package org.apache.wiki.auth;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.io.IOUtils;
import org.apache.log4j.Logger;
import org.apache.wiki.Release;
import org.apache.wiki.WikiEngine;
import org.apache.wiki.WikiSession;
import org.apache.wiki.api.exceptions.WikiException;
import org.apache.wiki.auth.authorize.Role;
import org.apache.wiki.auth.authorize.WebAuthorizer;
import org.apache.wiki.auth.authorize.WebContainerAuthorizer;
import org.apache.wiki.auth.login.AnonymousLoginModule;
import org.apache.wiki.auth.login.CookieAssertionLoginModule;
import org.apache.wiki.auth.login.CookieAuthenticationLoginModule;
import org.apache.wiki.auth.login.UserDatabaseLoginModule;
import org.apache.wiki.auth.login.WebContainerCallbackHandler;
import org.apache.wiki.auth.login.WebContainerLoginModule;
import org.apache.wiki.auth.login.WikiCallbackHandler;
import org.apache.wiki.event.WikiEventListener;
import org.apache.wiki.event.WikiEventManager;
import org.apache.wiki.event.WikiSecurityEvent;
import org.apache.wiki.util.TextUtil;
import org.apache.wiki.util.TimedCounterList;

/* loaded from: input_file:org/apache/wiki/auth/AuthenticationManager.class */
public class AuthenticationManager {
    private static final long LASTLOGINS_CLEANUP_TIME = 600000;
    private static final long MAX_LOGIN_DELAY = 20000;
    public static final String PROP_STOREIPADDRESS = "jspwiki.storeIPAddress";
    public static final String PROP_ALLOW_COOKIE_AUTH = "jspwiki.cookieAuthentication";
    public static final String PROP_SECURITY = "jspwiki.security";
    public static final String SECURITY_OFF = "off";
    public static final String SECURITY_JAAS = "jaas";
    public static final String PROP_LOGIN_THROTTLING = "jspwiki.login.throttling";
    protected static final String PREFIX_LOGIN_MODULE_OPTIONS = "jspwiki.loginModule.options.";
    protected static final String PROP_ALLOW_COOKIE_ASSERTIONS = "jspwiki.cookieAssertions";
    protected static final String PROP_LOGIN_MODULE = "jspwiki.loginModule.class";
    protected static final String SECURITY_CONTAINER = "container";
    private static final String DEFAULT_LOGIN_MODULE = "org.apache.wiki.auth.login.UserDatabaseLoginModule";
    public static final String COOKIE_MODULE = CookieAssertionLoginModule.class.getName();
    public static final String COOKIE_AUTHENTICATION_MODULE = CookieAuthenticationLoginModule.class.getName();
    protected static final Logger log = Logger.getLogger(AuthenticationManager.class);
    protected static final Map<String, String> EMPTY_MAP = Collections.unmodifiableMap(new HashMap());
    private static final Set<Principal> NO_PRINCIPALS = new HashSet();
    protected Class<? extends LoginModule> m_loginModuleClass = UserDatabaseLoginModule.class;
    protected Map<String, String> m_loginModuleOptions = new HashMap();
    private boolean m_allowsCookieAssertions = true;
    private boolean m_throttleLogins = true;
    private boolean m_allowsCookieAuthentication = false;
    private WikiEngine m_engine = null;
    private boolean m_storeIPAddress = true;
    private boolean m_useJAAS = true;
    private TimedCounterList<String> m_lastLoginAttempts = new TimedCounterList<>();

    public void initialize(WikiEngine wikiEngine, Properties properties) throws WikiException {
        this.m_engine = wikiEngine;
        this.m_storeIPAddress = TextUtil.getBooleanProperty(properties, PROP_STOREIPADDRESS, this.m_storeIPAddress);
        this.m_useJAAS = SECURITY_JAAS.equals(properties.getProperty(PROP_SECURITY, SECURITY_JAAS));
        this.m_allowsCookieAssertions = TextUtil.getBooleanProperty(properties, PROP_ALLOW_COOKIE_ASSERTIONS, true);
        this.m_allowsCookieAuthentication = TextUtil.getBooleanProperty(properties, PROP_ALLOW_COOKIE_AUTH, false);
        this.m_throttleLogins = TextUtil.getBooleanProperty(properties, PROP_LOGIN_THROTTLING, true);
        try {
            this.m_loginModuleClass = Class.forName(TextUtil.getStringProperty(properties, PROP_LOGIN_MODULE, DEFAULT_LOGIN_MODULE));
            initLoginModuleOptions(properties);
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
            throw new WikiException("Could not instantiate LoginModule class.", e);
        }
    }

    public boolean isContainerAuthenticated() {
        if (!this.m_useJAAS) {
            return true;
        }
        try {
            Authorizer authorizer = this.m_engine.getAuthorizationManager().getAuthorizer();
            if (authorizer instanceof WebContainerAuthorizer) {
                return ((WebContainerAuthorizer) authorizer).isContainerAuthorized();
            }
            return false;
        } catch (WikiException e) {
            return false;
        }
    }

    public boolean login(HttpServletRequest httpServletRequest) throws WikiSecurityException {
        WikiSession find = SessionMonitor.getInstance(this.m_engine).find(httpServletRequest.getSession());
        AuthenticationManager authenticationManager = this.m_engine.getAuthenticationManager();
        AuthorizationManager authorizationManager = this.m_engine.getAuthorizationManager();
        WebContainerCallbackHandler webContainerCallbackHandler = null;
        Map<String, String> map = EMPTY_MAP;
        if (!find.isAuthenticated()) {
            webContainerCallbackHandler = new WebContainerCallbackHandler(this.m_engine, httpServletRequest);
            Set<Principal> doJAASLogin = authenticationManager.doJAASLogin(WebContainerLoginModule.class, webContainerCallbackHandler, map);
            if (doJAASLogin.size() == 0 && authenticationManager.allowsCookieAuthentication()) {
                doJAASLogin = authenticationManager.doJAASLogin(CookieAuthenticationLoginModule.class, webContainerCallbackHandler, map);
            }
            if (doJAASLogin.size() > 0) {
                fireEvent(40, getLoginPrincipal(doJAASLogin), find);
                Iterator<Principal> it = doJAASLogin.iterator();
                while (it.hasNext()) {
                    fireEvent(35, it.next(), find);
                }
                injectAuthorizerRoles(find, authorizationManager.getAuthorizer(), httpServletRequest);
            }
        }
        if (!find.isAuthenticated() && authenticationManager.allowsCookieAssertions()) {
            Set<Principal> doJAASLogin2 = authenticationManager.doJAASLogin(CookieAssertionLoginModule.class, webContainerCallbackHandler, map);
            if (doJAASLogin2.size() > 0) {
                fireEvent(32, getLoginPrincipal(doJAASLogin2), find);
            }
        }
        if (!find.isAnonymous()) {
            return false;
        }
        Set<Principal> doJAASLogin3 = authenticationManager.doJAASLogin(AnonymousLoginModule.class, webContainerCallbackHandler, map);
        if (doJAASLogin3.size() <= 0) {
            return false;
        }
        fireEvent(31, getLoginPrincipal(doJAASLogin3), find);
        return true;
    }

    public boolean login(WikiSession wikiSession, String str, String str2) throws WikiSecurityException {
        return login(wikiSession, null, str, str2);
    }

    public boolean login(WikiSession wikiSession, HttpServletRequest httpServletRequest, String str, String str2) throws WikiSecurityException {
        if (wikiSession == null) {
            log.error("No wiki session provided, cannot log in.");
            return false;
        }
        if (this.m_throttleLogins) {
            delayLogin(str);
        }
        Set<Principal> doJAASLogin = doJAASLogin(this.m_loginModuleClass, new WikiCallbackHandler(this.m_engine, null, str, str2), this.m_loginModuleOptions);
        if (doJAASLogin.size() <= 0) {
            return false;
        }
        fireEvent(40, getLoginPrincipal(doJAASLogin), wikiSession);
        Iterator<Principal> it = doJAASLogin.iterator();
        while (it.hasNext()) {
            fireEvent(35, it.next(), wikiSession);
        }
        injectAuthorizerRoles(wikiSession, this.m_engine.getAuthorizationManager().getAuthorizer(), null);
        return true;
    }

    private void delayLogin(String str) {
        try {
            this.m_lastLoginAttempts.cleanup(LASTLOGINS_CLEANUP_TIME);
            long min = Math.min(1 << this.m_lastLoginAttempts.count(str), MAX_LOGIN_DELAY);
            log.debug("Sleeping for " + min + " ms to allow login.");
            Thread.sleep(min);
            this.m_lastLoginAttempts.add(str);
        } catch (InterruptedException e) {
        }
    }

    public void logout(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            log.error("No HTTP reqest provided; cannot log out.");
            return;
        }
        HttpSession session = httpServletRequest.getSession();
        String id = session == null ? "(null)" : session.getId();
        if (log.isDebugEnabled()) {
            log.debug("Invalidating WikiSession for session ID=" + id);
        }
        WikiSession wikiSession = WikiSession.getWikiSession(this.m_engine, httpServletRequest);
        Principal loginPrincipal = wikiSession.getLoginPrincipal();
        wikiSession.invalidate();
        WikiSession.removeWikiSession(this.m_engine, httpServletRequest);
        if (session != null) {
            session.invalidate();
        }
        fireEvent(44, loginPrincipal, null);
    }

    public boolean allowsCookieAssertions() {
        return this.m_allowsCookieAssertions;
    }

    public boolean allowsCookieAuthentication() {
        return this.m_allowsCookieAuthentication;
    }

    public static boolean isRolePrincipal(Principal principal) {
        return (principal instanceof Role) || (principal instanceof GroupPrincipal);
    }

    public static boolean isUserPrincipal(Principal principal) {
        return !isRolePrincipal(principal);
    }

    protected Set<Principal> doJAASLogin(Class<? extends LoginModule> cls, CallbackHandler callbackHandler, Map<String, String> map) throws WikiSecurityException {
        try {
            LoginModule newInstance = cls.newInstance();
            Subject subject = new Subject();
            newInstance.initialize(subject, callbackHandler, EMPTY_MAP, map);
            boolean z = false;
            boolean z2 = false;
            try {
                z = newInstance.login();
                if (z) {
                    z2 = newInstance.commit();
                }
            } catch (LoginException e) {
            }
            return (z && z2) ? subject.getPrincipals() : NO_PRINCIPALS;
        } catch (IllegalAccessException e2) {
            throw new WikiSecurityException(e2.getMessage(), e2);
        } catch (InstantiationException e3) {
            throw new WikiSecurityException(e3.getMessage(), e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static URL findConfigFile(WikiEngine wikiEngine, String str) {
        File file = null;
        if (wikiEngine.getRootPath() != null) {
            file = new File(wikiEngine.getRootPath() + "/WEB-INF/" + str);
        }
        if (file != null && file.exists()) {
            try {
                return file.toURI().toURL();
            } catch (MalformedURLException e) {
                log.warn("Malformed URL: " + e.getMessage());
            }
        }
        URL url = null;
        if (wikiEngine.getServletContext() != null) {
            FileOutputStream fileOutputStream = null;
            InputStream inputStream = null;
            try {
                try {
                    inputStream = AuthenticationManager.class.getResourceAsStream("/" + str);
                    File createTempFile = File.createTempFile("temp." + str, Release.BUILD);
                    createTempFile.deleteOnExit();
                    fileOutputStream = new FileOutputStream(createTempFile);
                    byte[] bArr = new byte[1024];
                    while (inputStream.read(bArr) != -1) {
                        fileOutputStream.write(bArr);
                    }
                    url = createTempFile.toURI().toURL();
                    IOUtils.closeQuietly(inputStream);
                    IOUtils.closeQuietly(fileOutputStream);
                } catch (Throwable th) {
                    IOUtils.closeQuietly(inputStream);
                    IOUtils.closeQuietly(fileOutputStream);
                    throw th;
                }
            } catch (MalformedURLException e2) {
                log.fatal("Your code is b0rked.  You are a bad person.", e2);
                IOUtils.closeQuietly(inputStream);
                IOUtils.closeQuietly(fileOutputStream);
            } catch (IOException e3) {
                log.error("failed to load security policy from file " + str + ",stacktrace follows", e3);
                IOUtils.closeQuietly(inputStream);
                IOUtils.closeQuietly(fileOutputStream);
            }
        }
        return url;
    }

    protected Principal getLoginPrincipal(Set<Principal> set) {
        for (Principal principal : set) {
            if (isUserPrincipal(principal)) {
                return principal;
            }
        }
        return null;
    }

    public synchronized void addWikiEventListener(WikiEventListener wikiEventListener) {
        WikiEventManager.addWikiEventListener(this, wikiEventListener);
    }

    public synchronized void removeWikiEventListener(WikiEventListener wikiEventListener) {
        WikiEventManager.removeWikiEventListener(this, wikiEventListener);
    }

    protected void fireEvent(int i, Principal principal, Object obj) {
        if (WikiEventManager.isListening(this)) {
            WikiEventManager.fireEvent(this, new WikiSecurityEvent(this, i, principal, obj));
        }
    }

    private void initLoginModuleOptions(Properties properties) {
        Iterator it = properties.keySet().iterator();
        while (it.hasNext()) {
            String obj = it.next().toString();
            if (obj.startsWith(PREFIX_LOGIN_MODULE_OPTIONS)) {
                String trim = obj.substring(PREFIX_LOGIN_MODULE_OPTIONS.length()).trim();
                if (trim.length() > 0) {
                    String property = properties.getProperty(obj);
                    if (this.m_loginModuleOptions.containsKey(trim)) {
                        throw new IllegalArgumentException("JAAS LoginModule key " + obj + " cannot be specified twice!");
                    }
                    this.m_loginModuleOptions.put(trim, property);
                } else {
                    continue;
                }
            }
        }
    }

    private void injectAuthorizerRoles(WikiSession wikiSession, Authorizer authorizer, HttpServletRequest httpServletRequest) {
        for (Principal principal : authorizer.getRoles()) {
            if (authorizer.isUserInRole(wikiSession, principal)) {
                fireEvent(35, principal, wikiSession);
                if (log.isDebugEnabled()) {
                    log.debug("Added authorizer role " + principal.getName() + ".");
                }
            } else if (httpServletRequest != null && (authorizer instanceof WebAuthorizer) && ((WebAuthorizer) authorizer).isUserInRole(httpServletRequest, principal)) {
                fireEvent(35, principal, wikiSession);
                if (log.isDebugEnabled()) {
                    log.debug("Added container role " + principal.getName() + ".");
                }
            }
        }
    }
}
