package pl.ds.websight.auth.token;

import java.io.IOException;
import java.util.HashMap;
import javax.jcr.SimpleCredentials;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.sling.auth.core.AuthConstants;
import org.apache.sling.auth.core.AuthUtil;
import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.metatype.annotations.Designate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Designate(ocd = TokenAuthenticationHandlerConfig.class)
@Component(service = {AuthenticationHandler.class}, immediate = true, property = {"path=/", "service.ranking:Integer=100"})
/* loaded from: input_file:resources/install/0/websight-authentication-token-1.0.3.jar:pl/ds/websight/auth/token/TokenAuthenticationHandler.class */
public class TokenAuthenticationHandler extends DefaultAuthenticationFeedbackHandler implements AuthenticationHandler {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) TokenAuthenticationHandler.class);
    private static final String PAR_J_REASON = "j_reason";
    private String loginPage;

    @Activate
    public void activate(TokenAuthenticationHandlerConfig tokenAuthenticationHandlerConfig) {
        AuthUtils.COOKIE_NAME = tokenAuthenticationHandlerConfig.cookie_name();
        this.loginPage = tokenAuthenticationHandlerConfig.login_page();
    }

    @Override // org.apache.sling.auth.core.spi.AuthenticationHandler
    public AuthenticationInfo extractCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AuthenticationInfo authenticationInfo = getAuthenticationInfo(httpServletRequest, httpServletResponse);
        if (authenticationInfo == null) {
            authenticationInfo = getAuthenticationInfoFromCookie(httpServletRequest);
        }
        return authenticationInfo;
    }

    @Override // org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler, org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler
    public boolean authenticationSucceeded(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationInfo authenticationInfo) {
        if (StringUtils.isBlank(AuthUtils.getToken(httpServletRequest))) {
            String createToken = AuthUtils.createToken(authenticationInfo);
            if (StringUtils.isNotBlank(createToken)) {
                AuthUtils.updateTokenCookie(httpServletRequest, httpServletResponse, createToken);
            }
        }
        boolean z = false;
        if ("POST".equals(httpServletRequest.getMethod()) && httpServletRequest.getRequestURI().endsWith("/j_security_check")) {
            String loginResource = AuthUtil.getLoginResource(httpServletRequest, null);
            if (AuthUtil.isRedirectValid(httpServletRequest, loginResource)) {
                try {
                    httpServletResponse.sendRedirect(loginResource);
                } catch (IOException e) {
                    LOG.error("Failed to send redirect to: " + loginResource, (Throwable) e);
                }
                z = true;
            }
        }
        return z;
    }

    @Override // org.apache.sling.auth.core.spi.AuthenticationHandler
    public boolean requestCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (StringUtils.isBlank(this.loginPage) || !AuthUtil.checkReferer(httpServletRequest, this.loginPage)) {
            return false;
        }
        String loginResourceAttribute = AuthUtil.setLoginResourceAttribute(httpServletRequest, httpServletRequest.getRequestURI());
        HashMap hashMap = new HashMap();
        hashMap.put("resource", loginResourceAttribute);
        if (httpServletRequest.getAttribute("j_reason") != null) {
            Object attribute = httpServletRequest.getAttribute("j_reason");
            hashMap.put("j_reason", attribute instanceof Enum ? ((Enum) attribute).name() : attribute.toString());
        }
        try {
            AuthUtil.sendRedirect(httpServletRequest, httpServletResponse, this.loginPage, hashMap);
            return true;
        } catch (IOException e) {
            LOG.error("Failed to redirect to the login page " + this.loginPage, (Throwable) e);
            return true;
        }
    }

    @Override // org.apache.sling.auth.core.spi.AuthenticationHandler
    public void dropCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AuthUtils.updateTokenCookie(httpServletRequest, httpServletResponse, null);
    }

    @Override // org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler, org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler
    public void authenticationFailed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationInfo authenticationInfo) {
        if (StringUtils.isNotBlank(AuthUtils.getToken(httpServletRequest))) {
            httpServletRequest.setAttribute("j_reason", "Session timed out, please login again");
        } else {
            httpServletRequest.setAttribute("j_reason", "User name and password do not match");
        }
        dropCredentials(httpServletRequest, httpServletResponse);
    }

    private AuthenticationInfo getAuthenticationInfo(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!AuthUtils.isAuthenticationRequest(httpServletRequest)) {
            return null;
        }
        if (!AuthUtil.isValidateRequest(httpServletRequest)) {
            dropCredentials(httpServletRequest, httpServletResponse);
            AuthUtil.setLoginResourceAttribute(httpServletRequest, httpServletRequest.getContextPath());
        }
        SimpleCredentials simpleCredentials = new SimpleCredentials(AuthUtils.getUsername(httpServletRequest), AuthUtils.getPassword(httpServletRequest).toCharArray());
        simpleCredentials.setAttribute(".token", "");
        AuthenticationInfo createAuthenticationInfo = AuthUtils.createAuthenticationInfo(simpleCredentials, httpServletRequest);
        createAuthenticationInfo.put(AuthConstants.AUTH_INFO_LOGIN, new Object());
        return createAuthenticationInfo;
    }

    private AuthenticationInfo getAuthenticationInfoFromCookie(HttpServletRequest httpServletRequest) {
        String token = AuthUtils.getToken(httpServletRequest);
        if (StringUtils.isNotBlank(token)) {
            return AuthUtils.createAuthenticationInfo(new TokenCredentials(token), httpServletRequest);
        }
        return null;
    }
}
