package com.enonic.xp.lib.auth;

import com.enonic.xp.context.Context;
import com.enonic.xp.context.LocalScope;
import com.enonic.xp.portal.PortalRequest;
import com.enonic.xp.script.bean.BeanContext;
import com.enonic.xp.script.bean.ScriptBean;
import com.enonic.xp.security.IdProviderKey;
import com.enonic.xp.security.SecurityService;
import com.enonic.xp.security.auth.AuthenticationInfo;
import com.enonic.xp.security.auth.EmailPasswordAuthToken;
import com.enonic.xp.security.auth.UsernamePasswordAuthToken;
import com.enonic.xp.security.auth.VerifiedEmailAuthToken;
import com.enonic.xp.security.auth.VerifiedUsernameAuthToken;
import com.enonic.xp.session.Session;
import java.util.Map;
import java.util.Objects;
import java.util.function.Supplier;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/enonic/xp/lib/auth/LoginHandler.class */
public final class LoginHandler implements ScriptBean {
    private String user;
    private String password;
    private boolean skipAuth;
    private String[] idProvider;
    private Integer sessionTimeout;
    private Scope scope;
    private Supplier<SecurityService> securityServiceSupplier;
    private Supplier<Context> context;
    private Supplier<PortalRequest> portalRequestSupplier;

    /* loaded from: input_file:com/enonic/xp/lib/auth/LoginHandler$Scope.class */
    private enum Scope {
        SESSION,
        REQUEST,
        NONE
    }

    public void setUser(String str) {
        this.user = str;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public void setSkipAuth(boolean z) {
        this.skipAuth = z;
    }

    public void setIdProvider(String[] strArr) {
        this.idProvider = strArr;
    }

    public void setSessionTimeout(Integer num) {
        this.sessionTimeout = num;
    }

    public void setScope(String str) {
        this.scope = Scope.valueOf(str);
    }

    public LoginResultMapper login() {
        AuthenticationInfo attemptLogin = attemptLogin();
        if (!attemptLogin.isAuthenticated()) {
            return new LoginResultMapper(attemptLogin, "Access Denied");
        }
        switch (this.scope) {
            case NONE:
                break;
            case REQUEST:
                this.context.get().getLocalScope().setAttribute(attemptLogin);
                break;
            case SESSION:
            default:
                createSession(attemptLogin);
                break;
        }
        return new LoginResultMapper(attemptLogin);
    }

    private void createSession(AuthenticationInfo authenticationInfo) {
        LocalScope localScope = this.context.get().getLocalScope();
        Session session = localScope.getSession();
        if (session != null) {
            Map attributes = session.getAttributes();
            session.invalidate();
            Session session2 = localScope.getSession();
            if (session2 != null) {
                Objects.requireNonNull(session2);
                attributes.forEach(session2::setAttribute);
                session.setAttribute(authenticationInfo);
                if (this.sessionTimeout != null) {
                    setSessionTimeout();
                }
            }
        }
    }

    private AuthenticationInfo attemptLogin() {
        if (this.idProvider == null || this.idProvider.length == 0) {
            return authenticate(null);
        }
        for (String str : this.idProvider) {
            AuthenticationInfo authenticate = authenticate(IdProviderKey.from(str));
            if (authenticate.isAuthenticated()) {
                return authenticate;
            }
        }
        return AuthenticationInfo.unAuthenticated();
    }

    private AuthenticationInfo authenticate(IdProviderKey idProviderKey) {
        VerifiedUsernameAuthToken verifiedUsernameAuthToken;
        VerifiedEmailAuthToken verifiedEmailAuthToken;
        AuthenticationInfo unAuthenticated = AuthenticationInfo.unAuthenticated();
        if (isValidEmail(this.user)) {
            if (this.skipAuth) {
                VerifiedEmailAuthToken verifiedEmailAuthToken2 = new VerifiedEmailAuthToken();
                verifiedEmailAuthToken2.setEmail(this.user);
                verifiedEmailAuthToken2.setIdProvider(idProviderKey);
                verifiedEmailAuthToken = verifiedEmailAuthToken2;
            } else {
                VerifiedEmailAuthToken emailPasswordAuthToken = new EmailPasswordAuthToken();
                emailPasswordAuthToken.setEmail(this.user);
                emailPasswordAuthToken.setPassword(this.password);
                emailPasswordAuthToken.setIdProvider(idProviderKey);
                verifiedEmailAuthToken = emailPasswordAuthToken;
            }
            unAuthenticated = this.securityServiceSupplier.get().authenticate(verifiedEmailAuthToken);
        }
        if (!unAuthenticated.isAuthenticated()) {
            if (this.skipAuth) {
                VerifiedUsernameAuthToken verifiedUsernameAuthToken2 = new VerifiedUsernameAuthToken();
                verifiedUsernameAuthToken2.setUsername(this.user);
                verifiedUsernameAuthToken2.setIdProvider(idProviderKey);
                verifiedUsernameAuthToken = verifiedUsernameAuthToken2;
            } else {
                VerifiedUsernameAuthToken usernamePasswordAuthToken = new UsernamePasswordAuthToken();
                usernamePasswordAuthToken.setUsername(this.user);
                usernamePasswordAuthToken.setPassword(this.password);
                usernamePasswordAuthToken.setIdProvider(idProviderKey);
                verifiedUsernameAuthToken = usernamePasswordAuthToken;
            }
            unAuthenticated = this.securityServiceSupplier.get().authenticate(verifiedUsernameAuthToken);
        }
        return unAuthenticated;
    }

    private boolean isValidEmail(String str) {
        return str != null && str.chars().filter(i -> {
            return i == 64;
        }).count() == 1;
    }

    private void setSessionTimeout() {
        HttpSession session;
        PortalRequest portalRequest = this.portalRequestSupplier.get();
        if (portalRequest == null || (session = portalRequest.getRawRequest().getSession()) == null) {
            return;
        }
        session.setMaxInactiveInterval(this.sessionTimeout.intValue());
    }

    public void initialize(BeanContext beanContext) {
        this.securityServiceSupplier = beanContext.getService(SecurityService.class);
        this.context = beanContext.getBinding(Context.class);
        this.portalRequestSupplier = beanContext.getBinding(PortalRequest.class);
    }
}
