package org.alfresco.repo.security.authentication.external;

import java.security.cert.X509Certificate;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.security.PersonService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:org/alfresco/repo/security/authentication/external/DefaultRemoteUserMapper.class */
public class DefaultRemoteUserMapper implements RemoteUserMapper, ActivateableBean {
    private String proxyUserName = "alfresco-system";
    private String proxyHeader = "X-Alfresco-Remote-User";
    private boolean isEnabled;
    private Pattern userIdPattern;
    private PersonService personService;
    static Log logger = LogFactory.getLog(DefaultRemoteUserMapper.class);

    public void setProxyUserName(String str) {
        this.proxyUserName = (str == null || str.length() == 0) ? null : str;
    }

    public void setProxyHeader(String str) {
        this.proxyHeader = (str == null || str.length() == 0) ? null : str;
    }

    public void setActive(boolean z) {
        this.isEnabled = z;
    }

    public void setUserIdPattern(String str) {
        this.userIdPattern = (str == null || str.length() == 0) ? null : Pattern.compile(str);
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    @Override // org.alfresco.repo.security.authentication.external.RemoteUserMapper
    public String getRemoteUser(HttpServletRequest httpServletRequest) {
        if (logger.isTraceEnabled()) {
            logger.trace("Getting RemoteUser from http request.");
        }
        if (!this.isEnabled) {
            if (!logger.isDebugEnabled()) {
                return null;
            }
            logger.debug("DefaultRemoteUserMapper is disabled, returning null.");
            return null;
        }
        String remoteUser = httpServletRequest.getRemoteUser();
        String extractUserFromProxyHeader = extractUserFromProxyHeader(httpServletRequest);
        logUserInfoInRequest(remoteUser, extractUserFromProxyHeader);
        if (this.proxyUserName == null) {
            String normalizeUserId = normalizeUserId(extractUserFromProxyHeader != null ? extractUserFromProxyHeader : remoteUser);
            logReturnedUser(normalizeUserId);
            return normalizeUserId;
        }
        if (remoteUser != null) {
            String normalizeUserId2 = normalizeUserId(remoteUser.equals(this.proxyUserName) ? extractUserFromProxyHeader : remoteUser);
            logReturnedUser(normalizeUserId2);
            return normalizeUserId2;
        }
        String str = null;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        if (httpServletRequest.getScheme().toLowerCase().equals("https") && x509CertificateArr != null && x509CertificateArr.length > 0) {
            if (logger.isTraceEnabled()) {
                logger.trace("Checking SSL certificate subject DN to match " + this.proxyUserName);
            }
            int i = 0;
            while (true) {
                if (i >= x509CertificateArr.length) {
                    break;
                }
                String name = x509CertificateArr[i].getSubjectX500Principal().getName();
                if (logger.isTraceEnabled()) {
                    logger.trace("Found subject DN " + name);
                }
                if (name.equals(this.proxyUserName)) {
                    if (logger.isTraceEnabled()) {
                        logger.trace("The subject DN " + name + " matches " + this.proxyUserName);
                    }
                    str = normalizeUserId(extractUserFromProxyHeader != null ? extractUserFromProxyHeader : name);
                } else {
                    i++;
                }
            }
        }
        logReturnedUser(str);
        return str;
    }

    private void logUserInfoInRequest(String str, String str2) {
        if (logger.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("The remote user id is: " + str + "\n");
            sb.append("The header user id is: " + str2 + "\n");
            sb.append("The proxy user name is: " + this.proxyUserName);
            logger.debug(sb.toString());
        }
    }

    private void logReturnedUser(String str) {
        if (logger.isDebugEnabled()) {
            logger.debug("Returning user:" + AuthenticationUtil.maskUsername(str));
        }
    }

    private String normalizeUserId(final String str) {
        if (str == null) {
            return null;
        }
        String str2 = (String) AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<String>() { // from class: org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper.1
            /* renamed from: doWork, reason: merged with bridge method [inline-methods] */
            public String m916doWork() throws Exception {
                return DefaultRemoteUserMapper.this.personService.getUserIdentifier(str);
            }
        }, AuthenticationUtil.getSystemUserName());
        if (logger.isTraceEnabled()) {
            logger.trace("The normalized user name is: " + AuthenticationUtil.maskUsername(str2) + " for user id " + AuthenticationUtil.maskUsername(str));
        }
        return str2 == null ? str : str2;
    }

    @Override // org.alfresco.repo.management.subsystems.ActivateableBean
    public boolean isActive() {
        return this.isEnabled;
    }

    /* JADX WARN: Removed duplicated region for block: B:18:0x0083  */
    /* JADX WARN: Removed duplicated region for block: B:21:0x00ed  */
    /* JADX WARN: Removed duplicated region for block: B:24:0x00f1  */
    /* JADX WARN: Removed duplicated region for block: B:25:0x008b  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String extractUserFromProxyHeader(javax.servlet.http.HttpServletRequest r6) {
        /*
            Method dump skipped, instructions count: 253
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper.extractUserFromProxyHeader(javax.servlet.http.HttpServletRequest):java.lang.String");
    }
}
