package org.codelibs.fess.sso.spnego;

import java.io.File;
import java.util.Enumeration;
import javax.annotation.PostConstruct;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import org.codelibs.core.io.ResourceUtil;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.fess.app.web.base.login.ActionResponseCredential;
import org.codelibs.fess.app.web.base.login.SpnegoCredential;
import org.codelibs.fess.exception.FessSystemException;
import org.codelibs.fess.exception.SsoLoginException;
import org.codelibs.fess.mylasta.direction.FessConfig;
import org.codelibs.fess.sso.SsoAuthenticator;
import org.codelibs.fess.util.ComponentUtil;
import org.codelibs.spnego.SpnegoFilterConfig;
import org.codelibs.spnego.SpnegoHttpServletResponse;
import org.codelibs.spnego.SpnegoPrincipal;
import org.lastaflute.web.login.credential.LoginCredential;
import org.lastaflute.web.servlet.filter.RequestLoggingFilter;
import org.lastaflute.web.util.LaRequestUtil;
import org.lastaflute.web.util.LaResponseUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/codelibs/fess/sso/spnego/SpnegoAuthenticator.class */
public class SpnegoAuthenticator implements SsoAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger(SpnegoAuthenticator.class);
    protected org.codelibs.spnego.SpnegoAuthenticator authenticator = null;

    /* loaded from: input_file:org/codelibs/fess/sso/spnego/SpnegoAuthenticator$SpengoConfig.class */
    protected class SpengoConfig implements FilterConfig {
        protected FessConfig fessConfig = ComponentUtil.getFessConfig();

        protected SpengoConfig() {
        }

        public String getFilterName() {
            return SpnegoAuthenticator.class.getName();
        }

        public ServletContext getServletContext() {
            throw new UnsupportedOperationException();
        }

        public String getInitParameter(String str) {
            if (FessConfig.SPNEGO_LOGGER_LEVEL.equals(str)) {
                return StringUtil.isNotBlank(this.fessConfig.getSpnegoLoggerLevel()) ? this.fessConfig.getSpnegoLoggerLevel() : SpnegoAuthenticator.logger.isDebugEnabled() ? "3" : SpnegoAuthenticator.logger.isInfoEnabled() ? "5" : SpnegoAuthenticator.logger.isWarnEnabled() ? "6" : SpnegoAuthenticator.logger.isErrorEnabled() ? "7" : "0";
            }
            if (FessConfig.SPNEGO_LOGIN_CONF.equals(str)) {
                return getResourcePath(this.fessConfig.getSpnegoLoginConf());
            }
            if (FessConfig.SPNEGO_KRB5_CONF.equals(str)) {
                return getResourcePath(this.fessConfig.getSpnegoKrb5Conf());
            }
            if (FessConfig.SPNEGO_LOGIN_CLIENT_MODULE.equals(str)) {
                return this.fessConfig.getSpnegoLoginClientModule();
            }
            if (FessConfig.SPNEGO_LOGIN_SERVER_MODULE.equals(str)) {
                return this.fessConfig.getSpnegoLoginServerModule();
            }
            if (FessConfig.SPNEGO_PREAUTH_USERNAME.equals(str)) {
                return this.fessConfig.getSpnegoPreauthUsername();
            }
            if (FessConfig.SPNEGO_PREAUTH_PASSWORD.equals(str)) {
                return this.fessConfig.getSpnegoPreauthPassword();
            }
            if (FessConfig.SPNEGO_ALLOW_BASIC.equals(str)) {
                return this.fessConfig.getSpnegoAllowBasic();
            }
            if (FessConfig.SPNEGO_ALLOW_UNSECURE_BASIC.equals(str)) {
                return this.fessConfig.getSpnegoAllowUnsecureBasic();
            }
            if (FessConfig.SPNEGO_PROMPT_NTLM.equals(str)) {
                return this.fessConfig.getSpnegoPromptNtlm();
            }
            if (FessConfig.SPNEGO_ALLOW_LOCALHOST.equals(str)) {
                return this.fessConfig.getSpnegoAllowLocalhost();
            }
            if (FessConfig.SPNEGO_ALLOW_DELEGATION.equals(str)) {
                return this.fessConfig.getSpnegoAllowDelegation();
            }
            if (FessConfig.SPNEGO_EXCLUDE_DIRS.equals(str)) {
                return this.fessConfig.getSpnegoExcludeDirs();
            }
            return null;
        }

        protected String getResourcePath(String str) {
            File resourceAsFileNoException = ResourceUtil.getResourceAsFileNoException(str);
            if (resourceAsFileNoException != null) {
                return resourceAsFileNoException.getAbsolutePath();
            }
            return null;
        }

        public Enumeration<String> getInitParameterNames() {
            throw new UnsupportedOperationException();
        }
    }

    @PostConstruct
    public void init() {
        if ("spnego".equals(ComponentUtil.getFessConfig().getSsoType())) {
            try {
                this.authenticator = new org.codelibs.spnego.SpnegoAuthenticator(SpnegoFilterConfig.getInstance(new SpengoConfig()));
            } catch (Exception e) {
                throw new FessSystemException("Failed to initialize SPNEGO.", e);
            }
        }
    }

    @Override // org.codelibs.fess.sso.SsoAuthenticator
    public LoginCredential getLoginCredential() {
        return (LoginCredential) LaRequestUtil.getOptionalRequest().map(httpServletRequest -> {
            SpnegoHttpServletResponse spnegoHttpServletResponse = new SpnegoHttpServletResponse(LaResponseUtil.getResponse());
            try {
                SpnegoPrincipal authenticate = this.authenticator.authenticate(httpServletRequest, spnegoHttpServletResponse);
                if (spnegoHttpServletResponse.isStatusSet()) {
                    return new ActionResponseCredential(() -> {
                        throw new RequestLoggingFilter.RequestClientErrorException("Your request is not authorized.", "401 Unauthorized", 401);
                    });
                }
                if (null == authenticate) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Principal was null.");
                    }
                    throw new SsoLoginException("Principal was null.");
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("principal=" + authenticate);
                }
                return new SpnegoCredential(authenticate.getName().split("@", 2)[0]);
            } catch (Exception e) {
                String str = "HTTP Authorization Header=" + httpServletRequest.getHeader("Authorization");
                if (logger.isDebugEnabled()) {
                    logger.debug(str);
                }
                throw new SsoLoginException(str, e);
            }
        }).orElseGet(() -> {
            return null;
        });
    }
}
