package org.josso.alfresco.agent;

import java.io.IOException;
import java.io.Serializable;
import java.util.Enumeration;
import java.util.HashMap;
import javax.faces.context.FacesContext;
import javax.security.auth.Subject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.transaction.UserTransaction;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.TicketComponent;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.QName;
import org.alfresco.web.app.servlet.FacesHelper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.josso.agent.Lookup;
import org.josso.agent.http.HttpSSOAgent;
import org.josso.gateway.SSONameValuePair;
import org.josso.gateway.identity.SSOUser;
import org.josso.gateway.identity.service.SSOIdentityManagerService;
import org.springframework.beans.BeansException;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:org/josso/alfresco/agent/AlfrescoSSOAgentFilter.class */
public class AlfrescoSSOAgentFilter implements Filter {
    private static final String KEY_SESSION_MAP = "org.josso.servlet.agent.sessionMap";
    private ServletContext _ctx;
    private HttpSSOAgent _agent;
    private ServiceRegistry serviceRegistry;
    private PersonService personService;
    private PermissionService permissionService;
    private MutableAuthenticationService authenticationService;
    private AuthenticationComponent authComponent;
    private TicketComponent ticketComponent;
    private static final Log logger = LogFactory.getLog(AlfrescoSSOAgentFilter.class);

    public void init(FilterConfig filterConfig) throws ServletException {
        this._ctx = filterConfig.getServletContext();
        WebApplicationContext requiredWebApplicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(this._ctx);
        this._ctx.setAttribute(KEY_SESSION_MAP, new HashMap());
        if (this._agent == null) {
            try {
                Lookup lookup = Lookup.getInstance();
                lookup.init("josso-agent-config.xml");
                this._agent = lookup.lookupSSOAgent();
                if (logger.isDebugEnabled()) {
                    this._agent.setDebug(1);
                }
                this._agent.start();
                filterConfig.getServletContext().setAttribute("org.josso.agent", this._agent);
            } catch (Exception e) {
                throw new ServletException("Error starting SSO Agent : " + e.getMessage(), e);
            }
        }
        try {
            this.serviceRegistry = (ServiceRegistry) requiredWebApplicationContext.getBean("ServiceRegistry");
            this.authenticationService = this.serviceRegistry.getAuthenticationService();
            this.personService = this.serviceRegistry.getPersonService();
            this.permissionService = (PermissionService) requiredWebApplicationContext.getBean("PermissionService");
            this.authComponent = (AuthenticationComponent) requiredWebApplicationContext.getBean("AuthenticationComponent");
            this.ticketComponent = (TicketComponent) requiredWebApplicationContext.getBean("ticketComponent");
        } catch (BeansException e2) {
            e2.printStackTrace();
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession();
        Cookie jossoCookie = getJossoCookie(httpServletRequest);
        String str = "";
        if (jossoCookie != null && !jossoCookie.getValue().equals("-")) {
            str = jossoCookie.getValue();
        }
        boolean isLoginRequest = isLoginRequest(httpServletRequest);
        boolean isLogoutRequest = isLogoutRequest(httpServletRequest);
        boolean z = (!"".equals(str) || isLoginRequest || isLogoutRequest) ? false : true;
        boolean z2 = ("".equals(str) || isLoginRequest || isLogoutRequest) ? false : true;
        String contextPath = httpServletRequest.getContextPath();
        if (isLoginRequest) {
            String str2 = (String) session.getAttribute("_alfRedirect");
            if (str2 == null) {
                str2 = "";
            }
            this._agent.setAttribute(httpServletRequest, httpServletResponse, "JOSSO_SAVED_REQUEST", str2);
            this._agent.prepareNonCacheResponse(httpServletResponse);
            httpServletResponse.sendRedirect(contextPath + this._agent.getJossoLoginUri());
        }
        if (isLogoutRequest) {
            session.invalidate();
            httpServletResponse.sendRedirect(contextPath + this._agent.getJossoLogoutUri());
        }
        if (z) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
        if (z2) {
            try {
                SSOIdentityManagerService identityManagerService = this._agent.getPartnerAppConfig(httpServletRequest.getServerName(), httpServletRequest.getContextPath()).getIdentityManagerService();
                if (identityManagerService == null) {
                    identityManagerService = this._agent.getSSOIdentityManager();
                }
                SSOUser findUserInSession = identityManagerService.findUserInSession(str, str);
                String name = findUserInSession != null ? findUserInSession.getName() : "";
                if (!existUser(name)) {
                    HashMap<QName, Serializable> hashMap = new HashMap<>();
                    hashMap.put(ContentModel.PROP_USERNAME, name);
                    for (SSONameValuePair sSONameValuePair : findUserInSession.getProperties()) {
                        if (sSONameValuePair.getName().equals("user.name")) {
                            hashMap.put(ContentModel.PROP_FIRSTNAME, sSONameValuePair.getValue());
                        } else if (sSONameValuePair.getName().equals("urn:org:atricore:idbus:user:property:firstName")) {
                            hashMap.put(ContentModel.PROP_FIRSTNAME, sSONameValuePair.getValue());
                        } else if (sSONameValuePair.getName().equals("user.lastName")) {
                            hashMap.put(ContentModel.PROP_LASTNAME, sSONameValuePair.getValue());
                        } else if (sSONameValuePair.getName().equals("urn:org:atricore:idbus:user:property:lastName")) {
                            hashMap.put(ContentModel.PROP_LASTNAME, sSONameValuePair.getValue());
                        } else if (sSONameValuePair.getName().equals("email")) {
                            hashMap.put(ContentModel.PROP_EMAIL, sSONameValuePair.getValue());
                        } else if (sSONameValuePair.getName().equals("urn:org:atricore:idbus:user:property:email")) {
                            hashMap.put(ContentModel.PROP_EMAIL, sSONameValuePair.getValue());
                        }
                    }
                    createUser(name, hashMap);
                }
                setAuthenticatedUser(httpServletRequest, httpServletResponse, session, name);
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } catch (Exception e) {
                logger.error(e, e);
            }
        }
    }

    public void destroy() {
    }

    private Cookie getJossoCookie(HttpServletRequest httpServletRequest) {
        Cookie cookie = null;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            cookies = new Cookie[0];
        }
        int i = 0;
        while (true) {
            if (i >= cookies.length) {
                break;
            }
            if ("JOSSO_SESSIONID".equals(cookies[i].getName())) {
                cookie = cookies[i];
                break;
            }
            i++;
        }
        return cookie;
    }

    private boolean isLoginRequest(HttpServletRequest httpServletRequest) {
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        String str = (String) httpServletRequest.getSession().getAttribute("_alfRedirect");
        if (httpServletRequest.getRequestURI().endsWith("login.jsp") && !"".equals(str)) {
            return true;
        }
        while (parameterNames.hasMoreElements()) {
            String[] parameterValues = httpServletRequest.getParameterValues((String) parameterNames.nextElement());
            for (int i = 0; i < parameterValues.length; i++) {
                if (parameterValues[i] != null && parameterValues[i].contains(":login")) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean isLogoutRequest(HttpServletRequest httpServletRequest) {
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String[] parameterValues = httpServletRequest.getParameterValues((String) parameterNames.nextElement());
            for (int i = 0; i < parameterValues.length; i++) {
                if (parameterValues[i] != null && parameterValues[i].contains(":logout")) {
                    return true;
                }
            }
        }
        return false;
    }

    public boolean existUser(final String str) {
        return ((Boolean) AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Boolean>() { // from class: org.josso.alfresco.agent.AlfrescoSSOAgentFilter.1
            /* renamed from: doWork, reason: merged with bridge method [inline-methods] */
            public Boolean m1doWork() throws Exception {
                return Boolean.valueOf(AlfrescoSSOAgentFilter.this.personService.personExists(str));
            }
        }, AuthenticationUtil.getAdminUserName())).booleanValue();
    }

    public void createUser(final String str, final HashMap<QName, Serializable> hashMap) {
        AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() { // from class: org.josso.alfresco.agent.AlfrescoSSOAgentFilter.2
            public Object doWork() throws Exception {
                AlfrescoSSOAgentFilter.this.authenticationService.createAuthentication(str, str.toCharArray());
                AlfrescoSSOAgentFilter.this.permissionService.setPermission(AlfrescoSSOAgentFilter.this.personService.createPerson(hashMap), str, AlfrescoSSOAgentFilter.this.permissionService.getAllPermission(), true);
                AlfrescoSSOAgentFilter.this.authenticationService.setAuthenticationEnabled(str, true);
                return null;
            }
        }, AuthenticationUtil.getAdminUserName());
    }

    protected void setAuthenticatedUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession, String str) {
        UserTransaction userTransaction = this.serviceRegistry.getTransactionService().getUserTransaction();
        Subject.doAs(AlfrescoPrivilegdedActions.getAdminSubject(), AlfrescoPrivilegdedActions.clearCurrentSecurityContextAction(this.authComponent));
        this.ticketComponent.clearCurrentTicket();
        try {
            userTransaction.begin();
            Subject.doAs(AlfrescoPrivilegdedActions.getAdminSubject(), AlfrescoPrivilegdedActions.setCurrentUserAction(str));
            Subject.doAs(AlfrescoPrivilegdedActions.getAdminSubject(), AlfrescoPrivilegdedActions.createUserAction(this.serviceRegistry, str, httpSession));
            FacesHelper.getFacesContext(httpServletRequest, httpServletResponse, this._ctx);
            FacesContext.getCurrentInstance().getExternalContext().getSessionMap().remove("_alfSessionInvalid");
            userTransaction.commit();
        } catch (Throwable th) {
            logger.error(th);
            try {
                userTransaction.rollback();
            } catch (Exception e) {
                logger.error("Failed to rollback transaction", e);
            }
            if (!(th instanceof RuntimeException)) {
                throw new RuntimeException("Failed to execute transactional method", th);
            }
            throw ((RuntimeException) th);
        }
    }
}
