package com.gentics.portalnode.auth;

import com.gentics.api.lib.auth.GenticsUser;
import com.gentics.api.lib.etc.ObjectTransformer;
import com.gentics.api.lib.exception.NodeException;
import com.gentics.api.lib.exception.ParserException;
import com.gentics.api.lib.expressionparser.Expression;
import com.gentics.api.lib.expressionparser.ExpressionEvaluator;
import com.gentics.api.lib.expressionparser.ExpressionParser;
import com.gentics.lib.datasource.DatasourceProviderInterface;
import com.gentics.lib.etc.StringUtils;
import com.gentics.lib.formatter.GenericGenticsDateFormatter;
import com.gentics.lib.log.NodeLogger;
import com.gentics.portalnode.auth.rememberme.DuplicateKeyException;
import com.gentics.portalnode.auth.rememberme.RememberMeStore;
import com.gentics.portalnode.portal.RequestResolver;
import com.gentics.portalnode.user.StandardUser;
import java.security.MessageDigest;
import java.util.Map;
import java.util.Properties;
import java.util.Random;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.cxf.common.util.crypto.MessageDigestUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:WEB-INF/lib/portalnode-lib-4.8.3.jar:com/gentics/portalnode/auth/AbstractAuthenticationManager.class */
public abstract class AbstractAuthenticationManager implements AuthenticationSystem {
    public static final String LOGIN_ATTRIBUTE = "login";
    public static final String PASSWORD_ATTRIBUTE = "pwd";
    public static final String LOGIN_REQUEST_PARAMETER = "_PNlogin";
    public static final String PASSWORD_REQUEST_PARAMETER = "_PNpassword";
    public static final String LOGOUT_REQUEST_PARAMETER = "_PNlogouturl";
    public static final String LOGOUT_REQUEST_VALUE = "true";
    public static final String REMEMBERME_REQUEST_PARAMETER = "_PNrememberme";
    public static final String REMEMBERME_REQUEST_VALUE = "true";
    private static final String PASSWORD_DIGEST = "MD5";
    public static final String REMEMBERME_COOKIE_NAME = "GPNREMEMBERME";
    public static final String SECONDARY_RULE_PARAM = "secondaryrule";
    private String loginAttribute;
    private String passwordAttribute;
    private String loginRequestParameter;
    private String passwordRequestParameter;
    private String logoutRequestParameter;
    private String logoutRequestValue;
    private String passwordDigest;
    private MessageDigest passwordDigestProvider;
    protected AuthenticationSTRUCT authenticationStruct;
    private RememberMeStore rememberMeStore;
    private String rememberMeRequestParameter;
    private String rememberMeRequestValue;
    private Expression secondaryRule;
    private static final String PLAINTEXT_STRING = "plaintext";
    public static final String[] ALLOWED_ENCRYPTIONS = {"MD5", MessageDigestUtils.ALGO_SHA_1, PLAINTEXT_STRING};
    protected Logger logger = NodeLogger.getLogger(getClass());
    private DatasourceProviderInterface provider = null;
    private Random rememberMeRandom = new Random();
    private int rememberMeCookieMaxAge = GenericGenticsDateFormatter.MONTH;

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public boolean init(AuthenticationSTRUCT authenticationSTRUCT) {
        this.authenticationStruct = authenticationSTRUCT;
        Map parameterMap = this.authenticationStruct.getParameterMap();
        this.loginAttribute = getStringParameter("userattribute", parameterMap, LOGIN_ATTRIBUTE);
        this.passwordAttribute = getStringParameter("passwordattribute", parameterMap, PASSWORD_ATTRIBUTE);
        this.loginRequestParameter = getStringParameter("userrequestparameter", parameterMap, LOGIN_REQUEST_PARAMETER);
        this.passwordRequestParameter = getStringParameter("passwordrequestparameter", parameterMap, PASSWORD_REQUEST_PARAMETER);
        this.logoutRequestParameter = getStringParameter("logoutrequestparameter", parameterMap, LOGOUT_REQUEST_PARAMETER);
        this.logoutRequestValue = getStringParameter("logoutrequestvalue", parameterMap, "true");
        this.passwordDigest = getStringParameter("passworddigest", parameterMap);
        if (this.passwordDigest == "") {
            this.passwordDigest = getStringParameter("passwordencryption", parameterMap, "MD5");
        }
        String stringParameter = getStringParameter(SECONDARY_RULE_PARAM, parameterMap, null);
        if (!ObjectTransformer.isEmpty(stringParameter)) {
            try {
                this.secondaryRule = ExpressionParser.getInstance().parse(stringParameter);
            } catch (ParserException e) {
                this.logger.error("Error while parsing secondaryrule {" + stringParameter + "} for authentication manager " + authenticationSTRUCT.id, e);
            }
        }
        initializeRememberMe(parameterMap);
        boolean z = false;
        for (int i = 0; i < ALLOWED_ENCRYPTIONS.length && !z; i++) {
            if (ALLOWED_ENCRYPTIONS[i].equalsIgnoreCase(this.passwordDigest)) {
                z = true;
            }
        }
        if (z) {
            return true;
        }
        NodeLogger.getLogger(getClass()).warn(this.passwordDigest + " is not an allowed encryption type: FALLBACK to " + PLAINTEXT_STRING);
        this.passwordDigest = PLAINTEXT_STRING;
        return true;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public String getRememberMeRequestParameter() {
        if (this.rememberMeStore == null) {
            return null;
        }
        return this.rememberMeRequestParameter;
    }

    private void initializeRememberMe(Map map) {
        String stringParameter = getStringParameter("rememberme.store", map, null);
        if (stringParameter == null) {
            return;
        }
        this.rememberMeRequestParameter = getStringParameter("rememberme.requestparameter", map, REMEMBERME_REQUEST_PARAMETER);
        this.rememberMeRequestValue = getStringParameter("rememberme.requestvalue", map, "true");
        this.rememberMeCookieMaxAge = getIntegerParameter("rememberme.cookie.maxage", map, this.rememberMeCookieMaxAge);
        Properties properties = new Properties();
        for (Map.Entry entry : map.entrySet()) {
            Object key = entry.getKey();
            if ((key instanceof String) && ((String) key).startsWith("rememberme.")) {
                properties.put(((String) key).substring(11), entry.getValue());
            }
        }
        properties.put("maxage", new Long(this.rememberMeCookieMaxAge * 1000));
        try {
            RememberMeStore rememberMeStore = (RememberMeStore) Class.forName(stringParameter).newInstance();
            rememberMeStore.init(properties);
            this.rememberMeStore = rememberMeStore;
        } catch (Exception e) {
            this.logger.error("Error while initializing 'remember me' store - disabling remember me functionality.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String checkRememberMeKey(HttpServletRequest httpServletRequest) {
        Cookie[] cookies;
        if (this.rememberMeStore == null || (cookies = httpServletRequest.getCookies()) == null) {
            return null;
        }
        for (int i = 0; i < cookies.length; i++) {
            if (REMEMBERME_COOKIE_NAME.equals(cookies[i].getName())) {
                try {
                    return this.rememberMeStore.getUserTokenForKey(cookies[i].getValue());
                } catch (Exception e) {
                    this.logger.error("Error while fetching user token from remember me store.", e);
                    return null;
                }
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeRememberMeToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        if (this.rememberMeStore == null) {
            return;
        }
        boolean z = false;
        String[] parameterValues = httpServletRequest.getParameterValues("p." + this.rememberMeRequestParameter);
        for (int i = 0; !z && parameterValues != null && i < parameterValues.length; i++) {
            z = this.rememberMeRequestValue.equals(parameterValues[i]);
        }
        if (z) {
            this.logger.debug("Remember me storing was requested...");
            String str2 = null;
            int i2 = 0;
            while (str2 == null) {
                int i3 = i2;
                i2++;
                if (i3 >= 1000) {
                    break;
                }
                String generateRandomRememberMeKey = generateRandomRememberMeKey();
                try {
                    this.rememberMeStore.storeKeyWithUserToken(generateRandomRememberMeKey, str);
                    str2 = generateRandomRememberMeKey;
                } catch (DuplicateKeyException e) {
                    this.logger.debug("caught duplicate remember me key for {" + generateRandomRememberMeKey + "}");
                } catch (NodeException e2) {
                    this.logger.error("Error while storing remember me token", e2);
                    return;
                }
            }
            if (str2 == null) {
                this.logger.error("Unable to find a valid key to store user token after 1000 runs.");
                return;
            }
            Cookie cookie = new Cookie(REMEMBERME_COOKIE_NAME, str2);
            cookie.setMaxAge(this.rememberMeCookieMaxAge);
            cookie.setPath("/");
            httpServletResponse.addCookie(cookie);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void cleanRememberMeCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie[] cookies;
        if (this.rememberMeStore == null || (cookies = httpServletRequest.getCookies()) == null) {
            return;
        }
        for (int i = 0; i < cookies.length; i++) {
            if (REMEMBERME_COOKIE_NAME.equals(cookies[i].getName())) {
                try {
                    this.rememberMeStore.deleteToken(cookies[i].getValue());
                    Cookie cookie = new Cookie(REMEMBERME_COOKIE_NAME, "");
                    cookie.setMaxAge(0);
                    cookie.setPath("/");
                    httpServletResponse.addCookie(cookie);
                } catch (Exception e) {
                    this.logger.error("Error while cleaning user token from remember me store.", e);
                    return;
                }
            }
        }
    }

    protected String generateRandomRememberMeKey() {
        return new StringBuffer().append(this.rememberMeRandom.nextInt(999999999)).append(this.rememberMeRandom.nextInt(999999999)).append(this.rememberMeRandom.nextInt(999999999)).toString();
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public GenticsUser createSecondary(GenticsUser genticsUser, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return createSecondary(genticsUser);
    }

    public GenticsUser createSecondary(GenticsUser genticsUser) {
        NodeLogger.getLogger(getClass()).error("authentication manager `" + getClass() + "` is not allowed to be used as a secondary authentication manager!");
        return null;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public void setDatasourceProvider(DatasourceProviderInterface datasourceProviderInterface) {
        this.provider = datasourceProviderInterface;
    }

    public DatasourceProviderInterface getProvider() {
        return this.provider;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public GenticsUser createAnonymous(HttpServletRequest httpServletRequest, Map map, GenticsUser genticsUser) {
        StandardUser standardUser = new StandardUser(this);
        for (String str : map.keySet()) {
            standardUser.setProperty(str, (String) map.get(str));
        }
        standardUser.setAnonymous(true);
        return standardUser;
    }

    public String getStringParameter(String str, Map map) {
        return getStringParameter(str, map, "");
    }

    public String getStringParameter(String str, Map map, String str2) {
        return map.containsKey(str) ? (String) map.get(str) : str2;
    }

    public int getIntegerParameter(String str, Map map) {
        return getIntegerParameter(str, map, 0);
    }

    public int getIntegerParameter(String str, Map map, int i) {
        String str2;
        int i2 = i;
        if (map.containsKey(str) && (str2 = (String) map.get(str)) != null && !str2.equals("")) {
            try {
                i2 = Integer.parseInt(str2);
            } catch (NumberFormatException e) {
                NodeLogger.getLogger(getClass()).warn("NumberFormatException in PNInterfaceAuthenticationManager");
                i2 = i;
            }
        }
        return i2;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public String getLoginRequestParameter() {
        return this.loginRequestParameter;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public String getPasswordRequestParameter() {
        return this.passwordRequestParameter;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public String getLoginAttribute() {
        return this.loginAttribute;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public String getPasswordAttribute() {
        return this.passwordAttribute;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public String getPasswordDigest() {
        return this.passwordDigest;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public MessageDigest getPasswordDigestProvider() {
        return this.passwordDigestProvider;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public String getLogoutRequestParameter() {
        return this.logoutRequestParameter;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public String getLogoutRequestValue() {
        return this.logoutRequestValue;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public String getEncryptedPassword(String str) {
        return "MD5".equalsIgnoreCase(getPasswordDigest()) ? StringUtils.md5(str) : str;
    }

    @Override // com.gentics.portalnode.auth.AuthenticationSystem
    public boolean secondaryRuleMatches(GenticsUser genticsUser, HttpServletRequest httpServletRequest) {
        if (this.secondaryRule == null) {
            return true;
        }
        ExpressionEvaluator expressionEvaluator = new ExpressionEvaluator();
        try {
            expressionEvaluator.setProperty("user", genticsUser);
            expressionEvaluator.setProperty("request", new RequestResolver(httpServletRequest));
            return expressionEvaluator.match(this.secondaryRule);
        } catch (Exception e) {
            this.logger.error("Error while matching secondaryrule", e);
            return false;
        }
    }
}
