package org.alfresco.web.app.servlet;

import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
import javax.portlet.PortletSession;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.transaction.UserTransaction;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.i18n.I18NUtil;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.web.app.Application;
import org.alfresco.web.bean.LoginBean;
import org.alfresco.web.bean.repository.User;
import org.alfresco.web.bean.spaces.CreateSpaceWizard;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:org/alfresco/web/app/servlet/AuthenticationHelper.class */
public final class AuthenticationHelper {
    public static final String AUTHENTICATION_USER = "_alfAuthTicket";
    public static final String SESSION_USERNAME = "_alfLastUser";
    public static final String SESSION_INVALIDATED = "_alfSessionInvalid";
    public static final String LOGIN_BEAN = "LoginBean";
    private static final String AUTHENTICATION_SERVICE = "AuthenticationService";
    private static final String UNPROTECTED_AUTH_SERVICE = "authenticationService";
    private static final String PERSON_SERVICE = "personService";
    private static final String COOKIE_ALFUSER = "alfUser";
    private static ThreadLocal<String> portalUserKeyName = new ThreadLocal<>();
    private static Log logger = LogFactory.getLog(AuthenticationHelper.class);

    public static AuthenticationStatus authenticate(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException {
        return authenticate(servletContext, httpServletRequest, httpServletResponse, z, true);
    }

    public static AuthenticationStatus authenticate(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, boolean z2) throws IOException {
        HttpSession session = httpServletRequest.getSession();
        User user = getUser(httpServletRequest, httpServletResponse);
        LoginBean loginBean = null;
        if (!Application.inPortalServer()) {
            loginBean = (LoginBean) session.getAttribute(LOGIN_BEAN);
        }
        WebApplicationContext requiredWebApplicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
        AuthenticationService authenticationService = (AuthenticationService) requiredWebApplicationContext.getBean(AUTHENTICATION_SERVICE);
        if (user != null && !z) {
            try {
                authenticationService.validate(user.getTicket());
                if (loginBean != null) {
                    setUsernameCookie(httpServletRequest, httpServletResponse, loginBean.getUsernameInternal());
                }
                FacesHelper.getFacesContext((ServletRequest) httpServletRequest, (ServletResponse) httpServletResponse, servletContext);
                I18NUtil.setLocale(Application.getLanguage(httpServletRequest.getSession()));
                if (loginBean != null && loginBean.getUserPreferencesBean() != null) {
                    String contentFilterLanguage = loginBean.getUserPreferencesBean().getContentFilterLanguage();
                    if (contentFilterLanguage != null) {
                        I18NUtil.setContentLocale(I18NUtil.parseLocale(contentFilterLanguage));
                    } else {
                        I18NUtil.setContentLocale((Locale) null);
                    }
                }
                return AuthenticationStatus.Success;
            } catch (AuthenticationException e) {
                return AuthenticationStatus.Failure;
            }
        }
        if (session.getAttribute(SESSION_INVALIDATED) == null) {
            Cookie authCookie = getAuthCookie(httpServletRequest);
            if (z2 && (authCookie == null || z)) {
                UserTransaction userTransaction = null;
                try {
                    try {
                        try {
                            authenticationService.authenticateAsGuest();
                            ServiceRegistry serviceRegistry = BaseServlet.getServiceRegistry(servletContext);
                            UserTransaction userTransaction2 = serviceRegistry.getTransactionService().getUserTransaction();
                            userTransaction2.begin();
                            NodeService nodeService = serviceRegistry.getNodeService();
                            NodeRef person = ((PersonService) requiredWebApplicationContext.getBean(PERSON_SERVICE)).getPerson("guest");
                            User user2 = new User("guest", authenticationService.getCurrentTicket(), person);
                            NodeRef property = nodeService.getProperty(person, ContentModel.PROP_HOMEFOLDER);
                            if (property == null || !nodeService.exists(property)) {
                                logger.warn("Unable to locate Guest Home space - may have been deleted?");
                                throw new AuthenticationException(CreateSpaceWizard.DEFAULT_SPACE_ICON_PATH);
                            }
                            user2.setHomeSpaceId(property.getId());
                            userTransaction2.commit();
                            UserTransaction userTransaction3 = null;
                            session.setAttribute(AUTHENTICATION_USER, user2);
                            FacesHelper.getFacesContext((ServletRequest) httpServletRequest, (ServletResponse) httpServletResponse, servletContext);
                            I18NUtil.setLocale(Application.getLanguage(httpServletRequest.getSession()));
                            session.removeAttribute(SESSION_INVALIDATED);
                            AuthenticationStatus authenticationStatus = AuthenticationStatus.Guest;
                            if (0 != 0) {
                                try {
                                    userTransaction3.rollback();
                                } catch (Exception e2) {
                                }
                            }
                            return authenticationStatus;
                        } catch (Throwable th) {
                            if (0 != 0) {
                                try {
                                    userTransaction.rollback();
                                } catch (Exception e3) {
                                    throw th;
                                }
                            }
                            throw th;
                        }
                    } catch (Throwable th2) {
                        AuthenticationService authenticationService2 = (AuthenticationService) requiredWebApplicationContext.getBean(UNPROTECTED_AUTH_SERVICE);
                        authenticationService2.invalidateTicket(authenticationService2.getCurrentTicket());
                        authenticationService2.clearCurrentSecurityContext();
                        throw new AlfrescoRuntimeException("Failed to authenticate as Guest user.", th2);
                    }
                } catch (AuthenticationException e4) {
                    if (0 != 0) {
                        try {
                            userTransaction.rollback();
                        } catch (Exception e5) {
                        }
                    }
                } catch (AccessDeniedException e6) {
                    AuthenticationService authenticationService3 = (AuthenticationService) requiredWebApplicationContext.getBean(UNPROTECTED_AUTH_SERVICE);
                    authenticationService3.invalidateTicket(authenticationService3.getCurrentTicket());
                    authenticationService3.clearCurrentSecurityContext();
                    logger.warn("Unable to login as Guest: " + e6.getMessage());
                    if (0 != 0) {
                        try {
                            userTransaction.rollback();
                        } catch (Exception e7) {
                        }
                    }
                }
            }
        }
        return AuthenticationStatus.Failure;
    }

    public static AuthenticationStatus authenticate(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        WebApplicationContext requiredWebApplicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
        AuthenticationService authenticationService = (AuthenticationService) requiredWebApplicationContext.getBean(AUTHENTICATION_SERVICE);
        UserTransaction userTransaction = null;
        try {
            try {
                try {
                    authenticationService.validate(str);
                    HttpSession session = httpServletRequest.getSession();
                    if (((User) session.getAttribute(AUTHENTICATION_USER)) == null) {
                        String currentUserName = authenticationService.getCurrentUserName();
                        ServiceRegistry serviceRegistry = BaseServlet.getServiceRegistry(servletContext);
                        UserTransaction userTransaction2 = serviceRegistry.getTransactionService().getUserTransaction();
                        userTransaction2.begin();
                        NodeService nodeService = serviceRegistry.getNodeService();
                        NodeRef person = ((PersonService) requiredWebApplicationContext.getBean(PERSON_SERVICE)).getPerson(currentUserName);
                        User user = new User(currentUserName, authenticationService.getCurrentTicket(), person);
                        NodeRef property = nodeService.getProperty(person, ContentModel.PROP_HOMEFOLDER);
                        if (!nodeService.exists(property)) {
                            throw new InvalidNodeRefException(property);
                        }
                        user.setHomeSpaceId(property.getId());
                        userTransaction2.commit();
                        userTransaction = null;
                        session.setAttribute(AUTHENTICATION_USER, user);
                    }
                    if (userTransaction != null) {
                        try {
                            userTransaction.rollback();
                        } catch (Exception e) {
                        }
                    }
                    FacesHelper.getFacesContext((ServletRequest) httpServletRequest, (ServletResponse) httpServletResponse, servletContext);
                    I18NUtil.setLocale(Application.getLanguage(httpServletRequest.getSession()));
                    return AuthenticationStatus.Success;
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            userTransaction.rollback();
                        } catch (Exception e2) {
                            throw th;
                        }
                    }
                    throw th;
                }
            } catch (AuthenticationException e3) {
                AuthenticationStatus authenticationStatus = AuthenticationStatus.Failure;
                if (0 != 0) {
                    try {
                        userTransaction.rollback();
                    } catch (Exception e4) {
                        return authenticationStatus;
                    }
                }
                return authenticationStatus;
            }
        } catch (Throwable th2) {
            AuthenticationService authenticationService2 = (AuthenticationService) requiredWebApplicationContext.getBean(UNPROTECTED_AUTH_SERVICE);
            authenticationService2.invalidateTicket(authenticationService2.getCurrentTicket());
            authenticationService2.clearCurrentSecurityContext();
            AuthenticationStatus authenticationStatus2 = AuthenticationStatus.Failure;
            if (0 != 0) {
                try {
                    userTransaction.rollback();
                } catch (Exception e5) {
                    return authenticationStatus2;
                }
            }
            return authenticationStatus2;
        }
    }

    public static AuthenticationStatus portalGuestAuthenticate(WebApplicationContext webApplicationContext, PortletSession portletSession, AuthenticationService authenticationService) {
        UserTransaction userTransaction = null;
        try {
            try {
                authenticationService.authenticateAsGuest();
                ServiceRegistry serviceRegistry = (ServiceRegistry) webApplicationContext.getBean("ServiceRegistry");
                UserTransaction userTransaction2 = serviceRegistry.getTransactionService().getUserTransaction();
                userTransaction2.begin();
                NodeService nodeService = serviceRegistry.getNodeService();
                NodeRef person = ((PersonService) webApplicationContext.getBean(PERSON_SERVICE)).getPerson("guest");
                User user = new User("guest", authenticationService.getCurrentTicket(), person);
                NodeRef property = nodeService.getProperty(person, ContentModel.PROP_HOMEFOLDER);
                if (!nodeService.exists(property)) {
                    throw new InvalidNodeRefException(property);
                }
                user.setHomeSpaceId(property.getId());
                userTransaction2.commit();
                UserTransaction userTransaction3 = null;
                portletSession.setAttribute(AUTHENTICATION_USER, user);
                I18NUtil.setLocale(Application.getLanguage(portletSession));
                portletSession.removeAttribute(SESSION_INVALIDATED);
                AuthenticationStatus authenticationStatus = AuthenticationStatus.Guest;
                if (0 != 0) {
                    try {
                        userTransaction3.rollback();
                    } catch (Exception e) {
                    }
                }
                return authenticationStatus;
            } catch (AccessDeniedException e2) {
                AuthenticationService authenticationService2 = (AuthenticationService) webApplicationContext.getBean(UNPROTECTED_AUTH_SERVICE);
                authenticationService2.invalidateTicket(authenticationService2.getCurrentTicket());
                authenticationService2.clearCurrentSecurityContext();
                logger.warn("Unable to login as Guest: " + e2.getMessage());
                if (0 != 0) {
                    try {
                        userTransaction.rollback();
                    } catch (Exception e3) {
                        return AuthenticationStatus.Failure;
                    }
                }
                return AuthenticationStatus.Failure;
            } catch (AuthenticationException e4) {
                if (0 != 0) {
                    try {
                        userTransaction.rollback();
                    } catch (Exception e5) {
                        return AuthenticationStatus.Failure;
                    }
                }
                return AuthenticationStatus.Failure;
            } catch (Throwable th) {
                AuthenticationService authenticationService3 = (AuthenticationService) webApplicationContext.getBean(UNPROTECTED_AUTH_SERVICE);
                authenticationService3.invalidateTicket(authenticationService3.getCurrentTicket());
                authenticationService3.clearCurrentSecurityContext();
                throw new AlfrescoRuntimeException("Failed to authenticate as Guest user.", th);
            }
        } catch (Throwable th2) {
            if (0 != 0) {
                try {
                    userTransaction.rollback();
                } catch (Exception e6) {
                    throw th2;
                }
            }
            throw th2;
        }
    }

    public static User getUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession();
        User user = null;
        if (Application.inPortalServer()) {
            if (portalUserKeyName.get() == null) {
                Enumeration attributeNames = session.getAttributeNames();
                while (true) {
                    if (!attributeNames.hasMoreElements()) {
                        break;
                    }
                    String str = (String) attributeNames.nextElement();
                    if (str.endsWith(AUTHENTICATION_USER)) {
                        portalUserKeyName.set(str);
                        break;
                    }
                }
            }
            if (portalUserKeyName.get() != null) {
                user = (User) session.getAttribute(portalUserKeyName.get());
            }
        } else {
            user = (User) session.getAttribute(AUTHENTICATION_USER);
        }
        return user;
    }

    public static void setUsernameCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        Cookie authCookie = getAuthCookie(httpServletRequest);
        if (authCookie == null) {
            authCookie = new Cookie(COOKIE_ALFUSER, str);
        } else {
            authCookie.setValue(str);
        }
        authCookie.setPath(httpServletRequest.getContextPath());
        authCookie.setMaxAge(604800);
        httpServletResponse.addCookie(authCookie);
    }

    public static Cookie getAuthCookie(HttpServletRequest httpServletRequest) {
        Cookie cookie = null;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            int i = 0;
            while (true) {
                if (i >= cookies.length) {
                    break;
                }
                if (COOKIE_ALFUSER.equals(cookies[i].getName())) {
                    cookie = cookies[i];
                    break;
                }
                i++;
            }
        }
        return cookie;
    }
}
