package com.gentics.contentnode.rest;

import com.gentics.api.lib.etc.ObjectTransformer;
import com.gentics.api.lib.exception.NodeException;
import com.gentics.contentnode.etc.NodeSetup;
import com.gentics.contentnode.etc.NodeSetupValuePair;
import com.gentics.contentnode.factory.InvalidSessionIdException;
import com.gentics.contentnode.factory.Session;
import com.gentics.contentnode.factory.SessionToken;
import com.gentics.contentnode.factory.Transaction;
import com.gentics.contentnode.factory.TransactionException;
import com.gentics.contentnode.factory.TransactionManager;
import com.gentics.contentnode.factory.object.SystemUserFactory;
import com.gentics.contentnode.log.ActionLogger;
import com.gentics.contentnode.object.SystemUser;
import com.gentics.contentnode.perm.PermHandler;
import com.gentics.contentnode.rest.model.Reference;
import com.gentics.contentnode.rest.model.request.HashPasswordRequest;
import com.gentics.contentnode.rest.model.request.LoginRequest;
import com.gentics.contentnode.rest.model.request.LoginWithRsaRequest;
import com.gentics.contentnode.rest.model.request.MatchPasswordRequest;
import com.gentics.contentnode.rest.model.response.AuthenticationResponse;
import com.gentics.contentnode.rest.model.response.GenericResponse;
import com.gentics.contentnode.rest.model.response.HashPasswordResponse;
import com.gentics.contentnode.rest.model.response.LoginResponse;
import com.gentics.contentnode.rest.model.response.Message;
import com.gentics.contentnode.rest.model.response.ResponseCode;
import com.gentics.contentnode.rest.model.response.ResponseInfo;
import com.gentics.contentnode.rest.resource.AuthenticationResource;
import com.gentics.contentnode.rest.util.ModelBuilder;
import com.gentics.contentnode.security.AccessControl;
import com.gentics.contentnode.security.RsaTokenValidator;
import com.gentics.lib.http.CookieHelper;
import com.gentics.lib.log.NodeLogger;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;

@Path("/auth")
/* loaded from: input_file:com/gentics/contentnode/rest/AuthenticationResourceImpl.class */
public class AuthenticationResourceImpl extends AbstractContentNodeResource implements AuthenticationResource {
    protected NodeLogger logger = NodeLogger.getNodeLogger(getClass());
    protected AccessControl accessControl = new AccessControl("restapi");
    protected RsaTokenValidator rsaTokenValidator = null;

    @Override // com.gentics.contentnode.rest.AbstractContentNodeResource
    @PostConstruct
    public void initialize() {
        try {
            this.rsaTokenValidator = new RsaTokenValidator();
        } catch (NodeException e) {
            failWithGeneralError(e);
        }
        super.initialize();
    }

    @GET
    @Path("/validate/{sid}")
    public AuthenticationResponse validate(@PathParam("sid") String str) {
        AuthenticationResponse authenticationResponse = new AuthenticationResponse();
        try {
            int validateSID = validateSID(str);
            authenticationResponse.setResponseInfo(new ResponseInfo(ResponseCode.OK, "Successfully validated given SID"));
            authenticationResponse.setUser(ModelBuilder.getUser((SystemUser) this.transaction.getObject(SystemUser.class, Integer.valueOf(validateSID)), new Reference[0]));
        } catch (Exception e) {
            authenticationResponse.setResponseInfo(new ResponseInfo(ResponseCode.INVALIDDATA, "Invalid SID given"));
        }
        return authenticationResponse;
    }

    @GET
    @Produces({"text/plain; charset=UTF-8"})
    @Path("/ssologin")
    public String ssoLogin() {
        try {
            Transaction currentTransaction = TransactionManager.getCurrentTransaction();
            SessionToken sessionToken = new SessionToken(getRequest());
            Session session = new Session(sessionToken.getSessionId(), currentTransaction);
            if (!sessionToken.authenticates(session)) {
                throw new InvalidSessionIdException(ObjectTransformer.getString(Integer.valueOf(sessionToken.getSessionId()), ""));
            }
            Transaction startTransaction = getFactory().startTransaction(null, Integer.valueOf(session.getUserId()), true);
            try {
                NodeSetupValuePair keyValue = NodeSetup.getKeyValue(NodeSetup.NODESETUP_KEY.maintenancemode);
                if (!(keyValue != null && keyValue.getIntValue() > 0) || startTransaction.getPermHandler().checkPermissionBit(Integer.valueOf(PermHandler.TYPE_MAINTENCANCE), 84, 0)) {
                    startTransaction.commit();
                    TransactionManager.setCurrentTransaction(currentTransaction);
                    CookieHelper.setCookie(SessionToken.SESSION_SECRET_COOKIE_NAME, session.getSessionSecret(), "/", (Integer) null, isCookieSecure(), true, getResponse());
                    return ObjectTransformer.getString(Integer.valueOf(sessionToken.getSessionId()), "");
                }
                this.logger.info("The maintenance mode is currently enabled. Login was therefore disabled.");
                String responseCode = ResponseCode.MAINTENANCEMODE.toString();
                startTransaction.commit();
                TransactionManager.setCurrentTransaction(currentTransaction);
                return responseCode;
            } catch (Throwable th) {
                startTransaction.commit();
                TransactionManager.setCurrentTransaction(currentTransaction);
                throw th;
            }
        } catch (InvalidSessionIdException e) {
            return ResponseCode.NOTFOUND.toString();
        } catch (Exception e2) {
            return ResponseCode.FAILURE.toString();
        }
    }

    private boolean isCookieSecure() throws TransactionException {
        return TransactionManager.getCurrentTransaction().getNodeConfig().getDefaultPreferences().getFeature("secure_cookie");
    }

    @GET
    @Produces({"text/plain; charset=UTF-8"})
    @Path("/login")
    public String alternateSsoLogin() {
        return ssoLogin();
    }

    @POST
    @Path("/login")
    public LoginResponse login(LoginRequest loginRequest, @QueryParam("sid") @DefaultValue("0") String str) {
        String login = loginRequest.getLogin();
        String password = loginRequest.getPassword();
        LoginResponse loginWithRsaPasswordTokenIfValid = loginWithRsaPasswordTokenIfValid(login, password, str);
        if (loginWithRsaPasswordTokenIfValid != null && loginWithRsaPasswordTokenIfValid.getResponseInfo().getResponseCode() == ResponseCode.OK) {
            return loginWithRsaPasswordTokenIfValid;
        }
        LoginResponse loginResponse = new LoginResponse();
        try {
            SystemUser performLogin = performLogin(login, password, loginResponse, true);
            if (performLogin != null) {
                loginResponse.setSid(createUserSession(performLogin, str));
                loginResponse.setResponseInfo(new ResponseInfo(ResponseCode.OK, "Successfully performed login"));
                loginResponse.setUser(ModelBuilder.getUser(performLogin, new Reference[0]));
            }
            Transaction currentTransaction = TransactionManager.getCurrentTransaction();
            if (currentTransaction != null) {
                currentTransaction.commit(false);
            }
        } catch (NodeException e) {
            this.logger.error("Error while logging in user {" + loginRequest.getLogin() + "}", e);
            loginResponse.setResponseInfo(new ResponseInfo(ResponseCode.FAILURE, e.getLocalizedMessage()));
        }
        return loginResponse;
    }

    @POST
    @Path("/loginwithrsa")
    public LoginResponse loginWithRsa(LoginWithRsaRequest loginWithRsaRequest, @QueryParam("sid") @DefaultValue("0") String str) {
        SystemUser performLogin;
        LoginResponse loginResponse = new LoginResponse();
        String username = loginWithRsaRequest.getUsername();
        boolean z = false;
        if (username != null) {
            try {
                if (this.rsaTokenValidator != null && ((username.equals("system") || username.equals("gentics")) && this.rsaTokenValidator.validate(loginWithRsaRequest.getUsername(), loginWithRsaRequest.getSalt(), loginWithRsaRequest.getExpirationTimestamp(), loginWithRsaRequest.getRsaSignature()) && (performLogin = performLogin(username, null, loginResponse, false)) != null)) {
                    loginResponse.setSid(createUserSession(performLogin, str));
                    loginResponse.setUser(ModelBuilder.getUser(performLogin, new Reference[0]));
                    z = true;
                }
            } catch (NodeException e) {
                this.logger.error("Error while logging in user {" + loginWithRsaRequest.getUsername() + "}", e);
                loginResponse.setResponseInfo(new ResponseInfo(ResponseCode.FAILURE, e.getLocalizedMessage()));
            }
        }
        if (z) {
            loginResponse.setResponseInfo(new ResponseInfo(ResponseCode.OK, "Successfully performed login"));
        } else {
            loginResponse.setResponseInfo(new ResponseInfo(ResponseCode.NOTFOUND, "Did not find a user with the given credentials"));
        }
        Transaction currentTransaction = TransactionManager.getCurrentTransaction();
        if (currentTransaction != null) {
            currentTransaction.commit(false);
        }
        return loginResponse;
    }

    @POST
    @Path("/logout/{sid}")
    public GenericResponse logout(@PathParam("sid") String str, @QueryParam("allSessions") @DefaultValue("false") boolean z) {
        try {
            SessionToken sessionToken = new SessionToken(str, getSessionSecret());
            Session session = new Session(sessionToken.getSessionId(), this.transaction);
            if (!sessionToken.authenticates(session)) {
                return new GenericResponse((Message) null, new ResponseInfo(ResponseCode.INVALIDDATA, "Invalid SID given"));
            }
            if (z) {
                session.logoutAllSessions();
                CookieHelper.setCookie(SessionToken.SESSION_SECRET_COOKIE_NAME, "deleted", "/", 0, isCookieSecure(), true, getResponse());
            } else {
                session.logout();
            }
            return new GenericResponse((Message) null, new ResponseInfo(ResponseCode.OK, "Successfully logged out"));
        } catch (Exception e) {
            return new GenericResponse((Message) null, new ResponseInfo(ResponseCode.FAILURE, "Error while logout"));
        }
    }

    protected int validateSID(String str) throws Exception {
        SessionToken sessionToken = new SessionToken(str);
        Session session = new Session(sessionToken.getSessionId(), this.transaction);
        int userId = session.getUserId();
        if (userId <= 0 || !sessionToken.authenticates(session)) {
            throw new NodeException("SessionToken does not authenticate the session");
        }
        return userId;
    }

    @POST
    @Path("/hashpassword")
    public HashPasswordResponse hashPassword(@Context HttpServletRequest httpServletRequest, HashPasswordRequest hashPasswordRequest, @QueryParam("sid") @DefaultValue("0") int i) {
        HashPasswordResponse hashPasswordResponse = new HashPasswordResponse();
        String password = hashPasswordRequest.getPassword();
        int userId = hashPasswordRequest.getUserId();
        try {
        } catch (InvalidSessionIdException e) {
            hashPasswordResponse.setResponseInfo(new ResponseInfo(ResponseCode.FAILURE, e.getLocalizedMessage()));
        } catch (TransactionException e2) {
            this.logger.error("Error while hashing password for user ID {" + userId + "}", e2);
            hashPasswordResponse.setResponseInfo(new ResponseInfo(ResponseCode.FAILURE, "Error while hashing password"));
        }
        if (!isAuthenticatedOrIpWhiteListed(httpServletRequest, i)) {
            throw new InvalidSessionIdException(Integer.toString(i));
        }
        String hashPassword = SystemUserFactory.hashPassword(password, userId);
        hashPasswordResponse.setResponseInfo(new ResponseInfo(ResponseCode.OK, "Successfully hashed password"));
        hashPasswordResponse.setHash(hashPassword);
        return hashPasswordResponse;
    }

    @POST
    @Path("/matchpassword")
    public GenericResponse matchPassword(@Context HttpServletRequest httpServletRequest, MatchPasswordRequest matchPasswordRequest, @QueryParam("sid") @DefaultValue("0") int i) {
        GenericResponse genericResponse = new GenericResponse();
        try {
        } catch (InvalidSessionIdException e) {
            genericResponse.setResponseInfo(new ResponseInfo(ResponseCode.FAILURE, e.getLocalizedMessage()));
        } catch (TransactionException e2) {
            this.logger.error("Error while hashing password", e2);
            genericResponse.setResponseInfo(new ResponseInfo(ResponseCode.FAILURE, "Error while hashing password"));
        }
        if (!isAuthenticatedOrIpWhiteListed(httpServletRequest, i)) {
            throw new InvalidSessionIdException(Integer.toString(i));
        }
        if (SystemUserFactory.passwordMatches(matchPasswordRequest.getPassword(), matchPasswordRequest.getHash())) {
            genericResponse.setResponseInfo(new ResponseInfo(ResponseCode.OK, "Password matches"));
        } else {
            genericResponse.setResponseInfo(new ResponseInfo(ResponseCode.FAILURE, "Password does not match"));
        }
        return genericResponse;
    }

    @GET
    @Path("/globalprefix")
    public GenericResponse globalPrefix() {
        GenericResponse genericResponse = new GenericResponse();
        try {
            genericResponse.setResponseInfo(new ResponseInfo(ResponseCode.OK, NodeSetup.getKeyValue(NodeSetup.NODESETUP_KEY.globalprefix).getTextValue()));
        } catch (NodeException e) {
            genericResponse.setResponseInfo(new ResponseInfo(ResponseCode.FAILURE, "Error while getting the global prefix: "));
        }
        return genericResponse;
    }

    protected final boolean isAuthenticatedOrIpWhiteListed(HttpServletRequest httpServletRequest, int i) throws TransactionException {
        boolean z = false;
        if (httpServletRequest == null) {
            z = true;
        }
        if (!z) {
            try {
                z = this.accessControl.verifyAccess(httpServletRequest, null);
            } catch (InvalidSessionIdException e) {
                return false;
            }
        }
        if (!z && i > 0) {
            SessionToken sessionToken = new SessionToken(i, getSessionSecret());
            if (sessionToken.authenticates(new Session(sessionToken.getSessionId(), this.transaction))) {
                z = true;
            }
        }
        return z;
    }

    protected LoginResponse loginWithRsaPasswordTokenIfValid(String str, String str2, String str3) {
        if (str2 == null || !str2.startsWith("rsa-")) {
            return null;
        }
        String[] split = str2.substring(4).split("\\|");
        if (split.length != 3) {
            return null;
        }
        String str4 = split[0];
        String str5 = split[1];
        try {
            int parseInt = Integer.parseInt(split[2]);
            LoginWithRsaRequest loginWithRsaRequest = new LoginWithRsaRequest();
            loginWithRsaRequest.setUsername(str);
            loginWithRsaRequest.setRsaSignature(str4);
            loginWithRsaRequest.setSalt(str5);
            loginWithRsaRequest.setExpirationTimestamp(parseInt);
            return loginWithRsa(loginWithRsaRequest, str3);
        } catch (NumberFormatException e) {
            return null;
        }
    }

    protected SystemUser performLogin(String str, String str2, LoginResponse loginResponse, boolean z) throws NodeException {
        Transaction currentTransaction = TransactionManager.getCurrentTransaction();
        SystemUser systemUser = ((SystemUserFactory) currentTransaction.getObjectFactory(SystemUser.class)).getSystemUser(str, str2, z);
        if (systemUser == null || ((str2 != null && str2.isEmpty()) || systemUser.getUserGroups().isEmpty())) {
            loginResponse.setResponseInfo(new ResponseInfo(ResponseCode.NOTFOUND, "Did not find a user with given credentials"));
            return null;
        }
        Transaction startTransaction = getFactory().startTransaction(null, systemUser.getId(), true);
        try {
            NodeSetupValuePair keyValue = NodeSetup.getKeyValue(NodeSetup.NODESETUP_KEY.maintenancemode);
            if (!(keyValue != null && keyValue.getIntValue() > 0) || startTransaction.getPermHandler().checkPermissionBit(Integer.valueOf(PermHandler.TYPE_MAINTENCANCE), null, 0)) {
                startTransaction.commit();
                TransactionManager.setCurrentTransaction(currentTransaction);
                ActionLogger.logCmd(ActionLogger.LOGIN, 10, systemUser.getId(), Integer.valueOf(currentTransaction.getUnixTimestamp()), "restApi:auth/login");
                return systemUser;
            }
            loginResponse.setResponseInfo(new ResponseInfo(ResponseCode.MAINTENANCEMODE, "The maintenance mode is currently enabled. Login was therefore disabled."));
            startTransaction.commit();
            TransactionManager.setCurrentTransaction(currentTransaction);
            return null;
        } catch (Throwable th) {
            startTransaction.commit();
            TransactionManager.setCurrentTransaction(currentTransaction);
            throw th;
        }
    }

    protected String createUserSession(SystemUser systemUser, String str) throws NodeException {
        int i = 0;
        if (!str.isEmpty()) {
            try {
                i = Integer.parseInt(str);
            } catch (NumberFormatException e) {
                throw new NodeException("Unable to parse {" + str + "} as integer");
            }
        }
        HttpServletRequest request = getRequest();
        Session session = new Session(systemUser, request != null ? request.getRemoteAddr() : "", request != null ? request.getHeader("user-agent") : "", getSessionSecret(), i);
        HttpServletResponse response = getResponse();
        if (response == null) {
            return Integer.toString(session.getSessionId()) + session.getSessionSecret();
        }
        CookieHelper.setCookie(SessionToken.SESSION_SECRET_COOKIE_NAME, session.getSessionSecret(), "/", (Integer) null, isCookieSecure(), true, response);
        return Integer.toString(session.getSessionId());
    }

    public RsaTokenValidator getRsaTokenValidator() {
        return this.rsaTokenValidator;
    }
}
