package com.enginframe.server.authorization;

import com.enginframe.cache.Cache;
import com.enginframe.cache.CacheManager;
import com.enginframe.cache.MapCache;
import com.enginframe.common.User;
import com.enginframe.common.authorization.AuthenticationManager;
import com.enginframe.common.authorization.Authority;
import com.enginframe.common.authorization.AuthorizationService;
import com.enginframe.common.context.ContextUtils;
import com.enginframe.common.messagebus.Message;
import com.enginframe.common.messagebus.MessageBus;
import com.enginframe.common.messagebus.MessageReceiver;
import com.enginframe.common.service.Service;
import com.enginframe.common.service.ServiceDefinitionStore;
import com.enginframe.common.service.ServiceExecutor;
import com.enginframe.common.utils.ServiceCallerFactory;
import com.enginframe.common.utils.Utils;
import com.enginframe.common.utils.log.Log;
import com.enginframe.common.utils.log.LogFactory;
import com.enginframe.server.ResponseProperties;
import com.enginframe.server.SynthesizedHttpServletRequest;
import com.enginframe.server.SynthesizedHttpServletResponse;
import com.enginframe.server.authorization.cookie.CookieAuthority;
import com.enginframe.server.authorization.cookie.CookieManager;
import com.enginframe.server.authorization.os.FlexibleAuthority;
import com.enginframe.server.filter.FilterUtils;
import com.enginframe.server.sessions.HttpSessionChangeMessage;
import com.enginframe.server.utils.ServerUtils;
import java.io.File;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.tools.ant.launch.Launcher;

/* JADX WARN: Classes with same name are omitted:
  input_file:kernel/ef_root/WEBAPP/WEB-INF/lib/ef.jar:com/enginframe/server/authorization/CentralAuthority.class
  input_file:kernel/ef_root/agent/agent.jar:com/enginframe/server/authorization/CentralAuthority.class
 */
/* loaded from: input_file:com/enginframe/server/authorization/CentralAuthority.class */
public final class CentralAuthority implements AuthenticationManager {
    public static final String EF_LOGOUT_URI = "//com.enginframe.system/logout";
    private static final String PACKAGE_PREFIX = "com.enginframe.server.authorization";
    private final ServiceDefinitionStore store;
    private final ServiceExecutor executor;
    private final Map<String, Authority> authorities = new HashMap();
    private final AuthorizationService yesService = new YesService();
    public static final String SYSTEM_SDF = String.valueOf(Utils.getEfRoot()) + File.separator + "WEBAPP" + File.separator + Launcher.ANT_PRIVATELIB + File.separator + "xml" + File.separator + "com.enginframe.system.xml";
    private static final String AUTH_SERVICE_ATTR_PREFIX = String.valueOf(CentralAuthority.class.getSimpleName()) + ".AuthorizationService.";

    public CentralAuthority(ServiceDefinitionStore serviceDefinitionStore, ServiceExecutor serviceExecutor, MessageBus messageBus) {
        this.store = serviceDefinitionStore;
        this.executor = serviceExecutor;
        messageBus.registerReceiver(HttpSessionChangeMessage.class, new MessageReceiver() { // from class: com.enginframe.server.authorization.CentralAuthority.1
            @Override // com.enginframe.common.messagebus.MessageReceiver
            public void receive(Message message) {
                HttpSessionChangeMessage httpSessionChangeMessage = (HttpSessionChangeMessage) message;
                if (CentralAuthority.this.getLog().isDebugEnabled()) {
                    CentralAuthority.this.getLog().debug("received message (" + httpSessionChangeMessage + ")");
                }
                HttpSession session = httpSessionChangeMessage.getSession();
                if (httpSessionChangeMessage.getChangeType() == HttpSessionChangeMessage.ChangeType.DESTROYED) {
                    try {
                        User user = (User) session.getAttribute("user");
                        Boolean bool = (Boolean) session.getAttribute(ServerUtils.LOGOUT_ALREADY_PERFORMED);
                        if (user == null || Utils.isVoid(user.getUsername()) || BooleanUtils.isTrue(bool)) {
                            return;
                        }
                        CentralAuthority.this.getLog().debug("Session of user (" + user.getUsername() + ") expired, calling logout service");
                        setupExecutionContext(user, setupHttpServletRequest(session, CentralAuthority.SYSTEM_SDF, CentralAuthority.EF_LOGOUT_URI));
                        setupCacheManager(session);
                        try {
                            ServiceCallerFactory.newCaller(CentralAuthority.SYSTEM_SDF, CentralAuthority.EF_LOGOUT_URI).execute(new HashMap());
                            ContextUtils.clear();
                            CentralAuthority.this.getLog().debug("Session of user (" + user.getUsername() + ") expired, logout service has been executed");
                        } catch (Throwable th) {
                            ContextUtils.clear();
                            throw th;
                        }
                    } catch (Throwable th2) {
                        CentralAuthority.this.getLog().error("Error during session invalidation", th2);
                    }
                }
            }

            private HttpServletRequest setupHttpServletRequest(HttpSession httpSession, String str, String str2) {
                SynthesizedHttpServletRequest synthesizedHttpServletRequest = new SynthesizedHttpServletRequest(httpSession, str);
                synthesizedHttpServletRequest.setParameter(ServerUtils.URI, str2);
                synthesizedHttpServletRequest.setParameter(Service.EF_LOGOUT_ON_SESSION_TIMEOUT, "true");
                return synthesizedHttpServletRequest;
            }

            void setupCacheManager(HttpSession httpSession) {
                Cache cache = (Cache) httpSession.getAttribute(FilterUtils.CACHE);
                if (cache == null) {
                    cache = new MapCache();
                    httpSession.setAttribute(FilterUtils.CACHE, cache);
                }
                ((CacheManager) Utils.locate(CacheManager.class)).set(cache);
            }

            private void setupExecutionContext(User user, HttpServletRequest httpServletRequest) {
                ContextUtils.getContext().setUser(user);
                ContextUtils.getContext().setRequest(httpServletRequest);
                ContextUtils.getContext().setResponse(new SynthesizedHttpServletResponse());
                ContextUtils.getContext().setScheduledContext(true);
                ContextUtils.getContext().setCallingPluginPath(Utils.findPluginRoot(httpServletRequest.getPathTranslated()));
                ContextUtils.getContext().setPluginPath(Utils.findPluginRoot(httpServletRequest.getPathTranslated()));
                ContextUtils.getContext().setResponseProperties(new ResponseProperties());
            }
        });
    }

    @Override // com.enginframe.common.authorization.AuthenticationManager
    public AuthorizationService authenticate(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str2) {
        AuthorizationService noService;
        boolean z;
        String firstAuthority = getFirstAuthority(str2);
        if (Utils.isVoid(firstAuthority)) {
            noService = new NoService("", "No authority defined", "CentralAuthority.authenticate");
        } else {
            if (getLog().isDebugEnabled()) {
                getLog().debug(String.format("Found main authority (%s) for service (%s)", firstAuthority, str));
            }
            User userFrom = ServerUtils.getUserFrom(httpServletRequest);
            if (userFrom.isAuthenticated(firstAuthority)) {
                if (userRequiresRelogin(userFrom, httpServletRequest, firstAuthority)) {
                    releaseAuthenticationFor(userFrom, httpServletRequest, firstAuthority);
                    noService = doAuthenticate(str, httpServletRequest, httpServletResponse, firstAuthority);
                    z = true;
                } else {
                    getLog().debug(String.format("User is already authenticated for authority (%s)", str2));
                    noService = this.yesService;
                    z = false;
                }
            } else if (hasAuthorizationService(httpServletRequest, firstAuthority)) {
                noService = getAuthorizationService(httpServletRequest, firstAuthority);
                z = false;
            } else {
                noService = doAuthenticate(str, httpServletRequest, httpServletResponse, firstAuthority);
                z = true;
            }
            if (z) {
                if (noService.isAuthorized()) {
                    bindUserToSession(httpServletRequest, str2, noService);
                } else {
                    releaseAuthenticationFor(userFrom, httpServletRequest, str2);
                }
            }
        }
        return noService;
    }

    private AuthorizationService doAuthenticate(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str2) {
        AuthorizationService executeAuthentication;
        if (isCookieAuthentication(httpServletRequest)) {
            executeAuthentication = new CookieAuthority(str2).authorize(str, httpServletRequest, httpServletResponse);
        } else {
            executeAuthentication = executeAuthentication(str, httpServletRequest, httpServletResponse, str2);
            if (requiresLoginCookie(httpServletRequest) && executeAuthentication.isAuthorized()) {
                CookieManager.createCookie(executeAuthentication.getUser(), httpServletRequest.getHeader("User-Agent"), httpServletResponse);
            }
        }
        setAuthorizationService(httpServletRequest, str2, executeAuthentication);
        return executeAuthentication;
    }

    private AuthorizationService executeAuthentication(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str2) {
        AuthorizationService authorize;
        AccountLocker accountLocker = getAccountLocker();
        Authority createAuthorityFor = createAuthorityFor(httpServletRequest, str2);
        String username = createAuthorityFor.getUsername(httpServletRequest);
        if (accountLocker.isLocked(username)) {
            authorize = new NoService(str2, "Authentication error: the account has been locked.", "");
        } else {
            authorize = createAuthorityFor.authorize(str, httpServletRequest, httpServletResponse);
            if (authorize.isAuthorized()) {
                accountLocker.resetFailedLogins(username);
            } else {
                accountLocker.recordFailedLogin(username);
            }
        }
        return authorize;
    }

    private AccountLocker getAccountLocker() {
        return (AccountLocker) Utils.locate(AccountLocker.class);
    }

    private void setAuthorizationService(HttpServletRequest httpServletRequest, String str, AuthorizationService authorizationService) {
        httpServletRequest.setAttribute(String.valueOf(AUTH_SERVICE_ATTR_PREFIX) + str, authorizationService);
    }

    private boolean hasAuthorizationService(HttpServletRequest httpServletRequest, String str) {
        return getAuthorizationService(httpServletRequest, str) != null;
    }

    private AuthorizationService getAuthorizationService(HttpServletRequest httpServletRequest, String str) {
        return (AuthorizationService) httpServletRequest.getAttribute(String.valueOf(AUTH_SERVICE_ATTR_PREFIX) + str);
    }

    private boolean requiresLoginCookie(HttpServletRequest httpServletRequest) {
        return Boolean.parseBoolean(httpServletRequest.getParameter(AuthorizationService.LOGIN_COOKIE));
    }

    private boolean isCookieAuthentication(HttpServletRequest httpServletRequest) {
        Cookie[] cookies;
        if (CookieManager.getCookieConfig() <= 0 || (cookies = httpServletRequest.getCookies()) == null) {
            return false;
        }
        for (Cookie cookie : cookies) {
            if (CookieManager.COOKIE_LOGIN_NAME.equals(cookie.getName())) {
                return true;
            }
        }
        return false;
    }

    private void bindUserToSession(HttpServletRequest httpServletRequest, String str, AuthorizationService authorizationService) {
        HttpSession session = httpServletRequest.getSession();
        User user = (User) session.getAttribute("user");
        if (user == null || user.hasNoBindings()) {
            session = renewSession(httpServletRequest, session);
        }
        if (user == null && authorizationService.getUser() != null) {
            user = authorizationService.getUser();
            session.setAttribute("user", user);
            if (getLog().isDebugEnabled()) {
                getLog().debug("Authentication service set user (" + user.getUsername() + ") - for authority (" + authorizationService.name() + ")");
            }
        } else if (authorizationService.getUser() != null) {
            if (getLog().isDebugEnabled()) {
                getLog().debug("Authentication service reset user (" + user.getUsername() + ") - to (" + authorizationService.getUser().getUsername() + ") - for authority (" + authorizationService.name() + ")");
            }
            user.setUsername(authorizationService.getUser().getUsername());
            user.setPassword(authorizationService.getUser().getPassword());
            user.setDomain(authorizationService.getUser().getDomain());
            user.setLoginName(authorizationService.getUser().getLoginName());
            user.rebind(str);
        }
        bindUserToAuthorities(str, session, user);
    }

    private HttpSession renewSession(HttpServletRequest httpServletRequest, HttpSession httpSession) {
        HashMap hashMap = new HashMap();
        Enumeration attributeNames = httpSession.getAttributeNames();
        while (attributeNames.hasMoreElements()) {
            String str = (String) attributeNames.nextElement();
            hashMap.put(str, httpSession.getAttribute(str));
        }
        httpSession.invalidate();
        HttpSession session = httpServletRequest.getSession(true);
        for (Map.Entry entry : hashMap.entrySet()) {
            session.setAttribute((String) entry.getKey(), entry.getValue());
        }
        return session;
    }

    private void bindUserToAuthorities(String str, HttpSession httpSession, User user) {
        if (user != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
            boolean z = true;
            String str2 = null;
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                user.bind(nextToken.trim());
                if (z) {
                    httpSession.setAttribute(ServerUtils.AUTHORITY, nextToken);
                    z = false;
                    str2 = nextToken;
                }
                if (getLog().isDebugEnabled()) {
                    getLog().debug(String.format("Bind user (%s) to authority (%s)", user.getUsername(), nextToken));
                }
            }
            user.use(str2);
            if (getLog().isDebugEnabled()) {
                getLog().debug(String.format("User uses identity (%s) for authority (%s)", user.getUsername(), str2));
            }
        }
    }

    @Override // com.enginframe.common.authorization.AuthenticationManager
    public void releaseAuthenticationFor(HttpServletRequest httpServletRequest, String str) {
        releaseAuthenticationFor(ServerUtils.getUserFrom(httpServletRequest), httpServletRequest, str);
    }

    private void releaseAuthenticationFor(User user, HttpServletRequest httpServletRequest, String str) {
        user.unbind(str);
        if (str.equals((String) httpServletRequest.getSession().getAttribute(ServerUtils.AUTHORITY))) {
            httpServletRequest.getSession().removeAttribute(ServerUtils.AUTHORITY);
        }
        getLog().debug(String.format("Released user auhentication for authority (%s)", str));
    }

    @Override // com.enginframe.common.authorization.AuthenticationManager
    public boolean isAuthenticated(HttpServletRequest httpServletRequest, String str) {
        if (Utils.isVoid(str)) {
            return true;
        }
        String firstAuthority = getFirstAuthority(str);
        User userFrom = ServerUtils.getUserFrom(httpServletRequest);
        boolean isAuthenticated = userFrom.isAuthenticated(firstAuthority);
        boolean z = false;
        if (isAuthenticated) {
            z = userRequiresRelogin(userFrom, httpServletRequest, firstAuthority);
            if (z) {
                getLog().info(String.format("User (%s) is re-authenticating for authority (%s)", userFrom.getUsername(), firstAuthority));
            } else {
                getLog().debug(String.format("User is already authenticated for authority (%s)", str));
            }
        } else {
            getLog().debug(String.format("User is not authenticated for authority (%s)", str));
        }
        return isAuthenticated && !z;
    }

    private String getFirstAuthority(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        return stringTokenizer.hasMoreTokens() ? stringTokenizer.nextToken().trim() : "";
    }

    boolean userRequiresRelogin(User user, HttpServletRequest httpServletRequest, String str) {
        String str2;
        if (user != null) {
            user.use(str);
            str2 = user.getLoginName();
        } else {
            str2 = null;
        }
        String parameter = httpServletRequest.getParameter(AuthorizationService.USERNAME);
        if (getLog().isDebugEnabled()) {
            getLog().debug(String.format("Current user with login name (%s) for authority (%s), username found in HTTP request (%s)", str2, str, parameter));
        }
        if (Utils.isVoid(str2)) {
            return true;
        }
        return (Utils.isVoid(parameter) || parameter.equals(str2)) ? false : true;
    }

    private synchronized Authority createAuthorityFor(HttpServletRequest httpServletRequest, String str) {
        Authority authority = this.authorities.get(str);
        if (authority == null) {
            try {
                authority = loadAuthorityClass("com.enginframe.server.authorization." + str + ".Authority").getConstructor(Log.class, ServiceDefinitionStore.class, ServiceExecutor.class).newInstance(getLog().getLog(str), this.store, this.executor);
            } catch (Exception e) {
                getLog().debug("unable to create Authority class", e);
            }
            if (authority == null) {
                authority = new FlexibleAuthority(getLog().getLog("os"), this.store, this.executor, str);
            }
            this.authorities.put(str, authority);
            if (getLog().isDebugEnabled()) {
                getLog().debug("authority (" + str + ") is handled by class (" + authority + ")");
            }
        }
        return authority;
    }

    private Class<Authority> loadAuthorityClass(String str) throws ClassNotFoundException {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException unused) {
            ClassLoader systemClassLoader = ClassLoader.getSystemClassLoader();
            if (systemClassLoader != null) {
                return systemClassLoader.loadClass(str);
            }
            throw new ClassNotFoundException(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Log getLog() {
        return LogFactory.getLog(getClass());
    }
}
