator();
        while (it.hasNext()) {
            if (this.sessionManagers.get(it.next()).canBypassRequest(servletRequest)) {
                return true;
            }
        }
        return false;
    }

    public boolean needResetLogin(ServletRequest servletRequest) {
        if (this.sessionManagers.isEmpty()) {
            return false;
        }
        Iterator<NuxeoAuthenticationSessionManager> it = this.sessionManagers.values().iterator();
        while (it.hasNext()) {
            if (it.next().needResetLogin(servletRequest)) {
                return true;
            }
        }
        return false;
    }

    public String getBaseURL(ServletRequest servletRequest) {
        return VirtualHostHelper.getBaseURL(servletRequest);
    }

    public void onAuthenticatedSessionCreated(ServletRequest servletRequest, HttpSession httpSession, CachableUserIdentificationInfo cachableUserIdentificationInfo) {
        NuxeoHttpSessionMonitor.instance().associatedUser(httpSession, cachableUserIdentificationInfo.getPrincipal().getName());
        if (this.sessionManagers.isEmpty()) {
            return;
        }
        Iterator<String> it = this.sessionManagers.keySet().iterator();
        while (it.hasNext()) {
            this.sessionManagers.get(it.next()).onAuthenticatedSessionCreated(servletRequest, httpSession, cachableUserIdentificationInfo);
        }
    }

    public List<OpenUrlDescriptor> getOpenUrls() {
        return this.openUrls;
    }

    public synchronized void initPreFilters() {
        if (this.preFiltersDesc != null) {
            ArrayList<AuthPreFilterDescriptor> arrayList = new ArrayList();
            arrayList.addAll(this.preFiltersDesc.values());
            Collections.sort(arrayList);
            this.preFilters = new ArrayList();
            for (AuthPreFilterDescriptor authPreFilterDescriptor : arrayList) {
                try {
                    this.preFilters.add((NuxeoAuthPreFilter) authPreFilterDescriptor.getClassName().newInstance());
                } catch (Exception e) {
                    log.error("Unable to create preFilter " + authPreFilterDescriptor.getName() + " and class" + authPreFilterDescriptor.getClassName(), e);
                }
            }
        }
    }

    public List<NuxeoAuthPreFilter> getPreFilters() {
        if (this.preFilters == null || this.preFilters.isEmpty()) {
            return null;
        }
        return this.preFilters;
    }

    public <T> T getAdapter(Class<T> cls) {
        return LoginAs.class == cls ? (T) new LoginAsImpl() : (T) super.getAdapter(cls);
    }
}
