package org.ametys.plugins.core.impl.authentication;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.time.Instant;
import java.time.ZonedDateTime;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import org.ametys.core.authentication.AbstractCredentialProvider;
import org.ametys.core.authentication.AuthenticateAction;
import org.ametys.core.authentication.BlockingCredentialProvider;
import org.ametys.core.authentication.LogoutCapable;
import org.ametys.core.authentication.NonBlockingCredentialProvider;
import org.ametys.core.authentication.token.AuthenticationTokenManager;
import org.ametys.core.captcha.CaptchaHelper;
import org.ametys.core.datasource.ConnectionHelper;
import org.ametys.core.script.SQLScriptHelper;
import org.ametys.core.user.User;
import org.ametys.core.user.UserIdentity;
import org.ametys.core.user.directory.NotUniqueUserException;
import org.ametys.core.user.directory.UserDirectory;
import org.ametys.core.user.population.UserPopulation;
import org.ametys.core.user.population.UserPopulationDAO;
import org.ametys.runtime.authentication.AccessDeniedException;
import org.ametys.runtime.workspace.WorkspaceMatcher;
import org.apache.avalon.framework.configuration.Configurable;
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.avalon.framework.context.Context;
import org.apache.avalon.framework.context.ContextException;
import org.apache.avalon.framework.context.Contextualizable;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;
import org.apache.cocoon.components.ContextHelper;
import org.apache.cocoon.environment.Cookie;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.http.HttpCookie;
import org.apache.commons.lang.StringUtils;
import org.apache.excalibur.source.SourceResolver;
import org.slf4j.Logger;

/* loaded from: input_file:org/ametys/plugins/core/impl/authentication/FormCredentialProvider.class */
public class FormCredentialProvider extends AbstractCredentialProvider implements NonBlockingCredentialProvider, BlockingCredentialProvider, LogoutCapable, Contextualizable, Configurable, Serviceable {
    public static final String AUTHENTICATION_BY_COOKIE = "authentication_by_cookie";
    public static final int COOKIE_LIFETIME = 1209600;
    private static final String __PARAM_DATASOURCE = "runtime.authentication.form.security.storage";
    private static final String __PARAM_CAPTCHA = "runtime.authentication.form.captcha";
    private static final String __PARAM_COOKIES = "runtime.authentication.form.cookies";
    private static final String __PARAM_LOGIN_BY_EMAIL = "runtime.authentication.form.login-by-email";
    protected String _usernameField;
    protected String _passwordField;
    protected String _rememberMeField;
    protected String _captchaField;
    protected String _captchaKeyField;
    protected boolean _cookieEnabled;
    protected String _cookieName;
    protected long _cookieLifetime;
    protected Set<String> _acceptedUrlPrefixes;
    protected Collection<Pattern> _acceptedUrlPatterns = Arrays.asList(Pattern.compile("^plugins/core/captcha/[^/]+/image.png"));
    protected boolean _useCaptchaOnFailure;
    protected boolean _allowCookies;
    protected boolean _allowLoginByEmail;
    protected Context _context;
    protected UserPopulationDAO _userPopulationDAO;
    protected String _datasourceId;
    protected SourceResolver _sourceResolver;
    protected AuthenticationTokenManager _authenticationTokenManager;
    protected boolean _lazyInitialized;
    public static final Integer NB_CONNECTION_ATTEMPTS = 3;
    protected static final Integer TIME_ALLOWED = 1;

    public void contextualize(Context context) throws ContextException {
        this._context = context;
    }

    public void service(ServiceManager serviceManager) throws ServiceException {
        this._sourceResolver = (SourceResolver) serviceManager.lookup(SourceResolver.ROLE);
        try {
            this._authenticationTokenManager = (AuthenticationTokenManager) serviceManager.lookup(AuthenticationTokenManager.ROLE);
        } catch (ServiceException e) {
        }
        serviceManager.lookup(ConnectionHelper.ROLE);
    }

    @Override // org.ametys.core.authentication.AbstractCredentialProvider, org.ametys.core.authentication.CredentialProvider
    public void init(String str, String str2, Map<String, Object> map, String str3) {
        super.init(str, str2, map, str3);
        this._useCaptchaOnFailure = ((Boolean) map.get(__PARAM_CAPTCHA)).booleanValue();
        this._allowCookies = ((Boolean) map.get(__PARAM_COOKIES)).booleanValue();
        this._allowLoginByEmail = ((Boolean) map.get(__PARAM_LOGIN_BY_EMAIL)).booleanValue();
        this._datasourceId = (String) map.get(__PARAM_DATASOURCE);
    }

    public void configure(Configuration configuration) throws ConfigurationException {
        this._usernameField = configuration.getChild("username-field").getValue("Username");
        this._passwordField = configuration.getChild("password-field").getValue("Password");
        this._rememberMeField = configuration.getChild("rememberMe-field").getValue("rememberMe");
        this._captchaField = configuration.getChild("capcha-field").getValue("Captcha");
        this._captchaKeyField = configuration.getChild("captchaKey-field").getValue("CaptchaKey");
        this._cookieEnabled = configuration.getChild("cookie").getChild("cookieEnabled").getValueAsBoolean(true);
        this._cookieLifetime = configuration.getChild("cookie").getChild("cookieLifeTime").getValueAsLong(604800L);
        this._cookieName = configuration.getChild("cookie").getChild("cookieName").getValue("AmetysAuthentication");
        this._acceptedUrlPrefixes = new HashSet();
        for (Configuration configuration2 : configuration.getChild("unauthenticated").getChildren("urlPrefix")) {
            String value = configuration2.getValue((String) null);
            if (value != null) {
                this._acceptedUrlPrefixes.add(value);
            }
        }
        if (getLogger().isDebugEnabled()) {
            Logger logger = getLogger();
            String str = this._usernameField;
            String str2 = this._passwordField;
            boolean z = this._cookieEnabled;
            long j = this._cookieLifetime;
            String str3 = this._cookieName;
            StringUtils.join(this._acceptedUrlPrefixes, ", ");
            logger.debug("FormBasedCredentialsProvider values :  Name field=" + str + ", Pwd field=" + str2 + ", CookieEnabled=" + z + ", Cookie duration=" + j + ", Cookie name=" + logger + ", accepted prefixes : [" + str3 + "]");
        }
    }

    protected Connection getSQLConnection() {
        if (!this._lazyInitialized) {
            try {
                if (this._useCaptchaOnFailure) {
                    SQLScriptHelper.createTableIfNotExists(this._datasourceId, "Users_FormConnectionFailed", "plugin:core://scripts/%s/users_form_failed_connection.sql", this._sourceResolver);
                }
            } catch (Exception e) {
                getLogger().error("The tables requires by the " + getClass().getName() + " could not be created. A degraded behavior will occur", e);
            }
            this._lazyInitialized = true;
        }
        return ConnectionHelper.getConnection(this._datasourceId);
    }

    @Override // org.ametys.core.authentication.LogoutCapable
    public void logout() {
        String _getCookieValue = _getCookieValue();
        if (this._authenticationTokenManager != null && StringUtils.isNotEmpty(_getCookieValue)) {
            this._authenticationTokenManager.deleteTokenByValue(_getCookieValue, null);
        }
        _deleteCookie();
    }

    @Override // org.ametys.core.authentication.NonBlockingCredentialProvider
    public boolean nonBlockingIsStillConnected(UserIdentity userIdentity, Redirector redirector) {
        return true;
    }

    @Override // org.ametys.core.authentication.BlockingCredentialProvider
    public boolean blockingIsStillConnected(UserIdentity userIdentity, Redirector redirector) {
        return true;
    }

    @Override // org.ametys.core.authentication.BlockingCredentialProvider
    public boolean blockingGrantAnonymousRequest() {
        Request request = ContextHelper.getRequest(this._context);
        boolean z = false;
        String parameter = request.getParameter(this._usernameField);
        String parameter2 = request.getParameter(this._passwordField);
        String str = (String) request.getAttribute(WorkspaceMatcher.IN_WORKSPACE_URL);
        if (parameter == null || parameter2 == null) {
            if (0 == 0) {
                Iterator<String> it = this._acceptedUrlPrefixes.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (str.startsWith(it.next())) {
                        z = true;
                        break;
                    }
                }
            }
            if (!z) {
                Iterator<Pattern> it2 = this._acceptedUrlPatterns.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    if (it2.next().matcher(str).matches()) {
                        z = true;
                        break;
                    }
                }
            }
        }
        if (z && getLogger().isInfoEnabled()) {
            getLogger().info("URL accepted : " + str);
        }
        return z;
    }

    @Override // org.ametys.core.authentication.NonBlockingCredentialProvider
    public boolean nonBlockingGrantAnonymousRequest() {
        return blockingGrantAnonymousRequest();
    }

    @Override // org.ametys.core.authentication.BlockingCredentialProvider
    public UserIdentity blockingGetUserIdentity(Redirector redirector) throws Exception {
        Request request = ContextHelper.getRequest(this._context);
        try {
            UserIdentity _getUserIdentityFromRequest = _getUserIdentityFromRequest(request);
            if (_getUserIdentityFromRequest != null) {
                return _getUserIdentityFromRequest;
            }
            redirector.redirect(false, (String) request.getAttribute(AuthenticateAction.REQUEST_ATTRIBUTE_LOGIN_URL));
            return null;
        } catch (NotUniqueUserException | AccessDeniedException e) {
            blockingUserNotAllowed(redirector);
            return null;
        }
    }

    @Override // org.ametys.core.authentication.NonBlockingCredentialProvider
    public UserIdentity nonBlockingGetUserIdentity(Redirector redirector) throws Exception {
        try {
            UserIdentity _getUserIdentityFromRequest = _getUserIdentityFromRequest(ContextHelper.getRequest(this._context));
            if (_getUserIdentityFromRequest != null) {
                return _getUserIdentityFromRequest;
            }
            if (this._allowCookies) {
                String _getCookieValue = _getCookieValue();
                if (this._authenticationTokenManager != null && StringUtils.isNotEmpty(_getCookieValue)) {
                    UserIdentity validateToken = this._authenticationTokenManager.validateToken(_getCookieValue);
                    if (validateToken != null) {
                        return validateToken;
                    }
                    _deleteCookie();
                }
            }
            return null;
        } catch (NotUniqueUserException | AccessDeniedException e) {
            nonBlockingUserNotAllowed(redirector);
            return null;
        }
    }

    private UserIdentity _getUserIdentityFromRequest(Request request) throws AccessDeniedException, NotUniqueUserException {
        String parameter = request.getParameter(this._usernameField);
        String parameter2 = request.getParameter(this._passwordField);
        if (!StringUtils.isNotBlank(parameter) || parameter2 == null) {
            return null;
        }
        UserPopulation _getPopulation = _getPopulation(request);
        if (this._useCaptchaOnFailure && requestNbConnectBDD(parameter, _getPopulation.getId()).intValue() >= NB_CONNECTION_ATTEMPTS.intValue()) {
            if (!CaptchaHelper.checkAndInvalidate(request.getParameter(this._captchaKeyField), request.getParameter(this._captchaField))) {
                throw new AccessDeniedException("Captcha is invalid for user '" + parameter + "'");
            }
        }
        for (UserDirectory userDirectory : _getPopulation.getUserDirectories()) {
            User user = userDirectory.getUser(parameter);
            if (user == null && this._allowLoginByEmail) {
                user = userDirectory.getUserByEmail(parameter);
            }
            if (user != null) {
                if (userDirectory.checkCredentials(user.getIdentity().getLogin(), parameter2)) {
                    return user.getIdentity();
                }
                throw new AccessDeniedException("Password is incorrect for user '" + user.getIdentity().getLogin() + "'");
            }
        }
        throw new AccessDeniedException("Unknown user '" + parameter + "'");
    }

    private UserPopulation _getPopulation(Request request) {
        List list = (List) request.getAttribute(AuthenticateAction.REQUEST_ATTRIBUTE_AVAILABLE_USER_POPULATIONS_LIST);
        if (list.size() == 1) {
            return (UserPopulation) list.get(0);
        }
        String str = (String) request.getAttribute(AuthenticateAction.REQUEST_ATTRIBUTE_USER_POPULATION_ID);
        if (StringUtils.isNotBlank(str)) {
            return (UserPopulation) list.stream().filter(userPopulation -> {
                return StringUtils.equals(userPopulation.getId(), str);
            }).findFirst().get();
        }
        throw new IllegalStateException("The " + getClass().getName() + " does not work when population is not known");
    }

    @Override // org.ametys.core.authentication.BlockingCredentialProvider
    public void blockingUserNotAllowed(Redirector redirector) throws Exception {
        Request request = ContextHelper.getRequest(this._context);
        String str = (String) request.getAttribute(AuthenticateAction.REQUEST_ATTRIBUTE_LOGIN_URL);
        StringBuilder sb = new StringBuilder();
        sb.append(str.indexOf(63) >= 0 ? "&" : "?");
        sb.append("login=");
        sb.append(request.getParameter(this._usernameField));
        sb.append("&authFailure=true");
        if (this._useCaptchaOnFailure) {
            String parameter = request.getParameter(this._captchaKeyField);
            int intValue = _setNbConnectBDD(request.getParameter(this._usernameField), _getPopulation(request).getId()).intValue();
            int intValue2 = NB_CONNECTION_ATTEMPTS.intValue() - 1;
            if (intValue == intValue2 || (parameter == null && intValue > intValue2)) {
                sb.append("&tooManyAttempts=true");
            }
        }
        if (StringUtils.isNotEmpty(_getCookieValue())) {
            sb.append("&cookieFailure=true");
            _deleteCookie();
        }
        redirector.redirect(false, str + sb);
    }

    @Override // org.ametys.core.authentication.NonBlockingCredentialProvider
    public void nonBlockingUserNotAllowed(Redirector redirector) throws Exception {
    }

    @Override // org.ametys.core.authentication.BlockingCredentialProvider
    public void blockingUserAllowed(UserIdentity userIdentity) {
        if (!this._allowCookies) {
            _deleteLoginFailedBDD(userIdentity.getLogin(), userIdentity.getPopulationId());
        } else if ("true".equals(ContextHelper.getRequest(this._context).getParameter(this._rememberMeField))) {
            nonBlockingUserAllowed(userIdentity);
        }
    }

    @Override // org.ametys.core.authentication.NonBlockingCredentialProvider
    public void nonBlockingUserAllowed(UserIdentity userIdentity) {
        if (!this._cookieEnabled || this._authenticationTokenManager == null) {
            return;
        }
        _updateCookie(this._authenticationTokenManager.generateToken(userIdentity, this._cookieLifetime, 1, "FormsCredentialProvider-Cookie", null));
    }

    @Override // org.ametys.core.authentication.BlockingCredentialProvider
    public boolean requiresNewWindow() {
        return false;
    }

    protected void _deleteAllPastLoginFailedBDD() {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        try {
            try {
                connection = getSQLConnection();
                Timestamp from = Timestamp.from(ZonedDateTime.now().minusDays(TIME_ALLOWED.intValue()).toInstant());
                preparedStatement = connection.prepareStatement("DELETE FROM Users_FormConnectionFailed WHERE last_connect < ?");
                preparedStatement.setTimestamp(1, from);
                preparedStatement.execute();
                ConnectionHelper.cleanup((ResultSet) null);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
            } catch (SQLException e) {
                getLogger().error("Error during the connection to the database", e);
                ConnectionHelper.cleanup((ResultSet) null);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
            }
        } catch (Throwable th) {
            ConnectionHelper.cleanup((ResultSet) null);
            ConnectionHelper.cleanup(preparedStatement);
            ConnectionHelper.cleanup(connection);
            throw th;
        }
    }

    public Integer requestNbConnectBDD(String str, String str2) {
        _deleteAllPastLoginFailedBDD();
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                connection = getSQLConnection();
                preparedStatement = connection.prepareStatement("SELECT nb_connect FROM Users_FormConnectionFailed WHERE login = ? and population_id = ?");
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, str2);
                resultSet = preparedStatement.executeQuery();
                Integer num = 0;
                if (resultSet.next()) {
                    num = Integer.valueOf(resultSet.getInt("nb_connect"));
                }
                Integer num2 = num;
                ConnectionHelper.cleanup(resultSet);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
                return num2;
            } catch (SQLException e) {
                getLogger().error("Error during the connection to the database", e);
                ConnectionHelper.cleanup(resultSet);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
                return 0;
            }
        } catch (Throwable th) {
            ConnectionHelper.cleanup(resultSet);
            ConnectionHelper.cleanup(preparedStatement);
            ConnectionHelper.cleanup(connection);
            throw th;
        }
    }

    protected Integer _setNbConnectBDD(String str, String str2) {
        Integer requestNbConnectBDD = requestNbConnectBDD(str, str2);
        if (requestNbConnectBDD.intValue() == 0) {
            _insertLoginNbConnectBDD(str, str2);
        } else {
            _updateLoginNbConnectBDD(str, str2, requestNbConnectBDD);
        }
        return requestNbConnectBDD;
    }

    protected void _insertLoginNbConnectBDD(String str, String str2) {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        try {
            try {
                connection = getSQLConnection();
                preparedStatement = connection.prepareStatement("INSERT INTO Users_FormConnectionFailed (login, population_id, nb_connect, last_connect) VALUES (?, ?, ?, ?)");
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, str2);
                preparedStatement.setInt(3, 1);
                preparedStatement.setTimestamp(4, Timestamp.from(Instant.now()));
                preparedStatement.execute();
                ConnectionHelper.cleanup((ResultSet) null);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
            } catch (SQLException e) {
                getLogger().error("Error during the connection to the database", e);
                ConnectionHelper.cleanup((ResultSet) null);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
            }
        } catch (Throwable th) {
            ConnectionHelper.cleanup((ResultSet) null);
            ConnectionHelper.cleanup(preparedStatement);
            ConnectionHelper.cleanup(connection);
            throw th;
        }
    }

    protected void _deleteLoginFailedBDD(String str, String str2) {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        try {
            try {
                connection = getSQLConnection();
                preparedStatement = connection.prepareStatement("DELETE FROM Users_FormConnectionFailed WHERE login = ? and population_id = ?");
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, str2);
                preparedStatement.execute();
                ConnectionHelper.cleanup((ResultSet) null);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
            } catch (SQLException e) {
                getLogger().error("Error during the connection to the database", e);
                ConnectionHelper.cleanup((ResultSet) null);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
            }
        } catch (Throwable th) {
            ConnectionHelper.cleanup((ResultSet) null);
            ConnectionHelper.cleanup(preparedStatement);
            ConnectionHelper.cleanup(connection);
            throw th;
        }
    }

    protected void _updateLoginNbConnectBDD(String str, String str2, Integer num) {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        try {
            try {
                connection = getSQLConnection();
                preparedStatement = connection.prepareStatement("UPDATE Users_FormConnectionFailed SET nb_connect = ? WHERE login = ? and population_id = ?");
                preparedStatement.setInt(1, num.intValue() + 1);
                preparedStatement.setString(2, str);
                preparedStatement.setString(3, str2);
                preparedStatement.execute();
                ConnectionHelper.cleanup((ResultSet) null);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
            } catch (SQLException e) {
                getLogger().error("Error during the connection to the database", e);
                ConnectionHelper.cleanup((ResultSet) null);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
            }
        } catch (Throwable th) {
            ConnectionHelper.cleanup((ResultSet) null);
            ConnectionHelper.cleanup(preparedStatement);
            ConnectionHelper.cleanup(connection);
            throw th;
        }
    }

    protected String _getCookieValue() {
        Cookie[] cookies = ContextHelper.getRequest(this._context).getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (this._cookieName.equals(cookie.getName())) {
                return cookie.getValue();
            }
        }
        return null;
    }

    protected boolean _isCookieAlreadySet() {
        Cookie[] cookies = ContextHelper.getRequest(this._context).getCookies();
        if (cookies == null) {
            return false;
        }
        for (Cookie cookie : cookies) {
            if (this._cookieName.equals(cookie.getName())) {
                return true;
            }
        }
        return false;
    }

    protected void _updateCookie(String str) {
        Request request = ContextHelper.getRequest(this._context);
        HttpCookie createCookie = ContextHelper.getResponse(this._context).createCookie(this._cookieName, str);
        createCookie.setSecure(request.isSecure());
        createCookie.setPath(ContextHelper.getRequest(this._context).getContextPath());
        createCookie.setMaxAge((int) this._cookieLifetime);
        createCookie.getServletCookie().setHttpOnly(true);
        ContextHelper.getResponse(this._context).addCookie(createCookie);
    }

    protected void _deleteCookie() {
        HttpCookie httpCookie = new HttpCookie(this._cookieName, ConnectionHelper.DATABASE_UNKNOWN);
        httpCookie.setPath(ContextHelper.getRequest(this._context).getContextPath());
        httpCookie.setMaxAge(0);
        ContextHelper.getResponse(this._context).addCookie(httpCookie);
    }
}
