package org.jahia.modules.token.valve;

import java.util.Calendar;
import java.util.Iterator;
import javax.jcr.RepositoryException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.jahia.api.usermanager.JahiaUserManagerService;
import org.jahia.bin.Login;
import org.jahia.modules.token.SupportTokenConstants;
import org.jahia.params.valves.AuthValveContext;
import org.jahia.params.valves.BaseAuthValve;
import org.jahia.pipelines.Pipeline;
import org.jahia.pipelines.PipelineException;
import org.jahia.pipelines.valves.ValveContext;
import org.jahia.services.content.JCRNodeIteratorWrapper;
import org.jahia.services.content.JCRNodeWrapper;
import org.jahia.services.content.decorator.JCRUserNode;
import org.jahia.services.pwd.PasswordService;
import org.jahia.services.usermanager.JahiaUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jahia/modules/token/valve/SupportTokenAuthenticationValve.class */
public final class SupportTokenAuthenticationValve extends BaseAuthValve {
    private static final Logger LOGGER = LoggerFactory.getLogger(SupportTokenAuthenticationValve.class);
    public static final String AUTH_VALVE_ID = "supportTokenAuthValve";
    private Pipeline authPipeline;
    private JahiaUserManagerService jahiaUserManagerService;

    public void setAuthPipeline(Pipeline pipeline) {
        this.authPipeline = pipeline;
    }

    public void setJahiaUserManagerService(JahiaUserManagerService jahiaUserManagerService) {
        this.jahiaUserManagerService = jahiaUserManagerService;
    }

    public void start() {
        setId(AUTH_VALVE_ID);
        removeValve(this.authPipeline);
        addValve(this.authPipeline, -1, null, "LoginEngineAuthValve");
    }

    public void stop() {
        removeValve(this.authPipeline);
    }

    public void invoke(Object obj, ValveContext valveContext) throws PipelineException {
        if (!isEnabled()) {
            valveContext.invokeNext(obj);
            return;
        }
        AuthValveContext authValveContext = (AuthValveContext) obj;
        HttpServletRequest request = authValveContext.getRequest();
        JCRUserNode jCRUserNode = null;
        boolean z = false;
        if (isLoginRequested(request)) {
            String parameter = request.getParameter("username");
            String parameter2 = request.getParameter("password");
            String parameter3 = request.getParameter("site");
            if (parameter != null && parameter2 != null) {
                jCRUserNode = this.jahiaUserManagerService.lookupUser(parameter, parameter3);
                if (jCRUserNode != null) {
                    if (!verifyPassword(jCRUserNode, parameter2)) {
                        LOGGER.warn("Login failed: password verification failed for user {}", jCRUserNode.getName());
                        request.setAttribute("login_valve_result", "bad_password");
                    } else if (jCRUserNode.isAccountLocked()) {
                        LOGGER.warn("Login failed: account for user {} is locked.", jCRUserNode.getName());
                        request.setAttribute("login_valve_result", "account_locked");
                    } else {
                        z = true;
                    }
                } else if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Login failed. Unknown username {}", parameter.replaceAll("[\r\n]", ""));
                    request.setAttribute("login_valve_result", "unknown_user");
                }
            }
        }
        if (!z) {
            valveContext.invokeNext(obj);
            return;
        }
        LOGGER.debug("User {} logged in.", jCRUserNode);
        JahiaUser jahiaUser = jCRUserNode.getJahiaUser();
        if (request.getSession(false) != null) {
            request.getSession().invalidate();
        }
        request.setAttribute("login_valve_result", "ok");
        authValveContext.getSessionFactory().setCurrentUser(jahiaUser);
    }

    private boolean verifyPassword(JCRUserNode jCRUserNode, String str) {
        try {
            if (jCRUserNode.hasNode(SupportTokenConstants.NODE_NAME_TOKEN_HISTORY)) {
                JCRNodeIteratorWrapper nodes = jCRUserNode.getNode(SupportTokenConstants.NODE_NAME_TOKEN_HISTORY).getNodes();
                Iterator it = nodes.iterator();
                while (nodes.hasNext()) {
                    JCRNodeWrapper jCRNodeWrapper = (JCRNodeWrapper) it.next();
                    if (jCRNodeWrapper.hasProperty(SupportTokenConstants.PROP_TOKEN)) {
                        if (StringUtils.isNotEmpty(str) && PasswordService.getInstance().matches(str, jCRNodeWrapper.getProperty(SupportTokenConstants.PROP_TOKEN).getString())) {
                            if (!jCRNodeWrapper.hasProperty(SupportTokenConstants.PROP_EXPIRATION)) {
                                return true;
                            }
                            Calendar calendar = Calendar.getInstance();
                            Calendar calendar2 = Calendar.getInstance();
                            calendar2.setTime(jCRNodeWrapper.getCreationDateAsDate());
                            calendar2.add(12, jCRNodeWrapper.getProperty(SupportTokenConstants.PROP_EXPIRATION).getDecimal().intValue());
                            return !calendar.after(calendar2);
                        }
                    }
                }
            }
            return false;
        } catch (RepositoryException e) {
            LOGGER.warn("Unable to read tokens for user: " + jCRUserNode.getName(), e);
            return false;
        }
    }

    private boolean isLoginRequested(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("doLogin");
        if (parameter != null) {
            return Boolean.valueOf(parameter).booleanValue() || "1".equals(parameter);
        }
        if ("/cms".equals(httpServletRequest.getServletPath())) {
            return Login.getMapping().equals(httpServletRequest.getPathInfo());
        }
        return false;
    }
}
