package org.alfresco.repo.web.scripts.servlet;

import javax.servlet.http.HttpSession;
import net.sf.acegisecurity.DisabledException;
import org.alfresco.error.ExceptionStackUtil;
import org.alfresco.repo.SessionUser;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.external.RemoteUserMapper;
import org.alfresco.repo.web.auth.AuthenticationListener;
import org.alfresco.repo.web.auth.TicketCredentials;
import org.alfresco.repo.web.auth.WebCredentials;
import org.alfresco.repo.web.scripts.servlet.BasicHttpAuthenticatorFactory;
import org.alfresco.repo.webdav.auth.AuthenticationDriver;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.webscripts.Authenticator;
import org.springframework.extensions.webscripts.Description;
import org.springframework.extensions.webscripts.servlet.WebScriptServletRequest;
import org.springframework.extensions.webscripts.servlet.WebScriptServletResponse;

/* loaded from: input_file:org/alfresco/repo/web/scripts/servlet/RemoteUserAuthenticatorFactory.class */
public class RemoteUserAuthenticatorFactory extends BasicHttpAuthenticatorFactory {
    private static Log logger = LogFactory.getLog(RemoteUserAuthenticatorFactory.class);
    protected RemoteUserMapper remoteUserMapper;
    protected AuthenticationComponent authenticationComponent;

    /* loaded from: input_file:org/alfresco/repo/web/scripts/servlet/RemoteUserAuthenticatorFactory$RemoteUserAuthenticator.class */
    public class RemoteUserAuthenticator extends BasicHttpAuthenticatorFactory.BasicHttpAuthenticator {
        public RemoteUserAuthenticator(WebScriptServletRequest webScriptServletRequest, WebScriptServletResponse webScriptServletResponse, AuthenticationListener authenticationListener) {
            super(RemoteUserAuthenticatorFactory.this, webScriptServletRequest, webScriptServletResponse, authenticationListener);
        }

        @Override // org.alfresco.repo.web.scripts.servlet.BasicHttpAuthenticatorFactory.BasicHttpAuthenticator
        public boolean authenticate(Description.RequiredAuthentication requiredAuthentication, boolean z) {
            boolean z2 = false;
            String remoteUser = getRemoteUser();
            if (remoteUser != null) {
                try {
                    RemoteUserAuthenticatorFactory.this.authenticationComponent.setCurrentUser(remoteUser);
                    this.listener.userAuthenticated(new TicketCredentials(RemoteUserAuthenticatorFactory.this.authenticationService.getCurrentTicket()));
                    z2 = true;
                } catch (AuthenticationException e) {
                    if (ExceptionStackUtil.getCause(e, new Class[]{DisabledException.class}) == null) {
                        throw e;
                    }
                    this.listener.authenticationFailed(new WebCredentials() { // from class: org.alfresco.repo.web.scripts.servlet.RemoteUserAuthenticatorFactory.RemoteUserAuthenticator.1
                    });
                }
            } else {
                HttpSession session = this.servletReq.getHttpServletRequest().getSession(false);
                if (session != null) {
                    try {
                        SessionUser sessionUser = (SessionUser) session.getAttribute(AuthenticationDriver.AUTHENTICATION_USER);
                        if (sessionUser != null) {
                            RemoteUserAuthenticatorFactory.this.authenticationService.validate(sessionUser.getTicket());
                            if (RemoteUserAuthenticatorFactory.logger.isDebugEnabled()) {
                                RemoteUserAuthenticatorFactory.logger.debug("Ticket is valid; retaining cached user in session.");
                            }
                            this.listener.userAuthenticated(new TicketCredentials(sessionUser.getTicket()));
                            z2 = true;
                        } else {
                            z2 = super.authenticate(requiredAuthentication, z);
                        }
                    } catch (AuthenticationException e2) {
                        if (RemoteUserAuthenticatorFactory.logger.isDebugEnabled()) {
                            RemoteUserAuthenticatorFactory.logger.debug("An Authentication error occur, removing User session: ", e2);
                        }
                        session.removeAttribute(AuthenticationDriver.AUTHENTICATION_USER);
                        session.invalidate();
                        this.listener.authenticationFailed(new WebCredentials() { // from class: org.alfresco.repo.web.scripts.servlet.RemoteUserAuthenticatorFactory.RemoteUserAuthenticator.2
                        });
                    }
                } else {
                    z2 = super.authenticate(requiredAuthentication, z);
                }
            }
            return z2;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public String getRemoteUser() {
            String str = null;
            if (RemoteUserAuthenticatorFactory.this.remoteUserMapper != null && (!(RemoteUserAuthenticatorFactory.this.remoteUserMapper instanceof ActivateableBean) || RemoteUserAuthenticatorFactory.this.remoteUserMapper.isActive())) {
                str = RemoteUserAuthenticatorFactory.this.remoteUserMapper.getRemoteUser(this.servletReq.getHttpServletRequest());
            }
            if (RemoteUserAuthenticatorFactory.logger.isDebugEnabled()) {
                if (str == null) {
                    RemoteUserAuthenticatorFactory.logger.debug("No external user ID in request.");
                } else {
                    RemoteUserAuthenticatorFactory.logger.debug("Extracted external user ID from request: " + str);
                }
            }
            return str;
        }
    }

    public void setRemoteUserMapper(RemoteUserMapper remoteUserMapper) {
        this.remoteUserMapper = remoteUserMapper;
    }

    public void setAuthenticationComponent(AuthenticationComponent authenticationComponent) {
        this.authenticationComponent = authenticationComponent;
    }

    @Override // org.alfresco.repo.web.scripts.servlet.BasicHttpAuthenticatorFactory
    public Authenticator create(WebScriptServletRequest webScriptServletRequest, WebScriptServletResponse webScriptServletResponse) {
        return new RemoteUserAuthenticator(webScriptServletRequest, webScriptServletResponse, this.listener);
    }
}
