package org.xillium.gear.auth;

import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.net.UnknownHostException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.Cookie;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.util.Supplier;
import org.springframework.transaction.annotation.Transactional;
import org.xillium.base.beans.Beans;
import org.xillium.base.beans.Strings;
import org.xillium.base.util.Multimap;
import org.xillium.core.AuthenticationRequiredException;
import org.xillium.core.AuthorizationException;
import org.xillium.data.DataBinder;
import org.xillium.data.persistence.Persistence;

/* loaded from: input_file:org/xillium/gear/auth/DatabaseBackedAuthenticator.class */
public class DatabaseBackedAuthenticator extends PageAwareAuthenticator {
    private static final Logger _log = LogManager.getLogger(DatabaseBackedAuthenticator.class);
    public static final String USERNAME = "_username_";
    public static final String PASSWORD = "_password_";
    public static final String AUTHCODE = "_authcode_";
    private static final long DEFAULT_TIMEOUT = 300000;
    private final long _timeout;
    private final Persistence _persistence;
    private final String IdentityName;
    private final String RetrieveRolesByCredential;
    private final String RetrieveRolesBySession;
    private final String UpdateSecureSession;
    private final Map<String, Permission[]> _roles = new HashMap();
    private final SecureRandom _random = new SecureRandom();

    public DatabaseBackedAuthenticator(Persistence persistence, int i, String str, String str2, String str3, String str4) throws UnknownHostException {
        this._persistence = persistence;
        this._timeout = i >= 0 ? TimeUnit.SECONDS.toMillis(i) : DEFAULT_TIMEOUT;
        this.IdentityName = str;
        this.RetrieveRolesByCredential = str2;
        this.RetrieveRolesBySession = str3;
        this.UpdateSecureSession = str4;
        this._random.setSeed(InetAddress.getLocalHost().getAddress());
    }

    protected Credential collectCredential(DataBinder dataBinder) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        _log.trace("looking for {} in data binder", this.IdentityName);
        String str = (String) dataBinder.get(this.IdentityName);
        String str2 = str;
        if (str == null || str2.length() <= 0) {
            String str3 = (String) dataBinder.get(USERNAME);
            str2 = str3;
            if (str3 == null || str2.length() <= 0) {
                return null;
            }
            dataBinder.put(this.IdentityName, str2);
        } else {
            dataBinder.put(USERNAME, str2);
        }
        _log.trace("got identity = {}", str2);
        String str4 = (String) dataBinder.remove(PASSWORD);
        _log.trace("got password = {}", str4);
        if (str4 == null || str4.length() <= 0) {
            return null;
        }
        return new Credential(str2, Strings.hash(str4));
    }

    protected Session collectSession(DataBinder dataBinder) throws UnsupportedEncodingException {
        Session session = null;
        String str = (String) dataBinder.get(AUTHCODE);
        if (str == null || str.length() <= 0) {
            Cookie[] cookieArr = (Cookie[]) dataBinder.getNamedObject("#http_cookie#");
            if (cookieArr != null) {
                int i = 0;
                while (true) {
                    if (i >= cookieArr.length) {
                        break;
                    }
                    if (cookieArr[i].getName().equals(AUTHCODE)) {
                        _log.trace("found session in cookie: {}", cookieArr[i].getValue());
                        session = new Session(URLDecoder.decode(cookieArr[i].getValue(), "UTF-8"));
                        dataBinder.put(this.IdentityName, session.id);
                        break;
                    }
                    i++;
                }
            }
        } else {
            _log.trace("found session in binder: {}", str);
            session = new Session(str);
            dataBinder.put(this.IdentityName, session.id);
        }
        return session;
    }

    private String createSecureToken() throws UnsupportedEncodingException {
        byte[] bArr = new byte[20];
        this._random.nextBytes(bArr);
        return Strings.toHexString(bArr).toUpperCase();
    }

    @Override // org.xillium.gear.auth.Authenticator
    @Transactional
    public List<Role> authenticate(DataBinder dataBinder) throws AuthorizationException {
        try {
            long currentTimeMillis = System.currentTimeMillis();
            Credential collectCredential = collectCredential(dataBinder);
            if (collectCredential == null) {
                if (this._timeout <= 0) {
                    throw new AuthenticationRequiredException("AuthenticationRequired");
                }
                Session collectSession = collectSession(dataBinder);
                if (collectSession == null) {
                    throw new AuthenticationRequiredException("AuthenticationRequired");
                }
                collectSession.clock = currentTimeMillis;
                collectSession.maxAge = this._timeout;
                _log.trace("Attempt to authorized with session {}", new Supplier[]{() -> {
                    return Beans.toString(collectSession);
                }});
                List<Role> results = this._persistence.getResults(this.RetrieveRolesBySession, collectSession);
                if (results.size() > 0) {
                    this._persistence.executeUpdate(this.UpdateSecureSession, collectSession);
                    return results;
                }
                _log.warn("merchant: {},token: {}", collectSession.id, collectSession.token);
                dataBinder.remove(AUTHCODE);
                throw new AuthorizationException("InvalidSession");
            }
            _log.trace("credential: {}", new Supplier[]{() -> {
                return Beans.toString(collectCredential);
            }});
            List<Role> results2 = this._persistence.getResults(this.RetrieveRolesByCredential, collectCredential);
            _log.trace("# of roles under this credential: {}", Integer.valueOf(results2.size()));
            if (results2.size() <= 0) {
                throw new AuthorizationException("InvalidCredential");
            }
            _log.trace("session timeout: {}", Long.valueOf(this._timeout));
            if (this._timeout > 0) {
                Session session = new Session(collectCredential.id, createSecureToken(), currentTimeMillis);
                _log.trace("updating session {}", new Supplier[]{() -> {
                    return Beans.toString(session);
                }});
                this._persistence.executeUpdate(this.UpdateSecureSession, session);
                String encode = URLEncoder.encode(session.id + '@' + session.token, "UTF-8");
                dataBinder.put(AUTHCODE, encode);
                _log.trace("Sending ticket in cookie: {}", encode);
                Multimap mul = dataBinder.mul("#http_header#", String.class, String.class);
                if (dataBinder.get("#http_secure#") != null) {
                    mul.add("Set-Cookie", "_authcode_=" + encode + ";path=/;secure");
                } else {
                    mul.add("Set-Cookie", "_authcode_=" + encode + ";path=/");
                }
            }
            return results2;
        } catch (AuthorizationException e) {
            redirectToAuthenticationPage(dataBinder);
            throw e;
        } catch (Exception e2) {
            redirectToAuthenticationPage(dataBinder);
            throw new AuthorizationException(e2.getMessage(), e2);
        }
    }
}
