package com.gentics.contentnode.auth.filter;

import com.gentics.api.contentnode.auth.filter.SsoUserCreatedCallback;
import com.gentics.api.lib.etc.ObjectTransformer;
import com.gentics.api.lib.exception.NodeException;
import com.gentics.api.lib.exception.ParserException;
import com.gentics.api.lib.expressionparser.EvaluableExpression;
import com.gentics.api.lib.expressionparser.ExpressionParser;
import com.gentics.api.lib.expressionparser.ExpressionQueryRequest;
import com.gentics.api.lib.resolving.PropertyResolver;
import com.gentics.contentnode.factory.ContentNodeFactory;
import com.gentics.contentnode.factory.InvalidSessionIdException;
import com.gentics.contentnode.factory.Session;
import com.gentics.contentnode.factory.SessionToken;
import com.gentics.contentnode.factory.Transaction;
import com.gentics.contentnode.factory.TransactionManager;
import com.gentics.contentnode.factory.Trx;
import com.gentics.contentnode.factory.object.SystemUserFactory;
import com.gentics.contentnode.object.SystemUser;
import com.gentics.contentnode.object.UserGroup;
import com.gentics.contentnode.rest.model.User;
import com.gentics.contentnode.tools.update.Config;
import com.gentics.lib.base.MapResolver;
import com.gentics.lib.etc.StringUtils;
import com.gentics.lib.log.NodeLogger;
import de.jkeylockmanager.manager.KeyLockManager;
import de.jkeylockmanager.manager.KeyLockManagers;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.collections.EnumerationUtils;
import org.apache.commons.collections.iterators.IteratorEnumeration;

/* loaded from: input_file:com/gentics/contentnode/auth/filter/AbstractSSOFilter.class */
public abstract class AbstractSSOFilter implements Filter {
    public static final String INIT_GROUPS_PARAM = "initGroups";
    public static final String INIT_GROUPS_SYNC = "syncGroups";
    public static final String INIT_CALLBACK = "userCreatedCallback";
    protected EvaluableExpression initGroupsExpression;
    protected SsoUserCreatedCallback userCreatedCallback;
    protected static Boolean syncGroups = false;
    private static final KeyLockManager ssoLock = KeyLockManagers.newLock();
    protected NodeLogger logger = NodeLogger.getNodeLogger(getClass());
    protected Pattern groupNodeRestrictionPattern = Pattern.compile("([0-9]+)\\|([0-9\\~]+)");

    /* loaded from: input_file:com/gentics/contentnode/auth/filter/AbstractSSOFilter$AuthenticatedHttpServletRequestWrapper.class */
    public static class AuthenticatedHttpServletRequestWrapper extends HttpServletRequestWrapper {
        protected Vector<Cookie> cookies;
        protected Map<String, String[]> parameterMap;

        public AuthenticatedHttpServletRequestWrapper(HttpServletRequest httpServletRequest, Session session) {
            super(httpServletRequest);
            this.cookies = new Vector<>();
            Cookie[] cookies = httpServletRequest.getCookies();
            if (cookies != null) {
                for (Cookie cookie : cookies) {
                    if (!SessionToken.SESSION_SECRET_COOKIE_NAME.equals(cookie.getName())) {
                        this.cookies.add(cookie);
                    }
                }
            }
            Cookie cookie2 = new Cookie(SessionToken.SESSION_SECRET_COOKIE_NAME, session.getSessionSecret());
            cookie2.setPath("/");
            this.cookies.add(cookie2);
            this.parameterMap = new HashMap(httpServletRequest.getParameterMap().size() + 1);
            Iterator it = EnumerationUtils.toList(httpServletRequest.getParameterNames()).iterator();
            while (it.hasNext()) {
                String string = ObjectTransformer.getString(it.next(), (String) null);
                this.parameterMap.put(string, httpServletRequest.getParameterValues(string));
            }
            this.parameterMap.put(SessionToken.SESSION_ID_QUERY_PARAM_NAME, new String[]{ObjectTransformer.getString(Integer.valueOf(session.getSessionId()), (String) null)});
        }

        public Cookie[] getCookies() {
            return (Cookie[]) this.cookies.toArray(new Cookie[this.cookies.size()]);
        }

        public Map<?, ?> getParameterMap() {
            return this.parameterMap;
        }

        public String getParameter(String str) {
            String[] parameterValues = getParameterValues(str);
            if (parameterValues == null || parameterValues.length <= 0) {
                return null;
            }
            return parameterValues[0];
        }

        public Enumeration<?> getParameterNames() {
            return new IteratorEnumeration(this.parameterMap.keySet().iterator());
        }

        public String[] getParameterValues(String str) {
            return this.parameterMap.get(str);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String string = ObjectTransformer.getString(filterConfig.getInitParameter(INIT_GROUPS_PARAM), getDefaultInitGroupExpression());
        if (StringUtils.isEmpty(string)) {
            throw new ServletException("init-param initGroups is empty or missing");
        }
        try {
            this.initGroupsExpression = ExpressionParser.getInstance().parse(string);
            syncGroups = Boolean.valueOf(ObjectTransformer.getBoolean(filterConfig.getInitParameter(INIT_GROUPS_SYNC), false));
            String string2 = ObjectTransformer.getString(filterConfig.getInitParameter(INIT_CALLBACK), "");
            if (string2.isEmpty()) {
                return;
            }
            try {
                Class<?> cls = Class.forName(string2, true, AbstractSSOFilter.class.getClassLoader());
                if (!SsoUserCreatedCallback.class.isAssignableFrom(cls)) {
                    throw new ServletException("Specified callback class " + string2 + " is not an implementation of " + SsoUserCreatedCallback.class.getSimpleName());
                }
                this.userCreatedCallback = (SsoUserCreatedCallback) cls.newInstance();
            } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                throw new ServletException("Could not create instance of callback class", e);
            }
        } catch (ParserException e2) {
            throw new ServletException("Unable to parse initGroups", e2);
        }
    }

    public void destroy() {
    }

    protected String getDefaultInitGroupExpression() {
        return null;
    }

    protected Transaction startTransaction() throws NodeException {
        return ContentNodeFactory.getInstance().startTransaction(true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ServletRequest doSSOLogin(HttpServletRequest httpServletRequest, String str, Map<String, Object> map) throws ServletException {
        try {
            return (ServletRequest) ssoLock.executeLocked(str, () -> {
                try {
                    Trx trx = new Trx();
                    Throwable th = null;
                    try {
                        SystemUser systemUser = getSystemUser(str, map);
                        if (systemUser == null) {
                            return httpServletRequest;
                        }
                        boolean z = false;
                        try {
                            SessionToken sessionToken = new SessionToken(httpServletRequest);
                            Session session = new Session(sessionToken.getSessionId(), trx.getTransaction());
                            if (sessionToken.authenticates(session) && session.getUserId() != ObjectTransformer.getInt(systemUser.getId(), -1)) {
                                session.logout();
                                z = true;
                            }
                        } catch (InvalidSessionIdException e) {
                            z = true;
                        }
                        if (!z) {
                            trx.success();
                            if (trx != null) {
                                if (0 != 0) {
                                    try {
                                        trx.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    trx.close();
                                }
                            }
                            return httpServletRequest;
                        }
                        Session session2 = new Session(systemUser, httpServletRequest.getRemoteAddr(), httpServletRequest.getHeader("user-agent"), SessionToken.getSessionSecretFromRequestCookie(httpServletRequest), 0);
                        trx.success();
                        AuthenticatedHttpServletRequestWrapper authenticatedHttpServletRequestWrapper = new AuthenticatedHttpServletRequestWrapper(httpServletRequest, session2);
                        if (trx != null) {
                            if (0 != 0) {
                                try {
                                    trx.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                trx.close();
                            }
                        }
                        return authenticatedHttpServletRequestWrapper;
                    } finally {
                        if (trx != null) {
                            if (0 != 0) {
                                try {
                                    trx.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                trx.close();
                            }
                        }
                    }
                } catch (NodeException e2) {
                    throw new RuntimeException((Throwable) e2);
                }
                throw new RuntimeException((Throwable) e2);
            });
        } catch (RuntimeException e) {
            if (e.getCause() instanceof NodeException) {
                throw new ServletException(e.getCause());
            }
            throw new ServletException(e);
        }
    }

    protected SystemUser getSystemUser(String str, Map<String, Object> map) throws NodeException {
        SystemUser systemUser;
        boolean z;
        Transaction currentTransaction = TransactionManager.getCurrentTransaction();
        String string = ObjectTransformer.getString(map.get("firstname"), "");
        String string2 = ObjectTransformer.getString(map.get("lastname"), "");
        String string3 = ObjectTransformer.getString(map.get("email"), "");
        SystemUser systemUser2 = ((SystemUserFactory) currentTransaction.getObjectFactory(SystemUser.class)).getSystemUser(str, null, false);
        if (systemUser2 == null) {
            systemUser = (SystemUser) currentTransaction.createObject(SystemUser.class);
            systemUser.setLogin(str);
            systemUser.setPassword("SSO");
            systemUser.setActive(true);
            HashMap hashMap = new HashMap();
            hashMap.put("attr", new MapResolver(map));
            hashMap.put(Config.USER_LONG_PARAM, systemUser);
            Collection collection = ObjectTransformer.getCollection(this.initGroupsExpression.evaluate(new ExpressionQueryRequest(new PropertyResolver(new MapResolver(hashMap)), (Map) null), 0), (Collection) null);
            boolean z2 = false;
            List<UserGroup> userGroups = systemUser.getUserGroups();
            Map<Integer, Set<Integer>> groupNodeRestrictions = systemUser.getGroupNodeRestrictions();
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                for (Map.Entry<Integer, Set<Integer>> entry : parseGroupId(ObjectTransformer.getString(it.next(), "")).entrySet()) {
                    int intValue = entry.getKey().intValue();
                    Set<Integer> value = entry.getValue();
                    this.logger.debug("Resolved group: " + intValue);
                    if (intValue > 2) {
                        UserGroup userGroup = (UserGroup) currentTransaction.getObject(UserGroup.class, Integer.valueOf(intValue));
                        if (userGroup != null) {
                            z2 = true;
                            if (!userGroups.contains(userGroup)) {
                                userGroups.add(userGroup);
                            }
                            if (value != null) {
                                this.logger.debug("Restrict assignment to group " + intValue + " to nodes: " + value);
                                groupNodeRestrictions.put(Integer.valueOf(intValue), value);
                            } else {
                                this.logger.debug("Assignment to group " + intValue + " is not restricted to nodes");
                                groupNodeRestrictions.remove(Integer.valueOf(intValue));
                            }
                        } else {
                            this.logger.warn("Could not find group " + intValue + " when syncing user " + str);
                        }
                    }
                }
            }
            if (!z2) {
                this.logger.error("Group expression did not yield any groups, aborting system user creation");
                return null;
            }
            z = true;
        } else {
            systemUser = (SystemUser) currentTransaction.getObject(SystemUser.class, systemUser2.getId(), true);
            z = false;
        }
        systemUser.setFirstname(string);
        systemUser.setLastname(string2);
        systemUser.setEmail(string3);
        if (syncGroups.booleanValue()) {
            this.logger.debug("Synchronizing groups for " + systemUser);
            HashMap hashMap2 = new HashMap();
            hashMap2.put("attr", new MapResolver(map));
            hashMap2.put(Config.USER_LONG_PARAM, systemUser);
            Collection collection2 = ObjectTransformer.getCollection(this.initGroupsExpression.evaluate(new ExpressionQueryRequest(new PropertyResolver(new MapResolver(hashMap2)), (Map) null), 0), (Collection) null);
            List<UserGroup> userGroups2 = systemUser.getUserGroups();
            Map<Integer, Set<Integer>> groupNodeRestrictions2 = systemUser.getGroupNodeRestrictions();
            ArrayList arrayList = new ArrayList();
            Iterator it2 = collection2.iterator();
            while (it2.hasNext()) {
                for (Map.Entry<Integer, Set<Integer>> entry2 : parseGroupId(ObjectTransformer.getString(it2.next(), "")).entrySet()) {
                    int intValue2 = entry2.getKey().intValue();
                    Set<Integer> value2 = entry2.getValue();
                    this.logger.debug(systemUser + " must be member of group " + intValue2);
                    arrayList.add(Integer.valueOf(intValue2));
                    if (intValue2 > 2) {
                        UserGroup userGroup2 = (UserGroup) currentTransaction.getObject(UserGroup.class, Integer.valueOf(intValue2));
                        if (userGroup2 != null) {
                            if (!userGroups2.contains(userGroup2)) {
                                this.logger.debug("Adding " + systemUser + " to " + userGroup2);
                                userGroups2.add(userGroup2);
                            }
                            if (value2 != null) {
                                this.logger.debug("Restrict assignment to " + userGroup2 + " to nodes: " + value2);
                                groupNodeRestrictions2.put(Integer.valueOf(intValue2), value2);
                            } else {
                                this.logger.debug("Assignment to " + userGroup2 + " is not restricted to nodes");
                                groupNodeRestrictions2.remove(Integer.valueOf(intValue2));
                            }
                        } else {
                            this.logger.warn("Could not find group " + intValue2 + " when syncing user " + str);
                        }
                    }
                }
            }
            Iterator<UserGroup> it3 = userGroups2.iterator();
            while (it3.hasNext()) {
                UserGroup next = it3.next();
                if (!arrayList.contains(next.getId())) {
                    this.logger.debug("Removing " + systemUser + " from " + next);
                    it3.remove();
                }
            }
        }
        systemUser.save();
        if (z && this.userCreatedCallback != null) {
            User apply = SystemUser.TRANSFORM2REST.apply(systemUser);
            apply.setLogin(systemUser.getLogin());
            this.userCreatedCallback.accept(apply, map);
        }
        return systemUser;
    }

    protected Map<Integer, Set<Integer>> parseGroupId(String str) {
        Matcher matcher = this.groupNodeRestrictionPattern.matcher(str);
        HashMap hashMap = new HashMap(1);
        if (matcher.matches()) {
            int i = ObjectTransformer.getInt(matcher.group(1), -1);
            int[] splitInt = StringUtils.splitInt(matcher.group(2), "~");
            HashSet hashSet = new HashSet();
            for (int i2 : splitInt) {
                hashSet.add(Integer.valueOf(i2));
            }
            hashMap.put(Integer.valueOf(i), hashSet);
        } else {
            hashMap.put(Integer.valueOf(ObjectTransformer.getInt(str, -1)), null);
        }
        return hashMap;
    }
}
