package org.codelibs.fess.sso.spnego;

import java.io.File;
import java.util.Arrays;
import java.util.Enumeration;
import javax.annotation.PostConstruct;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import org.codelibs.core.io.ResourceUtil;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.fess.Constants;
import org.codelibs.fess.app.web.base.login.ActionResponseCredential;
import org.codelibs.fess.app.web.base.login.FessLoginAssist;
import org.codelibs.fess.app.web.base.login.SpnegoCredential;
import org.codelibs.fess.exception.SsoLoginException;
import org.codelibs.fess.mylasta.direction.FessConfig;
import org.codelibs.fess.sso.SsoAuthenticator;
import org.codelibs.fess.util.ComponentUtil;
import org.codelibs.spnego.SpnegoFilterConfig;
import org.codelibs.spnego.SpnegoHttpServletResponse;
import org.codelibs.spnego.SpnegoPrincipal;
import org.dbflute.optional.OptionalEntity;
import org.lastaflute.web.login.credential.LoginCredential;
import org.lastaflute.web.servlet.filter.RequestLoggingFilter;
import org.lastaflute.web.util.LaRequestUtil;
import org.lastaflute.web.util.LaResponseUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/codelibs/fess/sso/spnego/SpnegoAuthenticator.class */
public class SpnegoAuthenticator implements SsoAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger(SpnegoAuthenticator.class);
    protected static final String SPNEGO_INITIALIZED = "spnego.initialized";
    protected static final String SPNEGO_EXCLUDE_DIRS = "spnego.exclude.dirs";
    protected static final String SPNEGO_ALLOW_DELEGATION = "spnego.allow.delegation";
    protected static final String SPNEGO_ALLOW_LOCALHOST = "spnego.allow.localhost";
    protected static final String SPNEGO_PROMPT_NTLM = "spnego.prompt.ntlm";
    protected static final String SPNEGO_ALLOW_UNSECURE_BASIC = "spnego.allow.unsecure.basic";
    protected static final String SPNEGO_ALLOW_BASIC = "spnego.allow.basic";
    protected static final String SPNEGO_PREAUTH_PASSWORD = "spnego.preauth.password";
    protected static final String SPNEGO_PREAUTH_USERNAME = "spnego.preauth.username";
    protected static final String SPNEGO_LOGIN_SERVER_MODULE = "spnego.login.server.module";
    protected static final String SPNEGO_LOGIN_CLIENT_MODULE = "spnego.login.client.module";
    protected static final String SPNEGO_KRB5_CONF = "spnego.krb5.conf";
    protected static final String SPNEGO_LOGIN_CONF = "spnego.login.conf";
    protected static final String SPNEGO_LOGGER_LEVEL = "spnego.logger.level";
    protected org.codelibs.spnego.SpnegoAuthenticator authenticator = null;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/codelibs/fess/sso/spnego/SpnegoAuthenticator$SpengoConfig.class */
    public class SpengoConfig implements FilterConfig {
        protected SpengoConfig() {
        }

        public String getFilterName() {
            return SpnegoAuthenticator.class.getName();
        }

        public ServletContext getServletContext() {
            throw new UnsupportedOperationException();
        }

        public String getInitParameter(String str) {
            if (SpnegoAuthenticator.SPNEGO_LOGGER_LEVEL.equals(str)) {
                String property = getProperty(SpnegoAuthenticator.SPNEGO_LOGGER_LEVEL, Constants.DEFAULT_IGNORE_FAILURE_TYPE);
                return StringUtil.isNotBlank(property) ? property : SpnegoAuthenticator.logger.isDebugEnabled() ? "3" : SpnegoAuthenticator.logger.isInfoEnabled() ? "5" : SpnegoAuthenticator.logger.isWarnEnabled() ? "6" : SpnegoAuthenticator.logger.isErrorEnabled() ? "7" : "0";
            }
            if (SpnegoAuthenticator.SPNEGO_LOGIN_CONF.equals(str)) {
                return getResourcePath(getProperty(SpnegoAuthenticator.SPNEGO_LOGIN_CONF, "auth_login.conf"));
            }
            if (SpnegoAuthenticator.SPNEGO_KRB5_CONF.equals(str)) {
                return getResourcePath(getProperty(SpnegoAuthenticator.SPNEGO_KRB5_CONF, "krb5.conf"));
            }
            if (SpnegoAuthenticator.SPNEGO_LOGIN_CLIENT_MODULE.equals(str)) {
                return getProperty(SpnegoAuthenticator.SPNEGO_LOGIN_CLIENT_MODULE, "spnego-client");
            }
            if (SpnegoAuthenticator.SPNEGO_LOGIN_SERVER_MODULE.equals(str)) {
                return getProperty(SpnegoAuthenticator.SPNEGO_LOGIN_SERVER_MODULE, "spnego-server");
            }
            if (SpnegoAuthenticator.SPNEGO_PREAUTH_USERNAME.equals(str)) {
                return getProperty(SpnegoAuthenticator.SPNEGO_PREAUTH_USERNAME, "username");
            }
            if (SpnegoAuthenticator.SPNEGO_PREAUTH_PASSWORD.equals(str)) {
                return getProperty(SpnegoAuthenticator.SPNEGO_PREAUTH_PASSWORD, "password");
            }
            if (SpnegoAuthenticator.SPNEGO_ALLOW_BASIC.equals(str)) {
                return getProperty(SpnegoAuthenticator.SPNEGO_ALLOW_BASIC, Constants.TRUE);
            }
            if (SpnegoAuthenticator.SPNEGO_ALLOW_UNSECURE_BASIC.equals(str)) {
                return getProperty(SpnegoAuthenticator.SPNEGO_ALLOW_UNSECURE_BASIC, Constants.TRUE);
            }
            if (SpnegoAuthenticator.SPNEGO_PROMPT_NTLM.equals(str)) {
                return getProperty(SpnegoAuthenticator.SPNEGO_PROMPT_NTLM, Constants.TRUE);
            }
            if (SpnegoAuthenticator.SPNEGO_ALLOW_LOCALHOST.equals(str)) {
                return getProperty(SpnegoAuthenticator.SPNEGO_ALLOW_LOCALHOST, Constants.TRUE);
            }
            if (SpnegoAuthenticator.SPNEGO_ALLOW_DELEGATION.equals(str)) {
                return getProperty(SpnegoAuthenticator.SPNEGO_ALLOW_DELEGATION, Constants.FALSE);
            }
            if (SpnegoAuthenticator.SPNEGO_EXCLUDE_DIRS.equals(str)) {
                return getProperty(SpnegoAuthenticator.SPNEGO_EXCLUDE_DIRS, Constants.DEFAULT_IGNORE_FAILURE_TYPE);
            }
            return null;
        }

        protected String getProperty(String str, String str2) {
            return ComponentUtil.getSystemProperties().getProperty(str, str2);
        }

        protected String getResourcePath(String str) {
            File resourceAsFileNoException = ResourceUtil.getResourceAsFileNoException(str);
            if (resourceAsFileNoException != null) {
                return resourceAsFileNoException.getAbsolutePath();
            }
            return null;
        }

        public Enumeration<String> getInitParameterNames() {
            throw new UnsupportedOperationException();
        }
    }

    @PostConstruct
    public void init() {
        if (logger.isDebugEnabled()) {
            logger.debug("Initialize {}", getClass().getSimpleName());
        }
        ComponentUtil.getSsoManager().register(this);
    }

    protected synchronized org.codelibs.spnego.SpnegoAuthenticator getAuthenticator() {
        FessConfig fessConfig = ComponentUtil.getFessConfig();
        if (this.authenticator != null && fessConfig.getSystemPropertyAsBoolean(SPNEGO_INITIALIZED, false)) {
            return this.authenticator;
        }
        try {
            this.authenticator = new org.codelibs.spnego.SpnegoAuthenticator(SpnegoFilterConfig.getInstance(new SpengoConfig()));
            fessConfig.setSystemPropertyAsBoolean(SPNEGO_INITIALIZED, true);
            fessConfig.storeSystemProperties();
            return this.authenticator;
        } catch (Exception e) {
            throw new SsoLoginException("Failed to initialize SPNEGO.", e);
        }
    }

    @Override // org.codelibs.fess.sso.SsoAuthenticator
    public LoginCredential getLoginCredential() {
        return (LoginCredential) LaRequestUtil.getOptionalRequest().map(httpServletRequest -> {
            if (logger.isDebugEnabled()) {
                logger.debug("Logging in with SPNEGO Authenticator");
            }
            SpnegoHttpServletResponse spnegoHttpServletResponse = new SpnegoHttpServletResponse(LaResponseUtil.getResponse());
            try {
                SpnegoPrincipal authenticate = getAuthenticator().authenticate(httpServletRequest, spnegoHttpServletResponse);
                if (logger.isDebugEnabled()) {
                    logger.debug("principal: {}", authenticate);
                }
                boolean isStatusSet = spnegoHttpServletResponse.isStatusSet();
                if (logger.isDebugEnabled()) {
                    logger.debug("isStatusSet: {}", Boolean.valueOf(isStatusSet));
                }
                if (isStatusSet) {
                    return new ActionResponseCredential(() -> {
                        throw new RequestLoggingFilter.RequestClientErrorException("Your request is not authorized.", "401 Unauthorized", 401);
                    });
                }
                if (null == authenticate) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Principal was null.");
                    }
                    throw new SsoLoginException("Principal was null.");
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("principal={}", authenticate);
                }
                String[] split = authenticate.getName().split("@", 2);
                if (logger.isDebugEnabled()) {
                    logger.debug("username: {}", Arrays.toString(split));
                }
                return new SpnegoCredential(split[0]);
            } catch (Exception e) {
                String str = "HTTP Authorization Header=" + httpServletRequest.getHeader("Authorization");
                if (logger.isDebugEnabled()) {
                    logger.debug(str);
                }
                throw new SsoLoginException(str, e);
            }
        }).orElseGet(() -> {
            return null;
        });
    }

    @Override // org.codelibs.fess.sso.SsoAuthenticator
    public void resolveCredential(FessLoginAssist.LoginCredentialResolver loginCredentialResolver) {
        loginCredentialResolver.resolve(SpnegoCredential.class, spnegoCredential -> {
            String userId = spnegoCredential.getUserId();
            return !ComponentUtil.getFessConfig().isAdminUser(userId) ? ComponentUtil.getLdapManager().login(userId) : OptionalEntity.empty();
        });
    }
}
