package org.alfresco.repo.security.authentication.external;

import java.security.cert.X509Certificate;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.cmr.security.PersonService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:org/alfresco/repo/security/authentication/external/DefaultRemoteUserMapper.class */
public class DefaultRemoteUserMapper implements RemoteUserMapper, ActivateableBean {
    private String proxyUserName = "alfresco-system";
    private String proxyHeader = "X-Alfresco-Remote-User";
    private boolean isEnabled;
    private Pattern userIdPattern;
    private PersonService personService;
    static Log logger = LogFactory.getLog(DefaultRemoteUserMapper.class);

    public void setProxyUserName(String str) {
        this.proxyUserName = (str == null || str.length() == 0) ? null : str;
    }

    public void setProxyHeader(String str) {
        this.proxyHeader = (str == null || str.length() == 0) ? null : str;
    }

    public void setActive(boolean z) {
        this.isEnabled = z;
    }

    public void setUserIdPattern(String str) {
        this.userIdPattern = (str == null || str.length() == 0) ? null : Pattern.compile(str);
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    @Override // org.alfresco.repo.security.authentication.external.RemoteUserMapper
    public String getRemoteUser(HttpServletRequest httpServletRequest) {
        if (logger.isDebugEnabled()) {
            logger.debug("Getting RemoteUser from http request.");
        }
        if (!this.isEnabled) {
            if (!logger.isDebugEnabled()) {
                return null;
            }
            logger.debug("DefaultRemoteUserMapper is disabled, returning null.");
            return null;
        }
        String remoteUser = httpServletRequest.getRemoteUser();
        String extractUserFromProxyHeader = extractUserFromProxyHeader(httpServletRequest);
        if (logger.isDebugEnabled()) {
            logger.debug("The remote user id is: " + remoteUser);
            logger.debug("The header user id is: " + extractUserFromProxyHeader);
            logger.debug("The proxy user name is: " + this.proxyUserName);
        }
        if (this.proxyUserName == null) {
            String normalizeUserId = normalizeUserId(extractUserFromProxyHeader != null ? extractUserFromProxyHeader : remoteUser);
            if (logger.isDebugEnabled()) {
                logger.debug("Returning " + normalizeUserId);
            }
            return normalizeUserId;
        }
        if (remoteUser != null) {
            String normalizeUserId2 = normalizeUserId(remoteUser.equals(this.proxyUserName) ? extractUserFromProxyHeader : remoteUser);
            if (logger.isDebugEnabled()) {
                logger.debug("Returning " + normalizeUserId2);
            }
            return normalizeUserId2;
        }
        String str = null;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        if (httpServletRequest.getScheme().toLowerCase().equals("https") && x509CertificateArr != null && x509CertificateArr.length > 0) {
            if (logger.isDebugEnabled()) {
                logger.debug("Checking SSL certificate subject DN to match " + this.proxyUserName);
            }
            int i = 0;
            while (true) {
                if (i >= x509CertificateArr.length) {
                    break;
                }
                String name = x509CertificateArr[i].getSubjectX500Principal().getName();
                if (logger.isDebugEnabled()) {
                    logger.debug("Found subject DN " + name);
                }
                if (name.equals(this.proxyUserName)) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("The subject DN " + name + " matches " + this.proxyUserName);
                    }
                    str = normalizeUserId(extractUserFromProxyHeader != null ? extractUserFromProxyHeader : name);
                } else {
                    i++;
                }
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Returning " + str);
        }
        return str;
    }

    private String normalizeUserId(final String str) {
        if (str == null) {
            return null;
        }
        String str2 = (String) AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<String>() { // from class: org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper.1
            /* renamed from: doWork, reason: merged with bridge method [inline-methods] */
            public String m890doWork() throws Exception {
                return DefaultRemoteUserMapper.this.personService.getUserIdentifier(str);
            }
        }, AuthenticationUtil.getSystemUserName());
        if (logger.isDebugEnabled()) {
            logger.debug("The normalized user name is: " + str2 + " for user id " + str);
        }
        return str2 == null ? str : str2;
    }

    @Override // org.alfresco.repo.management.subsystems.ActivateableBean
    public boolean isActive() {
        return this.isEnabled;
    }

    /* JADX WARN: Removed duplicated region for block: B:19:0x0069  */
    /* JADX WARN: Removed duplicated region for block: B:22:0x0099 A[RETURN, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:23:0x009d  */
    /* JADX WARN: Removed duplicated region for block: B:25:0x0071  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String extractUserFromProxyHeader(javax.servlet.http.HttpServletRequest r6) {
        /*
            r5 = this;
            r0 = r5
            java.lang.String r0 = r0.proxyHeader
            if (r0 != 0) goto L9
            r0 = 0
            return r0
        L9:
            r0 = r6
            r1 = r5
            java.lang.String r1 = r1.proxyHeader
            java.lang.String r0 = r0.getHeader(r1)
            r7 = r0
            r0 = r7
            if (r0 != 0) goto L1a
            r0 = 0
            return r0
        L1a:
            r0 = r6
            java.lang.String r1 = "Remote-User-Encode"
            java.lang.String r0 = r0.getHeader(r1)
            java.lang.Boolean r0 = java.lang.Boolean.valueOf(r0)
            boolean r0 = r0.booleanValue()
            r8 = r0
            r0 = r7
            if (r0 == 0) goto L42
            r0 = r8
            if (r0 == 0) goto L42
            java.lang.String r0 = new java.lang.String     // Catch: java.io.UnsupportedEncodingException -> L60
            r1 = r0
            r2 = r7
            byte[] r2 = org.apache.commons.codec.binary.Base64.decodeBase64(r2)     // Catch: java.io.UnsupportedEncodingException -> L60
            java.lang.String r3 = "UTF-8"
            r1.<init>(r2, r3)     // Catch: java.io.UnsupportedEncodingException -> L60
            r7 = r0
            goto L5d
        L42:
            r0 = r7
            if (r0 == 0) goto L5d
            r0 = r7
            boolean r0 = org.apache.commons.codec.binary.Base64.isBase64(r0)     // Catch: java.io.UnsupportedEncodingException -> L60
            if (r0 != 0) goto L5d
            java.lang.String r0 = new java.lang.String     // Catch: java.io.UnsupportedEncodingException -> L60
            r1 = r0
            r2 = r7
            java.lang.String r3 = "ISO-8859-1"
            byte[] r2 = r2.getBytes(r3)     // Catch: java.io.UnsupportedEncodingException -> L60
            java.lang.String r3 = "UTF-8"
            r1.<init>(r2, r3)     // Catch: java.io.UnsupportedEncodingException -> L60
            r7 = r0
        L5d:
            goto L62
        L60:
            r9 = move-exception
        L62:
            r0 = r5
            java.util.regex.Pattern r0 = r0.userIdPattern
            if (r0 != 0) goto L71
            r0 = r7
            java.lang.String r0 = r0.trim()
            r7 = r0
            goto L92
        L71:
            r0 = r5
            java.util.regex.Pattern r0 = r0.userIdPattern
            r1 = r7
            java.util.regex.Matcher r0 = r0.matcher(r1)
            r9 = r0
            r0 = r9
            boolean r0 = r0.matches()
            if (r0 == 0) goto L90
            r0 = r9
            r1 = 1
            java.lang.String r0 = r0.group(r1)
            java.lang.String r0 = r0.trim()
            r7 = r0
            goto L92
        L90:
            r0 = 0
            return r0
        L92:
            r0 = r7
            int r0 = r0.length()
            if (r0 != 0) goto L9d
            r0 = 0
            goto L9e
        L9d:
            r0 = r7
        L9e:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper.extractUserFromProxyHeader(javax.servlet.http.HttpServletRequest):java.lang.String");
    }
}
