package org.codehaus.plexus.redback.struts2.interceptor;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
import javax.servlet.http.HttpSession;
import org.apache.struts2.ServletActionContext;
import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authentication.TokenBasedAuthenticationDataSource;
import org.codehaus.plexus.redback.keys.AuthenticationKey;
import org.codehaus.plexus.redback.policy.AccountLockedException;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.system.SecuritySystemConstants;
import org.codehaus.plexus.redback.users.UserNotFoundException;
import org.codehaus.redback.integration.util.AutoLoginCookies;

/* loaded from: input_file:WEB-INF/lib/redback-struts2-integration-1.2-beta-1.jar:org/codehaus/plexus/redback/struts2/interceptor/AutoLoginInterceptor.class */
public class AutoLoginInterceptor extends AbstractLogEnabled implements Interceptor {
    static final String PASSWORD_CHANGE = "security-must-change-password";
    static final String ACCOUNT_LOCKED = "security-login-locked";
    private SecuritySystem securitySystem;
    private AutoLoginCookies autologinCookies;

    @Override // com.opensymphony.xwork2.interceptor.Interceptor
    public void destroy() {
    }

    @Override // com.opensymphony.xwork2.interceptor.Interceptor
    public void init() {
    }

    @Override // com.opensymphony.xwork2.interceptor.Interceptor
    public String intercept(ActionInvocation actionInvocation) throws Exception {
        AuthenticationKey rememberMeKey;
        SecuritySession securitySession = getSecuritySession();
        if (securitySession == null || !securitySession.isAuthenticated()) {
            AuthenticationKey signonKey = this.autologinCookies.getSignonKey(ServletActionContext.getResponse(), ServletActionContext.getRequest());
            if (signonKey != null) {
                try {
                    SecuritySession checkAuthentication = checkAuthentication(signonKey);
                    if (checkAuthentication == null || !checkAuthentication.isAuthenticated()) {
                        this.autologinCookies.removeSignonCookie(ServletActionContext.getResponse(), ServletActionContext.getRequest());
                        this.autologinCookies.removeRememberMeCookie(ServletActionContext.getResponse(), ServletActionContext.getRequest());
                    } else {
                        checkCookieConsistency(checkAuthentication);
                        if (checkAuthentication.getUser().isPasswordChangeRequired()) {
                            return PASSWORD_CHANGE;
                        }
                    }
                } catch (AccountLockedException e) {
                    getLogger().info("Account Locked : Username [" + e.getUser().getUsername() + "]", e);
                    this.autologinCookies.removeSignonCookie(ServletActionContext.getResponse(), ServletActionContext.getRequest());
                    this.autologinCookies.removeRememberMeCookie(ServletActionContext.getResponse(), ServletActionContext.getRequest());
                    return ACCOUNT_LOCKED;
                }
            } else if (this.autologinCookies.isRememberMeEnabled() && (rememberMeKey = this.autologinCookies.getRememberMeKey(ServletActionContext.getResponse(), ServletActionContext.getRequest())) != null) {
                try {
                    SecuritySession checkAuthentication2 = checkAuthentication(rememberMeKey);
                    if (checkAuthentication2 == null || !checkAuthentication2.isAuthenticated()) {
                        this.autologinCookies.removeRememberMeCookie(ServletActionContext.getResponse(), ServletActionContext.getRequest());
                    } else if (checkAuthentication2.getUser().isPasswordChangeRequired()) {
                        return PASSWORD_CHANGE;
                    }
                } catch (AccountLockedException e2) {
                    getLogger().info("Account Locked : Username [" + e2.getUser().getUsername() + "]", e2);
                    this.autologinCookies.removeRememberMeCookie(ServletActionContext.getResponse(), ServletActionContext.getRequest());
                    return ACCOUNT_LOCKED;
                }
            }
        } else {
            getLogger().debug("User already authenticated.");
            checkCookieConsistency(securitySession);
            this.autologinCookies.setSignonCookie(securitySession.getUser().getUsername(), ServletActionContext.getResponse(), ServletActionContext.getRequest());
        }
        return actionInvocation.invoke();
    }

    private void checkCookieConsistency(SecuritySession securitySession) {
        String username = securitySession.getUser().getUsername();
        boolean z = false;
        AuthenticationKey rememberMeKey = this.autologinCookies.getRememberMeKey(ServletActionContext.getResponse(), ServletActionContext.getRequest());
        if (rememberMeKey != null && !rememberMeKey.getForPrincipal().equals(username)) {
            getLogger().debug("Login invalidated: remember me cookie was for " + rememberMeKey.getForPrincipal() + "; but session was for " + username);
            z = true;
        }
        if (!z) {
            AuthenticationKey signonKey = this.autologinCookies.getSignonKey(ServletActionContext.getResponse(), ServletActionContext.getRequest());
            if (signonKey == null) {
                getLogger().debug("Login invalidated: signon cookie was removed");
                z = true;
            } else if (!signonKey.getForPrincipal().equals(username)) {
                getLogger().debug("Login invalidated: signon cookie was for " + signonKey.getForPrincipal() + "; but session was for " + username);
                z = true;
            }
        }
        if (z) {
            removeCookiesAndSession();
        }
    }

    private SecuritySession checkAuthentication(AuthenticationKey authenticationKey) throws AccountLockedException {
        SecuritySession securitySession = null;
        getLogger().debug("Logging in with an authentication key: " + authenticationKey.getForPrincipal());
        TokenBasedAuthenticationDataSource tokenBasedAuthenticationDataSource = new TokenBasedAuthenticationDataSource();
        tokenBasedAuthenticationDataSource.setPrincipal(authenticationKey.getForPrincipal());
        tokenBasedAuthenticationDataSource.setToken(authenticationKey.getKey());
        try {
            securitySession = this.securitySystem.authenticate(tokenBasedAuthenticationDataSource);
            if (securitySession.isAuthenticated()) {
                getLogger().debug("Login success.");
                ServletActionContext.getRequest().getSession(true).setAttribute(SecuritySystemConstants.SECURITY_SESSION_KEY, securitySession);
                getLogger().debug("Setting session:securitySession to " + securitySession);
                this.autologinCookies.setSignonCookie(authenticationKey.getForPrincipal(), ServletActionContext.getResponse(), ServletActionContext.getRequest());
            } else {
                AuthenticationResult authenticationResult = securitySession.getAuthenticationResult();
                getLogger().info("Login interceptor failed against principal : " + authenticationResult.getPrincipal(), authenticationResult.getException());
            }
        } catch (AuthenticationException e) {
            getLogger().info("Authentication Exception.", e);
        } catch (UserNotFoundException e2) {
            getLogger().info("User Not Found: " + authenticationKey.getForPrincipal(), e2);
        }
        return securitySession;
    }

    private void removeCookiesAndSession() {
        this.autologinCookies.removeRememberMeCookie(ServletActionContext.getResponse(), ServletActionContext.getRequest());
        this.autologinCookies.removeSignonCookie(ServletActionContext.getResponse(), ServletActionContext.getRequest());
        HttpSession session = ServletActionContext.getRequest().getSession();
        if (session != null) {
            session.removeAttribute(SecuritySystemConstants.SECURITY_SESSION_KEY);
        }
    }

    private SecuritySession getSecuritySession() {
        HttpSession session = ServletActionContext.getRequest().getSession();
        if (session == null) {
            getLogger().debug("No HTTP Session exists.");
            return null;
        }
        SecuritySession securitySession = (SecuritySession) session.getAttribute(SecuritySystemConstants.SECURITY_SESSION_KEY);
        getLogger().debug("Returning Security Session: " + securitySession);
        return securitySession;
    }
}
