package com.day.cq.auth.impl;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.Predicate;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Modified;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.auth.core.AuthUtil;
import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.apache.sling.commons.osgi.OsgiUtil;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceRegistration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(label = "%auth.loginselector.name", description = "%auth.loginselector.description", name = "com.day.cq.auth.impl.LoginSelectorHandler", metatype = true)
@Properties({@Property(name = "path", value = {"/"}), @Property(name = "service.ranking", intValue = {5000}, propertyPrivate = false), @Property(name = LoginSelectorHandler.PROPERTY_MAPPINGS_NAME, label = "%auth.loginselector.mappings.name", description = "%auth.loginselector.mappings.description", cardinality = 100), @Property(name = LoginSelectorHandler.PROPERTY_DEFAULT_LOGIN_PAGE_NAME, label = "%auth.loginselector.defaultloginpage.name", description = "%auth.loginselector.defaultloginpage.description", value = {"/libs/cq/core/content/login"})})
/* loaded from: input_file:com/day/cq/auth/impl/LoginSelectorHandler.class */
public class LoginSelectorHandler implements AuthenticationHandler {

    @Property(name = "service.description")
    private static final String DESCRIPTION = "Day CQ Login Selector Authentication Handler";
    static final String PROPERTY_MAPPINGS_NAME = "auth.loginselector.mappings";
    static final String PROPERTY_DEFAULT_LOGIN_PAGE_NAME = "auth.loginselector.defaultloginpage";
    private static final String PAR_LOOP_PROTECT = "$$login$$";
    private static final String[] DEFAULT_HANDLE_REGEXP = {"html", "htm"};

    @Property(cardinality = 2000, value = {"html", "htm"})
    private static final String PROPERTY_HANDLE_REGEXP = "auth.loginselector.handle";

    @Reference
    private ResourceResolverFactory resourceResolverFactory;

    @Reference(cardinality = ReferenceCardinality.OPTIONAL_UNARY, policy = ReferencePolicy.DYNAMIC)
    private CugSupport cugSupport;
    private final Logger log = LoggerFactory.getLogger(LoginSelectorHandler.class);
    private ResourceResolver resolver;
    private String[] handleExtensions;
    private List<Mapping> loginMappings;
    private String defaultLoginPath;
    private BundleContext bundleContext;
    private Map<String, Object> properties;
    private ServiceRegistration registration;

    /* loaded from: input_file:com/day/cq/auth/impl/LoginSelectorHandler$IESaveRedirectSupportResponse.class */
    private static class IESaveRedirectSupportResponse extends HttpServletResponseWrapper {
        public IESaveRedirectSupportResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            super(httpServletResponse);
        }

        public void sendRedirect(String str) throws IOException {
            setStatus(200);
            setContentType("text/html");
            setCharacterEncoding("UTF-8");
            setHeader("Cache-control", "no-cache");
            addHeader("Cache-control", "no-store");
            setHeader("Dispatcher", "no-cache");
            setHeader("Pragma", "no-cache");
            setHeader("Expires", "0");
            PrintWriter writer = getWriter();
            writer.write("<html><head><script type=\"text/javascript\">");
            writer.write("var u=\"");
            writer.write(str);
            writer.write("\"; if ( window.location.hash) {");
            writer.write("u = u + window.location.hash;");
            writer.write("} document.location = u;");
            writer.write("</script></head><body>");
            writer.write("<!-- QUICKSTART_HOMEPAGE - (string used for readyness detection, do not remove) -->");
            writer.write("</body></html>");
            writer.flush();
            flushBuffer();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/day/cq/auth/impl/LoginSelectorHandler$Mapping.class */
    public static final class Mapping {
        private String loginPath;
        private String treePath;

        static Mapping create(String str) {
            String[] split = StringUtils.split(str, ':');
            if (split.length == 2) {
                return new Mapping(split[0], split[1]);
            }
            return null;
        }

        private Mapping(String str, String str2) {
            this.loginPath = str;
            this.treePath = str2;
        }

        public String getLoginPath() {
            return this.loginPath;
        }

        public String getTreePath() {
            return this.treePath;
        }

        public String toString() {
            return "Mapping{loginPath='" + this.loginPath + "', treePath='" + this.treePath + "'}";
        }

        public boolean handles(String str) {
            return StringUtils.startsWith(str, getTreePath());
        }
    }

    public AuthenticationInfo extractCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return null;
    }

    public boolean requestCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (isRequestIgnored(httpServletRequest)) {
            this.log.debug("requestCredentials: Not requesting credentials for this request");
            return false;
        }
        if (isRequestForbidden(httpServletRequest)) {
            this.log.debug("requestCredentials: Access forbidden");
            httpServletRequest.setAttribute("j_reason", "Authentication Failed");
            AuthUtil.sendInvalid(httpServletRequest, httpServletResponse);
            return true;
        }
        if (httpServletRequest.getParameter(PAR_LOOP_PROTECT) != null) {
            this.log.error("requestCredentials: Abort login due to apparent misconfiguration.");
            this.log.error("requestCredentials: Possible reasons: login page not existing or not accessible");
            httpServletRequest.setAttribute("j_reason", "Authentication Failed");
            AuthUtil.sendInvalid(httpServletRequest, httpServletResponse);
            return true;
        }
        String cugRootLoginPage = getCugRootLoginPage(httpServletRequest);
        if (cugRootLoginPage == null) {
            cugRootLoginPage = getMappingLoginPage(httpServletRequest);
            if (cugRootLoginPage == null && this.defaultLoginPath != null && resolve(this.defaultLoginPath) != null) {
                cugRootLoginPage = this.defaultLoginPath;
                this.log.debug("requestCredentials: using default login page [{}] for request [{}].", cugRootLoginPage, httpServletRequest.getRequestURI());
            }
            if (cugRootLoginPage == null) {
                cugRootLoginPage = "/system/sling/cqform/defaultlogin";
            }
        }
        if (!StringUtils.isNotBlank(cugRootLoginPage)) {
            this.log.debug("no login mapping or default login page defined, not redirecting.");
            return false;
        }
        String rewrite = rewrite(httpServletRequest, cugRootLoginPage);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("resource", AuthUtil.getLoginResource(httpServletRequest, (String) null));
        linkedHashMap.put(PAR_LOOP_PROTECT, PAR_LOOP_PROTECT);
        if (httpServletRequest.getAttribute("j_reason") != null) {
            Object attribute = httpServletRequest.getAttribute("j_reason");
            linkedHashMap.put("j_reason", attribute instanceof Enum ? ((Enum) attribute).name() : attribute.toString());
        }
        try {
            this.log.debug("redirected user to [{}] for request [{}].", rewrite, httpServletRequest.getRequestURI());
            AuthUtil.sendRedirect(httpServletRequest, new IESaveRedirectSupportResponse(httpServletRequest, httpServletResponse), rewrite, linkedHashMap);
            return true;
        } catch (IOException e) {
            this.log.error("Failed to redirect to the login form " + rewrite, e);
            return true;
        }
    }

    private String rewrite(HttpServletRequest httpServletRequest, String str) {
        return this.resolver.map(httpServletRequest, StringUtils.endsWith(str, ".html") ? str : str.concat(".html"));
    }

    public void dropCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
    }

    @Activate
    private void activate(BundleContext bundleContext, Map<String, Object> map) {
        this.bundleContext = bundleContext;
        try {
            this.resolver = this.resourceResolverFactory.getResourceResolver((Map) null);
            configure(bundleContext, map);
        } catch (LoginException e) {
            this.log.error("error accessing resolver: ", e);
        }
    }

    @Modified
    private void configure(BundleContext bundleContext, Map<String, Object> map) {
        Map<String, Object> hashMap = map != null ? map : new HashMap<>();
        ArrayList arrayList = new ArrayList();
        for (String str : OsgiUtil.toStringArray(hashMap.get(PROPERTY_MAPPINGS_NAME), new String[0])) {
            Mapping create = Mapping.create(str);
            if (create != null) {
                arrayList.add(create);
                this.log.info("configure: added mapping [{}] from service config.", create);
            } else {
                this.log.warn("configure: invalid mapping [{}] defined in service configuration.", str);
            }
        }
        String osgiUtil = OsgiUtil.toString(hashMap.get(PROPERTY_DEFAULT_LOGIN_PAGE_NAME), null);
        this.log.debug("configure: defaultLoginPath={}", osgiUtil == null ? "-" : osgiUtil);
        String[] validatedExtensions = getValidatedExtensions(OsgiUtil.toStringArray(hashMap.get(PROPERTY_HANDLE_REGEXP)));
        if (validatedExtensions.length == 0) {
            validatedExtensions = DEFAULT_HANDLE_REGEXP;
        }
        this.log.debug("configure: auth.loginselector.handle={}", Arrays.asList(validatedExtensions));
        if (null != this.registration) {
            this.registration.unregister();
            this.registration = null;
        }
        this.properties = hashMap;
        this.handleExtensions = validatedExtensions;
        this.loginMappings = arrayList;
        this.defaultLoginPath = osgiUtil;
        this.registration = this.bundleContext.registerService(AuthenticationHandler.class.getName(), this, getProperties());
    }

    private static String[] getValidatedExtensions(String[] strArr) {
        String[] strArr2 = new String[0];
        if (null != strArr) {
            for (String str : strArr) {
                if (str != null) {
                    strArr2 = (String[]) ArrayUtils.add(strArr2, str);
                }
            }
        }
        return strArr2;
    }

    @Deactivate
    private void deactivate(BundleContext bundleContext) {
        if (this.registration != null) {
            this.registration.unregister();
            this.registration = null;
        }
        if (this.resolver != null) {
            this.resolver.close();
            this.resolver = null;
        }
    }

    private boolean isRequestIgnored(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("User-Agent");
        if (header != null && (header.contains("Mozilla") || header.contains("Opera"))) {
            return false;
        }
        this.log.debug("ignoreRequest: Ignoring non-browser request from User-Agent {}", header == null ? "unknown" : header);
        return true;
    }

    private boolean isRequestForbidden(HttpServletRequest httpServletRequest) {
        String pathInfo = httpServletRequest.getPathInfo();
        String method = httpServletRequest.getMethod();
        if (!"GET".equals(method) && !"HEAD".equals(method) && (!"POST".equals(method) || pathInfo == null || !pathInfo.endsWith("/j_security_check"))) {
            this.log.debug("ignoreRequest: Ignoring non-GET request {} {}", method, pathInfo == null ? "" : pathInfo);
            return true;
        }
        if (httpServletRequest.getHeader("Referer") == null) {
            this.log.debug("ignoreRequest: Handle request {} without referer", httpServletRequest.getRequestURI());
            return false;
        }
        if (pathInfo == null || pathInfo.length() == 0 || pathInfo.endsWith("/")) {
            this.log.debug("ignoreRequest: Handle request {} without extension", pathInfo == null ? "" : pathInfo);
            return false;
        }
        String substring = pathInfo.substring(pathInfo.lastIndexOf(47) + 1);
        int lastIndexOf = substring.lastIndexOf(46);
        String substring2 = lastIndexOf < 0 ? "" : substring.substring(lastIndexOf + 1);
        if (substring2.length() == 0) {
            this.log.debug("ignoreRequest: Handle request {} without extension", pathInfo);
            return false;
        }
        for (String str : this.handleExtensions) {
            if (substring2.equals(str)) {
                this.log.debug("ignoreRequest: Extension {} of request {} is being handled", substring2, pathInfo);
                return false;
            }
        }
        this.log.debug("ignoreRequest: Extension {} of request {} is not handled", substring2, pathInfo);
        return true;
    }

    private String getCugRootLoginPage(HttpServletRequest httpServletRequest) {
        CugSupport cugSupport = this.cugSupport;
        if (cugSupport != null) {
            return cugSupport.getLoginPage(httpServletRequest);
        }
        return null;
    }

    private String getMappingLoginPage(final HttpServletRequest httpServletRequest) {
        Mapping mapping = (Mapping) CollectionUtils.find(this.loginMappings, new Predicate() { // from class: com.day.cq.auth.impl.LoginSelectorHandler.1
            public boolean evaluate(Object obj) {
                return ((Mapping) obj).handles(httpServletRequest.getRequestURI());
            }
        });
        if (mapping == null) {
            return null;
        }
        this.log.debug("found mapping [{}] for request [{}].", mapping, httpServletRequest.getRequestURI());
        String loginPath = mapping.getLoginPath();
        if (resolve(loginPath) != null) {
            return loginPath;
        }
        return null;
    }

    private Dictionary<String, Object> getProperties() {
        Hashtable hashtable = new Hashtable();
        for (String str : this.properties.keySet()) {
            hashtable.put(str, this.properties.get(str));
        }
        HashSet hashSet = new HashSet();
        if (StringUtils.isNotBlank(this.defaultLoginPath)) {
            hashSet.add("-" + toRawPath(this.defaultLoginPath));
        }
        Iterator<Mapping> it = this.loginMappings.iterator();
        while (it.hasNext()) {
            hashSet.add("-" + toRawPath(it.next().getLoginPath()));
        }
        hashtable.put("sling.auth.requirements", hashSet.toArray(new String[hashSet.size()]));
        return hashtable;
    }

    private String toRawPath(String str) {
        Resource resolve;
        return (this.resolver == null || (resolve = resolve(str)) == null) ? str : this.resolver.map(resolve.getPath());
    }

    private Resource resolve(String str) {
        Resource resolve = this.resolver.resolve(str);
        if (ResourceUtil.isNonExistingResource(resolve)) {
            return null;
        }
        return resolve;
    }

    protected void bindResourceResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        this.resourceResolverFactory = resourceResolverFactory;
    }

    protected void unbindResourceResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        if (this.resourceResolverFactory == resourceResolverFactory) {
            this.resourceResolverFactory = null;
        }
    }

    protected void bindCugSupport(CugSupport cugSupport) {
        this.cugSupport = cugSupport;
    }

    protected void unbindCugSupport(CugSupport cugSupport) {
        if (this.cugSupport == cugSupport) {
            this.cugSupport = null;
        }
    }
}
