package org.ametys.runtime.workspaces.admin.authentication;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.security.MessageDigest;
import java.util.Map;
import javax.xml.xpath.XPathFactory;
import org.ametys.runtime.authentication.BasicCredentialsProvider;
import org.ametys.runtime.authentication.Credentials;
import org.ametys.runtime.authentication.CredentialsProvider;
import org.ametys.runtime.user.User;
import org.apache.avalon.framework.activity.Initializable;
import org.apache.avalon.framework.context.Context;
import org.apache.avalon.framework.context.ContextException;
import org.apache.avalon.framework.context.Contextualizable;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.avalon.framework.thread.ThreadSafe;
import org.apache.cocoon.acting.AbstractAction;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.SourceResolver;
import org.apache.commons.codec.binary.Base64;
import org.xml.sax.InputSource;

/* loaded from: input_file:org/ametys/runtime/workspaces/admin/authentication/AdminAuthenticateAction.class */
public class AdminAuthenticateAction extends AbstractAction implements ThreadSafe, Contextualizable, Initializable {
    public static final String REQUEST_ATTRIBUTE_SUPER_USER = "Runtime:SuperUser";
    public static final String ADMINISTRATOR_PASSWORD_FILENAME = "WEB-INF/data/administrator/admin.xml";
    private static final String __SESSION_ADMINISTRATOR = "Runtime:Administrator";
    protected Context _context;
    protected org.apache.cocoon.environment.Context _envContext;
    private CredentialsProvider _credentialsProvider;

    public void contextualize(Context context) throws ContextException {
        this._context = context;
        this._envContext = (org.apache.cocoon.environment.Context) this._context.get("environment-context");
    }

    public void initialize() throws Exception {
        this._credentialsProvider = new BasicCredentialsProvider("Administration", this._context);
    }

    public Map act(Redirector redirector, SourceResolver sourceResolver, Map map, String str, Parameters parameters) throws Exception {
        if (!_checkAuth(map, redirector)) {
            return null;
        }
        ObjectModelHelper.getRequest(map).setAttribute(REQUEST_ATTRIBUTE_SUPER_USER, Boolean.TRUE);
        return EMPTY_MAP;
    }

    private boolean _checkAuth(Map map, Redirector redirector) throws Exception {
        Request request = ObjectModelHelper.getRequest(map);
        if (((User) request.getSession().getAttribute(__SESSION_ADMINISTRATOR)) != null) {
            return true;
        }
        Credentials credentials = this._credentialsProvider.getCredentials(redirector);
        if (credentials == null || !_allowUser(credentials)) {
            this._credentialsProvider.notAllowed(redirector);
            return false;
        }
        this._credentialsProvider.allowed(redirector);
        request.getSession(true).setAttribute(__SESSION_ADMINISTRATOR, new User("admin"));
        return true;
    }

    private boolean _allowUser(Credentials credentials) {
        String login = credentials.getLogin();
        String password = credentials.getPassword();
        try {
            if (!"admin".equals(login)) {
                if (!getLogger().isDebugEnabled()) {
                    return false;
                }
                getLogger().debug("The administrator login must be 'admin' => authentication failed");
                return false;
            }
            if (password == null) {
                if (!getLogger().isDebugEnabled()) {
                    return false;
                }
                getLogger().debug("The administrator password cannot be null => authentication failed");
                return false;
            }
            InputStream inputStream = null;
            try {
                try {
                    FileInputStream fileInputStream = new FileInputStream(this._envContext.getRealPath(ADMINISTRATOR_PASSWORD_FILENAME));
                    String evaluate = XPathFactory.newInstance().newXPath().evaluate("admin/password", new InputSource(fileInputStream));
                    if (evaluate == null || "".equals(evaluate)) {
                        if (getLogger().isWarnEnabled()) {
                            getLogger().warn("The administrator password cannot be null at reading => authentication failed");
                        }
                        if (fileInputStream != null) {
                            fileInputStream.close();
                        }
                        return false;
                    }
                    if (MessageDigest.isEqual(Base64.decodeBase64(evaluate.getBytes()), MessageDigest.getInstance("MD5").digest(password.getBytes()))) {
                        if (fileInputStream != null) {
                            fileInputStream.close();
                        }
                        return true;
                    }
                    if (getLogger().isDebugEnabled()) {
                        getLogger().debug("The user did not give the right password => authentication failed");
                    }
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    return false;
                } catch (Throwable th) {
                    if (0 != 0) {
                        inputStream.close();
                    }
                    throw th;
                }
            } catch (FileNotFoundException e) {
                if (getLogger().isWarnEnabled()) {
                    getLogger().warn("The file 'WEB-INF/data/administrator/admin.xml' is missing. Default administrator password 'admin' is used.", e);
                }
                boolean equals = "admin".equals(password);
                if (0 != 0) {
                    inputStream.close();
                }
                return equals;
            }
        } catch (Exception e2) {
            getLogger().error("Authentication failed", e2);
            return false;
        }
    }
}
