package org.jahia.params.valves;

import java.security.SecureRandom;
import java.util.Properties;
import java.util.Set;
import java.util.UUID;
import javax.jcr.RepositoryException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.jahia.params.ProcessingContext;
import org.jahia.pipelines.PipelineException;
import org.jahia.pipelines.valves.ValveContext;
import org.jahia.registries.ServicesRegistry;
import org.jahia.services.categories.Category;
import org.jahia.services.content.JCRSessionFactory;
import org.jahia.services.content.JCRTemplate;
import org.jahia.services.content.decorator.JCRUserNode;
import org.jahia.services.render.filter.cache.AggregateCacheFilter;
import org.jahia.services.usermanager.JahiaUser;
import org.jahia.settings.SettingsBean;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jahia/params/valves/CookieAuthValveImpl.class */
public class CookieAuthValveImpl extends BaseAuthValve {
    private CookieAuthConfig cookieAuthConfig;
    private static final Logger logger = LoggerFactory.getLogger(CookieAuthValveImpl.class);

    @Override // org.jahia.pipelines.valves.Valve
    public void invoke(Object obj, ValveContext valveContext) throws PipelineException {
        if (!isEnabled() || SettingsBean.getInstance().isFullReadOnlyMode()) {
            valveContext.invokeNext(obj);
            return;
        }
        AuthValveContext authValveContext = (AuthValveContext) obj;
        JCRUserNode jCRUserNode = null;
        Cookie[] cookies = this.cookieAuthConfig.isActivated() ? authValveContext.getRequest().getCookies() : null;
        if (cookies == null) {
            valveContext.invokeNext(obj);
            return;
        }
        Cookie cookie = null;
        int length = cookies.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            Cookie cookie2 = cookies[i];
            if (this.cookieAuthConfig.getCookieName().equals(cookie2.getName())) {
                cookie = cookie2;
                break;
            }
            i++;
        }
        if (cookie != null) {
            Properties properties = new Properties();
            String userPropertyName = this.cookieAuthConfig.getUserPropertyName();
            String value = cookie.getValue();
            String str = null;
            if (value.contains(":")) {
                str = StringUtils.substringAfter(value, ":");
                value = StringUtils.substringBefore(value, ":");
            }
            if (value.equals("deleted")) {
                valveContext.invokeNext(obj);
                return;
            }
            properties.setProperty(userPropertyName, value);
            try {
                Set<JCRUserNode> searchUsers = ServicesRegistry.getInstance().getJahiaUserManagerService().searchUsers(properties, str, null, JCRSessionFactory.getInstance().getCurrentSystemSession("live", null, null));
                if (searchUsers.size() == 1) {
                    jCRUserNode = searchUsers.iterator().next();
                    if (jCRUserNode.isAccountLocked()) {
                        jCRUserNode = null;
                    } else {
                        HttpSession session = authValveContext.getRequest().getSession(false);
                        if (session != null) {
                            session.setAttribute(ProcessingContext.SESSION_USER, jCRUserNode.getJahiaUser());
                        }
                        if (this.cookieAuthConfig.isRenewalActivated()) {
                            sendCookie(value, authValveContext, jCRUserNode, this.cookieAuthConfig);
                        }
                    }
                } else {
                    Cookie cookie3 = new Cookie(this.cookieAuthConfig.getCookieName(), "deleted");
                    cookie3.setPath(StringUtils.isNotEmpty(authValveContext.getRequest().getContextPath()) ? authValveContext.getRequest().getContextPath() : Category.PATH_DELIMITER);
                    cookie3.setMaxAge(0);
                    cookie3.setHttpOnly(this.cookieAuthConfig.isHttpOnly());
                    cookie3.setSecure(this.cookieAuthConfig.isSecure());
                    authValveContext.getResponse().addCookie(cookie3);
                }
            } catch (RepositoryException e) {
                logger.error("Error while searching for users", e);
            }
        }
        if (jCRUserNode == null) {
            valveContext.invokeNext(obj);
            return;
        }
        JahiaUser jahiaUser = jCRUserNode.getJahiaUser();
        if (authValveContext.getRequest().getSession(false) != null) {
            authValveContext.getRequest().getSession().invalidate();
        }
        authValveContext.getSessionFactory().setCurrentUser(jahiaUser);
    }

    public static void createAndSendCookie(AuthValveContext authValveContext, JCRUserNode jCRUserNode, CookieAuthConfig cookieAuthConfig) {
        String availableCookieKey = getAvailableCookieKey(cookieAuthConfig);
        try {
            JCRTemplate.getInstance().doExecuteWithSystemSession(jCRSessionWrapper -> {
                ((JCRUserNode) jCRSessionWrapper.m256getNode(jCRUserNode.getPath())).mo227setProperty(cookieAuthConfig.getUserPropertyName(), availableCookieKey);
                jCRSessionWrapper.save();
                return null;
            });
        } catch (RepositoryException e) {
            logger.error(e.getMessage(), e);
        }
        sendCookie(availableCookieKey, authValveContext, jCRUserNode, cookieAuthConfig);
    }

    protected static void sendCookie(String str, AuthValveContext authValveContext, JCRUserNode jCRUserNode, CookieAuthConfig cookieAuthConfig) {
        String realm = jCRUserNode.getRealm();
        Cookie cookie = new Cookie(cookieAuthConfig.getCookieName(), str + (realm != null ? ":" + realm : AggregateCacheFilter.EMPTY_USERKEY));
        cookie.setPath(StringUtils.isNotEmpty(authValveContext.getRequest().getContextPath()) ? authValveContext.getRequest().getContextPath() : Category.PATH_DELIMITER);
        cookie.setMaxAge(cookieAuthConfig.getMaxAgeInSeconds());
        cookie.setHttpOnly(cookieAuthConfig.isHttpOnly());
        cookie.setSecure(cookieAuthConfig.isSecure());
        authValveContext.getResponse().addCookie(cookie);
    }

    public static String getAvailableCookieKey(CookieAuthConfig cookieAuthConfig) {
        return UUID.randomUUID().toString();
    }

    public void setCookieAuthConfig(CookieAuthConfig cookieAuthConfig) {
        this.cookieAuthConfig = cookieAuthConfig;
    }

    @Deprecated
    public static String generateRandomString(int i) {
        SecureRandom secureRandom = new SecureRandom();
        StringBuilder sb = new StringBuilder();
        for (int i2 = 0; i2 < i; i2++) {
            int nextInt = secureRandom.nextInt(3);
            int nextInt2 = secureRandom.nextInt(26);
            char c = '0';
            switch (nextInt) {
                case 0:
                    c = (char) (65 + nextInt2);
                    break;
                case 1:
                    c = (char) (97 + nextInt2);
                    break;
                case 2:
                    c = (char) (48 + (nextInt2 % 10));
                    break;
            }
            sb.append(c);
        }
        return sb.toString();
    }

    @Override // org.jahia.params.valves.BaseAuthValve, org.jahia.pipelines.valves.Valve
    public void initialize() {
        super.initialize();
        setEnabled(this.cookieAuthConfig.isActivated());
    }
}
