package org.ametys.runtime.plugins.core.authentication;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.ametys.runtime.authentication.Credentials;
import org.ametys.runtime.authentication.CredentialsProvider;
import org.ametys.runtime.plugin.PluginsManager;
import org.ametys.runtime.workspace.WorkspaceMatcher;
import org.apache.avalon.framework.configuration.Configurable;
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.avalon.framework.context.Context;
import org.apache.avalon.framework.context.ContextException;
import org.apache.avalon.framework.context.Contextualizable;
import org.apache.avalon.framework.logger.AbstractLogEnabled;
import org.apache.avalon.framework.thread.ThreadSafe;
import org.apache.cocoon.components.ContextHelper;
import org.apache.cocoon.environment.Cookie;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.Response;
import org.apache.cocoon.environment.http.HttpCookie;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:org/ametys/runtime/plugins/core/authentication/FormBasedCredentialsProvider.class */
public class FormBasedCredentialsProvider extends AbstractLogEnabled implements ThreadSafe, CredentialsProvider, Configurable, Contextualizable {
    public static final String AUTHENTICATION_BY_COOKIE = "authentication_by_cookie";
    protected String _usernameField;
    protected String _passwordField;
    protected String _rememberMeField;
    protected boolean _cookieEnabled;
    protected String _cookieName;
    protected long _cookieLifetime;
    protected String _loginUrl;
    protected String _loginFailedUrl;
    protected boolean _provideLoginParameter;
    protected boolean _loginUrlInternal;
    protected boolean _loginFailedUrlInternal;
    protected Set<String> _acceptedUrlPrefixes;
    protected Context _context;

    protected String getLoginURL() {
        return this._loginUrl;
    }

    protected String getLoginFailedURL() {
        return this._loginFailedUrl;
    }

    @Override // org.ametys.runtime.authentication.CredentialsProvider
    public boolean accept() {
        Request request = ContextHelper.getRequest(this._context);
        String parameter = request.getParameter(this._usernameField);
        String parameter2 = request.getParameter(this._passwordField);
        String requestURI = request.getRequestURI();
        if (requestURI.startsWith(request.getContextPath())) {
            requestURI = requestURI.substring(request.getContextPath().length());
        }
        if (requestURI.startsWith(PluginsManager.FEATURE_ID_SEPARATOR)) {
            requestURI = requestURI.substring(1);
        }
        boolean equals = getLoginFailedURL().equals(requestURI);
        if (parameter == null || parameter2 == null) {
            if (!equals) {
                equals = getLoginURL().equals(requestURI);
            }
            if (!equals) {
                Iterator<String> it = this._acceptedUrlPrefixes.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (requestURI.startsWith(it.next())) {
                        equals = true;
                        break;
                    }
                }
            }
        }
        if (equals && getLogger().isInfoEnabled()) {
            getLogger().info("URL accepted : " + requestURI);
        }
        return equals;
    }

    @Override // org.ametys.runtime.authentication.CredentialsProvider
    public void allowed(Redirector redirector) {
        Request request = ContextHelper.getRequest(this._context);
        String cookieValue = getCookieValue(request, this._cookieName);
        if (cookieValue != null && !"".equals(cookieValue)) {
            updateCookie(cookieValue, this._cookieName, (int) this._cookieLifetime, this._context);
            return;
        }
        String parameter = request.getParameter(this._usernameField);
        String parameter2 = request.getParameter(this._passwordField);
        String parameter3 = request.getParameter(this._rememberMeField);
        if (parameter3 == null || !parameter3.equalsIgnoreCase("true")) {
            return;
        }
        updateCookie(parameter + "/n" + parameter2, this._cookieName, (int) this._cookieLifetime, this._context);
    }

    @Override // org.ametys.runtime.authentication.CredentialsProvider
    public Credentials getCredentials(Redirector redirector) throws Exception {
        Request request = ContextHelper.getRequest(this._context);
        String parameter = request.getParameter(this._usernameField);
        String parameter2 = request.getParameter(this._passwordField);
        if (parameter != null && parameter2 != null) {
            return new Credentials(parameter, parameter2);
        }
        String cookieValue = getCookieValue(request, this._cookieName);
        if (cookieValue == null || "".equals(cookieValue)) {
            redirector.redirect(false, this._loginUrlInternal ? "cocoon://" + getLoginURL() : request.getContextPath() + PluginsManager.FEATURE_ID_SEPARATOR + getLoginURL());
            return null;
        }
        String[] split = cookieValue.split("/n");
        return new Credentials(split[0], split[1]);
    }

    @Override // org.ametys.runtime.authentication.CredentialsProvider
    public void notAllowed(Redirector redirector) throws Exception {
        Request request = ContextHelper.getRequest(this._context);
        StringBuffer stringBuffer = new StringBuffer();
        if (this._provideLoginParameter) {
            stringBuffer.append(getLoginFailedURL().indexOf(63) >= 0 ? "&" : "?");
            stringBuffer.append("login=" + request.getParameter(this._usernameField));
        }
        redirector.redirect(false, this._loginFailedUrlInternal ? "cocoon://" + getLoginFailedURL() + stringBuffer.toString() : request.getContextPath() + request.getAttribute(WorkspaceMatcher.WORKSPACE_URI) + PluginsManager.FEATURE_ID_SEPARATOR + getLoginFailedURL() + stringBuffer.toString());
    }

    @Override // org.ametys.runtime.authentication.CredentialsProvider
    public boolean validate(Redirector redirector) throws Exception {
        return true;
    }

    public void configure(Configuration configuration) throws ConfigurationException {
        this._usernameField = configuration.getChild("username-field").getValue("Username");
        this._passwordField = configuration.getChild("password-field").getValue("Password");
        this._rememberMeField = configuration.getChild("rememberMe-field").getValue("rememberMe");
        this._cookieEnabled = configuration.getChild("cookie").getChild("cookieEnabled").getValueAsBoolean(true);
        this._cookieLifetime = configuration.getChild("cookie").getChild("cookieLifeTime").getValueAsLong(604800L);
        this._cookieName = configuration.getChild("cookie").getChild("cookieName").getValue("AmetysAuthentication");
        this._loginUrl = configuration.getChild("loginUrl").getValue("login.html");
        this._loginFailedUrl = configuration.getChild("loginFailedUrl").getValue("login_failed.html");
        this._provideLoginParameter = configuration.getChild("loginFailedUrl").getAttributeAsBoolean("provideLoginParameter", false);
        this._loginUrlInternal = configuration.getChild("loginUrl").getAttributeAsBoolean("internal", false);
        this._loginFailedUrlInternal = configuration.getChild("loginFailedUrl").getAttributeAsBoolean("internal", false);
        this._acceptedUrlPrefixes = new HashSet();
        for (Configuration configuration2 : configuration.getChild("unauthenticated").getChildren("urlPrefix")) {
            String value = configuration2.getValue((String) null);
            if (value != null) {
                this._acceptedUrlPrefixes.add(value);
            }
        }
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("FormBasedCredentialsProvider values :  Name field=" + this._usernameField + ", Pwd field=" + this._passwordField + ", CookieEnabled=" + this._cookieEnabled + ", Cookie duration=" + this._cookieLifetime + ", Cookie name=" + this._cookieName + ", Login url=" + getLoginURL() + " [" + (this._loginUrlInternal ? "internal" : "external") + "], Login failed url=" + getLoginFailedURL() + " [" + (this._loginFailedUrlInternal ? "internal" : "external") + ", provide login on redirection : " + this._provideLoginParameter + "], accepted prefixes : [" + StringUtils.join(this._acceptedUrlPrefixes, ", ") + "]");
        }
    }

    public void contextualize(Context context) throws ContextException {
        this._context = context;
    }

    public static String getCookieValue(Request request, String str) {
        Cookie[] cookies = request.getCookies();
        if (cookies == null) {
            return null;
        }
        for (int i = 0; i < cookies.length; i++) {
            if (str.equals(cookies[i].getName())) {
                return cookies[i].getValue();
            }
        }
        return null;
    }

    public static boolean isCookieAlreadySet(Request request, String str) {
        Cookie[] cookies = request.getCookies();
        if (cookies == null) {
            return false;
        }
        for (Cookie cookie : cookies) {
            if (str.equals(cookie.getName())) {
                return true;
            }
        }
        return false;
    }

    public static void updateCookie(String str, String str2, int i, Context context) {
        Response response = ObjectModelHelper.getResponse(ContextHelper.getObjectModel(context));
        Request request = ObjectModelHelper.getRequest(ContextHelper.getObjectModel(context));
        HttpCookie httpCookie = new HttpCookie(str2, str);
        httpCookie.setPath(request.getContextPath());
        httpCookie.setMaxAge(i);
        response.addCookie(httpCookie);
    }

    public static void deleteCookie(Request request, Response response, String str, int i) {
        HttpCookie httpCookie = new HttpCookie(str, "");
        httpCookie.setPath(request.getContextPath());
        httpCookie.setMaxAge(i);
        response.addCookie(httpCookie);
    }
}
