package com.day.cq.auth.impl;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Arrays;
import java.util.Dictionary;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.jcr.SimpleCredentials;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.sling.commons.auth.spi.AuthenticationInfo;
import org.apache.sling.commons.osgi.OsgiUtil;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/day/cq/auth/impl/SsoAuthenticationHandler.class */
public class SsoAuthenticationHandler extends AbstractHTTPAuthHandler {
    private final Logger log = LoggerFactory.getLogger(getClass().getName());
    public static final String PROPERTY_HEADERS = "headers";
    public static final String PROPERTY_COOKIES = "cookies";
    public static final String PROPERTY_PARAMETERS = "parameters";
    public static final String PROPERTY_FORMAT = "format";
    public static final String PROPERTY_TRUSTED_CREDENTIALS_ATTRIBUTE = "trustedCredentialsAttribute";
    private static final String DESCRIPTION = "SSO Authentication Handler";
    private static final String FORMAT_BASIC = "Basic";
    private static final String FORMAT_REGEX = "Regex";
    private static final String FORMAT_ASIS = "AsIs";
    private static final String DEFAULT_FORMAT = "Basic";
    private static final String DEFAULT_TRUSTED_CREDENTIALS_ATTRIBUTE = "TrustedInfo";
    public static final String DEFAULT_COOKIE_NAME = "cqpsso";
    private String[] headerNames;
    private String[] cookieNames;
    private String[] parameterNames;
    private String format;
    private Pattern pattern;
    private Integer matchGroup;
    private String trustedCredentialsAttribute;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/day/cq/auth/impl/SsoAuthenticationHandler$SSOInfo.class */
    public static final class SSOInfo {
        public String ssoUid;
        public String providerId;

        public SSOInfo(String str, String str2, String str3) {
            this.ssoUid = str;
            this.providerId = str2 + ':' + str3;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.day.cq.auth.impl.AbstractHTTPAuthHandler
    public void configure(Dictionary<?, ?> dictionary) {
        super.configure(dictionary);
        this.headerNames = getConfigValues(dictionary, PROPERTY_HEADERS);
        this.cookieNames = getConfigValues(dictionary, PROPERTY_COOKIES);
        this.parameterNames = getConfigValues(dictionary, PROPERTY_PARAMETERS);
        this.format = OsgiUtil.toString(dictionary.get(PROPERTY_FORMAT), "Basic");
        this.trustedCredentialsAttribute = OsgiUtil.toString(dictionary.get(PROPERTY_TRUSTED_CREDENTIALS_ATTRIBUTE), DEFAULT_TRUSTED_CREDENTIALS_ATTRIBUTE);
        if (this.format.trim().length() == 0) {
            this.format = "Basic";
        }
        if (this.format.equals(FORMAT_ASIS)) {
            this.format = FORMAT_ASIS;
        } else if (this.format.equals("Basic")) {
            this.format = "Basic";
        } else {
            try {
                int lastIndexOf = this.format.lastIndexOf(124);
                String substring = lastIndexOf == -1 ? this.format : this.format.substring(0, lastIndexOf);
                if (lastIndexOf != -1) {
                    this.matchGroup = Integer.valueOf(this.format.substring(lastIndexOf + 1));
                }
                this.pattern = Pattern.compile(substring);
                this.format = FORMAT_REGEX;
            } catch (PatternSyntaxException e) {
                this.log.error("Unable to parse regexp: - defaulting to basic format!" + this.format, e);
                this.format = "Basic";
            }
        }
        Logger logger = this.log;
        Object[] objArr = new Object[5];
        objArr[0] = Arrays.toString(this.headerNames);
        objArr[1] = Arrays.toString(this.cookieNames);
        objArr[2] = Arrays.toString(this.parameterNames);
        objArr[3] = this.format == FORMAT_REGEX ? "Regex: " + this.pattern.pattern() : this.format;
        objArr[4] = this.trustedCredentialsAttribute;
        logger.debug("SSO Authentication Handler configured with header names: {}, cookie names: {}, parameter names: {}, header format: {}, trusted credential attribute: {}", objArr);
    }

    protected void deactivate(ComponentContext componentContext) {
        this.headerNames = null;
        this.cookieNames = null;
        this.parameterNames = null;
    }

    private String[] getConfigValues(Dictionary<?, ?> dictionary, String str) {
        String[] stringArray = OsgiUtil.toStringArray(dictionary.get(str));
        if (stringArray != null && stringArray.length == 1 && stringArray[0].trim().length() == 0) {
            stringArray = null;
        }
        return stringArray;
    }

    @Override // com.day.cq.auth.impl.AbstractHTTPAuthHandler
    public AuthenticationInfo extractCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        SSOInfo ssoUid = getSsoUid(httpServletRequest);
        if (ssoUid == null) {
            return super.extractCredentials(httpServletRequest, httpServletResponse);
        }
        String str = ssoUid.ssoUid;
        if (this.format == "Basic") {
            String[] decodeAuthorizationHeader = decodeAuthorizationHeader(str);
            if (decodeAuthorizationHeader == null || decodeAuthorizationHeader.length == 0) {
                this.log.info("Unable to decode authorization header {}", str);
                return null;
            }
            str = decodeAuthorizationHeader[0];
        } else if (this.format == FORMAT_REGEX) {
            Matcher matcher = this.pattern.matcher(str);
            if (!matcher.find()) {
                this.log.info("Value {} does not match expression {}.", str, this.pattern.pattern());
                return null;
            }
            int i = matcher.groupCount() > 0 ? 1 : 0;
            if (this.matchGroup != null) {
                i = this.matchGroup.intValue();
            }
            str = matcher.group(i);
        }
        this.log.debug("accepting trusted credentials, uid={} found in {}", str, ssoUid.providerId);
        SimpleCredentials simpleCredentials = new SimpleCredentials(str, "no_password_needed".toCharArray());
        simpleCredentials.setAttribute(this.trustedCredentialsAttribute, ssoUid.providerId);
        AuthenticationInfo authenticationInfo = new AuthenticationInfo("SSO");
        authenticationInfo.put("user.jcr.credentials", simpleCredentials);
        return authenticationInfo;
    }

    @Override // com.day.cq.auth.impl.AbstractHTTPAuthHandler
    protected String getLoginPage(HttpServletRequest httpServletRequest) {
        return null;
    }

    @Override // com.day.cq.auth.impl.AbstractHTTPAuthHandler
    protected String getRealm(HttpServletRequest httpServletRequest) {
        return null;
    }

    public String toString() {
        return DESCRIPTION;
    }

    private SSOInfo getSsoUid(HttpServletRequest httpServletRequest) {
        SSOInfo ssoUidFromHeader = getSsoUidFromHeader(httpServletRequest);
        if (ssoUidFromHeader != null) {
            return ssoUidFromHeader;
        }
        SSOInfo ssoUidFromCookie = getSsoUidFromCookie(httpServletRequest);
        if (ssoUidFromCookie != null) {
            return ssoUidFromCookie;
        }
        SSOInfo ssoUidFromParameter = getSsoUidFromParameter(httpServletRequest);
        if (ssoUidFromParameter != null) {
            return ssoUidFromParameter;
        }
        return null;
    }

    private SSOInfo getSsoUidFromHeader(HttpServletRequest httpServletRequest) {
        if (this.headerNames == null) {
            return null;
        }
        for (int i = 0; i < this.headerNames.length; i++) {
            String header = httpServletRequest.getHeader(this.headerNames[i]);
            if (header != null) {
                this.log.debug("found header {}={}", this.headerNames[i], header);
                return new SSOInfo(header, "header", this.headerNames[i]);
            }
        }
        return null;
    }

    private SSOInfo getSsoUidFromParameter(HttpServletRequest httpServletRequest) {
        if (this.parameterNames == null) {
            return null;
        }
        for (int i = 0; i < this.parameterNames.length; i++) {
            String parameter = httpServletRequest.getParameter(this.parameterNames[i]);
            if (parameter != null) {
                this.log.debug("found parameter {}={}", this.parameterNames[i], parameter);
                return new SSOInfo(parameter, "parameter", this.parameterNames[i]);
            }
        }
        return null;
    }

    private SSOInfo getSsoUidFromCookie(HttpServletRequest httpServletRequest) {
        Cookie[] cookies;
        if (this.cookieNames == null || (cookies = httpServletRequest.getCookies()) == null) {
            return null;
        }
        for (int i = 0; i < this.cookieNames.length; i++) {
            for (int i2 = 0; i2 < cookies.length; i2++) {
                if (this.cookieNames[i].equalsIgnoreCase(cookies[i2].getName())) {
                    this.log.debug("found cookie {}={}", this.cookieNames[i], cookies[i2].getValue());
                    String value = cookies[i2].getValue();
                    try {
                        value = URLDecoder.decode(value, "UTF-8");
                    } catch (UnsupportedEncodingException e) {
                    }
                    return new SSOInfo(value, "cookie", this.cookieNames[i]);
                }
            }
        }
        return null;
    }

    private String[] decodeAuthorizationHeader(String str) {
        String[] split = str.split(" ");
        if (split.length < 2) {
            this.log.info("decodeAuthorizationHeader: Not a valid Authorization header {}", str);
            return null;
        }
        String str2 = split[0];
        String str3 = split[1];
        if (!str2.equalsIgnoreCase("Basic")) {
            this.log.info("decodeAuthorizationHeader: Unsupported HTTP authentication scheme {}", str2);
            return null;
        }
        try {
            String str4 = new String(Base64.decodeBase64(str3.getBytes("ISO-8859-1")), "ISO-8859-1");
            return str4.indexOf(58) == -1 ? new String[]{str4} : str4.split(":", 2);
        } catch (UnsupportedEncodingException e) {
            this.log.error("decodeAuthorizationHeader: Cannot en/decode authentication info", e);
            return null;
        }
    }

    @Override // com.day.cq.auth.impl.AbstractHTTPAuthHandler
    public /* bridge */ /* synthetic */ void dropCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        super.dropCredentials(httpServletRequest, httpServletResponse);
    }

    @Override // com.day.cq.auth.impl.AbstractHTTPAuthHandler
    public /* bridge */ /* synthetic */ boolean requestCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        return super.requestCredentials(httpServletRequest, httpServletResponse);
    }
}
