package org.webswing.server.services.security.modules;

import com.github.mustachejava.DefaultMustacheFactory;
import com.github.mustachejava.Mustache;
import com.github.mustachejava.MustacheResolver;
import com.google.common.net.HttpHeaders;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.Reader;
import java.io.StringWriter;
import java.io.Writer;
import java.net.URL;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.MediaType;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.webswing.Constants;
import org.webswing.server.common.util.CommonUtil;
import org.webswing.server.common.util.WebswingObjectMapper;
import org.webswing.server.services.security.api.AbstractWebswingUser;
import org.webswing.server.services.security.api.LoginResponseClosedException;
import org.webswing.server.services.security.api.WebswingAuthenticationException;
import org.webswing.server.services.security.api.WebswingSecurityModule;
import org.webswing.server.services.security.api.WebswingSecurityModuleConfig;

/* loaded from: input_file:WEB-INF/lib/webswing-server-security-20.1.5.jar:org/webswing/server/services/security/modules/AbstractSecurityModule.class */
public abstract class AbstractSecurityModule<T extends WebswingSecurityModuleConfig> implements WebswingSecurityModule {
    public static final String REDIRECT_URL = "redirectUrl";
    public static final String SUCCESS_URL = "successUrl";
    private static final String LOGIN_REQUEST_MSG = "LoginRequestMsg";
    private final T config;
    private static final Logger auditLog = LoggerFactory.getLogger(WebswingSecurityModule.class);
    private static final Logger log = LoggerFactory.getLogger(AbstractSecurityModule.class);
    private final Map<String, Mustache> compiledTemplates = new HashMap();
    private final DefaultMustacheFactory mf = new DefaultMustacheFactory(new MustacheResolver() { // from class: org.webswing.server.services.security.modules.AbstractSecurityModule.1
        @Override // com.github.mustachejava.MustacheResolver
        public Reader getReader(String str) {
            URL findTemplate = AbstractSecurityModule.this.findTemplate(str);
            if (findTemplate == null) {
                return null;
            }
            try {
                return new InputStreamReader(findTemplate.openStream());
            } catch (IOException e) {
                AbstractSecurityModule.log.error("Failed to open Template from url:" + findTemplate);
                return null;
            }
        }
    });

    public AbstractSecurityModule(T t) {
        this.config = t;
    }

    public T getConfig() {
        return this.config;
    }

    @Override // org.webswing.server.services.security.api.WebswingSecurityModule
    public void init() {
    }

    @Override // org.webswing.server.services.security.api.WebswingSecurityModule
    public void destroy() {
        this.compiledTemplates.clear();
    }

    @Override // org.webswing.server.services.security.api.WebswingSecurityModule
    public AbstractWebswingUser doLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            Map<String, Object> loginRequest = getLoginRequest(httpServletRequest);
            if (loginRequest != null) {
                this.config.getContext().setToSecuritySession(LOGIN_REQUEST_MSG, loginRequest);
            }
            preVerify(httpServletRequest, httpServletResponse);
            AbstractWebswingUser authenticate = authenticate(httpServletRequest);
            if (authenticate == null) {
                onAuthenticationFailed(httpServletRequest, httpServletResponse, null);
                return null;
            }
            postVerify(authenticate, httpServletRequest, httpServletResponse);
            onAuthenticationSuccess(authenticate, httpServletRequest, httpServletResponse);
            return decorateUser(authenticate, httpServletRequest, httpServletResponse);
        } catch (LoginResponseClosedException e) {
            return null;
        } catch (WebswingAuthenticationException e2) {
            onAuthenticationFailed(httpServletRequest, httpServletResponse, e2);
            return null;
        }
    }

    @Override // org.webswing.server.services.security.api.WebswingSecurityModule
    public void doLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AbstractWebswingUser abstractWebswingUser) throws ServletException, IOException {
        doLogout(httpServletRequest, httpServletResponse);
    }

    public void doLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        sendRedirect(httpServletRequest, httpServletResponse, getConfig().getContext().getSecuredPath());
    }

    public void logoutRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        if (str != null) {
            sendRedirect(httpServletRequest, httpServletResponse, str);
        } else {
            sendPartialHtml(httpServletRequest, httpServletResponse, "logoutPartial.html", null);
        }
    }

    @Override // org.webswing.server.services.security.api.WebswingSecurityModule
    public void doServeAuthenticated(AbstractWebswingUser abstractWebswingUser, String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(200);
        httpServletResponse.setHeader("webswingUsername", abstractWebswingUser.getUserId());
        serveAuthenticated(abstractWebswingUser, str, httpServletRequest, httpServletResponse);
    }

    protected void serveAuthenticated(AbstractWebswingUser abstractWebswingUser, String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
    }

    protected AbstractWebswingUser decorateUser(AbstractWebswingUser abstractWebswingUser, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return abstractWebswingUser;
    }

    protected void postVerify(AbstractWebswingUser abstractWebswingUser, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws LoginResponseClosedException, WebswingAuthenticationException {
    }

    protected void preVerify(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws LoginResponseClosedException, WebswingAuthenticationException {
    }

    protected abstract AbstractWebswingUser authenticate(HttpServletRequest httpServletRequest) throws WebswingAuthenticationException;

    /* JADX INFO: Access modifiers changed from: protected */
    public void onAuthenticationSuccess(AbstractWebswingUser abstractWebswingUser, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(200);
        httpServletResponse.setHeader("webswingUsername", abstractWebswingUser.getUserId());
        if (isAjax(httpServletRequest)) {
            return;
        }
        Map<String, Object> loginRequest = getLoginRequest(httpServletRequest);
        if (loginRequest == null || !loginRequest.containsKey(SUCCESS_URL)) {
            sendRedirect(httpServletRequest, httpServletResponse, this.config.getContext().getSecuredPath());
        } else {
            sendRedirect(httpServletRequest, httpServletResponse, (String) loginRequest.get(SUCCESS_URL));
        }
    }

    protected void onAuthenticationFailed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, WebswingAuthenticationException webswingAuthenticationException) throws IOException {
        httpServletResponse.setStatus(401);
        if (isAjax(httpServletRequest)) {
            serveLoginPartial(httpServletRequest, httpServletResponse, webswingAuthenticationException);
        } else {
            serveLoginPage(httpServletRequest, httpServletResponse, webswingAuthenticationException);
        }
    }

    protected void serveLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, WebswingAuthenticationException webswingAuthenticationException) throws IOException {
        serveLoginPartial(httpServletRequest, httpServletResponse, webswingAuthenticationException);
    }

    protected abstract void serveLoginPartial(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, WebswingAuthenticationException webswingAuthenticationException) throws IOException;

    protected boolean isAjax(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(HttpHeaders.X_REQUESTED_WITH);
        return header != null && header.equals("XMLHttpRequest");
    }

    protected void sendRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        if (!isAjax(httpServletRequest)) {
            sendHttpRedirect(httpServletRequest, httpServletResponse, str);
            return;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(REDIRECT_URL, str);
        try {
            WebswingObjectMapper.get().writeValue(httpServletResponse.getOutputStream(), hashMap);
        } catch (Exception e) {
            throw new IOException("Failed to send login redirect message", e);
        }
    }

    protected void sendHtml(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Object obj) throws IOException {
        Object[] objArr = {obj, getDefaultVariables(httpServletRequest)};
        if (!isAjax(httpServletRequest)) {
            httpServletResponse.setContentType(MediaType.TEXT_HTML);
            processTemplate(new OutputStreamWriter(httpServletResponse.getOutputStream()), str, objArr);
            return;
        }
        HashMap hashMap = new HashMap();
        try {
            StringWriter stringWriter = new StringWriter();
            processTemplate(stringWriter, str, objArr);
            hashMap.put("partialHtml", stringWriter.toString());
            WebswingObjectMapper.get().writeValue(httpServletResponse.getOutputStream(), hashMap);
        } catch (Exception e) {
            throw new IOException("Failed to send login template message", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendPartialHtml(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Object obj) throws IOException {
        Map<String, String> defaultVariables = getDefaultVariables(httpServletRequest);
        Object[] objArr = {obj, defaultVariables};
        if (isAjax(httpServletRequest)) {
            sendHtml(httpServletRequest, httpServletResponse, str, obj);
            return;
        }
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(httpServletResponse.getOutputStream());
        StringWriter stringWriter = new StringWriter();
        processTemplate(stringWriter, str, objArr);
        defaultVariables.put("partialHtml", Base64.getEncoder().encodeToString(stringWriter.toString().getBytes()));
        processTemplate(outputStreamWriter, "default.html", objArr);
    }

    private Map<String, String> getDefaultVariables(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        hashMap.put("requestBaseUrl", getBaseUrl(httpServletRequest));
        return hashMap;
    }

    private String getBaseUrl(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(HttpHeaders.X_FORWARDED_PROTO);
        if (header == null) {
            header = httpServletRequest.getRequestURL().toString().startsWith("https") ? "https" : "http";
        }
        String header2 = httpServletRequest.getHeader(HttpHeaders.X_FORWARDED_HOST);
        if (header2 == null) {
            header2 = httpServletRequest.getServerName();
            int serverPort = httpServletRequest.getServerPort();
            if (serverPort != 80 && serverPort != 443) {
                header2 = header2 + ParameterizedMessage.ERROR_MSG_SEPARATOR + serverPort;
            }
        }
        return header + "://" + header2 + this.config.getContext().getSecuredPath();
    }

    protected void processTemplate(Writer writer, String str, Object[] objArr) throws IOException {
        if (str != null && writer != null) {
            try {
                compileTemplate(str).execute(writer, objArr);
                writer.flush();
            } finally {
                if (writer != null) {
                    writer.close();
                }
            }
        }
    }

    private Mustache compileTemplate(String str) throws IOException {
        Mustache mustache = this.compiledTemplates.get(str);
        if (mustache == null) {
            mustache = this.mf.compile(str);
            this.compiledTemplates.put(str, mustache);
        }
        return mustache;
    }

    public URL findTemplate(String str) {
        URL webResource = getConfig().getContext().getWebResource(str);
        if (webResource == null) {
            webResource = getClass().getClassLoader().getResource(str);
        }
        return webResource;
    }

    public Map<String, Object> getLoginRequest(HttpServletRequest httpServletRequest) {
        if (isAjax(httpServletRequest) && MediaType.APPLICATION_JSON.equals(httpServletRequest.getContentType())) {
            try {
                if (httpServletRequest.getAttribute(LOGIN_REQUEST_MSG) == null) {
                    httpServletRequest.setAttribute(LOGIN_REQUEST_MSG, (Map) WebswingObjectMapper.get().readValue(httpServletRequest.getReader(), Map.class));
                }
                return (Map) httpServletRequest.getAttribute(LOGIN_REQUEST_MSG);
            } catch (Exception e) {
                log.debug("Failed to read login request data.", (Throwable) e);
            }
        }
        return (Map) getConfig().getContext().getFromSecuritySession(LOGIN_REQUEST_MSG);
    }

    public static WebswingObjectMapper getMapper() {
        return WebswingObjectMapper.get();
    }

    public void logSuccess(HttpServletRequest httpServletRequest, String str) {
        String securedPath = getConfig().getContext().getSecuredPath();
        auditLog("SUCCESS", httpServletRequest, StringUtils.isEmpty(securedPath) ? "/" : securedPath, getClass().getName(), str, "");
    }

    public void logFailure(HttpServletRequest httpServletRequest, String str, String str2) {
        String securedPath = getConfig().getContext().getSecuredPath();
        auditLog(AbstractLifeCycle.FAILED, httpServletRequest, StringUtils.isEmpty(securedPath) ? "/" : securedPath, getClass().getName(), str, str2);
    }

    public String replaceVar(String str) {
        return getConfig().getContext().replaceVariables(str);
    }

    public static void auditLog(String str, HttpServletRequest httpServletRequest, String str2, String str3, String str4, String str5) {
        String scheme = httpServletRequest.getScheme();
        String header = httpServletRequest.getHeader("X-FORWARDED-FOR");
        if (header == null) {
            header = httpServletRequest.getRemoteAddr();
        }
        auditLog.info("{} | {} | {} | {} | {} | {} | {}", new Object[]{str, str4, str5, str2, scheme, header, str3});
    }

    public static void sendHttpRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        String header = httpServletRequest.getHeader(HttpHeaders.X_FORWARDED_PROTO);
        String header2 = httpServletRequest.getHeader(HttpHeaders.X_FORWARDED_HOST);
        if (StringUtils.startsWithIgnoreCase(str, "http://") || StringUtils.startsWithIgnoreCase(str, "https://")) {
            httpServletResponse.sendRedirect(str);
            return;
        }
        if (!StringUtils.isNotEmpty(header) || !StringUtils.isNotEmpty(header2)) {
            httpServletResponse.sendRedirect(str);
            return;
        }
        if (!StringUtils.startsWith(str, "/")) {
            String str2 = getContextPath(httpServletRequest.getServletContext()) + CommonUtil.toPath(httpServletRequest.getPathInfo());
            String str3 = str2.startsWith("/") ? str2 : "/" + str2;
            str = str2.substring(0, str2.lastIndexOf("/") + 1) + str;
        }
        httpServletResponse.sendRedirect(header + "://" + header2 + str);
    }

    public static String getContextPath(ServletContext servletContext) {
        String contextPath = servletContext.getContextPath();
        String property = System.getProperty(Constants.REVERSE_PROXY_CONTEXT_PATH);
        return property != null ? CommonUtil.toPath(property) : (contextPath == null || contextPath.equals("/") || contextPath.equals("")) ? "" : CommonUtil.toPath(contextPath);
    }
}
