package org.craftercms.studio.impl.v1.service.security;

import java.util.ArrayList;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.commons.http.RequestContext;
import org.craftercms.studio.api.v1.dal.DependencyMapper;
import org.craftercms.studio.api.v1.dal.Group;
import org.craftercms.studio.api.v1.dal.SiteFeed;
import org.craftercms.studio.api.v1.dal.User;
import org.craftercms.studio.api.v1.exception.SiteNotFoundException;
import org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException;
import org.craftercms.studio.api.v1.exception.security.BadCredentialsException;
import org.craftercms.studio.api.v1.exception.security.GroupAlreadyExistsException;
import org.craftercms.studio.api.v1.exception.security.GroupNotFoundException;
import org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException;
import org.craftercms.studio.api.v1.exception.security.UserNotFoundException;
import org.craftercms.studio.api.v1.log.Logger;
import org.craftercms.studio.api.v1.log.LoggerFactory;
import org.craftercms.studio.api.v1.service.activity.ActivityService;
import org.craftercms.studio.api.v1.util.StudioConfiguration;

/* loaded from: input_file:org/craftercms/studio/impl/v1/service/security/AuthenticationHeadersSecurityProvider.class */
public class AuthenticationHeadersSecurityProvider extends DbWithLdapExtensionSecurityProvider {
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationHeadersSecurityProvider.class);

    @Override // org.craftercms.studio.impl.v1.service.security.DbWithLdapExtensionSecurityProvider, org.craftercms.studio.impl.v1.service.security.DbSecurityProvider, org.craftercms.studio.api.v1.service.security.SecurityProvider
    public String authenticate(String str, String str2) throws BadCredentialsException, AuthenticationSystemException {
        if (!isAuthenticationHeadersEnabled()) {
            logger.debug("Authentication using headers disabled. Switching to other security provider(s).", new Object[0]);
            return super.authenticate(str, str2);
        }
        logger.debug("Authenticating user using authentication headers.", new Object[0]);
        RequestContext current = RequestContext.getCurrent();
        if (current != null) {
            HttpServletRequest request = current.getRequest();
            String header = request.getHeader(this.studioConfiguration.getProperty(StudioConfiguration.AUTHENTICATION_HEADERS_SECURE_KEY_HEADER_NAME));
            String property = this.studioConfiguration.getProperty(StudioConfiguration.AUTHENTICATION_HEADERS_SECURE_KEY_HEADER_VALUE);
            logger.debug("Verifying authentication header secure key.", new Object[0]);
            if (StringUtils.equals(header, property)) {
                String header2 = request.getHeader(this.studioConfiguration.getProperty(StudioConfiguration.AUTHENTICATION_HEADERS_USERNAME));
                String header3 = request.getHeader(this.studioConfiguration.getProperty(StudioConfiguration.AUTHENTICATION_HEADERS_FIRST_NAME));
                String header4 = request.getHeader(this.studioConfiguration.getProperty(StudioConfiguration.AUTHENTICATION_HEADERS_LAST_NAME));
                String header5 = request.getHeader(this.studioConfiguration.getProperty(StudioConfiguration.AUTHENTICATION_HEADERS_EMAIL));
                String header6 = request.getHeader(this.studioConfiguration.getProperty(StudioConfiguration.AUTHENTICATION_HEADERS_GROUPS));
                if (!userExists(header2)) {
                    logger.debug("User does not exist in studio db. Adding user " + header2, new Object[0]);
                    try {
                        if (createUser(header2, str2, header3, header4, header5, true)) {
                            ActivityService.ActivityType activityType = ActivityService.ActivityType.CREATED;
                            HashMap hashMap = new HashMap();
                            hashMap.put("contentType", "user");
                            this.activityService.postActivity(getSystemSite(), header2, header2, activityType, ActivityService.ActivitySource.API, hashMap);
                        }
                    } catch (UserAlreadyExistsException e) {
                        logger.error("Error adding user " + str + " from authentication headers", e, new Object[0]);
                        throw new AuthenticationSystemException("Error adding user " + str + " from external authentication provider", e);
                    }
                } else if (StringUtils.isNoneEmpty(new CharSequence[]{header3, header4, header5})) {
                    logger.debug("If user already exists in studio DB, update details.", new Object[0]);
                    try {
                        if (updateUserInternal(header2, header3, header4, header5)) {
                            ActivityService.ActivityType activityType2 = ActivityService.ActivityType.UPDATED;
                            HashMap hashMap2 = new HashMap();
                            hashMap2.put("contentType", "user");
                            this.activityService.postActivity(getSystemSite(), header2, header2, activityType2, ActivityService.ActivitySource.API, hashMap2);
                        }
                    } catch (UserNotFoundException e2) {
                        logger.error("Error updating user " + str + " with data from authentication headers", e2, new Object[0]);
                        throw new AuthenticationSystemException("Error updating user " + str + " with data from external authentication provider", e2);
                    }
                }
                User user = new User();
                user.setUsername(header2);
                user.setFirstname(header3);
                user.setLastname(header4);
                user.setEmail(header5);
                user.setGroups(new ArrayList());
                logger.debug("Update user groups in database.", new Object[0]);
                if (StringUtils.isNoneEmpty(new CharSequence[]{header6})) {
                    String[] split = header6.split(",");
                    if (split.length % 2 == 0) {
                        for (int i = 0; i < split.length; i += 2) {
                            String str3 = split[i];
                            HashMap hashMap3 = new HashMap();
                            hashMap3.put(DependencyMapper.SITE_ID_PARAM, str3);
                            SiteFeed site = this.siteFeedMapper.getSite(hashMap3);
                            if (site != null) {
                                Group group = new Group();
                                group.setName(split[i + 1]);
                                group.setExternallyManaged(1);
                                group.setDescription("Externally managed group");
                                group.setSiteId(site.getId());
                                group.setSite(site.getSiteId());
                                user.getGroups().add(group);
                                try {
                                    upsertUserGroup(str3, group.getName(), header2);
                                } catch (SiteNotFoundException | GroupAlreadyExistsException | GroupNotFoundException | UserAlreadyExistsException | UserNotFoundException e3) {
                                    logger.error("Failed to upsert user groups data from authentication headers, site ID: " + str3 + " group: " + group.getName() + " username: " + header2, e3, new Object[0]);
                                }
                            }
                        }
                    }
                }
                String createToken = createToken(user);
                storeSessionTicket(createToken);
                storeSessionUsername(str);
                return createToken;
            }
        }
        logger.debug("Unable to authenticate user using authentication headers. Switching to other security provider(s).", new Object[0]);
        return super.authenticate(str, str2);
    }

    protected boolean isAuthenticationHeadersEnabled() {
        return Boolean.parseBoolean(this.studioConfiguration.getProperty(StudioConfiguration.AUTHENTICATION_HEADERS_ENABLED));
    }
}
