package com.enonic.xp.lib.auth;

import com.enonic.xp.context.Context;
import com.enonic.xp.context.ContextBuilder;
import com.enonic.xp.context.LocalScope;
import com.enonic.xp.portal.PortalRequest;
import com.enonic.xp.script.bean.BeanContext;
import com.enonic.xp.script.bean.ScriptBean;
import com.enonic.xp.security.IdProvider;
import com.enonic.xp.security.IdProviderKey;
import com.enonic.xp.security.IdProviders;
import com.enonic.xp.security.PrincipalKey;
import com.enonic.xp.security.RoleKeys;
import com.enonic.xp.security.SecurityConstants;
import com.enonic.xp.security.SecurityService;
import com.enonic.xp.security.SystemConstants;
import com.enonic.xp.security.User;
import com.enonic.xp.security.auth.AuthenticationInfo;
import com.enonic.xp.security.auth.EmailPasswordAuthToken;
import com.enonic.xp.security.auth.UsernamePasswordAuthToken;
import com.enonic.xp.security.auth.VerifiedEmailAuthToken;
import com.enonic.xp.security.auth.VerifiedUsernameAuthToken;
import com.enonic.xp.session.Session;
import java.util.Comparator;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.Callable;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/enonic/xp/lib/auth/LoginHandler.class */
public final class LoginHandler implements ScriptBean {
    private String user;
    private String password;
    private boolean skipAuth;
    private String[] idProvider;
    private Integer sessionTimeout;
    private Scope scope;
    private Supplier<SecurityService> securityService;
    private Supplier<Context> context;
    private Supplier<PortalRequest> portalRequestSupplier;

    /* loaded from: input_file:com/enonic/xp/lib/auth/LoginHandler$Scope.class */
    private enum Scope {
        SESSION,
        REQUEST,
        NONE
    }

    public void setUser(String str) {
        this.user = str;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public void setSkipAuth(boolean z) {
        this.skipAuth = z;
    }

    public void setIdProvider(String[] strArr) {
        this.idProvider = strArr;
    }

    public void setSessionTimeout(Integer num) {
        this.sessionTimeout = num;
    }

    public void setScope(String str) {
        this.scope = Scope.valueOf(str);
    }

    public LoginResultMapper login() {
        AuthenticationInfo attemptLoginWithAllExistingIdProviders = noIdProviderSpecified() ? attemptLoginWithAllExistingIdProviders() : attemptLogin();
        if (!attemptLoginWithAllExistingIdProviders.isAuthenticated()) {
            return new LoginResultMapper(attemptLoginWithAllExistingIdProviders, "Access Denied");
        }
        switch (this.scope) {
            case NONE:
                break;
            case REQUEST:
                this.context.get().getLocalScope().setAttribute(attemptLoginWithAllExistingIdProviders);
                break;
            case SESSION:
            default:
                createSession(attemptLoginWithAllExistingIdProviders);
                break;
        }
        return new LoginResultMapper(attemptLoginWithAllExistingIdProviders);
    }

    private void createSession(AuthenticationInfo authenticationInfo) {
        LocalScope localScope = this.context.get().getLocalScope();
        Session session = localScope.getSession();
        if (session != null) {
            Map attributes = session.getAttributes();
            session.invalidate();
            Session session2 = localScope.getSession();
            if (session2 != null) {
                Objects.requireNonNull(session2);
                attributes.forEach(session2::setAttribute);
                session.setAttribute(authenticationInfo);
                if (this.sessionTimeout != null) {
                    setSessionTimeout();
                }
            }
        }
    }

    private boolean noIdProviderSpecified() {
        return this.idProvider == null || this.idProvider.length == 0;
    }

    private AuthenticationInfo attemptLoginWithAllExistingIdProviders() {
        Iterator it = ((IdProviders) runAsAuthenticated(this::getSortedIdProviders)).iterator();
        while (it.hasNext()) {
            AuthenticationInfo authenticate = authenticate(((IdProvider) it.next()).getKey());
            if (authenticate != null && authenticate.isAuthenticated()) {
                return authenticate;
            }
        }
        return AuthenticationInfo.unAuthenticated();
    }

    private IdProviders getSortedIdProviders() {
        return IdProviders.from((Iterable) this.securityService.get().getIdProviders().stream().sorted(Comparator.comparing(idProvider -> {
            return idProvider.getKey().toString();
        })).collect(Collectors.toList()));
    }

    private AuthenticationInfo attemptLogin() {
        for (String str : this.idProvider) {
            AuthenticationInfo authenticate = authenticate(IdProviderKey.from(str));
            if (authenticate != null && authenticate.isAuthenticated()) {
                return authenticate;
            }
        }
        return AuthenticationInfo.unAuthenticated();
    }

    private AuthenticationInfo authenticate(IdProviderKey idProviderKey) {
        AuthenticationInfo authenticationInfo = null;
        if (isValidEmail(this.user)) {
            if (this.skipAuth) {
                VerifiedEmailAuthToken verifiedEmailAuthToken = new VerifiedEmailAuthToken();
                verifiedEmailAuthToken.setEmail(this.user);
                verifiedEmailAuthToken.setIdProvider(idProviderKey);
                authenticationInfo = (AuthenticationInfo) runAsAuthenticated(() -> {
                    return this.securityService.get().authenticate(verifiedEmailAuthToken);
                });
            } else {
                EmailPasswordAuthToken emailPasswordAuthToken = new EmailPasswordAuthToken();
                emailPasswordAuthToken.setEmail(this.user);
                emailPasswordAuthToken.setPassword(this.password);
                emailPasswordAuthToken.setIdProvider(idProviderKey);
                authenticationInfo = (AuthenticationInfo) runAsAuthenticated(() -> {
                    return this.securityService.get().authenticate(emailPasswordAuthToken);
                });
            }
        }
        if (authenticationInfo == null || !authenticationInfo.isAuthenticated()) {
            if (this.skipAuth) {
                VerifiedUsernameAuthToken verifiedUsernameAuthToken = new VerifiedUsernameAuthToken();
                verifiedUsernameAuthToken.setUsername(this.user);
                verifiedUsernameAuthToken.setIdProvider(idProviderKey);
                authenticationInfo = (AuthenticationInfo) runAsAuthenticated(() -> {
                    return this.securityService.get().authenticate(verifiedUsernameAuthToken);
                });
            } else {
                UsernamePasswordAuthToken usernamePasswordAuthToken = new UsernamePasswordAuthToken();
                usernamePasswordAuthToken.setUsername(this.user);
                usernamePasswordAuthToken.setPassword(this.password);
                usernamePasswordAuthToken.setIdProvider(idProviderKey);
                authenticationInfo = (AuthenticationInfo) runAsAuthenticated(() -> {
                    return this.securityService.get().authenticate(usernamePasswordAuthToken);
                });
            }
        }
        return authenticationInfo;
    }

    private <T> T runAsAuthenticated(Callable<T> callable) {
        return (T) ContextBuilder.from(this.context.get()).authInfo(AuthenticationInfo.create().principals(new PrincipalKey[]{RoleKeys.AUTHENTICATED}).user(User.ANONYMOUS).build()).repositoryId(SystemConstants.SYSTEM_REPO_ID).branch(SecurityConstants.BRANCH_SECURITY).build().callWith(callable);
    }

    private boolean isValidEmail(String str) {
        return str != null && str.chars().filter(i -> {
            return i == 64;
        }).count() == 1;
    }

    private void setSessionTimeout() {
        HttpSession session;
        PortalRequest portalRequest = this.portalRequestSupplier.get();
        if (portalRequest == null || (session = portalRequest.getRawRequest().getSession()) == null) {
            return;
        }
        session.setMaxInactiveInterval(this.sessionTimeout.intValue());
    }

    public void initialize(BeanContext beanContext) {
        this.securityService = beanContext.getService(SecurityService.class);
        this.context = beanContext.getBinding(Context.class);
        this.portalRequestSupplier = beanContext.getBinding(PortalRequest.class);
    }
}
