package org.pageseeder.bridge.berlioz.auth;

import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.pageseeder.bridge.APIException;
import org.pageseeder.bridge.PSSession;
import org.pageseeder.bridge.berlioz.auth.PSUser;
import org.pageseeder.bridge.control.MemberManager;
import org.pageseeder.bridge.http.ContentException;
import org.pageseeder.bridge.http.Method;
import org.pageseeder.bridge.http.Request;
import org.pageseeder.bridge.http.Response;
import org.pageseeder.bridge.http.ServicePath;
import org.pageseeder.bridge.model.PSGroup;
import org.pageseeder.bridge.model.PSMember;
import org.pageseeder.bridge.model.PSMembership;
import org.pageseeder.bridge.net.PSHTTPConnector;
import org.pageseeder.bridge.net.PSHTTPResourceType;
import org.pageseeder.bridge.net.UsernamePassword;
import org.pageseeder.bridge.xml.HandlerFactory;
import org.pageseeder.bridge.xml.PSMembershipHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pageseeder/bridge/berlioz/auth/PSAuthenticator.class */
public final class PSAuthenticator implements Authenticator<PSUser> {
    public static final String USERNAME_ATTRIBUTE = "org.pageseeder.bridge.berlioz.auth.Username";
    public static final String PASSWORD_ATTRIBUTE = "org.pageseeder.bridge.berlioz.auth.Password";
    private static final Logger LOGGER = LoggerFactory.getLogger(PSAuthenticator.class);
    private String groupFilter = "*";
    private boolean hardLogout = true;

    public void setHardLogout(boolean z) {
        this.hardLogout = z;
    }

    public void setGroupFilter(String str) {
        this.groupFilter = str;
    }

    public boolean isHardLogout() {
        return this.hardLogout;
    }

    @Override // org.pageseeder.bridge.berlioz.auth.Authenticator
    public AuthenticationResult login(HttpServletRequest httpServletRequest) throws AuthException {
        String parameter = httpServletRequest.getParameter("username");
        String parameter2 = httpServletRequest.getParameter("password");
        if ((parameter == null || parameter.length() == 0) && (parameter2 == null || parameter2.length() == 0)) {
            parameter = httpServletRequest.getAttribute(USERNAME_ATTRIBUTE) != null ? httpServletRequest.getAttribute(USERNAME_ATTRIBUTE).toString() : null;
            parameter2 = httpServletRequest.getAttribute(PASSWORD_ATTRIBUTE) != null ? httpServletRequest.getAttribute(PASSWORD_ATTRIBUTE).toString() : null;
        }
        if (parameter == null || parameter2 == null) {
            return AuthenticationResult.INSUFFICIENT_DETAILS;
        }
        HttpSession session = httpServletRequest.getSession();
        if (session != null) {
            Object attribute = session.getAttribute(AuthSessions.USER_ATTRIBUTE);
            if (attribute instanceof PSUser) {
                PSUser pSUser = (PSUser) attribute;
                if (!parameter.equals(pSUser.getUsername()) && !parameter.equals(pSUser.getEmail())) {
                    logoutUser(pSUser);
                    session.invalidate();
                    session = httpServletRequest.getSession(true);
                }
                return AuthenticationResult.ALREADY_LOGGED_IN;
            }
        }
        PSUser login = login(parameter, parameter2);
        if (login == null) {
            return AuthenticationResult.INCORRECT_DETAILS;
        }
        if (session == null) {
            session = httpServletRequest.getSession(true);
        }
        session.setAttribute(AuthSessions.USER_ATTRIBUTE, login);
        return AuthenticationResult.LOGGED_IN;
    }

    @Override // org.pageseeder.bridge.berlioz.auth.Authenticator
    public AuthenticationResult logout(HttpServletRequest httpServletRequest) throws AuthException {
        HttpSession session = httpServletRequest.getSession();
        if (session == null) {
            return AuthenticationResult.ALREADY_LOGGED_OUT;
        }
        User user = AuthSessions.getUser(session);
        if (user != null) {
            logoutUser(user);
        }
        session.invalidate();
        return AuthenticationResult.LOGGED_OUT;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.pageseeder.bridge.berlioz.auth.Authenticator
    public PSUser login(String str, String str2) throws AuthException {
        try {
            return this.groupFilter == null ? loginMemberOnly(str, str2) : loginWithMemberships(str, str2);
        } catch (APIException e) {
            LOGGER.warn("Unable to login", e);
            throw new AuthException("Unable to login");
        }
    }

    @Override // org.pageseeder.bridge.berlioz.auth.Authenticator
    public boolean logoutUser(User user) throws AuthException {
        if (!(user instanceof PSUser)) {
            return false;
        }
        boolean z = !this.hardLogout;
        if (this.hardLogout) {
            PSSession session = ((PSUser) user).getSession();
            if (session != null) {
                try {
                    z = MemberManager.logout(session);
                } catch (APIException e) {
                    throw new AuthException("Unable to log out from PageSeeder", e);
                }
            }
        }
        return z;
    }

    private boolean filter(String str) {
        if ("*".equals(this.groupFilter)) {
            return true;
        }
        boolean z = false;
        for (String str2 : this.groupFilter.split(",")) {
            if (str2.endsWith("*")) {
                if (str.startsWith(str2.substring(0, str2.length() - 1))) {
                    z = true;
                }
            } else if (str.equals(str2)) {
                z = true;
            }
        }
        return z;
    }

    private PSUser loginMemberOnly(String str, String str2) throws ContentException {
        PSUser pSUser = null;
        Response response = new Request(Method.GET, ServicePath.newPath("/self", new Object[0])).using(new UsernamePassword(str, str2)).response();
        try {
            if (response.isSuccessful()) {
                PSSession session = response.session();
                PSMember pSMember = (PSMember) response.consumeItem(HandlerFactory.newPSMemberHandler());
                PSUser.Builder builder = new PSUser.Builder();
                builder.member(pSMember).session(session);
                pSUser = builder.build();
            } else {
                LOGGER.debug("Invalid credentials: {}", response);
            }
            if (response != null) {
                response.close();
            }
            return pSUser;
        } catch (Throwable th) {
            if (response != null) {
                try {
                    response.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private PSUser loginWithMemberships(String str, String str2) throws APIException {
        PSUser pSUser = null;
        Response response = new Request(Method.GET, ServicePath.newPath("/self/memberships", new Object[0])).using(new UsernamePassword(str, str2)).response();
        try {
            if (response.isSuccessful()) {
                PSMembershipHandler pSMembershipHandler = new PSMembershipHandler();
                response.consumeXML(pSMembershipHandler);
                List list = pSMembershipHandler.list();
                PSSession session = response.session();
                PSMember member = pSMembershipHandler.getMember();
                PSUser.Builder builder = new PSUser.Builder();
                builder.member(member).session(session);
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    PSGroup group = ((PSMembership) it.next()).getGroup();
                    if (group != null) {
                        String name = group.getName();
                        if (filter(name)) {
                            builder.addRole(name);
                        }
                    }
                }
                pSUser = builder.build();
            } else {
                LOGGER.debug("Invalid credentials: {}", response);
            }
            if (response != null) {
                response.close();
            }
            return pSUser;
        } catch (Throwable th) {
            if (response != null) {
                try {
                    response.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static PSHTTPConnector getSelf() {
        return new PSHTTPConnector(PSHTTPResourceType.SERVICE, "/self");
    }

    public static PSHTTPConnector listMembershipsForSelf() {
        return new PSHTTPConnector(PSHTTPResourceType.SERVICE, "/self/memberships");
    }
}
