package org.apache.wiki.auth;

import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.wiki.api.core.Engine;
import org.apache.wiki.api.core.Session;
import org.apache.wiki.api.exceptions.WikiException;
import org.apache.wiki.api.spi.Wiki;
import org.apache.wiki.auth.authorize.WebAuthorizer;
import org.apache.wiki.auth.authorize.WebContainerAuthorizer;
import org.apache.wiki.auth.login.AnonymousLoginModule;
import org.apache.wiki.auth.login.CookieAssertionLoginModule;
import org.apache.wiki.auth.login.CookieAuthenticationLoginModule;
import org.apache.wiki.auth.login.UserDatabaseLoginModule;
import org.apache.wiki.auth.login.WebContainerCallbackHandler;
import org.apache.wiki.auth.login.WebContainerLoginModule;
import org.apache.wiki.auth.login.WikiCallbackHandler;
import org.apache.wiki.event.WikiEventListener;
import org.apache.wiki.event.WikiEventManager;
import org.apache.wiki.util.ClassUtil;
import org.apache.wiki.util.TextUtil;
import org.apache.wiki.util.TimedCounterList;

/* loaded from: input_file:WEB-INF/lib/jspwiki-main-2.11.2.jar:org/apache/wiki/auth/DefaultAuthenticationManager.class */
public class DefaultAuthenticationManager implements AuthenticationManager {
    private static final long LASTLOGINS_CLEANUP_TIME = 600000;
    private static final long MAX_LOGIN_DELAY = 20000;
    private static final String DEFAULT_LOGIN_MODULE = "org.apache.wiki.auth.login.UserDatabaseLoginModule";
    private boolean m_allowsCookieAuthentication;
    private Engine m_engine;
    private static final Logger log = LogManager.getLogger((Class<?>) DefaultAuthenticationManager.class);
    protected static final Map<String, String> EMPTY_MAP = Collections.unmodifiableMap(new HashMap());
    private static final Set<Principal> NO_PRINCIPALS = new HashSet();
    protected Class<? extends LoginModule> m_loginModuleClass = UserDatabaseLoginModule.class;
    protected final Map<String, String> m_loginModuleOptions = new HashMap();
    private boolean m_allowsCookieAssertions = true;
    private boolean m_throttleLogins = true;
    private boolean m_storeIPAddress = true;
    private final TimedCounterList<String> m_lastLoginAttempts = new TimedCounterList<>();

    @Override // org.apache.wiki.api.engine.Initializable
    public void initialize(Engine engine, Properties properties) throws WikiException {
        this.m_engine = engine;
        this.m_storeIPAddress = TextUtil.getBooleanProperty(properties, AuthenticationManager.PROP_STOREIPADDRESS, this.m_storeIPAddress);
        this.m_allowsCookieAssertions = TextUtil.getBooleanProperty(properties, AuthenticationManager.PROP_ALLOW_COOKIE_ASSERTIONS, true);
        this.m_allowsCookieAuthentication = TextUtil.getBooleanProperty(properties, AuthenticationManager.PROP_ALLOW_COOKIE_AUTH, false);
        this.m_throttleLogins = TextUtil.getBooleanProperty(properties, AuthenticationManager.PROP_LOGIN_THROTTLING, true);
        try {
            this.m_loginModuleClass = ClassUtil.findClass("", TextUtil.getStringProperty(properties, AuthenticationManager.PROP_LOGIN_MODULE, DEFAULT_LOGIN_MODULE));
            initLoginModuleOptions(properties);
        } catch (ClassNotFoundException e) {
            log.error(e.getMessage(), (Throwable) e);
            throw new WikiException("Could not instantiate LoginModule class.", e);
        }
    }

    @Override // org.apache.wiki.auth.AuthenticationManager
    public boolean isContainerAuthenticated() {
        try {
            Authorizer authorizer = ((AuthorizationManager) this.m_engine.getManager(AuthorizationManager.class)).getAuthorizer();
            if (authorizer instanceof WebContainerAuthorizer) {
                return ((WebContainerAuthorizer) authorizer).isContainerAuthorized();
            }
            return false;
        } catch (WikiException e) {
            return false;
        }
    }

    @Override // org.apache.wiki.auth.AuthenticationManager
    public boolean login(HttpServletRequest httpServletRequest) throws WikiSecurityException {
        Session find = SessionMonitor.getInstance(this.m_engine).find(httpServletRequest.getSession());
        AuthenticationManager authenticationManager = (AuthenticationManager) this.m_engine.getManager(AuthenticationManager.class);
        AuthorizationManager authorizationManager = (AuthorizationManager) this.m_engine.getManager(AuthorizationManager.class);
        WebContainerCallbackHandler webContainerCallbackHandler = null;
        Map<String, String> map = EMPTY_MAP;
        if (!find.isAuthenticated()) {
            webContainerCallbackHandler = new WebContainerCallbackHandler(this.m_engine, httpServletRequest);
            Set<Principal> doJAASLogin = authenticationManager.doJAASLogin(WebContainerLoginModule.class, webContainerCallbackHandler, map);
            if (doJAASLogin.size() == 0 && authenticationManager.allowsCookieAuthentication()) {
                doJAASLogin = authenticationManager.doJAASLogin(CookieAuthenticationLoginModule.class, webContainerCallbackHandler, map);
            }
            if (doJAASLogin.size() > 0) {
                fireEvent(40, getLoginPrincipal(doJAASLogin), find);
                Iterator<Principal> it = doJAASLogin.iterator();
                while (it.hasNext()) {
                    fireEvent(35, it.next(), find);
                }
                injectAuthorizerRoles(find, authorizationManager.getAuthorizer(), httpServletRequest);
            }
        }
        if (!find.isAuthenticated() && authenticationManager.allowsCookieAssertions()) {
            Set<Principal> doJAASLogin2 = authenticationManager.doJAASLogin(CookieAssertionLoginModule.class, webContainerCallbackHandler, map);
            if (doJAASLogin2.size() > 0) {
                fireEvent(32, getLoginPrincipal(doJAASLogin2), find);
            }
        }
        if (!find.isAnonymous()) {
            return false;
        }
        Set<Principal> doJAASLogin3 = authenticationManager.doJAASLogin(AnonymousLoginModule.class, webContainerCallbackHandler, map);
        if (doJAASLogin3.size() <= 0) {
            return false;
        }
        fireEvent(31, getLoginPrincipal(doJAASLogin3), find);
        return true;
    }

    @Override // org.apache.wiki.auth.AuthenticationManager
    public boolean login(Session session, HttpServletRequest httpServletRequest, String str, String str2) throws WikiSecurityException {
        if (session == null) {
            log.error("No wiki session provided, cannot log in.");
            return false;
        }
        if (this.m_throttleLogins) {
            delayLogin(str);
        }
        Set<Principal> doJAASLogin = doJAASLogin(this.m_loginModuleClass, new WikiCallbackHandler(this.m_engine, null, str, str2), this.m_loginModuleOptions);
        if (doJAASLogin.size() <= 0) {
            return false;
        }
        fireEvent(40, getLoginPrincipal(doJAASLogin), session);
        Iterator<Principal> it = doJAASLogin.iterator();
        while (it.hasNext()) {
            fireEvent(35, it.next(), session);
        }
        injectAuthorizerRoles(session, ((AuthorizationManager) this.m_engine.getManager(AuthorizationManager.class)).getAuthorizer(), null);
        return true;
    }

    private void delayLogin(String str) {
        try {
            this.m_lastLoginAttempts.cleanup(600000L);
            long min = Math.min(1 << this.m_lastLoginAttempts.count(str), MAX_LOGIN_DELAY);
            log.debug("Sleeping for " + min + " ms to allow login.");
            Thread.sleep(min);
            this.m_lastLoginAttempts.add(str);
        } catch (InterruptedException e) {
        }
    }

    @Override // org.apache.wiki.auth.AuthenticationManager
    public void logout(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            log.error("No HTTP reqest provided; cannot log out.");
            return;
        }
        HttpSession session = httpServletRequest.getSession();
        log.debug("Invalidating Session for session ID= {}", session == null ? "(null)" : session.getId());
        Session find = Wiki.session().find(this.m_engine, httpServletRequest);
        Principal loginPrincipal = find.getLoginPrincipal();
        find.invalidate();
        Wiki.session().remove(this.m_engine, httpServletRequest);
        if (session != null) {
            session.invalidate();
        }
        fireEvent(44, loginPrincipal, null);
    }

    @Override // org.apache.wiki.auth.AuthenticationManager
    public boolean allowsCookieAssertions() {
        return this.m_allowsCookieAssertions;
    }

    @Override // org.apache.wiki.auth.AuthenticationManager
    public boolean allowsCookieAuthentication() {
        return this.m_allowsCookieAuthentication;
    }

    @Override // org.apache.wiki.auth.AuthenticationManager
    public Set<Principal> doJAASLogin(Class<? extends LoginModule> cls, CallbackHandler callbackHandler, Map<String, String> map) throws WikiSecurityException {
        try {
            LoginModule loginModule = (LoginModule) ClassUtil.buildInstance(cls);
            Subject subject = new Subject();
            loginModule.initialize(subject, callbackHandler, EMPTY_MAP, map);
            boolean z = false;
            boolean z2 = false;
            try {
                z = loginModule.login();
                if (z) {
                    z2 = loginModule.commit();
                }
            } catch (LoginException e) {
            }
            return (z && z2) ? subject.getPrincipals() : NO_PRINCIPALS;
        } catch (ReflectiveOperationException e2) {
            throw new WikiSecurityException(e2.getMessage(), e2);
        }
    }

    @Override // org.apache.wiki.auth.AuthenticationManager
    public synchronized void addWikiEventListener(WikiEventListener wikiEventListener) {
        WikiEventManager.addWikiEventListener(this, wikiEventListener);
    }

    @Override // org.apache.wiki.auth.AuthenticationManager
    public synchronized void removeWikiEventListener(WikiEventListener wikiEventListener) {
        WikiEventManager.removeWikiEventListener(this, wikiEventListener);
    }

    private void initLoginModuleOptions(Properties properties) {
        Iterator it = properties.keySet().iterator();
        while (it.hasNext()) {
            String obj = it.next().toString();
            if (obj.startsWith(AuthenticationManager.PREFIX_LOGIN_MODULE_OPTIONS)) {
                String trim = obj.substring(AuthenticationManager.PREFIX_LOGIN_MODULE_OPTIONS.length()).trim();
                if (trim.isEmpty()) {
                    continue;
                } else {
                    String property = properties.getProperty(obj);
                    if (this.m_loginModuleOptions.containsKey(trim)) {
                        throw new IllegalArgumentException("JAAS LoginModule key " + obj + " cannot be specified twice!");
                    }
                    this.m_loginModuleOptions.put(trim, property);
                }
            }
        }
    }

    private void injectAuthorizerRoles(Session session, Authorizer authorizer, HttpServletRequest httpServletRequest) {
        for (Principal principal : authorizer.getRoles()) {
            if (authorizer.isUserInRole(session, principal)) {
                fireEvent(35, principal, session);
                log.debug("Added authorizer role {}.", principal.getName());
            } else if (httpServletRequest != null && (authorizer instanceof WebAuthorizer) && ((WebAuthorizer) authorizer).isUserInRole(httpServletRequest, principal)) {
                fireEvent(35, principal, session);
                log.debug("Added container role {}.", principal.getName());
            }
        }
    }
}
