package org.jahia.params.valves;

import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.jahia.exceptions.JahiaException;
import org.jahia.osgi.FrameworkService;
import org.jahia.params.ProcessingContext;
import org.jahia.pipelines.PipelineException;
import org.jahia.pipelines.valves.ValveContext;
import org.jahia.registries.ServicesRegistry;
import org.jahia.services.SpringContextSingleton;
import org.jahia.services.content.PublicationJob;
import org.jahia.services.content.decorator.JCRUserNode;
import org.jahia.services.content.rules.RuleJob;
import org.jahia.services.usermanager.JahiaUser;
import org.jahia.services.usermanager.JahiaUserManagerService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jahia/params/valves/SsoValve.class */
public abstract class SsoValve extends BaseAuthValve {
    private static final Logger logger = LoggerFactory.getLogger(SsoValve.class);
    private boolean fireLoginEvent = false;
    private boolean skipAuthentication = false;

    /* loaded from: input_file:org/jahia/params/valves/SsoValve$LoginEvent.class */
    public class LoginEvent extends BaseLoginEvent {
        public LoginEvent(Object obj, JahiaUser jahiaUser, AuthValveContext authValveContext) {
            super(obj, jahiaUser, authValveContext);
        }
    }

    public void setFireLoginEvent(boolean z) {
        this.fireLoginEvent = z;
    }

    public abstract Object retrieveCredentials(HttpServletRequest httpServletRequest) throws Exception;

    public abstract String validateCredentials(Object obj, HttpServletRequest httpServletRequest) throws JahiaException;

    @Override // org.jahia.pipelines.valves.Valve
    public void invoke(Object obj, ValveContext valveContext) throws PipelineException {
        if (!isEnabled()) {
            valveContext.invokeNext(obj);
            return;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("starting " + getClass().getName() + ".invoke()...");
        }
        AuthValveContext authValveContext = (AuthValveContext) obj;
        JahiaUser jahiaUser = null;
        HttpServletRequest request = authValveContext.getRequest();
        HttpSession session = request.getSession();
        if (session != null) {
            jahiaUser = (JahiaUser) session.getAttribute(ProcessingContext.SESSION_USER);
        }
        if (jahiaUser != null && !JahiaUserManagerService.isGuest(jahiaUser)) {
            if (logger.isDebugEnabled()) {
                logger.debug("user '{}' was already authenticated!", jahiaUser.getUsername());
            }
            authValveContext.getSessionFactory().setCurrentUser(jahiaUser);
            request.setAttribute(LoginEngineAuthValveImpl.VALVE_RESULT, LoginEngineAuthValveImpl.OK);
            return;
        }
        logger.debug("retrieving credentials...");
        try {
            Object retrieveCredentials = retrieveCredentials(request);
            if (retrieveCredentials == null) {
                logger.debug("no credentials found!");
                if (isSkipAuthentication()) {
                    return;
                }
                valveContext.invokeNext(obj);
                return;
            }
            if (logger.isDebugEnabled()) {
                logger.debug("credentials = {}", retrieveCredentials);
            }
            logger.debug("validating credentials...");
            try {
                String validateCredentials = validateCredentials(retrieveCredentials, request);
                if (validateCredentials == null) {
                    logger.warn("credentials were not validated!");
                    request.setAttribute(LoginEngineAuthValveImpl.VALVE_RESULT, LoginEngineAuthValveImpl.BAD_PASSWORD);
                    return;
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("uid = {}", validateCredentials);
                }
                logger.debug("checking user existence in Jahia database...");
                JCRUserNode lookupUser = ServicesRegistry.getInstance().getJahiaUserManagerService().lookupUser(validateCredentials);
                if (lookupUser == null) {
                    request.setAttribute(LoginEngineAuthValveImpl.VALVE_RESULT, LoginEngineAuthValveImpl.UNKNOWN_USER);
                    throw new PipelineException("user '" + validateCredentials + "' was authenticated but not found in database!");
                }
                if (lookupUser.isAccountLocked()) {
                    logger.warn("Login failed. Account is locked for user " + validateCredentials);
                    request.setAttribute(LoginEngineAuthValveImpl.VALVE_RESULT, LoginEngineAuthValveImpl.ACCOUNT_LOCKED);
                    return;
                }
                JahiaUser jahiaUser2 = lookupUser.getJahiaUser();
                if (session != null) {
                    request.getSession().invalidate();
                    request.getSession().setAttribute(ProcessingContext.SESSION_USER, jahiaUser2);
                }
                authValveContext.getSessionFactory().setCurrentUser(jahiaUser2);
                request.setAttribute(LoginEngineAuthValveImpl.VALVE_RESULT, LoginEngineAuthValveImpl.OK);
                if (this.fireLoginEvent) {
                    SpringContextSingleton.getInstance().publishEvent(new LoginEvent(this, jahiaUser2, authValveContext));
                    HashMap hashMap = new HashMap();
                    hashMap.put(RuleJob.JOB_USER, jahiaUser2);
                    hashMap.put("authContext", authValveContext);
                    hashMap.put(PublicationJob.SOURCE, this);
                    FrameworkService.sendEvent("org/jahia/usersgroups/login/LOGIN", hashMap, false);
                }
            } catch (Exception e) {
                throw new PipelineException("exception was thrown while validating credentials!", e);
            }
        } catch (Exception e2) {
            throw new PipelineException("exception was thrown while retrieving credentials!", e2);
        }
    }

    public abstract String getRedirectUrl(HttpServletRequest httpServletRequest) throws JahiaException;

    public boolean isSkipAuthentication() {
        return this.skipAuthentication;
    }

    public void setSkipAuthentication(boolean z) {
        this.skipAuthentication = z;
    }
}
