package org.uberfire.security.server.auth;

import ch.qos.logback.classic.spi.CallerData;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.enterprise.inject.Alternative;
import javax.servlet.ServletException;
import org.apache.sshd.common.util.SelectorUtils;
import org.uberfire.commons.validation.PortablePreconditions;
import org.uberfire.commons.validation.Preconditions;
import org.uberfire.security.ResourceManager;
import org.uberfire.security.Role;
import org.uberfire.security.SecurityContext;
import org.uberfire.security.Subject;
import org.uberfire.security.auth.AuthenticatedStorageProvider;
import org.uberfire.security.auth.AuthenticationException;
import org.uberfire.security.auth.AuthenticationManager;
import org.uberfire.security.auth.AuthenticationProvider;
import org.uberfire.security.auth.AuthenticationResult;
import org.uberfire.security.auth.AuthenticationScheme;
import org.uberfire.security.auth.AuthenticationStatus;
import org.uberfire.security.auth.Credential;
import org.uberfire.security.auth.Principal;
import org.uberfire.security.auth.RoleProvider;
import org.uberfire.security.auth.SubjectPropertiesProvider;
import org.uberfire.security.impl.IdentityImpl;
import org.uberfire.security.impl.RoleImpl;
import org.uberfire.security.server.HttpSecurityContext;
import org.uberfire.security.server.SecurityConstants;
import org.uberfire.security.server.cdi.SecurityFactory;

@Alternative
/* loaded from: input_file:WEB-INF/lib/uberfire-security-server-0.4.1-SNAPSHOT.jar:org/uberfire/security/server/auth/HttpAuthenticationManager.class */
public class HttpAuthenticationManager implements AuthenticationManager {
    private final List<AuthenticationScheme> authSchemes;
    private final List<AuthenticationProvider> authProviders;
    private final List<RoleProvider> roleProviders;
    private final List<SubjectPropertiesProvider> subjectPropertiesProviders;
    private final List<AuthenticatedStorageProvider> authStorageProviders;
    private final ResourceManager resourceManager;
    private final Map<String, String> requestCache = new HashMap();
    private final String forceURL;

    public HttpAuthenticationManager(List<AuthenticationScheme> list, String str, List<AuthenticationProvider> list2, List<RoleProvider> list3, List<SubjectPropertiesProvider> list4, List<AuthenticatedStorageProvider> list5, ResourceManager resourceManager) {
        this.forceURL = str;
        this.authSchemes = (List) PortablePreconditions.checkNotEmpty("authScheme", list);
        this.authProviders = (List) PortablePreconditions.checkNotEmpty("authProviders", list2);
        this.roleProviders = (List) PortablePreconditions.checkNotEmpty("roleProviders", list3);
        this.subjectPropertiesProviders = (List) PortablePreconditions.checkNotNull("subjectPropertiesProviders", list4);
        this.authStorageProviders = (List) PortablePreconditions.checkNotEmpty("authStorageProviders", list5);
        this.resourceManager = (ResourceManager) PortablePreconditions.checkNotNull("resourceManager", resourceManager);
    }

    @Override // org.uberfire.security.auth.AuthenticationManager
    public Subject authenticate(SecurityContext securityContext) throws AuthenticationException {
        HttpSecurityContext httpSecurityContext = (HttpSecurityContext) Preconditions.checkInstanceOf("context", securityContext, HttpSecurityContext.class);
        Principal principal = null;
        Iterator<AuthenticatedStorageProvider> it = this.authStorageProviders.iterator();
        while (it.hasNext()) {
            principal = it.next().load(httpSecurityContext);
            if (principal != null) {
                break;
            }
        }
        if (principal != null && (principal instanceof Subject)) {
            return (Subject) principal;
        }
        boolean z = principal != null;
        boolean requiresAuthentication = this.resourceManager.requiresAuthentication(httpSecurityContext.getResource());
        if (principal == null) {
            for (AuthenticationScheme authenticationScheme : this.authSchemes) {
                if (authenticationScheme.isAuthenticationRequest(httpSecurityContext)) {
                    break;
                }
                if (requiresAuthentication) {
                    if (!this.requestCache.containsKey(httpSecurityContext.getRequest().getSession().getId())) {
                        String queryString = httpSecurityContext.getRequest().getQueryString();
                        String str = queryString == null ? "" : CallerData.NA + queryString;
                        String header = httpSecurityContext.getRequest().getHeader("Referer");
                        if (str.equals("") && header != null && header.indexOf(63) >= 0) {
                            str = header.substring(header.indexOf(63));
                        }
                        if (this.forceURL != null) {
                            this.requestCache.put(httpSecurityContext.getRequest().getSession().getId(), (this.forceURL.startsWith("/") ? httpSecurityContext.getRequest().getContextPath() : "") + this.forceURL + str);
                        } else {
                            this.requestCache.put(httpSecurityContext.getRequest().getSession().getId(), httpSecurityContext.getRequest().getRequestURI() + str);
                        }
                    }
                    authenticationScheme.challengeClient(httpSecurityContext);
                }
            }
            if (!requiresAuthentication) {
                return null;
            }
            Iterator<AuthenticationScheme> it2 = this.authSchemes.iterator();
            loop2: while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                AuthenticationScheme next = it2.next();
                Credential buildCredential = next.buildCredential(httpSecurityContext);
                if (buildCredential != null) {
                    Iterator<AuthenticationProvider> it3 = this.authProviders.iterator();
                    while (it3.hasNext()) {
                        AuthenticationResult authenticate = it3.next().authenticate(buildCredential, securityContext);
                        if (authenticate.getStatus().equals(AuthenticationStatus.FAILED)) {
                            next.challengeClient(httpSecurityContext);
                            throw new AuthenticationException("Invalid credentials.");
                        }
                        if (authenticate.getStatus().equals(AuthenticationStatus.SUCCESS)) {
                            principal = authenticate.getPrincipal();
                            break loop2;
                        }
                    }
                }
            }
        }
        if (principal == null) {
            throw new AuthenticationException("Invalid credentials.");
        }
        ArrayList arrayList = new ArrayList();
        if (z) {
            arrayList.add(new RoleImpl(Role.ROLE_REMEMBER_ME));
        }
        Iterator<RoleProvider> it4 = this.roleProviders.iterator();
        while (it4.hasNext()) {
            arrayList.addAll(it4.next().loadRoles(principal, securityContext));
        }
        HashMap hashMap = new HashMap();
        Iterator<SubjectPropertiesProvider> it5 = this.subjectPropertiesProviders.iterator();
        while (it5.hasNext()) {
            hashMap.putAll(it5.next().loadProperties(principal));
        }
        IdentityImpl identityImpl = new IdentityImpl(principal.getName(), arrayList, hashMap);
        Iterator<AuthenticatedStorageProvider> it6 = this.authStorageProviders.iterator();
        while (it6.hasNext()) {
            it6.next().store(httpSecurityContext, identityImpl);
        }
        String remove = this.requestCache.remove(httpSecurityContext.getRequest().getSession().getId());
        if (remove != null && !remove.isEmpty() && !httpSecurityContext.getResponse().isCommitted()) {
            try {
                if (useRedirect(remove)) {
                    httpSecurityContext.getResponse().sendRedirect(remove);
                } else {
                    SecurityFactory.setSubject(identityImpl);
                    httpSecurityContext.getRequest().getRequestDispatcher(remove.replaceFirst(httpSecurityContext.getRequest().getContextPath(), "")).forward(httpSecurityContext.getRequest(), httpSecurityContext.getResponse());
                }
            } catch (Exception e) {
                throw new RuntimeException("Unable to redirect.", e);
            }
        }
        return identityImpl;
    }

    @Override // org.uberfire.security.auth.AuthenticationManager
    public void logout(SecurityContext securityContext) throws AuthenticationException {
        Iterator<AuthenticatedStorageProvider> it = this.authStorageProviders.iterator();
        while (it.hasNext()) {
            it.next().cleanup(securityContext);
        }
        HttpSecurityContext httpSecurityContext = (HttpSecurityContext) Preconditions.checkInstanceOf("context", securityContext, HttpSecurityContext.class);
        httpSecurityContext.getRequest().getSession().invalidate();
        try {
            httpSecurityContext.getRequest().logout();
        } catch (ServletException e) {
            e.printStackTrace();
        }
    }

    private boolean useRedirect(String str) {
        return str.contains("gwt.codesvr") || str.contains(SecurityConstants.HTTP_FORM_SECURITY_CHECK_URI);
    }

    public String toString() {
        return "HttpAuthenticationManager [authSchemes=" + this.authSchemes + ", authProviders=" + this.authProviders + ", roleProviders=" + this.roleProviders + ", subjectPropertiesProviders=" + this.subjectPropertiesProviders + ", authStorageProviders=" + this.authStorageProviders + ", resourceManager=" + this.resourceManager + ", requestCache=" + this.requestCache + ", forceURL=" + this.forceURL + SelectorUtils.PATTERN_HANDLER_SUFFIX;
    }
}
