package org.apache.jetspeed.portlets.sso;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
import javax.portlet.PortletConfig;
import javax.portlet.PortletContext;
import javax.portlet.PortletException;
import javax.portlet.PortletMode;
import javax.portlet.PortletPreferences;
import javax.portlet.PortletRequest;
import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.commons.lang.StringUtils;
import org.apache.http.Consts;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CookieStore;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicAuthCache;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.jetspeed.security.JetspeedPrincipal;
import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserManager;
import org.apache.jetspeed.security.mfa.util.SecurityHelper;
import org.apache.jetspeed.security.mfa.util.URIConstants;
import org.apache.jetspeed.sso.SSOException;
import org.apache.jetspeed.sso.SSOManager;
import org.apache.jetspeed.sso.SSOSite;
import org.apache.portals.applications.gems.browser.StatusMessage;
import org.apache.portals.applications.webcontent2.portlet.WebContentPortlet;
import org.apache.portals.applications.webcontent2.portlet.rewriter.WebContentRewriter;
import org.apache.portals.messaging.PortletMessaging;
import org.exolab.castor.persist.spi.QueryExpression;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/org/apache/jetspeed/portlets/sso/SSOWebContentPortlet.class */
public class SSOWebContentPortlet extends WebContentPortlet {
    public static final String SSO_TYPE = "sso.type";
    public static final String SSO_TYPE_HTTP = "http";
    public static final String SSO_TYPE_BASIC = "basic";
    public static final String SSO_TYPE_FORM = "form";
    public static final String SSO_TYPE_FORM_GET = "form.get";
    public static final String SSO_TYPE_FORM_POST = "form.post";
    public static final String SSO_TYPE_URL = "url";
    public static final String SSO_TYPE_URL_BASE64 = "url.base64";
    public static final String SSO_TYPE_CERTIFICATE = "certificate";
    public static final String SSO_TYPE_DEFAULT = "basic";
    public static final String NO_CREDENTIALS = "<p>No credentials configured for current user.</p>";
    public static final String BASIC_AUTH_SCHEME_NAME = "basic";
    public static final String SSO_TYPE_URL_USERNAME_PARAM = "sso.url.Principal";
    public static final String SSO_TYPE_URL_PASSWORD_PARAM = "sso.url.Credential";
    public static final String SSO_TYPE_FORM_ACTION_URL = "sso.form.Action";
    public static final String SSO_TYPE_FORM_ACTION_ARGS = "sso.form.Args";
    public static final String SSO_TYPE_FORM_USERNAME_FIELD = "sso.form.Principal";
    public static final String SSO_TYPE_FORM_PASSWORD_FIELD = "sso.form.Credential";
    public static final String SSO_REQUEST_ATTRIBUTE_USERNAME = "sso.ra.username";
    public static final String SSO_REQUEST_ATTRIBUTE_PASSWORD = "sso.ra.password";
    public static final String SSO_EDIT_FIELD_PRINCIPAL = "ssoPrincipal";
    public static final String SSO_EDIT_FIELD_CREDENTIAL = "ssoCredential";
    public static final String FORM_AUTH_STATE = "ssowebcontent.form.authstate";
    protected PortletContext context;
    protected SSOManager sso;
    protected UserManager userManager;
    protected List<String> ssoTypesList;
    public static final String SSO_TYPE_BASIC_PREEMPTIVE = "basic.preemptive";
    public static final String[] SSO_TYPES = {"basic", SSO_TYPE_BASIC_PREEMPTIVE, "form", "form.get", "form.post", "url", "url.base64", "certificate"};
    protected static final Logger log = LoggerFactory.getLogger(SSOWebContentPortlet.class);

    @Override // org.apache.portals.applications.webcontent2.portlet.WebContentPortlet, org.apache.portals.bridges.velocity.GenericVelocityPortlet
    public void init(PortletConfig portletConfig) throws PortletException {
        super.init(portletConfig);
        this.context = getPortletContext();
        this.sso = (SSOManager) this.context.getAttribute("cps:SSO");
        if (this.sso == null) {
            throw new PortletException("Failed to find SSO Manager on portlet initialization");
        }
        this.userManager = (UserManager) this.context.getAttribute("cps:UserManager");
        if (null == this.userManager) {
            throw new PortletException("Failed to find the User Manager on portlet initialization");
        }
        this.ssoTypesList = new LinkedList();
        for (String str : SSO_TYPES) {
            this.ssoTypesList.add(str);
        }
    }

    protected JetspeedPrincipal getLocalPrincipal(String str) {
        User user = null;
        try {
            user = this.userManager.getUser(str);
        } catch (SecurityException e) {
        }
        return user;
    }

    @Override // org.apache.portals.applications.webcontent2.portlet.WebContentPortlet, org.apache.portals.bridges.velocity.GenericVelocityPortlet
    public void processAction(ActionRequest actionRequest, ActionResponse actionResponse) throws PortletException, IOException {
        String parameter = actionRequest.getParameter(WebContentRewriter.ACTION_PARAMETER_URL);
        String parameter2 = actionRequest.getParameter("ssoPrincipal");
        String parameter3 = actionRequest.getParameter("ssoCredential");
        super.processAction(actionRequest, actionResponse);
        if (parameter == null || actionRequest.getPortletMode() == PortletMode.EDIT) {
            String value = actionRequest.getPreferences().getValue("SRC", "");
            SSOSite bestSubjectSSOSiteByURL = JetspeedSSOUtils.getBestSubjectSSOSiteByURL(this.sso, value);
            try {
                if (!SecurityHelper.isEmpty(value) && !SecurityHelper.isEmpty(parameter2) && !SecurityHelper.isEmpty(parameter3)) {
                    if (bestSubjectSSOSiteByURL == null) {
                        SSOSite newSite = this.sso.newSite(value, value);
                        this.sso.addSite(newSite);
                        SSOPortletUtil.updateUser(this.sso, actionRequest, newSite, parameter2, parameter3);
                    } else {
                        SSOPortletUtil.updateUser(this.sso, actionRequest, bestSubjectSSOSiteByURL, parameter2, parameter3);
                    }
                }
            } catch (SSOException e) {
                String str = "Failed to add remote user for the portal principal, " + actionRequest.getUserPrincipal().getName() + ".";
                if (e.getCause() != null) {
                    str = str + " (" + e.getCause() + DefaultExpressionEngine.DEFAULT_INDEX_END;
                }
                PortletMessaging.publish(actionRequest, "SSOWebContent", "status", new StatusMessage(str, "portlet-msg-error"));
                actionResponse.setPortletMode(PortletMode.EDIT);
            }
        }
    }

    @Override // org.apache.portals.applications.webcontent2.portlet.WebContentPortlet, org.apache.portals.bridges.velocity.GenericVelocityPortlet
    public void doView(RenderRequest renderRequest, RenderResponse renderResponse) throws PortletException, IOException {
        String value = renderRequest.getPreferences().getValue("SRC", (String) null);
        SSOSite sSOSite = null;
        if (value != null) {
            sSOSite = JetspeedSSOUtils.getBestSubjectSSOSiteByURL(this.sso, value);
        }
        if (sSOSite == null) {
            renderResponse.getWriter().print(getResourceBundle(renderRequest.getLocale()).getString("no.credentials"));
            return;
        }
        PasswordCredential credentialsForSite = SSOPortletUtil.getCredentialsForSite(this.sso, value, renderRequest);
        if (credentialsForSite == null) {
            renderResponse.getWriter().print(getResourceBundle(renderRequest.getLocale()).getString("no.credentials"));
            return;
        }
        renderRequest.setAttribute("sso.ra.username", credentialsForSite.getUserName());
        renderRequest.setAttribute("sso.ra.password", credentialsForSite.getPassword());
        StatusMessage statusMessage = (StatusMessage) PortletMessaging.consume(renderRequest, "SSOWebContent", "status");
        if (statusMessage != null) {
            getContext(renderRequest).put("statusMsg", statusMessage);
        }
        super.doView(renderRequest, renderResponse);
    }

    @Override // org.apache.portals.applications.webcontent2.portlet.WebContentPortlet, org.apache.portals.bridges.velocity.GenericVelocityPortlet
    public void doEdit(RenderRequest renderRequest, RenderResponse renderResponse) throws PortletException, IOException {
        PasswordCredential credentialsForSite = SSOPortletUtil.getCredentialsForSite(this.sso, renderRequest.getPreferences().getValue("SRC", ""), renderRequest);
        if (credentialsForSite != null) {
            getContext(renderRequest).put("ssoPrincipal", credentialsForSite.getUserName());
            getContext(renderRequest).put("ssoCredential", credentialsForSite.getPassword());
        } else {
            getContext(renderRequest).put("ssoPrincipal", "");
            getContext(renderRequest).put("ssoCredential", "");
        }
        StatusMessage statusMessage = (StatusMessage) PortletMessaging.consume(renderRequest, "SSOWebContent", "status");
        if (statusMessage != null) {
            getContext(renderRequest).put("statusMsg", statusMessage);
        }
        getContext(renderRequest).put("ssoTypes", SSO_TYPES);
        getContext(renderRequest).put("ssoTypeSelected", renderRequest.getPreferences().getValue("sso.type", "basic"));
        super.doEdit(renderRequest, renderResponse);
    }

    @Override // org.apache.portals.applications.webcontent2.portlet.WebContentPortlet
    protected HttpClientContext getHttpClientContext(PortletRequest portletRequest, HttpRequestBase httpRequestBase) {
        HttpClientContext httpClientContext = null;
        if (SSO_TYPE_BASIC_PREEMPTIVE.equalsIgnoreCase(getSingleSignOnAuthType(portletRequest.getPreferences()))) {
            String defaultString = StringUtils.defaultString((String) portletRequest.getAttribute("sso.ra.username"));
            String defaultString2 = StringUtils.defaultString((String) portletRequest.getAttribute("sso.ra.password"));
            httpClientContext = HttpClientContext.create();
            httpClientContext.setCredentialsProvider(new BasicCredentialsProvider());
            httpClientContext.setAuthCache(new BasicAuthCache());
            URI uri = httpRequestBase.getURI();
            String scheme = uri.getScheme();
            String host = uri.getHost();
            int port = uri.getPort() > 0 ? uri.getPort() : URIConstants.HTTPS.equals(scheme) ? 443 : 80;
            httpClientContext.getAuthCache().put(new HttpHost(host, port, scheme), new BasicScheme());
            httpClientContext.getCredentialsProvider().setCredentials(new AuthScope(host, port), new UsernamePasswordCredentials(defaultString, defaultString2));
        }
        return httpClientContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.portals.applications.webcontent2.portlet.WebContentPortlet
    public byte[] doPreemptiveAuthentication(CloseableHttpClient closeableHttpClient, CookieStore cookieStore, HttpRequestBase httpRequestBase, RenderRequest renderRequest, RenderResponse renderResponse) {
        byte[] doPreemptiveAuthentication = super.doPreemptiveAuthentication(closeableHttpClient, cookieStore, httpRequestBase, renderRequest, renderResponse);
        if (doPreemptiveAuthentication != null) {
            return doPreemptiveAuthentication;
        }
        PortletPreferences preferences = renderRequest.getPreferences();
        String singleSignOnAuthType = getSingleSignOnAuthType(preferences);
        if (!StringUtils.startsWith(singleSignOnAuthType, "form")) {
            if (!singleSignOnAuthType.equalsIgnoreCase("url") && !singleSignOnAuthType.equalsIgnoreCase("url.base64")) {
                return null;
            }
            String value = preferences.getValue("sso.url.Principal", "");
            if (StringUtils.isEmpty(value)) {
                log.warn("sso.type specified as 'url', but no: sso.url.Principal, username parameter was specified - unable to preemptively authenticate by URL.");
                return null;
            }
            String value2 = preferences.getValue("sso.url.Credential", "");
            if (StringUtils.isEmpty(value2)) {
                log.warn("sso.type specified as 'url', but no: sso.url.Credential, password parameter was specified - unable to preemptively authenticate by URL.");
                return null;
            }
            String defaultString = StringUtils.defaultString((String) renderRequest.getAttribute("sso.ra.username"));
            String defaultString2 = StringUtils.defaultString((String) renderRequest.getAttribute("sso.ra.password"));
            if ("url.base64".equalsIgnoreCase(singleSignOnAuthType)) {
                Base64 base64 = new Base64();
                defaultString = new String(base64.encode(defaultString.getBytes()));
                defaultString2 = new String(base64.encode(defaultString2.getBytes()));
            }
            if (httpRequestBase instanceof HttpPost) {
                ArrayList arrayList = new ArrayList();
                arrayList.add(new BasicNameValuePair(value, defaultString));
                arrayList.add(new BasicNameValuePair(value2, defaultString2));
                ((HttpPost) httpRequestBase).setEntity(new UrlEncodedFormEntity(arrayList, Consts.UTF_8));
            } else {
                try {
                    URIBuilder uRIBuilder = new URIBuilder(httpRequestBase.getURI());
                    uRIBuilder.addParameter(value, defaultString);
                    uRIBuilder.addParameter(value2, defaultString2);
                    httpRequestBase.setURI(uRIBuilder.build());
                } catch (URISyntaxException e) {
                    log.error("URI syntax error.", (Throwable) e);
                }
            }
            return doPreemptiveAuthentication;
        }
        try {
            Boolean bool = (Boolean) PortletMessaging.receive(renderRequest, FORM_AUTH_STATE);
            if (bool != null) {
                if (bool.booleanValue()) {
                    return doPreemptiveAuthentication;
                }
                return null;
            }
            PortletMessaging.publish(renderRequest, FORM_AUTH_STATE, Boolean.FALSE);
            String value3 = preferences.getValue("sso.form.Action", "");
            if (StringUtils.isEmpty(value3)) {
                log.warn("sso.type specified as 'form', but no: sso.form.Action, action was specified - unable to preemptively authenticate by form.");
                return null;
            }
            String value4 = preferences.getValue("sso.form.Principal", "");
            if (StringUtils.isEmpty(value4)) {
                log.warn("sso.type specified as 'form', but no: sso.form.Principal, username field was specified - unable to preemptively authenticate by form.");
                return null;
            }
            String value5 = preferences.getValue("sso.form.Credential", "password");
            if (StringUtils.isEmpty(value5)) {
                log.warn("sso.type specified as 'form', but no: sso.form.Credential, password field was specified - unable to preemptively authenticate by form.");
                return null;
            }
            String defaultString3 = StringUtils.defaultString((String) renderRequest.getAttribute("sso.ra.username"));
            String defaultString4 = StringUtils.defaultString((String) renderRequest.getAttribute("sso.ra.password"));
            String str = StringUtils.contains(singleSignOnAuthType, '.') ? StringUtils.equalsIgnoreCase(StringUtils.substringAfter(singleSignOnAuthType, "."), "POST") : StringUtils.equalsIgnoreCase(singleSignOnAuthType, "POST") ? "POST" : "GET";
            HashMap hashMap = new HashMap();
            hashMap.put(value4, new String[]{defaultString3});
            hashMap.put(value5, new String[]{defaultString4});
            String value6 = preferences.getValue("sso.form.Args", "");
            if (StringUtils.isNotEmpty(value6)) {
                for (String str2 : StringUtils.split(value6, ";")) {
                    String substringBefore = StringUtils.substringBefore(str2, QueryExpression.OpEquals);
                    String substringAfter = StringUtils.substringAfter(str2, QueryExpression.OpEquals);
                    if (StringUtils.isNotEmpty(substringBefore)) {
                        hashMap.put(substringBefore, new String[]{substringAfter});
                    }
                }
            }
            byte[] doHttpWebContent = doHttpWebContent(closeableHttpClient, cookieStore, createHttpRequest(closeableHttpClient, str, value3, null, hashMap, renderRequest), 0, renderRequest, renderResponse, null);
            PortletMessaging.publish(renderRequest, FORM_AUTH_STATE, Boolean.valueOf(doHttpWebContent != null));
            return doHttpWebContent;
        } catch (Exception e2) {
            log.error("Form-based authentication failed", (Throwable) e2);
            return null;
        }
    }

    protected String getSingleSignOnAuthType(PortletPreferences portletPreferences) {
        String value = portletPreferences.getValue("sso.type", "basic");
        if ("http".equalsIgnoreCase(value)) {
            log.warn("sso.type: http, has been deprecated - use: basic, or: basic.preemptive");
            value = "basic";
        }
        return value;
    }
}
