package com.edulib.muse.proxy.authentication.jaas;

import com.edulib.ice.security.ICESubject;
import com.edulib.ice.util.ICEBase64;
import com.edulib.muse.proxy.Constants;
import com.edulib.muse.proxy.authentication.AuthenticationResult;
import com.edulib.muse.proxy.authentication.RequestAuthenticationException;
import com.edulib.muse.proxy.core.MuseProxy;
import com.edulib.muse.proxy.core.Request;
import com.edulib.muse.proxy.handler.RequestHandler;
import com.edulib.muse.proxy.handler.proxy.RequestAuthenticationContext;
import com.edulib.muse.proxy.handler.proxy.mapping.RequestMappingProxy;
import com.edulib.muse.proxy.util.MuseProxyServerUtils;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.StringTokenizer;

/* loaded from: input_file:install/data/c209c5bada6eba92aa597d306a6100b8/2.1.0.1/assembly.dat:e75c885eac0327b66751203a611f6cda/museproxy.jar:com/edulib/muse/proxy/authentication/jaas/RequestHandlerAuthenticatorProxy.class */
public class RequestHandlerAuthenticatorProxy {
    public static final String REQUEST_ATTRIBUTE_AUTHORIZED_CACHE_KEY = "AuthorizedCacheKey";
    protected RequestHandler requestHandler;
    protected AuthorizedCacheProxy authorizedCache;
    protected String jaasContext;
    protected String jaasUserGroup;
    protected List<RequestMappingProxy> requestMappingsList;

    /* loaded from: input_file:install/data/c209c5bada6eba92aa597d306a6100b8/2.1.0.1/assembly.dat:e75c885eac0327b66751203a611f6cda/museproxy.jar:com/edulib/muse/proxy/authentication/jaas/RequestHandlerAuthenticatorProxy$RequestHandlerAuthenticationResult.class */
    public enum RequestHandlerAuthenticationResult {
        SUCCESS,
        FAILED,
        ERROR
    }

    public RequestHandlerAuthenticatorProxy(RequestHandler requestHandler, AuthorizedCacheProxy authorizedCacheProxy, List<RequestMappingProxy> list) {
        this.requestHandler = null;
        this.authorizedCache = null;
        this.requestHandler = requestHandler;
        this.authorizedCache = authorizedCacheProxy;
        this.requestMappingsList = list;
    }

    protected void preProcessRequest(Request request) throws RequestAuthenticationException {
        extractAccessDetailsFromRequest(request);
        RequestAuthenticationContext requestAuthenticationContext = getRequestAuthenticationContext(request);
        if (requestAuthenticationContext == null) {
            return;
        }
        this.jaasContext = requestAuthenticationContext.getJaasContext();
        this.jaasUserGroup = requestAuthenticationContext.getJaasUserGroup();
        if (((String) request.getAttribute("ThisProxyAuthorizationUserName")) != null || requestAuthenticationContext.getDefaultJaasUserName() == null) {
            return;
        }
        request.setAttribute("ThisProxyAuthorizationUserName", requestAuthenticationContext.getDefaultJaasUserName());
        request.setAttribute("ThisProxyAuthorizationUserPassword", requestAuthenticationContext.getDefaultJaasUserPassword());
    }

    public boolean handleRequest(Request request) throws RequestAuthenticationException {
        return authenticateRequest(request);
    }

    private boolean authenticateRequest(Request request) throws RequestAuthenticationException {
        boolean z;
        preProcessRequest(request);
        String str = "";
        if (request.getClient() != null && request.getClient().getSocket() != null && request.getClient().getSocket().getInetAddress() != null) {
            str = request.getClient().getSocket().getInetAddress().getHostAddress();
        }
        String id = this.requestHandler.getParentHandler() != null ? this.requestHandler.getParentHandler().getId() : "";
        MuseProxy.getStatistics().log(300, this, "310", id, (String) request.getAttribute("ThisProxyAuthorizationUserName"), str);
        boolean isAuthorizedRequest = isAuthorizedRequest(request);
        long j = 0;
        if (isAuthorizedRequest) {
            z = true;
            String str2 = (String) request.getAttribute(REQUEST_ATTRIBUTE_AUTHORIZED_CACHE_KEY);
            j = this.authorizedCache.getValidity(str2);
            MuseProxy.log(4, this, "[connection.id=" + id + "] Authorization still valid for " + this.authorizedCache.getValidity(str2) + " milliseconds for the key: \"" + str2 + "\".");
        } else {
            MuseProxy.log(4, this, "[connection.id=" + id + "] Entry which corresponds to the request containing the URL: \"" + request.getURL() + "\" is not in cache or expired.");
            z = authorize(request, this.jaasContext, true);
        }
        if (!z) {
            MuseProxy.log(1, this, "[connection.id=" + id + "] Authentication for the request containing the URL: \"" + request.getURL() + "\" has failed.");
        }
        int i = 0;
        if (this.authorizedCache != null) {
            i = this.authorizedCache.getNumberOfEntries();
        }
        MuseProxy.getStatistics().log(300, this, "390", id, (String) request.getAttribute(REQUEST_ATTRIBUTE_AUTHORIZED_CACHE_KEY), "" + i, "" + z, "" + isAuthorizedRequest, "" + j);
        return z;
    }

    public boolean authorize(Request request, String str, boolean z) throws RequestAuthenticationException {
        boolean z2 = false;
        String id = this.requestHandler.getParentHandler() != null ? this.requestHandler.getParentHandler().getId() : "";
        String str2 = (String) request.getAttribute("ThisProxyAuthorizationUserName");
        String str3 = (String) request.getAttribute("ThisProxyAuthorizationUserPassword");
        String str4 = this.jaasUserGroup;
        String hostAddress = request.getClient().getSocket().getInetAddress().getHostAddress();
        String str5 = "" + request.getPort();
        if (str2 == null) {
            str2 = str;
            str3 = "";
        }
        Authenticator authenticator = new Authenticator();
        authenticator.setConnectionId(id);
        authenticator.setJaasContext(str);
        authenticator.setUserName(str2);
        authenticator.setUserPassword(str3);
        authenticator.setUserAddress(hostAddress);
        authenticator.setUserGroup(str4);
        authenticator.setRemotePort(str5);
        AuthenticationResult authenticateUser = authenticator.authenticateUser();
        if (authenticateUser.isAuthenticated()) {
            AuthorizationEntry authorizationEntry = new AuthorizationEntry((ICESubject) authenticateUser.getAuthenticationProperty(AuthenticationResult.AUTHENTICATION_PROPERTY_ICE_SUBJECT));
            String computeAuthorizedCacheKey = computeAuthorizedCacheKey(request, true);
            if (z && !this.authorizedCache.isAuthorized(computeAuthorizedCacheKey)) {
                synchronized (this.authorizedCache) {
                    this.authorizedCache.addEntry(computeAuthorizedCacheKey, authorizationEntry);
                }
            }
            z2 = true;
        }
        return z2;
    }

    protected boolean isAuthorizedRequest(Request request) {
        boolean z = false;
        if (this.authorizedCache.isAuthorized(computeAuthorizedCacheKey(request, true))) {
            z = true;
        }
        return z;
    }

    public String computeAuthorizedCacheKey(Request request, boolean z) {
        String str = (String) request.getAttribute(REQUEST_ATTRIBUTE_AUTHORIZED_CACHE_KEY);
        if (str != null && str.length() > 0) {
            return str;
        }
        String computeCacheKey = this.authorizedCache.computeCacheKey(this, request);
        if (z) {
            request.setAttribute(REQUEST_ATTRIBUTE_AUTHORIZED_CACHE_KEY, computeCacheKey);
        }
        return computeCacheKey;
    }

    public String getJaasContext() {
        return this.jaasContext;
    }

    public String getJaasUserGroup() {
        return this.jaasUserGroup;
    }

    private void extractAccessDetailsFromRequest(Request request) {
        request.removeAttribute("ThisProxyAuthorizationUserName");
        request.removeAttribute("ThisProxyAuthorizationUserPassword");
        if (request.containsHeaderField(Constants.PROXY_AUTHORIZATION)) {
            try {
                String headerField = request.getHeaderField(Constants.PROXY_AUTHORIZATION);
                if (headerField == null || headerField.length() == 0) {
                    MuseProxy.log(1, this, "[connection.id=" + (this.requestHandler.getParentHandler() != null ? this.requestHandler.getParentHandler().getId() : "") + "] Invalid value for " + Constants.PROXY_AUTHORIZATION + " header: \"" + headerField + "\".");
                } else {
                    String str = null;
                    String str2 = null;
                    StringTokenizer stringTokenizer = new StringTokenizer(headerField, " ");
                    if (stringTokenizer.nextToken().equalsIgnoreCase("basic")) {
                        StringTokenizer stringTokenizer2 = new StringTokenizer(new String(ICEBase64.decode(stringTokenizer.nextToken())), ":");
                        str = stringTokenizer2.nextToken();
                        str2 = stringTokenizer2.countTokens() == 1 ? stringTokenizer2.nextToken() : new String("");
                    }
                    if (str != null && str2 != null) {
                        request.setAttribute("ThisProxyAuthorizationUserName", str);
                        request.setAttribute("ThisProxyAuthorizationUserPassword", str2);
                    }
                }
            } catch (NoSuchElementException e) {
            }
            request.removeHeaderField(Constants.PROXY_AUTHORIZATION);
        }
    }

    private RequestAuthenticationContext getRequestAuthenticationContext(Request request) throws RequestAuthenticationException {
        RequestAuthenticationContext mappedObject;
        RequestAuthenticationContext requestAuthenticationContext = null;
        ArrayList arrayList = new ArrayList();
        synchronized (this.requestMappingsList) {
            arrayList.addAll(this.requestMappingsList);
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            try {
                mappedObject = ((RequestMappingProxy) it.next()).getMappedObject(request);
                requestAuthenticationContext = mappedObject;
            } catch (Exception e) {
                MuseProxy.log(4, this, "[connection.id=" + (this.requestHandler.getParentHandler() != null ? this.requestHandler.getParentHandler().getId() : "") + "] " + MuseProxyServerUtils.getStackTrace(e));
            }
            if (mappedObject != null) {
                break;
            }
        }
        arrayList.clear();
        if (requestAuthenticationContext == null) {
            throw new RequestAuthenticationException("Cannot assign proxy Request Authentication Context for the request: " + request);
        }
        return requestAuthenticationContext;
    }
}
