package org.dspace.authenticate;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.dspace.authenticate.factory.AuthenticateServiceFactory;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.ResourcePolicy_;
import org.dspace.content.MetadataField;
import org.dspace.content.MetadataSchema;
import org.dspace.content.NonUniqueMetadataException;
import org.dspace.content.factory.ContentServiceFactory;
import org.dspace.content.service.MetadataFieldService;
import org.dspace.content.service.MetadataSchemaService;
import org.dspace.core.Constants;
import org.dspace.core.Context;
import org.dspace.core.Utils;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
import org.dspace.eperson.factory.EPersonServiceFactory;
import org.dspace.eperson.service.EPersonService;
import org.dspace.eperson.service.GroupService;
import org.dspace.services.ConfigurationService;
import org.dspace.services.factory.DSpaceServicesFactory;

/* loaded from: input_file:org/dspace/authenticate/ShibAuthentication.class */
public class ShibAuthentication implements AuthenticationMethod {
    private static Logger log = LogManager.getLogger(ShibAuthentication.class);
    protected Map<String, String> metadataHeaderMap = null;
    protected final int NAME_MAX_SIZE = 64;
    protected final int PHONE_MAX_SIZE = 32;
    protected final int METADATA_MAX_SIZE = 1024;
    protected EPersonService ePersonService = EPersonServiceFactory.getInstance().getEPersonService();
    protected GroupService groupService = EPersonServiceFactory.getInstance().getGroupService();
    protected MetadataFieldService metadataFieldService = ContentServiceFactory.getInstance().getMetadataFieldService();
    protected MetadataSchemaService metadataSchemaService = ContentServiceFactory.getInstance().getMetadataSchemaService();
    protected ConfigurationService configurationService = DSpaceServicesFactory.getInstance().getConfigurationService();
    protected final String COLUMN_NAME_REGEX = "^[_A-Za-z0-9]+$";

    @Override // org.dspace.authenticate.AuthenticationMethod
    public int authenticate(Context context, String str, String str2, String str3, HttpServletRequest httpServletRequest) throws SQLException {
        if (this.configurationService.getBooleanProperty("authentication-shibboleth.sword.compatibility", true) && str != null && str.length() > 0 && str2 != null && str2.length() > 0) {
            return swordCompatibility(context, str, str2, httpServletRequest);
        }
        if (httpServletRequest == null) {
            log.warn("Unable to authenticate using Shibboleth because the request object is null.");
            return 5;
        }
        initialize(context);
        if (log.isDebugEnabled()) {
            log.debug("Starting Shibboleth Authentication");
            String str4 = "Received the following headers:\n";
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String str5 = (String) headerNames.nextElement();
                Enumeration headers = httpServletRequest.getHeaders(str5);
                while (headers.hasMoreElements()) {
                    str4 = str4 + str5 + "='" + ((String) headers.nextElement()) + "'\n";
                }
            }
            log.debug(str4);
        }
        boolean booleanProperty = this.configurationService.getBooleanProperty("authentication-shibboleth.autoregister", true);
        try {
            EPerson findEPerson = findEPerson(context, httpServletRequest);
            if (findEPerson == null && booleanProperty) {
                findEPerson = registerNewEPerson(context, httpServletRequest);
            }
            if (findEPerson == null) {
                return 4;
            }
            updateEPerson(context, httpServletRequest, findEPerson);
            context.setCurrentUser(findEPerson);
            httpServletRequest.getSession().setAttribute("shib.authenticated", true);
            AuthenticateServiceFactory.getInstance().getAuthenticationService().initEPerson(context, httpServletRequest, findEPerson);
            log.info(findEPerson.getEmail() + " has been authenticated via shibboleth.");
            return 1;
        } catch (Throwable th) {
            log.error("Unable to successfully authenticate using shibboleth for user because of an exception.", th);
            context.setCurrentUser(null);
            return 4;
        }
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public List<Group> getSpecialGroups(Context context, HttpServletRequest httpServletRequest) {
        int indexOf;
        int indexOf2;
        if (httpServletRequest != null) {
            try {
                if (context.getCurrentUser() != null && httpServletRequest.getSession().getAttribute("shib.authenticated") != null) {
                    if (httpServletRequest.getSession().getAttribute("shib.specialgroup") != null) {
                        log.debug("Returning cached special groups.");
                        List list = (List) httpServletRequest.getSession().getAttribute("shib.specialgroup");
                        ArrayList arrayList = new ArrayList();
                        Iterator it = list.iterator();
                        while (it.hasNext()) {
                            arrayList.add(this.groupService.find(context, (UUID) it.next()));
                        }
                        return arrayList;
                    }
                    log.debug("Starting to determine special groups");
                    String[] arrayProperty = this.configurationService.getArrayProperty("authentication-shibboleth.default-roles");
                    String property = this.configurationService.getProperty("authentication-shibboleth.role-header");
                    boolean booleanProperty = this.configurationService.getBooleanProperty("authentication-shibboleth.role-header.ignore-scope", true);
                    boolean booleanProperty2 = this.configurationService.getBooleanProperty("authentication-shibboleth.role-header.ignore-value", false);
                    if (booleanProperty && booleanProperty2) {
                        throw new IllegalStateException("Both config parameters for ignoring an roll attributes scope and value are turned on, this is not a permissable configuration. (Note: ignore-scope defaults to true) The configuration parameters are: 'authentication.shib.role-header.ignore-scope' and 'authentication.shib.role-header.ignore-value'");
                    }
                    List<String> findMultipleAttributes = findMultipleAttributes(httpServletRequest, property);
                    if (findMultipleAttributes == null) {
                        if (arrayProperty != null) {
                            findMultipleAttributes = Arrays.asList(arrayProperty);
                        }
                        log.debug("Failed to find Shibboleth role header, '" + property + "', falling back to the default roles: '" + StringUtils.join(arrayProperty, ",") + "'");
                    } else {
                        log.debug("Found Shibboleth role header: '" + property + "' = '" + findMultipleAttributes + "'");
                    }
                    HashSet hashSet = new HashSet();
                    if (findMultipleAttributes != null) {
                        Iterator<String> it2 = findMultipleAttributes.iterator();
                        while (it2.hasNext()) {
                            String next = it2.next();
                            if (booleanProperty && (indexOf2 = next.indexOf(64)) != -1) {
                                next = next.substring(0, indexOf2);
                            }
                            if (booleanProperty2 && (indexOf = next.indexOf(64)) != -1) {
                                next = next.substring(indexOf + 1, next.length());
                            }
                            String[] arrayProperty2 = this.configurationService.getArrayProperty("authentication-shibboleth.role." + next);
                            if (arrayProperty2 == null || arrayProperty2.length == 0) {
                                arrayProperty2 = this.configurationService.getArrayProperty("authentication-shibboleth.role." + next.toLowerCase());
                            }
                            if (arrayProperty2 == null) {
                                log.debug("Unable to find role mapping for the value, '" + next + "', there should be a mapping in config/modules/authentication-shibboleth.cfg:  role." + next + " = <some group name>");
                            } else {
                                log.debug("Mapping role affiliation to DSpace group: '" + StringUtils.join(arrayProperty2, ",") + "'");
                                for (int i = 0; i < arrayProperty2.length; i++) {
                                    try {
                                        Group findByName = this.groupService.findByName(context, arrayProperty2[i].trim());
                                        if (findByName != null) {
                                            hashSet.add(findByName);
                                        } else {
                                            log.debug("Unable to find group: '" + arrayProperty2[i].trim() + "'");
                                        }
                                    } catch (SQLException e) {
                                        log.error("Exception thrown while trying to lookup affiliation role for group name: '" + arrayProperty2[i].trim() + "'", e);
                                    }
                                }
                            }
                        }
                    }
                    log.info("Added current EPerson to special groups: " + hashSet);
                    ArrayList arrayList2 = new ArrayList();
                    Iterator it3 = hashSet.iterator();
                    while (it3.hasNext()) {
                        arrayList2.add(((Group) it3.next()).getID());
                    }
                    httpServletRequest.getSession().setAttribute("shib.specialgroup", arrayList2);
                    return new ArrayList(hashSet);
                }
            } catch (Throwable th) {
                log.error("Unable to validate any sepcial groups this user may belong too because of an exception.", th);
                return Collections.EMPTY_LIST;
            }
        }
        return Collections.EMPTY_LIST;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean allowSetPassword(Context context, HttpServletRequest httpServletRequest, String str) throws SQLException {
        return false;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean isImplicit() {
        return false;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean canSelfRegister(Context context, HttpServletRequest httpServletRequest, String str) throws SQLException {
        return false;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public void initEPerson(Context context, HttpServletRequest httpServletRequest, EPerson ePerson) throws SQLException {
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public String loginPageURL(Context context, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!this.configurationService.getBooleanProperty("authentication-shibboleth.lazysession", false)) {
            return httpServletResponse.encodeRedirectURL(httpServletRequest.getContextPath() + "/shibboleth-login");
        }
        String shibURL = getShibURL(httpServletRequest);
        String str = null;
        if (httpServletRequest.getHeader("Referer") != null && StringUtils.isNotBlank(httpServletRequest.getHeader("Referer"))) {
            str = httpServletRequest.getHeader("Referer");
        } else if (httpServletRequest.getHeader("X-Requested-With") != null && StringUtils.isNotBlank(httpServletRequest.getHeader("X-Requested-With"))) {
            str = httpServletRequest.getHeader("X-Requested-With");
        }
        try {
            shibURL = shibURL + "?target=" + URLEncoder.encode(this.configurationService.getProperty("dspace.server.url") + "/api/authn/shibboleth" + (str != null ? "?redirectUrl=" + str : ""), Constants.DEFAULT_ENCODING);
        } catch (UnsupportedEncodingException e) {
            log.error("Unable to generate lazysession authentication", e);
        }
        log.debug("Redirecting user to Shibboleth initiator: " + shibURL);
        return httpServletResponse.encodeRedirectURL(shibURL);
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public String getName() {
        return "shibboleth";
    }

    protected EPerson findEPerson(Context context, HttpServletRequest httpServletRequest) throws SQLException, AuthorizeException {
        String remoteUser;
        String findSingleAttribute;
        String findSingleAttribute2;
        boolean booleanProperty = this.configurationService.getBooleanProperty("authentication-shibboleth.email-use-tomcat-remote-user");
        String property = this.configurationService.getProperty("authentication-shibboleth.netid-header");
        String property2 = this.configurationService.getProperty("authentication-shibboleth.email-header");
        EPerson ePerson = null;
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        if (property != null && (findSingleAttribute2 = findSingleAttribute(httpServletRequest, property)) != null) {
            z = true;
            ePerson = this.ePersonService.findByNetid(context, findSingleAttribute2);
            if (ePerson == null) {
                log.info("Unable to identify EPerson based upon Shibboleth netid header: '" + property + "'='" + findSingleAttribute2 + "'.");
            } else {
                log.debug("Identified EPerson based upon Shibboleth netid header: '" + property + "'='" + findSingleAttribute2 + "'.");
            }
        }
        if (ePerson == null && property2 != null && (findSingleAttribute = findSingleAttribute(httpServletRequest, property2)) != null) {
            z2 = true;
            String lowerCase = findSingleAttribute.toLowerCase();
            ePerson = this.ePersonService.findByEmail(context, lowerCase);
            if (ePerson == null) {
                log.info("Unable to identify EPerson based upon Shibboleth email header: '" + property2 + "'='" + lowerCase + "'.");
            } else {
                log.info("Identified EPerson based upon Shibboleth email header: '" + property2 + "'='" + lowerCase + "'.");
            }
            if (ePerson != null && ePerson.getNetid() != null) {
                log.error("The identified EPerson based upon Shibboleth email header, '" + property2 + "'='" + lowerCase + "', is locked to another netid: '" + ePerson.getNetid() + "'. This might be a possible hacking attempt to steal another users credentials. If the user's netid has changed you will need to manually change it to the correct value or unset it in the database.");
                ePerson = null;
            }
        }
        if (ePerson == null && booleanProperty && (remoteUser = httpServletRequest.getRemoteUser()) != null) {
            z3 = true;
            String lowerCase2 = remoteUser.toLowerCase();
            ePerson = this.ePersonService.findByEmail(context, lowerCase2);
            if (ePerson == null) {
                log.info("Unable to identify EPerson based upon Tomcat's remote user: '" + lowerCase2 + "'.");
            } else {
                log.info("Identified EPerson based upon Tomcat's remote user: '" + lowerCase2 + "'.");
            }
            if (ePerson != null && ePerson.getNetid() != null) {
                log.error("The identified EPerson based upon Tomcat's remote user, '" + lowerCase2 + "', is locked to another netid: '" + ePerson.getNetid() + "'. This might be a possible hacking attempt to steal another users credentials. If the user's netid has changed you will need to manually change it to the correct value or unset it in the database.");
                ePerson = null;
            }
        }
        if (!z && !z2 && !z3) {
            log.error("Shibboleth authentication was not able to find a NetId, Email, or Tomcat Remote user for which to indentify a user from.");
        }
        return ePerson;
    }

    protected EPerson registerNewEPerson(Context context, HttpServletRequest httpServletRequest) throws SQLException, AuthorizeException {
        String str;
        String property = this.configurationService.getProperty("authentication-shibboleth.netid-header");
        String property2 = this.configurationService.getProperty("authentication-shibboleth.email-header");
        String property3 = this.configurationService.getProperty("authentication-shibboleth.firstname-header");
        String property4 = this.configurationService.getProperty("authentication-shibboleth.lastname-header");
        String findSingleAttribute = findSingleAttribute(httpServletRequest, property);
        String findSingleAttribute2 = findSingleAttribute(httpServletRequest, property2);
        String findSingleAttribute3 = findSingleAttribute(httpServletRequest, property3);
        String findSingleAttribute4 = findSingleAttribute(httpServletRequest, property4);
        if (findSingleAttribute2 == null || ((property3 != null && findSingleAttribute3 == null) || (property4 != null && findSingleAttribute4 == null))) {
            log.error(((("Unable to register new eperson because we are unable to find an email address along with first and last name for the user.\n" + "  NetId Header: '" + property + "'='" + findSingleAttribute + "' (Optional) \n") + "  Email Header: '" + property2 + "'='" + findSingleAttribute2 + "' \n") + "  First Name Header: '" + property3 + "'='" + findSingleAttribute3 + "' \n") + "  Last Name Header: '" + property4 + "'='" + findSingleAttribute4 + "'");
            return null;
        }
        if (findSingleAttribute3 != null && findSingleAttribute3.length() > 64) {
            log.warn("Truncating eperson's first name because it is longer than 64: '" + findSingleAttribute3 + "'");
            findSingleAttribute3 = findSingleAttribute3.substring(0, 64);
        }
        if (findSingleAttribute4 != null && findSingleAttribute4.length() > 64) {
            log.warn("Truncating eperson's last name because it is longer than 64: '" + findSingleAttribute4 + "'");
            findSingleAttribute4 = findSingleAttribute4.substring(0, 64);
        }
        context.turnOffAuthorisationSystem();
        EPerson create = this.ePersonService.create(context);
        if (findSingleAttribute != null) {
            create.setNetid(findSingleAttribute);
        }
        create.setEmail(findSingleAttribute2.toLowerCase());
        if (findSingleAttribute3 != null) {
            create.setFirstName(context, findSingleAttribute3);
        }
        if (findSingleAttribute4 != null) {
            create.setLastName(context, findSingleAttribute4);
        }
        create.setCanLogIn(true);
        AuthenticateServiceFactory.getInstance().getAuthenticationService().initEPerson(context, httpServletRequest, create);
        this.ePersonService.update(context, create);
        context.dispatchEvents();
        context.restoreAuthSystemState();
        if (log.isInfoEnabled()) {
            str = "Auto registered new eperson using Shibboleth-based attributes:";
            log.info((((findSingleAttribute != null ? str + "  NetId: '" + findSingleAttribute + "'\n" : "Auto registered new eperson using Shibboleth-based attributes:") + "  Email: '" + findSingleAttribute2 + "' \n") + "  First Name: '" + findSingleAttribute3 + "' \n") + "  Last Name: '" + findSingleAttribute4 + "'");
        }
        return create;
    }

    protected void updateEPerson(Context context, HttpServletRequest httpServletRequest, EPerson ePerson) throws SQLException, AuthorizeException {
        String property = this.configurationService.getProperty("authentication-shibboleth.netid-header");
        String property2 = this.configurationService.getProperty("authentication-shibboleth.email-header");
        String property3 = this.configurationService.getProperty("authentication-shibboleth.firstname-header");
        String property4 = this.configurationService.getProperty("authentication-shibboleth.lastname-header");
        String findSingleAttribute = findSingleAttribute(httpServletRequest, property);
        String findSingleAttribute2 = findSingleAttribute(httpServletRequest, property2);
        String findSingleAttribute3 = findSingleAttribute(httpServletRequest, property3);
        String findSingleAttribute4 = findSingleAttribute(httpServletRequest, property4);
        if (findSingleAttribute3 != null && findSingleAttribute3.length() > 64) {
            log.warn("Truncating eperson's first name because it is longer than 64: '" + findSingleAttribute3 + "'");
            findSingleAttribute3 = findSingleAttribute3.substring(0, 64);
        }
        if (findSingleAttribute4 != null && findSingleAttribute4.length() > 64) {
            log.warn("Truncating eperson's last name because it is longer than 64: '" + findSingleAttribute4 + "'");
            findSingleAttribute4 = findSingleAttribute4.substring(0, 64);
        }
        context.turnOffAuthorisationSystem();
        if (findSingleAttribute != null && ePerson.getNetid() == null) {
            ePerson.setNetid(findSingleAttribute);
        }
        if (findSingleAttribute2 != null) {
            ePerson.setEmail(findSingleAttribute2.toLowerCase());
        }
        if (findSingleAttribute3 != null) {
            ePerson.setFirstName(context, findSingleAttribute3);
        }
        if (findSingleAttribute4 != null) {
            ePerson.setLastName(context, findSingleAttribute4);
        }
        if (log.isDebugEnabled()) {
            log.debug((("Updated the eperson's minimal metadata: \n" + " Email Header: '" + property2 + "' = '" + findSingleAttribute2 + "' \n") + " First Name Header: '" + property3 + "' = '" + findSingleAttribute3 + "' \n") + " Last Name Header: '" + property3 + "' = '" + findSingleAttribute4 + "'");
        }
        for (String str : this.metadataHeaderMap.keySet()) {
            String str2 = this.metadataHeaderMap.get(str);
            String findSingleAttribute5 = findSingleAttribute(httpServletRequest, str);
            if (findSingleAttribute5 == null) {
                log.warn("Unable to update the eperson's '" + str2 + "' metadata because the header '" + str + "' does not exist.");
            } else {
                if ("phone".equals(str2) && findSingleAttribute5.length() > 32) {
                    log.warn("Truncating eperson phone metadata because it is longer than 32: '" + findSingleAttribute5 + "'");
                    findSingleAttribute5 = findSingleAttribute5.substring(0, 32);
                } else if (findSingleAttribute5.length() > 1024) {
                    log.warn("Truncating eperson " + str2 + " metadata because it is longer than 1024: '" + findSingleAttribute5 + "'");
                    findSingleAttribute5 = findSingleAttribute5.substring(0, 1024);
                }
                this.ePersonService.setMetadata(context, ePerson, str2, findSingleAttribute5);
                log.debug("Updated the eperson's '" + str2 + "' metadata using header: '" + str + "' = '" + findSingleAttribute5 + "'.");
            }
        }
        this.ePersonService.update(context, ePerson);
        context.dispatchEvents();
        context.restoreAuthSystemState();
    }

    protected int swordCompatibility(Context context, String str, String str2, HttpServletRequest httpServletRequest) throws SQLException {
        log.debug("Shibboleth Sword compatibility activated.");
        EPerson findByEmail = this.ePersonService.findByEmail(context, str.toLowerCase());
        if (findByEmail == null) {
            log.error("Shibboleth-based password authentication failed for user " + str + " because no such user exists.");
            return 4;
        }
        if (!findByEmail.canLogIn()) {
            log.error("Shibboleth-based password authentication failed for user " + str + " because the eperson object is not allowed to login.");
            return 5;
        }
        if (findByEmail.getRequireCertificate()) {
            log.error("Shibboleth-based password authentication failed for user " + str + " because the eperson object requires a certificate to authenticate..");
            return 3;
        }
        if (!this.ePersonService.checkPassword(context, findByEmail, str2)) {
            log.error("Shibboleth-based password authentication failed for user " + str + " because a bad password was supplied.");
            return 2;
        }
        AuthenticateServiceFactory.getInstance().getAuthenticationService().initEPerson(context, httpServletRequest, findByEmail);
        context.setCurrentUser(findByEmail);
        log.info(findByEmail.getEmail() + " has been authenticated via shibboleth using password-based sword compatibility mode.");
        return 1;
    }

    protected synchronized void initialize(Context context) throws SQLException {
        if (this.metadataHeaderMap != null) {
            return;
        }
        HashMap hashMap = new HashMap();
        String[] arrayProperty = this.configurationService.getArrayProperty("authentication-shibboleth.eperson.metadata");
        boolean booleanProperty = this.configurationService.getBooleanProperty("authentication-shibboleth.eperson.metadata.autocreate", true);
        if (arrayProperty == null || arrayProperty.length == 0) {
            log.debug("No additional eperson metadata mapping found: authentication.shib.eperson.metadata");
            this.metadataHeaderMap = hashMap;
            return;
        }
        log.debug("Loading additional eperson metadata from: 'authentication.shib.eperson.metadata' = '" + StringUtils.join(arrayProperty, ",") + "'");
        for (String str : arrayProperty) {
            String trim = str.trim();
            String[] split = trim.split("=>");
            if (split.length != 2) {
                log.error("Unable to parse metadat mapping string: '" + trim + "'");
            } else {
                String trim2 = split[0].trim();
                String lowerCase = split[1].trim().toLowerCase();
                boolean checkIfEpersonMetadataFieldExists = checkIfEpersonMetadataFieldExists(context, lowerCase);
                if (!checkIfEpersonMetadataFieldExists && booleanProperty) {
                    checkIfEpersonMetadataFieldExists = autoCreateEpersonMetadataField(context, lowerCase);
                }
                if (checkIfEpersonMetadataFieldExists) {
                    log.debug("Loading additional eperson metadata mapping for: '" + trim2 + "' = '" + lowerCase + "'");
                    hashMap.put(trim2, lowerCase);
                } else {
                    log.error("Skipping the additional eperson metadata mapping for: '" + trim2 + "' = '" + lowerCase + "' because the field is not supported by the current configuration.");
                }
            }
        }
        this.metadataHeaderMap = hashMap;
    }

    protected synchronized boolean checkIfEpersonMetadataFieldExists(Context context, String str) throws SQLException {
        if (str == null) {
            return false;
        }
        return "phone".equals(str) || this.metadataFieldService.findByElement(context, ResourcePolicy_.EPERSON, str, (String) null) != null;
    }

    protected synchronized boolean autoCreateEpersonMetadataField(Context context, String str) throws SQLException {
        if (str == null) {
            return false;
        }
        if ("phone".equals(str)) {
            return true;
        }
        if (!str.matches("^[_A-Za-z0-9]+$")) {
            return false;
        }
        MetadataSchema find = this.metadataSchemaService.find(context, ResourcePolicy_.EPERSON);
        try {
            try {
                context.turnOffAuthorisationSystem();
                MetadataField create = this.metadataFieldService.create(context, find, str, null, null);
                context.restoreAuthSystemState();
                return create != null;
            } catch (AuthorizeException e) {
                log.error(e.getMessage(), e);
                context.restoreAuthSystemState();
                return false;
            } catch (NonUniqueMetadataException e2) {
                log.error(e2.getMessage(), e2);
                context.restoreAuthSystemState();
                return false;
            }
        } catch (Throwable th) {
            context.restoreAuthSystemState();
            throw th;
        }
    }

    protected String findAttribute(HttpServletRequest httpServletRequest, String str) {
        if (str == null) {
            return null;
        }
        String str2 = (String) httpServletRequest.getAttribute(str);
        if (StringUtils.isEmpty(str2)) {
            str2 = (String) httpServletRequest.getAttribute(str.toLowerCase());
        }
        if (StringUtils.isEmpty(str2)) {
            str2 = (String) httpServletRequest.getAttribute(str.toUpperCase());
        }
        if (StringUtils.isEmpty(str2)) {
            str2 = httpServletRequest.getHeader(str);
        }
        if (StringUtils.isEmpty(str2)) {
            str2 = httpServletRequest.getHeader(str.toLowerCase());
        }
        if (StringUtils.isEmpty(str2)) {
            str2 = httpServletRequest.getHeader(str.toUpperCase());
        }
        if (StringUtils.isEmpty(str2)) {
            log.debug("ShibAuthentication - attribute " + str + " is empty!");
            return null;
        }
        boolean booleanProperty = this.configurationService.getBooleanProperty("authentication-shibboleth.reconvert.attributes", false);
        if (!StringUtils.isEmpty(str2) && booleanProperty) {
            try {
                str2 = new String(str2.getBytes("ISO-8859-1"), Constants.DEFAULT_ENCODING);
            } catch (UnsupportedEncodingException e) {
                log.warn("Failed to reconvert shibboleth attribute (" + str + ").", e);
            }
        }
        return str2;
    }

    protected String findSingleAttribute(HttpServletRequest httpServletRequest, String str) {
        if (str == null) {
            return null;
        }
        String findAttribute = findAttribute(httpServletRequest, str);
        if (findAttribute != null) {
            int i = 0;
            while (true) {
                i = findAttribute.indexOf(59, i);
                if (i != -1 && findAttribute.charAt(i - 1) != '\\') {
                    findAttribute = findAttribute.substring(0, i);
                    break;
                }
                if (i < 0) {
                    break;
                }
            }
            findAttribute = findAttribute.replaceAll("\\;", ";");
        }
        return findAttribute;
    }

    protected List<String> findMultipleAttributes(HttpServletRequest httpServletRequest, String str) {
        String findAttribute = findAttribute(httpServletRequest, str);
        if (findAttribute == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        int i = 0;
        do {
            i = findAttribute.indexOf(59, i);
            if (i == 0) {
                findAttribute = findAttribute.substring(1, findAttribute.length());
            } else if (i > 0 && findAttribute.charAt(i - 1) == '\\') {
                i++;
            } else if (i > 0) {
                arrayList.add(findAttribute.substring(0, i).replaceAll("\\\\;", ";"));
                findAttribute = findAttribute.substring(i + 1, findAttribute.length());
                i = 0;
            }
        } while (i >= 0);
        if (findAttribute.length() > 0) {
            arrayList.add(findAttribute.replaceAll("\\\\;", ";"));
        }
        return arrayList;
    }

    private String getShibURL(HttpServletRequest httpServletRequest) {
        String property = this.configurationService.getProperty("authentication-shibboleth.lazysession.loginurl", "/Shibboleth.sso/Login");
        boolean booleanProperty = this.configurationService.getBooleanProperty("authentication-shibboleth.lazysession.secure", true);
        if (property.startsWith("/")) {
            property = Utils.getBaseUrl(this.configurationService.getProperty("dspace.server.url")) + property;
            if ((httpServletRequest.isSecure() || booleanProperty) && property.startsWith("http://")) {
                property = property.replace("http://", "https://");
            }
        }
        return property;
    }
}
