package org.ametys.plugins.core.impl.authentication;

import java.sql.Connection;
import java.sql.Date;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import org.ametys.core.authentication.AbstractCredentialProvider;
import org.ametys.core.authentication.BlockingCredentialProvider;
import org.ametys.core.authentication.Credentials;
import org.ametys.core.authentication.LogoutCapable;
import org.ametys.core.authentication.NonBlockingCredentialProvider;
import org.ametys.core.captcha.CaptchaHelper;
import org.ametys.core.datasource.ConnectionHelper;
import org.ametys.plugins.core.impl.authentication.token.TokenCredentials;
import org.ametys.runtime.config.Config;
import org.ametys.runtime.plugin.PluginsManager;
import org.ametys.runtime.workspace.WorkspaceMatcher;
import org.apache.avalon.framework.configuration.Configurable;
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.avalon.framework.context.Context;
import org.apache.avalon.framework.context.ContextException;
import org.apache.avalon.framework.context.Contextualizable;
import org.apache.cocoon.components.ContextHelper;
import org.apache.cocoon.environment.Cookie;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.Response;
import org.apache.cocoon.environment.http.HttpCookie;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
import org.joda.time.DateTime;

/* loaded from: input_file:org/ametys/plugins/core/impl/authentication/FormCredentialProvider.class */
public class FormCredentialProvider extends AbstractCredentialProvider implements NonBlockingCredentialProvider, BlockingCredentialProvider, LogoutCapable, Contextualizable, Configurable {
    public static final String AUTHENTICATION_BY_COOKIE = "authentication_by_cookie";
    public static final String SECURITY_LEVEL_LOW = "low";
    public static final String SECURITY_LEVEL_HIGH = "high";
    public static final Integer NB_CONNECTION_ATTEMPTS = 3;
    public static final int DEFAULT_COOKIE_LIFETIME = 1209600;
    private static final String __PARAM_SECURITY_LEVEL = "runtime.authentication.form.security.level";
    protected String _usernameField;
    protected String _passwordField;
    protected String _rememberMeField;
    protected String _captchaField;
    protected String _captchaKeyField;
    protected boolean _cookieEnabled;
    protected String _cookieName;
    protected long _cookieLifetime;
    protected String _loginUrl;
    protected String _loginFailedUrl;
    protected boolean _provideLoginParameter;
    protected boolean _loginUrlInternal;
    protected boolean _loginFailedUrlInternal;
    protected Set<String> _acceptedUrlPrefixes;
    protected Collection<Pattern> _acceptedUrlPatterns = Arrays.asList(Pattern.compile("^plugins/core/captcha/[^/]+/image.png"));
    protected String _securityLevel;
    protected Context _context;

    public void contextualize(Context context) throws ContextException {
        this._context = context;
    }

    @Override // org.ametys.core.authentication.AbstractCredentialProvider, org.ametys.core.authentication.CredentialProvider
    public void init(String str, Map<String, Object> map) {
        super.init(str, map);
        this._securityLevel = (String) map.get(__PARAM_SECURITY_LEVEL);
    }

    public void configure(Configuration configuration) throws ConfigurationException {
        this._usernameField = configuration.getChild("username-field").getValue("Username");
        this._passwordField = configuration.getChild("password-field").getValue("Password");
        this._rememberMeField = configuration.getChild("rememberMe-field").getValue("rememberMe");
        this._captchaField = configuration.getChild("capcha-field").getValue("Captcha");
        this._captchaKeyField = configuration.getChild("captchaKey-field").getValue("CaptchaKey");
        this._cookieEnabled = configuration.getChild("cookie").getChild("cookieEnabled").getValueAsBoolean(true);
        this._cookieLifetime = configuration.getChild("cookie").getChild("cookieLifeTime").getValueAsLong(604800L);
        this._cookieName = configuration.getChild("cookie").getChild("cookieName").getValue("AmetysAuthentication");
        this._loginUrl = configuration.getChild("loginUrl").getValue("login.html");
        this._loginFailedUrl = configuration.getChild("loginFailedUrl").getValue("login_failed.html");
        this._provideLoginParameter = configuration.getChild("loginFailedUrl").getAttributeAsBoolean("provideLoginParameter", false);
        this._loginUrlInternal = configuration.getChild("loginUrl").getAttributeAsBoolean("internal", false);
        this._loginFailedUrlInternal = configuration.getChild("loginFailedUrl").getAttributeAsBoolean("internal", false);
        this._acceptedUrlPrefixes = new HashSet();
        for (Configuration configuration2 : configuration.getChild("unauthenticated").getChildren("urlPrefix")) {
            String value = configuration2.getValue((String) null);
            if (value != null) {
                this._acceptedUrlPrefixes.add(value);
            }
        }
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("FormBasedCredentialsProvider values :  Name field=" + this._usernameField + ", Pwd field=" + this._passwordField + ", CookieEnabled=" + this._cookieEnabled + ", Cookie duration=" + this._cookieLifetime + ", Cookie name=" + this._cookieName + ", Login url=" + this._loginUrl + " [" + (this._loginUrlInternal ? "internal" : "external") + "], Login failed url=" + this._loginFailedUrl + " [" + (this._loginFailedUrlInternal ? "internal" : "external") + ", provide login on redirection : " + this._provideLoginParameter + "], accepted prefixes : [" + StringUtils.join(this._acceptedUrlPrefixes, ", ") + "]");
        }
    }

    protected Connection getSQLConnection() {
        return ConnectionHelper.getConnection(Config.getInstance().getValueAsString("runtime.login.form.datasource"));
    }

    protected String getLoginURL() {
        return this._loginUrl;
    }

    protected String getLoginFailedURL() {
        return this._loginFailedUrl;
    }

    @Override // org.ametys.core.authentication.LogoutCapable
    public boolean logout() {
        deleteCookie(ContextHelper.getRequest(this._context), ContextHelper.getResponse(this._context), this._cookieName, (int) this._cookieLifetime);
        return true;
    }

    @Override // org.ametys.core.authentication.BlockingCredentialProvider
    public boolean validateBlocking(Redirector redirector) throws Exception {
        return true;
    }

    @Override // org.ametys.core.authentication.NonBlockingCredentialProvider
    public boolean validateNonBlocking(Redirector redirector) throws Exception {
        return true;
    }

    @Override // org.ametys.core.authentication.BlockingCredentialProvider
    public boolean acceptBlocking() {
        Request request = ContextHelper.getRequest(this._context);
        String parameter = request.getParameter(this._usernameField);
        String parameter2 = request.getParameter(this._passwordField);
        String requestURI = request.getRequestURI();
        if (requestURI.startsWith(request.getContextPath())) {
            requestURI = requestURI.substring(request.getContextPath().length());
        }
        if (requestURI.startsWith(PluginsManager.FEATURE_ID_SEPARATOR)) {
            requestURI = requestURI.substring(1);
        }
        boolean equals = getLoginFailedURL().equals(requestURI);
        if (parameter == null || parameter2 == null) {
            if (!equals) {
                equals = getLoginURL().equals(requestURI);
            }
            if (!equals) {
                Iterator<String> it = this._acceptedUrlPrefixes.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (requestURI.startsWith(it.next())) {
                        equals = true;
                        break;
                    }
                }
            }
            if (!equals) {
                Iterator<Pattern> it2 = this._acceptedUrlPatterns.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    if (it2.next().matcher(requestURI).matches()) {
                        equals = true;
                        break;
                    }
                }
            }
        }
        if (equals && getLogger().isInfoEnabled()) {
            getLogger().info("URL accepted : " + requestURI);
        }
        return equals;
    }

    @Override // org.ametys.core.authentication.NonBlockingCredentialProvider
    public boolean acceptNonBlocking() {
        return acceptBlocking();
    }

    @Override // org.ametys.core.authentication.BlockingCredentialProvider
    public Credentials getCredentialsBlocking(Redirector redirector) throws Exception {
        Request request = ContextHelper.getRequest(this._context);
        String parameter = request.getParameter(this._usernameField);
        String parameter2 = request.getParameter(this._passwordField);
        if (parameter == null || parameter2 == null) {
            redirector.redirect(false, this._loginUrlInternal ? "cocoon://" + getLoginURL() : request.getContextPath() + PluginsManager.FEATURE_ID_SEPARATOR + getLoginURL());
            return null;
        }
        if (SECURITY_LEVEL_HIGH.equals(this._securityLevel) && _requestNbConnectBDD(parameter).intValue() >= NB_CONNECTION_ATTEMPTS.intValue()) {
            if (!CaptchaHelper.checkAndInvalidate(request.getParameter(this._captchaKeyField), request.getParameter(this._captchaField))) {
                return null;
            }
        }
        return new Credentials(parameter, parameter2);
    }

    @Override // org.ametys.core.authentication.NonBlockingCredentialProvider
    public Credentials getCredentialsNonBlocking(Redirector redirector) throws Exception {
        Request request = ContextHelper.getRequest(this._context);
        String cookieValue = getCookieValue(request, this._cookieName);
        if (!StringUtils.isNotEmpty(cookieValue)) {
            return null;
        }
        if (cookieValue.contains(",")) {
            String[] split = cookieValue.split(",");
            return new TokenCredentials(split[0], split[1]);
        }
        deleteCookie(request, ContextHelper.getResponse(this._context), this._cookieName, (int) this._cookieLifetime);
        return null;
    }

    @Override // org.ametys.core.authentication.BlockingCredentialProvider
    public void notAllowedBlocking(Redirector redirector) throws Exception {
        Request request = ContextHelper.getRequest(this._context);
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(getLoginFailedURL().indexOf(63) >= 0 ? "&" : "?");
        if (this._provideLoginParameter) {
            stringBuffer.append("login=" + request.getParameter(this._usernameField));
        }
        if (SECURITY_LEVEL_HIGH.equals(this._securityLevel)) {
            String parameter = request.getParameter(this._captchaKeyField);
            int intValue = _setNbConnectBDD(request.getParameter(this._usernameField)).intValue();
            int intValue2 = NB_CONNECTION_ATTEMPTS.intValue() - 1;
            if (intValue == intValue2 || (parameter == null && intValue > intValue2)) {
                stringBuffer.append("&tooManyAttempts=true");
            }
        }
        if (StringUtils.isNotEmpty(getCookieValue(request, this._cookieName))) {
            stringBuffer.append("&cookieFailure=true");
            deleteCookie(request, ContextHelper.getResponse(this._context), this._cookieName, (int) this._cookieLifetime);
        }
        redirector.redirect(false, this._loginFailedUrlInternal ? "cocoon://" + getLoginFailedURL() + stringBuffer.toString() : request.getContextPath() + request.getAttribute(WorkspaceMatcher.WORKSPACE_URI) + PluginsManager.FEATURE_ID_SEPARATOR + getLoginFailedURL() + stringBuffer.toString());
    }

    @Override // org.ametys.core.authentication.NonBlockingCredentialProvider
    public void notAllowedNonBlocking(Redirector redirector) throws Exception {
    }

    @Override // org.ametys.core.authentication.BlockingCredentialProvider
    public void allowedBlocking(Redirector redirector) {
        if (SECURITY_LEVEL_HIGH.equals(this._securityLevel)) {
            _deleteLoginFailedBDD(ContextHelper.getRequest(this._context).getParameter(this._usernameField));
            return;
        }
        Request request = ContextHelper.getRequest(this._context);
        String cookieValue = getCookieValue(request, this._cookieName);
        String str = null;
        if ("true".equals(request.getParameter(this._rememberMeField))) {
            str = request.getParameter(this._usernameField);
        } else if (StringUtils.isNotEmpty(cookieValue)) {
            str = cookieValue.split(",")[0];
        }
        if (str != null) {
            String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(16);
            String randomAlphanumeric2 = RandomStringUtils.randomAlphanumeric(48);
            _insertUserToken(str, randomAlphanumeric2, DigestUtils.sha512Hex(randomAlphanumeric + randomAlphanumeric2));
            updateCookie(str + "," + randomAlphanumeric, this._cookieName, (int) this._cookieLifetime, this._context);
        }
    }

    @Override // org.ametys.core.authentication.NonBlockingCredentialProvider
    public void allowedNonBlocking(Redirector redirector) {
        allowedBlocking(redirector);
    }

    protected Integer _requestNbConnectBDD(String str) {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                connection = getSQLConnection();
                preparedStatement = connection.prepareStatement("SELECT nb_connect FROM Users_FormConnectionFailed WHERE login = ?");
                preparedStatement.setString(1, str);
                resultSet = preparedStatement.executeQuery();
                Integer num = 0;
                if (resultSet.next()) {
                    num = Integer.valueOf(resultSet.getInt("nb_connect"));
                }
                Integer num2 = num;
                ConnectionHelper.cleanup(resultSet);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
                return num2;
            } catch (SQLException e) {
                getLogger().error("Error during the connection to the database", e);
                ConnectionHelper.cleanup(resultSet);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
                return 0;
            }
        } catch (Throwable th) {
            ConnectionHelper.cleanup(resultSet);
            ConnectionHelper.cleanup(preparedStatement);
            ConnectionHelper.cleanup(connection);
            throw th;
        }
    }

    protected Integer _setNbConnectBDD(String str) {
        Integer _requestNbConnectBDD = _requestNbConnectBDD(str);
        if (_requestNbConnectBDD.intValue() == 0) {
            _insertLoginNbConnectBDD(str);
        } else {
            _updateLoginNbConnectBDD(str, _requestNbConnectBDD);
        }
        return _requestNbConnectBDD;
    }

    protected void _insertLoginNbConnectBDD(String str) {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        try {
            try {
                connection = getSQLConnection();
                preparedStatement = connection.prepareStatement("INSERT INTO Users_FormConnectionFailed (login, nb_connect, last_connect) VALUES (?, ?, ?)");
                preparedStatement.setString(1, str);
                preparedStatement.setInt(2, 1);
                preparedStatement.setTimestamp(3, new Timestamp(new DateTime().getMillis()));
                preparedStatement.execute();
                ConnectionHelper.cleanup((ResultSet) null);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
            } catch (SQLException e) {
                getLogger().error("Error during the connection to the database", e);
                ConnectionHelper.cleanup((ResultSet) null);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
            }
        } catch (Throwable th) {
            ConnectionHelper.cleanup((ResultSet) null);
            ConnectionHelper.cleanup(preparedStatement);
            ConnectionHelper.cleanup(connection);
            throw th;
        }
    }

    protected void _insertUserToken(String str, String str2, String str3) {
        PreparedStatement prepareStatement;
        Connection connection = null;
        ResultSet resultSet = null;
        try {
            try {
                connection = getSQLConnection();
                if (ConnectionHelper.DATABASE_ORACLE.equals(ConnectionHelper.getDatabaseType(connection))) {
                    PreparedStatement prepareStatement2 = connection.prepareStatement("SELECT seq_userstoken.nextval FROM dual");
                    resultSet = prepareStatement2.executeQuery();
                    String str4 = null;
                    if (resultSet.next()) {
                        str4 = resultSet.getString(1);
                    }
                    ConnectionHelper.cleanup(resultSet);
                    ConnectionHelper.cleanup(prepareStatement2);
                    prepareStatement = connection.prepareStatement("INSERT INTO UsersToken (id, login, token, salt, creation_date) VALUES (?, ?, ?, ?, ?)");
                    prepareStatement.setString(1, str4);
                    prepareStatement.setString(2, str);
                    prepareStatement.setString(3, str3);
                    prepareStatement.setString(4, str2);
                    prepareStatement.setDate(5, new Date(System.currentTimeMillis()));
                } else {
                    prepareStatement = connection.prepareStatement("INSERT INTO UsersToken (login, token, salt, creation_date) VALUES (?, ?, ?, ?)");
                    prepareStatement.setString(1, str);
                    prepareStatement.setString(2, str3);
                    prepareStatement.setString(3, str2);
                    prepareStatement.setDate(4, new Date(System.currentTimeMillis()));
                }
                prepareStatement.executeUpdate();
                ConnectionHelper.cleanup(resultSet);
                ConnectionHelper.cleanup(connection);
            } catch (SQLException e) {
                getLogger().error("Communication error with the database", e);
                ConnectionHelper.cleanup(resultSet);
                ConnectionHelper.cleanup(connection);
            }
        } catch (Throwable th) {
            ConnectionHelper.cleanup(resultSet);
            ConnectionHelper.cleanup(connection);
            throw th;
        }
    }

    protected void _deleteLoginFailedBDD(String str) {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        try {
            try {
                connection = getSQLConnection();
                preparedStatement = connection.prepareStatement("DELETE FROM Users_FormConnectionFailed WHERE login = ?");
                preparedStatement.setString(1, str);
                preparedStatement.execute();
                ConnectionHelper.cleanup((ResultSet) null);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
            } catch (SQLException e) {
                getLogger().error("Error during the connection to the database", e);
                ConnectionHelper.cleanup((ResultSet) null);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
            }
        } catch (Throwable th) {
            ConnectionHelper.cleanup((ResultSet) null);
            ConnectionHelper.cleanup(preparedStatement);
            ConnectionHelper.cleanup(connection);
            throw th;
        }
    }

    protected void _updateLoginNbConnectBDD(String str, Integer num) {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        try {
            try {
                connection = getSQLConnection();
                preparedStatement = connection.prepareStatement("UPDATE Users_FormConnectionFailed SET nb_connect = ? WHERE login = ?");
                preparedStatement.setInt(1, num.intValue() + 1);
                preparedStatement.setString(2, str);
                preparedStatement.execute();
                ConnectionHelper.cleanup((ResultSet) null);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
            } catch (SQLException e) {
                getLogger().error("Error during the connection to the database", e);
                ConnectionHelper.cleanup((ResultSet) null);
                ConnectionHelper.cleanup(preparedStatement);
                ConnectionHelper.cleanup(connection);
            }
        } catch (Throwable th) {
            ConnectionHelper.cleanup((ResultSet) null);
            ConnectionHelper.cleanup(preparedStatement);
            ConnectionHelper.cleanup(connection);
            throw th;
        }
    }

    public static String getCookieValue(Request request, String str) {
        Cookie[] cookies = request.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (str.equals(cookie.getName())) {
                return cookie.getValue();
            }
        }
        return null;
    }

    public static boolean isCookieAlreadySet(Request request, String str) {
        Cookie[] cookies = request.getCookies();
        if (cookies == null) {
            return false;
        }
        for (Cookie cookie : cookies) {
            if (str.equals(cookie.getName())) {
                return true;
            }
        }
        return false;
    }

    public static void updateCookie(String str, String str2, int i, Context context) {
        Response response = ObjectModelHelper.getResponse(ContextHelper.getObjectModel(context));
        Request request = ObjectModelHelper.getRequest(ContextHelper.getObjectModel(context));
        HttpCookie httpCookie = new HttpCookie(str2, str);
        httpCookie.setPath(request.getContextPath());
        httpCookie.setMaxAge(i);
        response.addCookie(httpCookie);
    }

    public static void deleteCookie(Request request, Response response, String str, int i) {
        HttpCookie httpCookie = new HttpCookie(str, ConnectionHelper.DATABASE_UNKNOWN);
        httpCookie.setPath(request.getContextPath());
        httpCookie.setMaxAge(i);
        response.addCookie(httpCookie);
    }
}
