package org.codehaus.plexus.redback.struts2.interceptor;

import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
import java.util.Calendar;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.spi.LocationInfo;
import org.apache.struts2.ServletActionContext;
import org.codehaus.plexus.redback.configuration.UserConfiguration;
import org.codehaus.plexus.redback.policy.DefaultUserSecurityPolicy;
import org.codehaus.plexus.redback.policy.UserSecurityPolicy;
import org.codehaus.plexus.redback.system.DefaultSecuritySession;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.system.SecuritySystemConstants;
import org.codehaus.plexus.redback.users.User;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/redback-struts2-integration-1.2.5.jar:org/codehaus/plexus/redback/struts2/interceptor/PolicyEnforcementInterceptor.class */
public class PolicyEnforcementInterceptor implements Interceptor {
    private Logger log = LoggerFactory.getLogger(PolicyEnforcementInterceptor.class);
    private static final String SECURITY_USER_MUST_CHANGE_PASSWORD = "security-must-change-password";
    private UserConfiguration config;
    protected SecuritySystem securitySystem;

    @Override // com.opensymphony.xwork2.interceptor.Interceptor
    public void destroy() {
    }

    @Override // com.opensymphony.xwork2.interceptor.Interceptor
    public void init() {
    }

    @Override // com.opensymphony.xwork2.interceptor.Interceptor
    public String intercept(ActionInvocation actionInvocation) throws Exception {
        if (!this.config.getBoolean("security.policy.strict.enforcement.enabled")) {
            this.log.debug("Enforcement: not processing per click security policies.");
            return actionInvocation.invoke();
        }
        this.log.debug("Enforcement: enforcing per click security policies.");
        ActionContext context = ActionContext.getContext();
        SecuritySession securitySession = null;
        try {
            securitySession = (SecuritySession) context.getSession().get(SecuritySystemConstants.SECURITY_SESSION_KEY);
        } catch (IllegalStateException e) {
            this.log.debug("Could not get security session as the session was invalid", (Throwable) e);
        }
        UserSecurityPolicy policy = this.securitySystem.getPolicy();
        if (securitySession == null) {
            this.log.debug("Enforcement: no user security session detected, skipping enforcement");
            return actionInvocation.invoke();
        }
        DefaultSecuritySession defaultSecuritySession = new DefaultSecuritySession(securitySession.getAuthenticationResult(), this.securitySystem.getUserManager().findUser(securitySession.getUser().getPrincipal()));
        context.getSession().put(SecuritySystemConstants.SECURITY_SESSION_KEY, defaultSecuritySession);
        if (checkForcePasswordChange(defaultSecuritySession, actionInvocation)) {
            Map session = ServletActionContext.getContext().getSession();
            HttpServletRequest request = ServletActionContext.getRequest();
            String queryString = request.getQueryString();
            String str = ((Object) request.getRequestURL()) + (queryString == null ? "" : LocationInfo.NA + queryString);
            session.put("targetUrl", str);
            this.log.info("storing targetUrl : " + str);
            return SECURITY_USER_MUST_CHANGE_PASSWORD;
        }
        if (this.config.getBoolean(DefaultUserSecurityPolicy.PASSWORD_EXPIRATION_ENABLED)) {
            this.log.debug("checking password expiration notification");
            User findUser = this.securitySystem.getUserManager().findUser(defaultSecuritySession.getUser().getPrincipal());
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(findUser.getLastPasswordChange());
            calendar.add(5, policy.getPasswordExpirationDays() - this.config.getInt("security.policy.password.expiration.notify.days"));
            if (Calendar.getInstance().after(calendar)) {
                this.log.debug("setting password expiration notification");
                Calendar calendar2 = Calendar.getInstance();
                calendar2.setTime(findUser.getLastPasswordChange());
                calendar2.add(5, policy.getPasswordExpirationDays());
                ServletActionContext.getContext().getSession().put("passwordExpirationNotification", calendar2.getTime().toString());
            }
        }
        return actionInvocation.invoke();
    }

    private boolean checkForcePasswordChange(SecuritySession securitySession, ActionInvocation actionInvocation) {
        if ("org.codehaus.plexus.redback.struts2.action.PasswordAction".equals(actionInvocation.getAction().getClass().getName())) {
            this.log.debug("Enforcement: skipping force password check on password action");
            return false;
        }
        if ("org.codehaus.plexus.redback.struts2.action.LoginAction".equals(actionInvocation.getAction().getClass().getName())) {
            this.log.debug("Enforcement: skipping force password check on login action");
            return false;
        }
        if ("org.codehaus.plexus.redback.struts2.action.LogoutAction".equals(actionInvocation.getAction().getClass().getName())) {
            this.log.debug("Enforcement: skipping force password check on logout action");
            return false;
        }
        if (!this.config.getBoolean("security.policy.strict.force.password.change.enabled")) {
            return false;
        }
        this.log.debug("Enforcement: checking active user password change enabled");
        if (securitySession.getUser().isPasswordChangeRequired()) {
            this.log.info("Enforcement: User must change password - forwarding to change password page.");
            return true;
        }
        this.log.debug("Enforcement: User doesn't need to change password.");
        return false;
    }
}
