package com.gentics.portalnode.auth.manager;

import com.gentics.api.lib.auth.GenticsUser;
import com.gentics.api.lib.etc.ObjectTransformer;
import com.gentics.api.lib.exception.ParserException;
import com.gentics.api.lib.expressionparser.EvaluableExpression;
import com.gentics.api.lib.expressionparser.Expression;
import com.gentics.api.lib.expressionparser.ExpressionParser;
import com.gentics.api.lib.expressionparser.ExpressionParserException;
import com.gentics.api.lib.expressionparser.ExpressionQueryRequest;
import com.gentics.api.lib.resolving.JSONResolvable;
import com.gentics.api.lib.resolving.PropertyResolver;
import com.gentics.lib.content.GenticsContentAttribute;
import com.gentics.lib.etc.StringUtils;
import com.gentics.portalnode.auth.AbstractAuthenticationManager;
import com.gentics.portalnode.auth.AuthenticationSTRUCT;
import com.gentics.portalnode.auth.CookieAuthority;
import com.gentics.portalnode.auth.gcn.GCNSessionToken;
import com.gentics.portalnode.user.GCNUser;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.axis.transport.jms.JMSConstants;
import org.apache.commons.httpclient.DefaultHttpMethodRetryHandler;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpState;
import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.params.HttpMethodParams;
import org.json.JSONObject;

/* loaded from: input_file:WEB-INF/lib/portalnode-lib-4.6.0.jar:com/gentics/portalnode/auth/manager/GCNAuthenticationManager.class */
public class GCNAuthenticationManager extends AbstractAuthenticationManager {
    private static final String GCN_SESSION_SECRET_COOKIE_NAME = "GCN_SESSION_SECRET";
    private static final String CONNECTION_TIMEOUT = "timeout";
    private static final String SOCKET_TIMEOUT = "sockettimeout";
    private static final String CONNECTION_RETRY = "connectionretry";
    private static final String SESSION_REFRESH_INTERVAL = "refreshinterval";
    private static final String BACKEND_LOGIN_RETRY_INTERVAL = "backendLoginRetryInterval";
    private static final String SESSION_USER_PARAM = "GCNUser." + GCNAuthenticationManager.class.toString();
    private static final String SESSION_LOGIN_FAILURE_TIME = "LoginFailureTime." + GCNAuthenticationManager.class.toString();
    protected String authURL;
    protected String pingURL;
    protected EvaluableExpression userNameExpression;
    protected EvaluableExpression passWordExpression;
    protected String[] forwardCookies;
    protected Map<String, EvaluableExpression> authHeaders = new HashMap();
    protected int socketTimeout = 5000;
    protected long connectionTimeout = JMSConstants.DEFAULT_TIMEOUT_TIME;
    protected int connectionRetry = 3;
    protected int refreshInterval = 600;
    protected int backendLoginRetryInterval = 0;

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.gentics.portalnode.auth.AbstractAuthenticationManager, com.gentics.portalnode.auth.AuthenticationSystem
    public boolean init(AuthenticationSTRUCT authenticationSTRUCT) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Initializing");
        }
        super.init(authenticationSTRUCT);
        Map parameterMap = authenticationSTRUCT.getParameterMap();
        this.backendLoginRetryInterval = ObjectTransformer.getInt(parameterMap.get(BACKEND_LOGIN_RETRY_INTERVAL), this.backendLoginRetryInterval);
        this.authURL = StringUtils.resolveSystemProperties(ObjectTransformer.getString(parameterMap.get(GenticsContentAttribute.ATTR_FILE_URL), null));
        Map splitIntoMap = StringUtils.splitIntoMap(ObjectTransformer.getString(parameterMap.get("header"), ""), ",", "=");
        for (Map.Entry entry : splitIntoMap.entrySet()) {
            try {
                Expression parse = ExpressionParser.getInstance().parse((String) entry.getValue());
                if (parse instanceof EvaluableExpression) {
                    this.authHeaders.put(entry.getKey(), (EvaluableExpression) parse);
                }
            } catch (ParserException e) {
                this.logger.error("Error while parsing header expression {" + ((String) entry.getValue()) + "}", e);
            }
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Forwarded headers:");
            if (splitIntoMap.isEmpty()) {
                this.logger.debug(" - none - ");
            } else {
                for (Map.Entry<String, EvaluableExpression> entry2 : this.authHeaders.entrySet()) {
                    this.logger.debug(" " + entry2.getKey() + " = " + entry2.getValue().getExpressionString());
                }
            }
        }
        String string = ObjectTransformer.getString(parameterMap.get("username"), null);
        if (!ObjectTransformer.isEmpty(string)) {
            try {
                Expression parse2 = ExpressionParser.getInstance().parse(string);
                if (parse2 instanceof EvaluableExpression) {
                    this.userNameExpression = (EvaluableExpression) parse2;
                }
            } catch (ParserException e2) {
                this.logger.error("Error while parsing username expression {" + string + "}", e2);
            }
        }
        if (this.logger.isDebugEnabled()) {
            if (this.userNameExpression != null) {
                this.logger.debug("Username expression: " + this.userNameExpression.getExpressionString());
            } else {
                this.logger.debug("No Username expression used");
            }
        }
        String string2 = ObjectTransformer.getString(parameterMap.get("password"), null);
        if (!ObjectTransformer.isEmpty(string2)) {
            try {
                Expression parse3 = ExpressionParser.getInstance().parse(string2);
                if (parse3 instanceof EvaluableExpression) {
                    this.passWordExpression = (EvaluableExpression) parse3;
                }
            } catch (ParserException e3) {
                this.logger.error("Error while parsing password expression {" + string2 + "}", e3);
            }
        }
        if (this.logger.isDebugEnabled()) {
            if (this.passWordExpression != null) {
                this.logger.debug("Password expression: " + this.passWordExpression.getExpressionString());
            } else {
                this.logger.debug("No Password expression used");
            }
        }
        String string3 = ObjectTransformer.getString(parameterMap.get("cookie"), null);
        if (!ObjectTransformer.isEmpty(string3)) {
            this.forwardCookies = StringUtils.splitString(string3, ",");
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Forwarded cookies:");
            if (this.forwardCookies != null) {
                for (int i = 0; i < this.forwardCookies.length; i++) {
                    this.logger.debug(" " + this.forwardCookies[i]);
                }
            } else {
                this.logger.debug(" - none -");
            }
        }
        this.socketTimeout = ObjectTransformer.getInt(parameterMap.get(SOCKET_TIMEOUT), this.socketTimeout);
        this.connectionTimeout = ObjectTransformer.getLong(parameterMap.get(CONNECTION_TIMEOUT), this.connectionTimeout);
        this.connectionRetry = ObjectTransformer.getInt(parameterMap.get(CONNECTION_RETRY), this.connectionRetry);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("socketTimeout is set to " + this.socketTimeout + " ms");
            this.logger.debug("connectionTimeout is set to " + this.connectionTimeout + " ms");
            this.logger.debug("connectionRetry is set to " + this.connectionRetry);
        }
        this.refreshInterval = ObjectTransformer.getInt(parameterMap.get(SESSION_REFRESH_INTERVAL), this.refreshInterval);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Session refresh interval: " + this.refreshInterval + " s");
        }
        if (ObjectTransformer.isEmpty(this.authURL)) {
            this.logger.error("No authentication url configured");
            return false;
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Authentication url from conf: {" + this.authURL + "}");
        }
        this.pingURL = this.authURL;
        this.authURL += "?do=31";
        return true;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public GenticsUser checkAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, GenticsUser genticsUser, HashMap hashMap) {
        GCNUser login;
        String parameter = httpServletRequest.getParameter("p." + getLoginRequestParameter());
        String parameter2 = httpServletRequest.getParameter("p." + getPasswordRequestParameter());
        String parameter3 = httpServletRequest.getParameter("p." + getLogoutRequestParameter());
        HttpSession session = httpServletRequest.getSession();
        Object attribute = session.getAttribute(SESSION_USER_PARAM);
        if (attribute instanceof GCNUser) {
            login = (GCNUser) attribute;
            if ("true".equals(parameter3)) {
                logout(session, SESSION_USER_PARAM, login);
                login = null;
            } else {
                keepSessionAlive(login);
            }
        } else {
            login = login(session, SESSION_USER_PARAM, parameter, parameter2, hashMap, httpServletRequest, httpServletResponse);
        }
        if (null != login) {
            assignSessionSecretCookie(httpServletRequest, httpServletResponse, login);
        } else {
            revokeSessionSecretCookie(httpServletRequest, httpServletResponse);
        }
        return login;
    }

    @Override // com.gentics.portalnode.auth.AbstractAuthenticationManager, com.gentics.portalnode.auth.AuthenticationSystem
    public GenticsUser createSecondary(GenticsUser genticsUser, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession();
        Object attribute = session.getAttribute(SESSION_USER_PARAM);
        if (attribute instanceof GCNUser) {
            GCNUser gCNUser = (GCNUser) attribute;
            keepSessionAlive(gCNUser);
            return gCNUser;
        }
        String str = null;
        String str2 = null;
        if (this.userNameExpression != null) {
            try {
                str = ObjectTransformer.getString(this.userNameExpression.evaluate(new ExpressionQueryRequest(new PropertyResolver(genticsUser), null), 0), null);
            } catch (ExpressionParserException e) {
                this.logger.error("Error while evaluating username expression", e);
            }
        }
        if (this.passWordExpression != null) {
            try {
                str2 = ObjectTransformer.getString(this.passWordExpression.evaluate(new ExpressionQueryRequest(new PropertyResolver(genticsUser), null), 0), null);
            } catch (ExpressionParserException e2) {
                this.logger.error("Error while evaluating password expression", e2);
            }
        }
        JSONObject authenticate = authenticate(str, str2, genticsUser, httpServletRequest, httpServletResponse);
        if (authenticate == null) {
            revokeSessionSecretCookie(httpServletRequest, httpServletResponse);
            return null;
        }
        GCNUser gCNUser2 = new GCNUser(new JSONResolvable(authenticate), this);
        session.setAttribute(SESSION_USER_PARAM, gCNUser2);
        assignSessionSecretCookie(httpServletRequest, httpServletResponse, gCNUser2);
        return gCNUser2;
    }

    protected GCNUser login(HttpSession httpSession, String str, String str2, String str3, Map map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        JSONObject authenticate;
        if (ObjectTransformer.isEmpty(str2) || ObjectTransformer.isEmpty(str3) || (authenticate = authenticate(str2, str3, null, httpServletRequest, httpServletResponse)) == null) {
            return null;
        }
        GCNUser gCNUser = new GCNUser(new JSONResolvable(authenticate), this);
        httpSession.setAttribute(str, gCNUser);
        map.put(str, gCNUser);
        return gCNUser;
    }

    protected void logout(HttpSession httpSession, String str, GCNUser gCNUser) {
        httpSession.removeAttribute(str);
        HttpClient httpClient = getHttpClient();
        PostMethod postMethod = new PostMethod(this.authURL);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Attempting logout for sid {" + gCNUser.get(GCNSessionToken.GCN_SESSION_ID_PARAM_NAME) + "}, user {" + gCNUser.get(AbstractAuthenticationManager.LOGIN_ATTRIBUTE) + "}");
        }
        postMethod.setRequestBody(new NameValuePair[]{new NameValuePair(GCNSessionToken.GCN_SESSION_ID_PARAM_NAME, gCNUser.get(GCNSessionToken.GCN_SESSION_ID_PARAM_NAME).toString()), new NameValuePair("logout", gCNUser.getId())});
        try {
            httpClient.executeMethod(postMethod);
        } catch (Exception e) {
            this.logger.error("Unable to perform logout", e);
        }
    }

    protected JSONObject authenticate(String str, String str2, GenticsUser genticsUser, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie[] cookies;
        HttpSession session = httpServletRequest.getSession();
        int i = ObjectTransformer.getInt(session.getAttribute(SESSION_LOGIN_FAILURE_TIME), -1);
        if (-1 != i) {
            if ((System.currentTimeMillis() / 1000) - i < this.backendLoginRetryInterval) {
                this.logger.debug("skipping GCN backend login: the last login failed and we have to wait for the retry interval to expire");
                return null;
            }
            this.logger.debug("retrying GCN backend login: the last login failed and the retry interval expired");
        }
        HttpClient httpClient = getHttpClient();
        PostMethod postMethod = new PostMethod(this.authURL);
        URL url = null;
        try {
            url = new URL(this.authURL);
        } catch (MalformedURLException e) {
            this.logger.error("Error while parsing authentication URL {" + this.authURL + "}", e);
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Preparing authentication request to URL {" + this.authURL + "}");
        }
        for (Map.Entry<String, EvaluableExpression> entry : this.authHeaders.entrySet()) {
            try {
                Object evaluate = entry.getValue().evaluate(new ExpressionQueryRequest(new PropertyResolver(genticsUser), null), 0);
                if (!ObjectTransformer.isEmpty(evaluate)) {
                    postMethod.addRequestHeader(entry.getKey(), ObjectTransformer.getString(evaluate, null));
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug("Adding request header " + entry.getKey() + "=" + ObjectTransformer.getString(evaluate, null));
                    }
                }
            } catch (Exception e2) {
                this.logger.warn("Error while setting authentication header {" + entry.getKey() + "}", e2);
            }
        }
        HttpState state = httpClient.getState();
        if (this.forwardCookies != null && url != null && (cookies = httpServletRequest.getCookies()) != null) {
            for (int i2 = 0; i2 < this.forwardCookies.length; i2++) {
                for (int i3 = 0; i3 < cookies.length; i3++) {
                    if (this.forwardCookies[i2].equals(cookies[i3].getName())) {
                        org.apache.commons.httpclient.Cookie cookie = new org.apache.commons.httpclient.Cookie(url.getHost(), cookies[i3].getName(), cookies[i3].getValue());
                        cookie.setPath("/");
                        state.addCookie(cookie);
                        if (this.logger.isDebugEnabled()) {
                            this.logger.debug("Forwarding cookie " + cookie.toExternalForm());
                        }
                    }
                }
            }
        }
        NameValuePair[] nameValuePairArr = {new NameValuePair(AbstractAuthenticationManager.LOGIN_ATTRIBUTE, str), new NameValuePair("password", str2)};
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Setting login and password fields");
        }
        postMethod.setRequestBody(nameValuePairArr);
        try {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Sending authentication request");
            }
            httpClient.executeMethod(postMethod);
        } catch (Exception e3) {
            this.logger.error("Error while authenticating user", e3);
        }
        if (postMethod.getResponseHeader("gcn-login") == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Authentication failed for user {" + str + "}: Response was\n" + postMethod.getResponseBodyAsString());
            }
            session.setAttribute(SESSION_LOGIN_FAILURE_TIME, Long.valueOf(System.currentTimeMillis() / 1000));
            return null;
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Successfully authenticated user {" + str + "}. Data: " + postMethod.getResponseBodyAsString());
        }
        session.removeAttribute(SESSION_LOGIN_FAILURE_TIME);
        JSONObject jSONObject = new JSONObject(postMethod.getResponseBodyAsString());
        String sessionSecretCookieValue = getSessionSecretCookieValue(httpClient);
        if (!StringUtils.isEmpty(sessionSecretCookieValue)) {
            jSONObject.put("sessionSecret", sessionSecretCookieValue);
            jSONObject.put("sessionToken", jSONObject.get(GCNSessionToken.GCN_SESSION_ID_PARAM_NAME) + sessionSecretCookieValue);
        }
        return jSONObject;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public boolean validateUser(GenticsUser genticsUser) {
        return genticsUser instanceof GCNUser;
    }

    private Cookie newSessionSecretCookie(String str) {
        Cookie cookie = new Cookie("GCN_SESSION_SECRET", str);
        cookie.setPath("/");
        return cookie;
    }

    private void assignSessionSecretCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, GCNUser gCNUser) {
        Object obj = gCNUser.get("sessionSecret");
        if (null == obj) {
            this.logger.warn("no session secret available for user `" + gCNUser + "'");
        } else {
            new CookieAuthority(new Cookie[]{newSessionSecretCookie(obj.toString())}).assignCookies(httpServletRequest, httpServletResponse);
        }
    }

    private void revokeSessionSecretCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        new CookieAuthority(new Cookie[]{newSessionSecretCookie("")}).revokeCookies(httpServletRequest, httpServletResponse);
    }

    private HttpClient getHttpClient() {
        HttpClient httpClient = new HttpClient();
        httpClient.setHttpConnectionManager(new MultiThreadedHttpConnectionManager());
        if (this.connectionTimeout >= 0) {
            httpClient.getParams().setConnectionManagerTimeout(this.connectionTimeout);
            httpClient.getParams().setIntParameter("http.connection.timeout", (int) this.connectionTimeout);
        }
        if (this.socketTimeout >= 0) {
            httpClient.getParams().setSoTimeout(this.socketTimeout);
        }
        httpClient.getParams().setParameter(HttpMethodParams.RETRY_HANDLER, new DefaultHttpMethodRetryHandler(this.connectionRetry, false));
        return httpClient;
    }

    private void keepSessionAlive(GCNUser gCNUser) {
        if (System.currentTimeMillis() - gCNUser.getLastSessionRefresh() > this.refreshInterval * 1000) {
            try {
                HttpClient httpClient = getHttpClient();
                GetMethod getMethod = new GetMethod(this.pingURL);
                String string = ObjectTransformer.getString(gCNUser.get("sessionToken"), ObjectTransformer.getString(gCNUser.get(GCNSessionToken.GCN_SESSION_ID_PARAM_NAME), null));
                if (string == null) {
                    this.logger.error("Could not find sid for pinging backend");
                } else {
                    getMethod.setQueryString(new NameValuePair[]{new NameValuePair(GCNSessionToken.GCN_SESSION_ID_PARAM_NAME, string), new NameValuePair("do", "27")});
                    long currentTimeMillis = System.currentTimeMillis();
                    httpClient.executeMethod(getMethod);
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug("Executed ping request in " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
                    }
                    gCNUser.setLastSessionRefresh();
                }
            } catch (Exception e) {
                this.logger.error("Error while doing ping request to backend", e);
            }
        }
    }

    private String getSessionSecretCookieValue(HttpClient httpClient) {
        for (org.apache.commons.httpclient.Cookie cookie : httpClient.getState().getCookies()) {
            if ("GCN_SESSION_SECRET".equals(cookie.getName())) {
                return cookie.getValue();
            }
        }
        return null;
    }
}
