package org.ametys.web;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.ametys.core.authentication.AuthenticateAction;
import org.ametys.core.user.UserIdentity;
import org.ametys.core.util.StringUtils;
import org.ametys.runtime.authentication.AccessDeniedException;
import org.ametys.runtime.config.Config;
import org.ametys.web.repository.site.SiteManager;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.SourceResolver;

/* loaded from: input_file:org/ametys/web/WebAuthenticateAction.class */
public class WebAuthenticateAction extends AuthenticateAction {
    public static final String REQUEST_ATTRIBUTE_FRONTOFFICE_USERIDENTITY = "Web:FrontOffice:UserIdentity";
    public static final String REQUEST_ATTRIBUTE_FRONTOFFICE_REQUEST = "Web:FrontOffice:Request";
    private SiteManager _siteManager;

    public void service(ServiceManager serviceManager) throws ServiceException {
        this._siteManager = (SiteManager) serviceManager.lookup(SiteManager.ROLE);
        super.service(serviceManager);
    }

    protected List<String> _getContexts(Request request, Parameters parameters) {
        ArrayList arrayList = new ArrayList();
        Collection<String> siteNames = this._siteManager.getSiteNames();
        for (String str : super._getContexts(request, parameters)) {
            Iterator<String> it = siteNames.iterator();
            while (it.hasNext()) {
                arrayList.add(str + "/" + it.next());
            }
        }
        return arrayList;
    }

    public Map act(Redirector redirector, SourceResolver sourceResolver, Map map, String str, Parameters parameters) throws Exception {
        Request request = ObjectModelHelper.getRequest(map);
        if (!"true".equals(request.getHeader("X-Ametys-FO"))) {
            request.setAttribute(REQUEST_ATTRIBUTE_FRONTOFFICE_REQUEST, "false");
            return super.act(redirector, sourceResolver, map, str, parameters);
        }
        String valueAsString = Config.getInstance().getValueAsString("org.ametys.web.front.ip");
        Collection stringToCollection = StringUtils.stringToCollection(valueAsString);
        String header = request.getHeader("X-Forwarded-For");
        String remoteAddr = header != null ? header.split(",")[0] : request.getRemoteAddr();
        if (!stringToCollection.isEmpty() && !stringToCollection.contains(remoteAddr)) {
            throw new AccessDeniedException("IP '" + remoteAddr + "' is not an authorized front-office IP (" + valueAsString + ")");
        }
        String header2 = request.getHeader("X-Ametys-FO-Login");
        String header3 = request.getHeader("X-Ametys-FO-Population");
        if (org.apache.commons.lang3.StringUtils.isNoneBlank(new CharSequence[]{header2, header3})) {
            request.setAttribute(REQUEST_ATTRIBUTE_FRONTOFFICE_USERIDENTITY, new UserIdentity(header2, header3));
        }
        request.setAttribute("Runtime:RequestAuthenticated", "true");
        request.setAttribute(REQUEST_ATTRIBUTE_FRONTOFFICE_REQUEST, "true");
        return EMPTY_MAP;
    }
}
