package org.springframework.security.web.authentication.rememberme;

import java.lang.reflect.Method;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.AccountStatusException;
import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.RememberMeAuthenticationToken;
import org.springframework.security.config.http.PortMappingsBeanDefinitionParser;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.util.Assert;
import org.springframework.util.ReflectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/spring-security-web-3.1.3.RELEASE.jar:org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.class */
public abstract class AbstractRememberMeServices implements RememberMeServices, InitializingBean, LogoutHandler {
    public static final String SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY = "SPRING_SECURITY_REMEMBER_ME_COOKIE";
    public static final String DEFAULT_PARAMETER = "_spring_security_remember_me";
    public static final int TWO_WEEKS_S = 1209600;
    private static final String DELIMITER = ":";
    protected final Log logger;
    protected final MessageSourceAccessor messages;
    private UserDetailsService userDetailsService;
    private UserDetailsChecker userDetailsChecker;
    private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
    private String cookieName;
    private String parameter;
    private boolean alwaysRemember;
    private String key;
    private int tokenValiditySeconds;
    private Boolean useSecureCookie;
    private Method setHttpOnlyMethod;
    private GrantedAuthoritiesMapper authoritiesMapper;

    /* JADX INFO: Access modifiers changed from: protected */
    @Deprecated
    public AbstractRememberMeServices() {
        this.logger = LogFactory.getLog(getClass());
        this.messages = SpringSecurityMessageSource.getAccessor();
        this.userDetailsChecker = new AccountStatusUserDetailsChecker();
        this.authenticationDetailsSource = new WebAuthenticationDetailsSource();
        this.cookieName = SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY;
        this.parameter = DEFAULT_PARAMETER;
        this.tokenValiditySeconds = TWO_WEEKS_S;
        this.useSecureCookie = null;
        this.authoritiesMapper = new NullAuthoritiesMapper();
        this.setHttpOnlyMethod = ReflectionUtils.findMethod(Cookie.class, "setHttpOnly", Boolean.TYPE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractRememberMeServices(String str, UserDetailsService userDetailsService) {
        this.logger = LogFactory.getLog(getClass());
        this.messages = SpringSecurityMessageSource.getAccessor();
        this.userDetailsChecker = new AccountStatusUserDetailsChecker();
        this.authenticationDetailsSource = new WebAuthenticationDetailsSource();
        this.cookieName = SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY;
        this.parameter = DEFAULT_PARAMETER;
        this.tokenValiditySeconds = TWO_WEEKS_S;
        this.useSecureCookie = null;
        this.authoritiesMapper = new NullAuthoritiesMapper();
        Assert.hasLength(str, "key cannot be empty or null");
        Assert.notNull(userDetailsService, "UserDetailsService cannot be null");
        this.key = str;
        this.userDetailsService = userDetailsService;
        this.setHttpOnlyMethod = ReflectionUtils.findMethod(Cookie.class, "setHttpOnly", Boolean.TYPE);
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.hasLength(this.key);
        Assert.notNull(this.userDetailsService, "A UserDetailsService is required");
    }

    @Override // org.springframework.security.web.authentication.RememberMeServices
    public final Authentication autoLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String extractRememberMeCookie = extractRememberMeCookie(httpServletRequest);
        if (extractRememberMeCookie == null) {
            return null;
        }
        this.logger.debug("Remember-me cookie detected");
        if (extractRememberMeCookie.length() == 0) {
            this.logger.debug("Cookie was empty");
            cancelCookie(httpServletRequest, httpServletResponse);
            return null;
        }
        try {
            UserDetails processAutoLoginCookie = processAutoLoginCookie(decodeCookie(extractRememberMeCookie), httpServletRequest, httpServletResponse);
            this.userDetailsChecker.check(processAutoLoginCookie);
            this.logger.debug("Remember-me cookie accepted");
            return createSuccessfulAuthentication(httpServletRequest, processAutoLoginCookie);
        } catch (AccountStatusException e) {
            this.logger.debug("Invalid UserDetails: " + e.getMessage());
            cancelCookie(httpServletRequest, httpServletResponse);
            return null;
        } catch (UsernameNotFoundException e2) {
            this.logger.debug("Remember-me login was valid but corresponding user not found.", e2);
            cancelCookie(httpServletRequest, httpServletResponse);
            return null;
        } catch (CookieTheftException e3) {
            cancelCookie(httpServletRequest, httpServletResponse);
            throw e3;
        } catch (InvalidCookieException e4) {
            this.logger.debug("Invalid remember-me cookie: " + e4.getMessage());
            cancelCookie(httpServletRequest, httpServletResponse);
            return null;
        } catch (RememberMeAuthenticationException e5) {
            this.logger.debug(e5.getMessage());
            cancelCookie(httpServletRequest, httpServletResponse);
            return null;
        }
    }

    protected String extractRememberMeCookie(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null || cookies.length == 0) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (this.cookieName.equals(cookie.getName())) {
                return cookie.getValue();
            }
        }
        return null;
    }

    protected Authentication createSuccessfulAuthentication(HttpServletRequest httpServletRequest, UserDetails userDetails) {
        RememberMeAuthenticationToken rememberMeAuthenticationToken = new RememberMeAuthenticationToken(this.key, userDetails, this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()));
        rememberMeAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
        return rememberMeAuthenticationToken;
    }

    protected String[] decodeCookie(String str) throws InvalidCookieException {
        for (int i = 0; i < str.length() % 4; i++) {
            str = str + "=";
        }
        if (!Base64.isBase64(str.getBytes())) {
            throw new InvalidCookieException("Cookie token was not Base64 encoded; value was '" + str + "'");
        }
        String[] delimitedListToStringArray = StringUtils.delimitedListToStringArray(new String(Base64.decode(str.getBytes())), ":");
        if ((delimitedListToStringArray[0].equalsIgnoreCase("http") || delimitedListToStringArray[0].equalsIgnoreCase(PortMappingsBeanDefinitionParser.ATT_HTTPS_PORT)) && delimitedListToStringArray[1].startsWith("//")) {
            String[] strArr = new String[delimitedListToStringArray.length - 1];
            strArr[0] = delimitedListToStringArray[0] + ":" + delimitedListToStringArray[1];
            System.arraycopy(delimitedListToStringArray, 2, strArr, 1, strArr.length - 1);
            delimitedListToStringArray = strArr;
        }
        return delimitedListToStringArray;
    }

    protected String encodeCookie(String[] strArr) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < strArr.length; i++) {
            sb.append(strArr[i]);
            if (i < strArr.length - 1) {
                sb.append(":");
            }
        }
        StringBuilder sb2 = new StringBuilder(new String(Base64.encode(sb.toString().getBytes())));
        while (sb2.charAt(sb2.length() - 1) == '=') {
            sb2.deleteCharAt(sb2.length() - 1);
        }
        return sb2.toString();
    }

    @Override // org.springframework.security.web.authentication.RememberMeServices
    public final void loginFail(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.logger.debug("Interactive login attempt was unsuccessful.");
        cancelCookie(httpServletRequest, httpServletResponse);
        onLoginFail(httpServletRequest, httpServletResponse);
    }

    protected void onLoginFail(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
    }

    @Override // org.springframework.security.web.authentication.RememberMeServices
    public final void loginSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        if (rememberMeRequested(httpServletRequest, this.parameter)) {
            onLoginSuccess(httpServletRequest, httpServletResponse, authentication);
        } else {
            this.logger.debug("Remember-me login not requested.");
        }
    }

    protected abstract void onLoginSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication);

    protected boolean rememberMeRequested(HttpServletRequest httpServletRequest, String str) {
        if (this.alwaysRemember) {
            return true;
        }
        String parameter = httpServletRequest.getParameter(str);
        if (parameter != null && (parameter.equalsIgnoreCase("true") || parameter.equalsIgnoreCase(CustomBooleanEditor.VALUE_ON) || parameter.equalsIgnoreCase(CustomBooleanEditor.VALUE_YES) || parameter.equals("1"))) {
            return true;
        }
        if (!this.logger.isDebugEnabled()) {
            return false;
        }
        this.logger.debug("Did not send remember-me cookie (principal did not set parameter '" + str + "')");
        return false;
    }

    protected abstract UserDetails processAutoLoginCookie(String[] strArr, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws RememberMeAuthenticationException, UsernameNotFoundException;

    protected void cancelCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.logger.debug("Cancelling cookie");
        Cookie cookie = new Cookie(this.cookieName, (String) null);
        cookie.setMaxAge(0);
        cookie.setPath(getCookiePath(httpServletRequest));
        httpServletResponse.addCookie(cookie);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setCookie(String[] strArr, int i, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie(this.cookieName, encodeCookie(strArr));
        cookie.setMaxAge(i);
        cookie.setPath(getCookiePath(httpServletRequest));
        if (this.useSecureCookie == null) {
            cookie.setSecure(httpServletRequest.isSecure());
        } else {
            cookie.setSecure(this.useSecureCookie.booleanValue());
        }
        if (this.setHttpOnlyMethod != null) {
            ReflectionUtils.invokeMethod(this.setHttpOnlyMethod, cookie, Boolean.TRUE);
        } else if (this.logger.isDebugEnabled()) {
            this.logger.debug("Note: Cookie will not be marked as HttpOnly because you are not using Servlet 3.0 (Cookie#setHttpOnly(boolean) was not found).");
        }
        httpServletResponse.addCookie(cookie);
    }

    private String getCookiePath(HttpServletRequest httpServletRequest) {
        String contextPath = httpServletRequest.getContextPath();
        return contextPath.length() > 0 ? contextPath : "/";
    }

    @Override // org.springframework.security.web.authentication.logout.LogoutHandler
    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Logout of user " + (authentication == null ? "Unknown" : authentication.getName()));
        }
        cancelCookie(httpServletRequest, httpServletResponse);
    }

    public void setCookieName(String str) {
        Assert.hasLength(str, "Cookie name cannot be empty or null");
        this.cookieName = str;
    }

    protected String getCookieName() {
        return this.cookieName;
    }

    public void setAlwaysRemember(boolean z) {
        this.alwaysRemember = z;
    }

    public void setParameter(String str) {
        Assert.hasText(str, "Parameter name cannot be empty or null");
        this.parameter = str;
    }

    public String getParameter() {
        return this.parameter;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserDetailsService getUserDetailsService() {
        return this.userDetailsService;
    }

    @Deprecated
    public void setUserDetailsService(UserDetailsService userDetailsService) {
        Assert.notNull(userDetailsService, "UserDetailsService canot be null");
        this.userDetailsService = userDetailsService;
    }

    @Deprecated
    public void setKey(String str) {
        this.key = str;
    }

    public String getKey() {
        return this.key;
    }

    public void setTokenValiditySeconds(int i) {
        this.tokenValiditySeconds = i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getTokenValiditySeconds() {
        return this.tokenValiditySeconds;
    }

    public void setUseSecureCookie(boolean z) {
        this.useSecureCookie = Boolean.valueOf(z);
    }

    protected AuthenticationDetailsSource<HttpServletRequest, ?> getAuthenticationDetailsSource() {
        return this.authenticationDetailsSource;
    }

    public void setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource cannot be null");
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    public void setUserDetailsChecker(UserDetailsChecker userDetailsChecker) {
        this.userDetailsChecker = userDetailsChecker;
    }

    public void setAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        this.authoritiesMapper = grantedAuthoritiesMapper;
    }
}
