package io.milton.http.http11.auth;

import io.milton.http.AuthenticationHandler;
import io.milton.http.Cookie;
import io.milton.http.HttpManager;
import io.milton.http.Request;
import io.milton.http.ResourceFactory;
import io.milton.http.Response;
import io.milton.http.exceptions.BadRequestException;
import io.milton.http.exceptions.NotAuthorizedException;
import io.milton.principal.DiscretePrincipal;
import io.milton.resource.Resource;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.codec.digest.DigestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/milton/http/http11/auth/CookieAuthenticationHandler.class */
public class CookieAuthenticationHandler implements AuthenticationHandler {
    private static final Logger log = LoggerFactory.getLogger(CookieAuthenticationHandler.class);
    private static final String HANDLER_ATT_NAME = "_delegatedAuthenticationHandler";
    private String requestParamLogout = "miltonLogout";
    private String cookieUserUrlValue = "miltonUserUrl";
    private String cookieUserUrlHash = "miltonUserUrlHash";
    private final List<AuthenticationHandler> handlers;
    private final ResourceFactory principalResourceFactory;

    public CookieAuthenticationHandler(List<AuthenticationHandler> list, ResourceFactory resourceFactory) {
        this.handlers = list;
        this.principalResourceFactory = resourceFactory;
    }

    @Override // io.milton.http.AuthenticationHandler
    public boolean supports(Resource resource, Request request) {
        String userUrl = getUserUrl(request);
        if (isLogout(request) && userUrl != null && userUrl.length() > 0) {
            log.trace("logout: authId: " + userUrl);
            clearCookieValue(HttpManager.response());
        }
        for (AuthenticationHandler authenticationHandler : this.handlers) {
            if (authenticationHandler.supports(resource, request)) {
                request.getAttributes().put(HANDLER_ATT_NAME, authenticationHandler);
                log.debug("supports: true: " + authenticationHandler.getClass().getCanonicalName());
                return true;
            }
        }
        if (userUrl != null) {
            log.debug("supports: found authId: " + userUrl);
            return true;
        }
        log.debug("supports: false");
        return false;
    }

    @Override // io.milton.http.AuthenticationHandler
    public Object authenticate(Resource resource, Request request) {
        Resource resource2;
        log.trace("authenticate");
        AuthenticationHandler authenticationHandler = (AuthenticationHandler) request.getAttributes().get(HANDLER_ATT_NAME);
        if (authenticationHandler != null) {
            log.trace("delegating to: " + authenticationHandler);
            Object authenticate = authenticationHandler.authenticate(resource, request);
            if (authenticate == null) {
                log.info("Login failed by delegated handler: " + authenticationHandler.getClass());
                return null;
            }
            if (authenticate instanceof DiscretePrincipal) {
                setLoginCookies((DiscretePrincipal) authenticate, request);
                log.trace("authentication passed by delegated handler, persisted userUrl to cookie");
            } else {
                log.warn("auth.tag is not a " + DiscretePrincipal.class + ", is: " + authenticate);
            }
            return authenticate;
        }
        String userUrl = getUserUrl(request);
        if (userUrl == null) {
            return null;
        }
        String hostHeader = request.getHostHeader();
        try {
            resource2 = this.principalResourceFactory.getResource(hostHeader, userUrl);
        } catch (BadRequestException e) {
            log.error("Couldnt check userUrl in cookie", (Throwable) e);
            resource2 = null;
        } catch (NotAuthorizedException e2) {
            log.error("Couldnt check userUrl in cookie", (Throwable) e2);
            resource2 = null;
        }
        if (resource2 == null) {
            log.warn("User not found host: " + hostHeader + " userUrl: " + userUrl + " with resourcefactory: " + this.principalResourceFactory);
            clearCookieValue(HttpManager.response());
        }
        return resource2;
    }

    public void setLoginCookies(DiscretePrincipal discretePrincipal, Request request) {
        setLoginCookies(discretePrincipal.getIdenitifer().getValue(), request);
    }

    public void setLoginCookies(String str, Request request) {
        if (request == null) {
            return;
        }
        Response response = HttpManager.response();
        String str2 = Math.random() + "";
        setCookieValues(response, str, str2 + ":" + DigestUtils.md5Hex(str + ":" + str2));
        request.getAttributes().put("userUrl", str);
    }

    @Override // io.milton.http.AuthenticationHandler
    public String getChallenge(Resource resource, Request request) {
        for (AuthenticationHandler authenticationHandler : this.handlers) {
            if (authenticationHandler.isCompatible(resource, request)) {
                return authenticationHandler.getChallenge(resource, request);
            }
        }
        throw new UnsupportedOperationException("Not supported because no delegate handler accepted the request");
    }

    @Override // io.milton.http.AuthenticationHandler
    public boolean isCompatible(Resource resource, Request request) {
        Iterator<AuthenticationHandler> it = this.handlers.iterator();
        while (it.hasNext()) {
            if (it.next().isCompatible(resource, request)) {
                return true;
            }
        }
        return false;
    }

    private boolean isLogout(Request request) {
        String str;
        return (request.getParams() == null || (str = request.getParams().get(this.requestParamLogout)) == null || str.length() <= 0) ? false : true;
    }

    private String getUserUrl(Request request) {
        String userUrlFromCookie;
        if (request == null || (userUrlFromCookie = getUserUrlFromCookie(request)) == null) {
            return null;
        }
        String trim = userUrlFromCookie.trim();
        if (trim.length() <= 0) {
            return null;
        }
        if (verifyHash(trim, request)) {
            return trim;
        }
        log.error("Invalid userUrl hash, possible attempted hacking attempt");
        return null;
    }

    private String getUserUrlFromCookie(Request request) {
        Cookie cookie = request.getCookie(this.cookieUserUrlValue);
        if (cookie == null) {
            return null;
        }
        return cookie.getValue();
    }

    private boolean verifyHash(String str, Request request) {
        String value;
        Cookie cookie = request.getCookie(this.cookieUserUrlHash);
        if (cookie == null || (value = cookie.getValue()) == null) {
            return false;
        }
        String trim = value.trim();
        if (trim.length() == 0) {
            return false;
        }
        String[] split = trim.split(":");
        if (split.length != 2) {
            return false;
        }
        return DigestUtils.md5Hex(str + ":" + split[0]).equals(split[1]);
    }

    private void setCookieValues(Response response, String str, String str2) {
        response.setCookie(this.cookieUserUrlValue, str);
        response.setCookie(this.cookieUserUrlHash, str2);
    }

    private void clearCookieValue(Response response) {
        response.setCookie(this.cookieUserUrlValue, "");
        response.setCookie(this.cookieUserUrlHash, "");
    }
}
