package org.alfresco.repo.webdav.auth;

import java.io.BufferedReader;
import java.io.IOException;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.SessionUser;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.web.auth.AuthenticationListener;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.apache.commons.logging.Log;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:org/alfresco/repo/webdav/auth/BaseAuthenticationFilter.class */
public abstract class BaseAuthenticationFilter {
    protected static final String NO_AUTH_REQUIRED = "alfNoAuthRequired";
    public static final String AUTHENTICATION_USER = "_alfDAVAuthTicket";
    private static final String LOGIN_EXTERNAL_AUTH = "_alfExternalAuth";
    protected static final String ARG_TICKET = "ticket";
    protected AuthenticationService authenticationService;
    protected PersonService personService;
    protected NodeService nodeService;
    protected TransactionService transactionService;
    protected AuthenticationComponent authenticationComponent;
    protected RemoteUserMapper remoteUserMapper;
    protected AuthenticationListener authenticationListener;
    private String userAttributeName = AUTHENTICATION_USER;

    public void setAuthenticationService(AuthenticationService authenticationService) {
        this.authenticationService = authenticationService;
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    public void setNodeService(NodeService nodeService) {
        this.nodeService = nodeService;
    }

    public void setTransactionService(TransactionService transactionService) {
        this.transactionService = transactionService;
    }

    public void setAuthenticationComponent(AuthenticationComponent authenticationComponent) {
        this.authenticationComponent = authenticationComponent;
    }

    public void setAuthenticationListener(AuthenticationListener authenticationListener) {
        this.authenticationListener = authenticationListener;
    }

    public void setRemoteUserMapper(RemoteUserMapper remoteUserMapper) {
        this.remoteUserMapper = remoteUserMapper;
    }

    protected SessionUser createUserObject(String str, String str2, NodeRef nodeRef, NodeRef nodeRef2) {
        return new WebDAVUser(str, str2, nodeRef2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SessionUser getSessionUser(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) {
        String str = null;
        if (this.remoteUserMapper != null && (!(this.remoteUserMapper instanceof ActivateableBean) || this.remoteUserMapper.isActive())) {
            str = this.remoteUserMapper.getRemoteUser(httpServletRequest);
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("Found a remote user: " + str);
            }
        }
        String userAttributeName = getUserAttributeName();
        HttpSession session = httpServletRequest.getSession();
        SessionUser sessionUser = (SessionUser) session.getAttribute(userAttributeName);
        if (sessionUser != null) {
            try {
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug("Found a session user: " + sessionUser.getUserName());
                }
                this.authenticationService.validate(sessionUser.getTicket());
                setExternalAuth(session, z);
            } catch (AuthenticationException e) {
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug("The ticket may have expired or the person could have been removed, invalidating session.", e);
                }
                invalidateSession(httpServletRequest);
                sessionUser = null;
            }
        }
        if (str != null) {
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("We have a previously-cached user with the wrong identity - replace them.");
            }
            if (sessionUser != null && !sessionUser.getUserName().equals(str)) {
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug("Removing the session user, invalidating session.");
                }
                session.removeAttribute(userAttributeName);
                session.invalidate();
                sessionUser = null;
            }
            if (sessionUser == null) {
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug("Propagating through the user identity: " + str);
                }
                this.authenticationComponent.setCurrentUser(str);
                try {
                    sessionUser = createUserEnvironment(httpServletRequest.getSession(), this.authenticationService.getCurrentUserName(), this.authenticationService.getCurrentTicket(), true);
                } catch (Throwable th) {
                    if (getLogger().isDebugEnabled()) {
                        getLogger().debug("Error during ticket validation and user creation: " + th.getMessage(), th);
                    }
                }
            }
        }
        return sessionUser;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void invalidateSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            setExternalAuth(session, false);
            session.removeAttribute(getUserAttributeName());
            session.invalidate();
        }
    }

    protected <T> T doInSystemTransaction(final RetryingTransactionHelper.RetryingTransactionCallback<T> retryingTransactionCallback) {
        return (T) AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<T>() { // from class: org.alfresco.repo.webdav.auth.BaseAuthenticationFilter.1
            public T doWork() throws Exception {
                return (T) BaseAuthenticationFilter.this.transactionService.getRetryingTransactionHelper().doInTransaction(retryingTransactionCallback, BaseAuthenticationFilter.this.transactionService.isReadOnly());
            }
        }, "System");
    }

    protected final String getUserAttributeName() {
        return this.userAttributeName;
    }

    protected final void setUserAttributeName(String str) {
        this.userAttributeName = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SessionUser createUserEnvironment(HttpSession httpSession, final String str, final String str2, boolean z) throws IOException, ServletException {
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("Create the User environment for: " + str);
        }
        SessionUser sessionUser = (SessionUser) doInSystemTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<SessionUser>() { // from class: org.alfresco.repo.webdav.auth.BaseAuthenticationFilter.2
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public SessionUser m228execute() throws Throwable {
                NodeRef person = BaseAuthenticationFilter.this.personService.getPerson(str);
                return BaseAuthenticationFilter.this.createUserObject((String) BaseAuthenticationFilter.this.nodeService.getProperty(person, ContentModel.PROP_USERNAME), str2, person, BaseAuthenticationFilter.this.nodeService.getProperty(person, ContentModel.PROP_HOMEFOLDER));
            }
        });
        httpSession.setAttribute(getUserAttributeName(), sessionUser);
        setExternalAuth(httpSession, z);
        return sessionUser;
    }

    private void setExternalAuth(HttpSession httpSession, boolean z) {
        if (z) {
            httpSession.setAttribute(LOGIN_EXTERNAL_AUTH, Boolean.TRUE);
        } else {
            httpSession.removeAttribute(LOGIN_EXTERNAL_AUTH);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SessionUser createUserEnvironment(final HttpSession httpSession, final String str) throws IOException, ServletException {
        return (SessionUser) this.transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<SessionUser>() { // from class: org.alfresco.repo.webdav.auth.BaseAuthenticationFilter.3
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public SessionUser m229execute() throws Throwable {
                BaseAuthenticationFilter.this.authenticationComponent.setCurrentUser(str);
                return BaseAuthenticationFilter.this.createUserEnvironment(httpSession, str, BaseAuthenticationFilter.this.authenticationService.getCurrentTicket(), true);
            }
        }, this.transactionService.isReadOnly());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract Log getLogger();

    protected boolean handleLoginForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("Handling the login form.");
        }
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            session.invalidate();
        }
        StringBuilder sb = new StringBuilder(1024);
        BufferedReader reader = httpServletRequest.getReader();
        char[] cArr = new char[1024];
        while (true) {
            int read = reader.read(cArr);
            if (read == -1) {
                break;
            }
            sb.append(cArr, 0, read);
        }
        reader.close();
        try {
            JSONObject jSONObject = new JSONObject(sb.toString());
            String string = jSONObject.getString("username");
            String string2 = jSONObject.getString("password");
            if (string == null || string.length() == 0) {
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug("Username not specified in the login form.");
                }
                httpServletResponse.sendError(400, "Username not specified");
                return false;
            }
            if (string2 == null) {
                if (getLogger().isDebugEnabled()) {
                    getLogger().debug("Password not specified in the login form.");
                }
                httpServletResponse.sendError(400, "Password not specified");
                return false;
            }
            this.authenticationService.authenticate(string, string2.toCharArray());
            createUserEnvironment(httpServletRequest.getSession(), string, this.authenticationService.getCurrentTicket(), false);
            httpServletResponse.setStatus(204);
            return true;
        } catch (JSONException e) {
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("Unable to parse JSON POST body", e);
            }
            httpServletResponse.sendError(400, "Unable to parse JSON POST body: " + e.getMessage());
            return false;
        } catch (AuthenticationException e2) {
            if (getLogger().isDebugEnabled()) {
                getLogger().debug("Login failed", e2);
            }
            httpServletResponse.sendError(403, "Login failed");
            return false;
        }
    }
}
