package fr.paris.lutece.plugins.mylutece.modules.cas.authentication;

import fr.paris.lutece.plugins.mylutece.authentication.PortalAuthentication;
import fr.paris.lutece.plugins.mylutece.modules.cas.exception.CASAuthenticationException;
import fr.paris.lutece.plugins.mylutece.modules.cas.exception.CASUserKeyEmptyException;
import fr.paris.lutece.plugins.mylutece.modules.cas.exception.CASUserNotAuthorizedException;
import fr.paris.lutece.plugins.mylutece.modules.cas.service.CASPlugin;
import fr.paris.lutece.plugins.mylutece.modules.cas.service.ICASUserKeyService;
import fr.paris.lutece.portal.service.message.SiteMessageException;
import fr.paris.lutece.portal.service.message.SiteMessageService;
import fr.paris.lutece.portal.service.security.LoginRedirectException;
import fr.paris.lutece.portal.service.security.LuteceUser;
import fr.paris.lutece.portal.service.util.AppLogService;
import fr.paris.lutece.portal.service.util.AppPathService;
import fr.paris.lutece.portal.service.util.AppPropertiesService;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.jasig.cas.client.authentication.AttributePrincipal;

/* loaded from: input_file:fr/paris/lutece/plugins/mylutece/modules/cas/authentication/CASAuthentication.class */
public class CASAuthentication extends PortalAuthentication implements Serializable {
    private static final long serialVersionUID = -4537783302819258998L;
    private static final String PROPRETY_ATTRIBUTE_ROLES = "mylutece-cas.attributeRoles";
    public static final String PROPERTY_USER_MAPPING_ATTRIBUTES = "mylutece-cas.userMappingAttributes";
    public static final String PROPERTY_USER_MANDATORY_ATTRIBUTES = "mylutece-cas.userMandatoryAttributes";
    public static final String PROPERTY_ROLES_ASSOCIATIONS = "mylutece-cas.rolesAssociations";
    public static final String PROPERTY_URL_ERROR_LOGIN_PAGE = "mylutece-cas.urlErrorLoginPage";
    public static final String PROPERTY_BACK_URL_ERROR = "mylutece-cas.backUrlError";
    public static final String PROPERTY_MESSAGE_ERROR_LOGIN = "module.mylutece.cas.message.error.login";
    public static final String CONSTANT_LUTECE_USER_PROPERTIES_PATH = "mylutece-cas.attribute";
    public static final String CONSTANT_MANDATORY_ATTRIBUTE = "mylutece-cas.mandatoryAttribute";
    public static final String CONSTANT_ROLE_ASSOCIATIONS_PATH = "mylutece-cas.roleAssociations";
    public static final String CONSTANT_HTTP = "http://";
    public static final String CONSTANT_HTTPS = "https://";
    private static final String SEPARATOR = ",";
    private String _strAuthServiceName;
    private String _strPropertyDefaultRoleName;
    private String _strAttributeKeyUsername;
    private ICASUserKeyService cASUserKeyService;
    private String[] ATTRIBUTE_ROLES;
    private Map<String, String> USER_MANDATORY_ATTRIBUTES;
    private Map<String, List<String>> ROLES_ASSOCIATIONS;
    private Map<String, String> ATTRIBUTE_USER_MAPPING;

    public CASAuthentication() {
        String property = AppPropertiesService.getProperty(PROPRETY_ATTRIBUTE_ROLES);
        if (StringUtils.isNotBlank(property)) {
            this.ATTRIBUTE_ROLES = property.split(SEPARATOR);
        } else {
            this.ATTRIBUTE_ROLES = new String[0];
        }
        String property2 = AppPropertiesService.getProperty(PROPERTY_USER_MAPPING_ATTRIBUTES);
        this.ATTRIBUTE_USER_MAPPING = new HashMap();
        if (StringUtils.isNotBlank(property2)) {
            String[] split = property2.split(SEPARATOR);
            for (int i = 0; i < split.length; i++) {
                String property3 = AppPropertiesService.getProperty("mylutece-cas.attribute." + split[i]);
                if (StringUtils.isNotBlank(property3)) {
                    this.ATTRIBUTE_USER_MAPPING.put(property3, split[i]);
                }
            }
        }
        String property4 = AppPropertiesService.getProperty(PROPERTY_USER_MANDATORY_ATTRIBUTES);
        this.USER_MANDATORY_ATTRIBUTES = new HashMap();
        if (StringUtils.isNotBlank(property4)) {
            String[] split2 = property4.split(SEPARATOR);
            for (int i2 = 0; i2 < split2.length; i2++) {
                this.USER_MANDATORY_ATTRIBUTES.put(split2[i2], AppPropertiesService.getProperty("mylutece-cas.mandatoryAttribute." + split2[i2] + ".value"));
            }
        }
        String property5 = AppPropertiesService.getProperty(PROPERTY_ROLES_ASSOCIATIONS);
        this.ROLES_ASSOCIATIONS = new HashMap();
        if (StringUtils.isNotBlank(property5)) {
            String[] split3 = property5.split(SEPARATOR);
            for (int i3 = 0; i3 < split3.length; i3++) {
                String property6 = AppPropertiesService.getProperty("mylutece-cas.roleAssociations." + split3[i3]);
                if (StringUtils.isNotBlank(property6)) {
                    this.ROLES_ASSOCIATIONS.put(split3[i3], Arrays.asList(property6.split(SEPARATOR)));
                }
            }
        }
    }

    public String getAuthServiceName() {
        if (this._strAuthServiceName == null) {
            this._strAuthServiceName = AppPropertiesService.getProperty("mylutece-cas.service.name");
        }
        return this._strAuthServiceName;
    }

    public String getAuthType(HttpServletRequest httpServletRequest) {
        return "BASIC";
    }

    public LuteceUser login(String str, String str2, HttpServletRequest httpServletRequest) throws LoginException, LoginRedirectException {
        try {
            return getCasAuthenticatedUser(httpServletRequest);
        } catch (CASAuthenticationException e) {
            String property = AppPropertiesService.getProperty(PROPERTY_URL_ERROR_LOGIN_PAGE);
            String property2 = AppPropertiesService.getProperty(PROPERTY_BACK_URL_ERROR);
            if (StringUtils.isEmpty(property)) {
                try {
                    SiteMessageService.setMessage(httpServletRequest, PROPERTY_MESSAGE_ERROR_LOGIN, (Object[]) null, " ", (String) null, "", 5, (Map) null, property2);
                } catch (SiteMessageException e2) {
                    property = SiteMessageService.setSiteMessageUrl(AppPathService.getPortalUrl());
                }
            }
            if (property == null || (!property.startsWith(CONSTANT_HTTP) && !property.startsWith(CONSTANT_HTTPS))) {
                property = AppPathService.getBaseUrl(httpServletRequest) + property;
            }
            throw new LoginRedirectException(property);
        }
    }

    public LuteceUser getHttpAuthenticatedUser(HttpServletRequest httpServletRequest) {
        LuteceUser luteceUser = null;
        try {
            luteceUser = getCasAuthenticatedUser(httpServletRequest);
        } catch (CASAuthenticationException e) {
        }
        return luteceUser;
    }

    private LuteceUser getCasAuthenticatedUser(HttpServletRequest httpServletRequest) throws CASAuthenticationException {
        AttributePrincipal attributePrincipal = (AttributePrincipal) httpServletRequest.getUserPrincipal();
        if (attributePrincipal == null) {
            return null;
        }
        String key = this.cASUserKeyService.getKey(attributePrincipal.getName(), attributePrincipal.getAttributes().get(getAttributeUsernameKey()));
        if (key == null) {
            AppLogService.error("Principal found, but not username attribute can be found for " + attributePrincipal.getName());
            throw new CASUserKeyEmptyException();
        }
        CASUser cASUser = new CASUser(key, this);
        ArrayList arrayList = new ArrayList();
        if (StringUtils.isNotBlank(getDefaultRoleName())) {
            arrayList.add(getDefaultRoleName());
        }
        addUserRoles(attributePrincipal, arrayList);
        cASUser.setRoles(arrayList);
        addUserAttributes(attributePrincipal, cASUser);
        if (isAuthorized(cASUser)) {
            return cASUser;
        }
        AppLogService.debug("Principal found, but user not Authorized" + attributePrincipal.getName());
        throw new CASUserNotAuthorizedException();
    }

    private void addUserRoles(AttributePrincipal attributePrincipal, List<String> list) {
        for (String str : this.ATTRIBUTE_ROLES) {
            Object obj = attributePrincipal.getAttributes().get(str);
            if (obj instanceof String) {
                list.add((String) obj);
                addRolesAssociated((String) obj, list);
            } else if (obj instanceof List) {
                for (Object obj2 : (List) obj) {
                    if (obj2 instanceof String) {
                        list.add((String) obj2);
                        addRolesAssociated((String) obj2, list);
                    }
                }
            }
        }
    }

    private void addUserAttributes(AttributePrincipal attributePrincipal, CASUser cASUser) {
        for (Map.Entry entry : attributePrincipal.getAttributes().entrySet()) {
            String str = null;
            if (entry.getValue() instanceof String) {
                str = (String) entry.getValue();
            } else if (entry.getValue() instanceof List) {
                str = getValueAttributeMultivalued((List) entry.getValue());
            }
            if (str != null) {
                if (this.ATTRIBUTE_USER_MAPPING.containsKey(entry.getKey())) {
                    cASUser.setUserInfo(this.ATTRIBUTE_USER_MAPPING.get(entry.getKey()), str);
                } else {
                    cASUser.setUserInfo((String) entry.getKey(), str);
                }
            }
        }
    }

    public void logout(LuteceUser luteceUser) {
    }

    public String[] getRolesByUser(LuteceUser luteceUser) {
        return luteceUser.getRoles();
    }

    public LuteceUser getAnonymousUser() {
        return new CASUser("GUEST", this);
    }

    public boolean isUserInRole(LuteceUser luteceUser, HttpServletRequest httpServletRequest, String str) {
        String[] roles;
        if (luteceUser == null || str == null || (roles = luteceUser.getRoles()) == null) {
            return false;
        }
        for (String str2 : roles) {
            if (str.equals(str2)) {
                return true;
            }
        }
        return false;
    }

    public boolean isExternalAuthentication() {
        return true;
    }

    public String getName() {
        return CASPlugin.PLUGIN_NAME;
    }

    public String getPluginName() {
        return CASPlugin.PLUGIN_NAME;
    }

    public ICASUserKeyService getCASUserKeyService() {
        return this.cASUserKeyService;
    }

    public void setCASUserKeyService(ICASUserKeyService iCASUserKeyService) {
        this.cASUserKeyService = iCASUserKeyService;
    }

    private String getDefaultRoleName() {
        if (this._strPropertyDefaultRoleName == null) {
            this._strPropertyDefaultRoleName = AppPropertiesService.getProperty("mylutece-cas.role.name");
        }
        return this._strPropertyDefaultRoleName;
    }

    private String getAttributeUsernameKey() {
        if (this._strAttributeKeyUsername == null) {
            this._strAttributeKeyUsername = AppPropertiesService.getProperty("mylutece-cas.attributeKeyUsername");
        }
        return this._strAttributeKeyUsername;
    }

    private String getValueAttributeMultivalued(List list) {
        StringBuffer stringBuffer = new StringBuffer();
        int i = 1;
        for (Object obj : list) {
            if (obj instanceof String) {
                stringBuffer.append((String) obj);
                if (i < list.size()) {
                    stringBuffer.append(SEPARATOR);
                }
                i++;
            }
        }
        return stringBuffer.toString();
    }

    private void addRolesAssociated(String str, List<String> list) {
        if (this.ROLES_ASSOCIATIONS.containsKey(str)) {
            list.addAll(this.ROLES_ASSOCIATIONS.get(str));
        }
    }

    private boolean isAuthorized(LuteceUser luteceUser) {
        if (this.USER_MANDATORY_ATTRIBUTES.isEmpty()) {
            return true;
        }
        for (Map.Entry<String, String> entry : this.USER_MANDATORY_ATTRIBUTES.entrySet()) {
            if (StringUtils.isEmpty(luteceUser.getUserInfo(entry.getKey()))) {
                return false;
            }
            if (!StringUtils.isEmpty(entry.getValue()) && !entry.getValue().equals(luteceUser.getUserInfo(entry.getKey()))) {
                return false;
            }
        }
        return true;
    }
}
