package org.craftercms.security.authentication.impl;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.commons.crypto.CryptoException;
import org.craftercms.commons.crypto.TextEncryptor;
import org.craftercms.commons.http.CookieManager;
import org.craftercms.commons.http.HttpUtils;
import org.craftercms.commons.http.RequestContext;
import org.craftercms.profile.api.PersistentLogin;
import org.craftercms.profile.api.Profile;
import org.craftercms.profile.api.exceptions.ProfileException;
import org.craftercms.profile.api.services.AuthenticationService;
import org.craftercms.profile.api.services.ProfileService;
import org.craftercms.security.authentication.Authentication;
import org.craftercms.security.authentication.AuthenticationManager;
import org.craftercms.security.authentication.RememberMeManager;
import org.craftercms.security.exception.AuthenticationException;
import org.craftercms.security.exception.AuthenticationSystemException;
import org.craftercms.security.exception.rememberme.CookieTheftException;
import org.craftercms.security.exception.rememberme.InvalidCookieException;
import org.craftercms.security.exception.rememberme.RememberMeException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:WEB-INF/lib/crafter-security-provider-3.0.6.jar:org/craftercms/security/authentication/impl/RememberMeManagerImpl.class */
public class RememberMeManagerImpl implements RememberMeManager {
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationManagerImpl.class);
    public static final String REMEMBER_ME_COOKIE_NAME = "remember-me";
    public static final char SERIALIZED_LOGIN_SEPARATOR = ':';
    protected AuthenticationService authenticationService;
    protected AuthenticationManager authenticationManager;
    protected ProfileService profileService;
    protected TextEncryptor encryptor;
    protected CookieManager rememberMeCookieManager;

    @Required
    public void setAuthenticationService(AuthenticationService authenticationService) {
        this.authenticationService = authenticationService;
    }

    @Required
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Required
    public void setProfileService(ProfileService profileService) {
        this.profileService = profileService;
    }

    @Required
    public void setEncryptor(TextEncryptor textEncryptor) {
        this.encryptor = textEncryptor;
    }

    @Required
    public void setRememberMeCookieManager(CookieManager cookieManager) {
        this.rememberMeCookieManager = cookieManager;
    }

    @Override // org.craftercms.security.authentication.RememberMeManager
    public Authentication autoLogin(RequestContext requestContext) throws RememberMeException {
        PersistentLogin persistentLoginFromCookie = getPersistentLoginFromCookie(requestContext.getRequest());
        if (persistentLoginFromCookie == null) {
            return null;
        }
        try {
            PersistentLogin persistentLogin = this.authenticationService.getPersistentLogin(persistentLoginFromCookie.getId());
            if (persistentLogin == null) {
                logger.debug("No persistent login found for ID '{}' (has possibly expired)", persistentLoginFromCookie.getId());
                deleteRememberMeCookie(requestContext.getResponse());
                return null;
            }
            if (!persistentLoginFromCookie.getProfileId().equals(persistentLogin.getProfileId())) {
                throw new InvalidCookieException("Profile ID mismatch");
            }
            if (!persistentLoginFromCookie.getToken().equals(persistentLogin.getToken())) {
                throw new CookieTheftException("Token mismatch. Implies a cookie theft");
            }
            String id = persistentLogin.getId();
            String profileId = persistentLogin.getProfileId();
            logger.debug("Remember me cookie match for {}. Starting auto-login", persistentLogin);
            try {
                Authentication authenticate = authenticate(profileId);
                updateRememberMe(id, requestContext);
                return authenticate;
            } catch (AuthenticationException e) {
                disableRememberMe(id, requestContext);
                throw new RememberMeException("Unable to auto-login user '" + profileId + "'", e);
            }
        } catch (ProfileException e2) {
            throw new RememberMeException("Error retrieving persistent login '" + persistentLoginFromCookie.getProfileId() + "'");
        }
    }

    @Override // org.craftercms.security.authentication.RememberMeManager
    public void enableRememberMe(Authentication authentication, RequestContext requestContext) throws RememberMeException {
        String objectId = authentication.getProfile().getId().toString();
        try {
            PersistentLogin createPersistentLogin = this.authenticationService.createPersistentLogin(objectId);
            logger.debug("Persistent login created: {}", createPersistentLogin);
            addRememberMeCookie(serializeLogin(createPersistentLogin), requestContext.getResponse());
        } catch (ProfileException e) {
            throw new RememberMeException("Error creating persistent login for profile '" + objectId + "'", e);
        }
    }

    @Override // org.craftercms.security.authentication.RememberMeManager
    public void disableRememberMe(RequestContext requestContext) throws RememberMeException {
        PersistentLogin persistentLoginFromCookie = getPersistentLoginFromCookie(requestContext.getRequest());
        if (persistentLoginFromCookie != null) {
            disableRememberMe(persistentLoginFromCookie.getId(), requestContext);
        }
    }

    protected void disableRememberMe(String str, RequestContext requestContext) throws RememberMeException {
        deleteRememberMeCookie(requestContext.getResponse());
        try {
            this.authenticationService.deletePersistentLogin(str);
            logger.debug("Persistent login '{}' invalidated", str);
        } catch (ProfileException e) {
            throw new RememberMeException("Error invalidating persistent login '" + str + "'");
        }
    }

    protected void updateRememberMe(String str, RequestContext requestContext) throws RememberMeException {
        try {
            PersistentLogin refreshPersistentLoginToken = this.authenticationService.refreshPersistentLoginToken(str);
            logger.debug("Persistent login updated: {}", refreshPersistentLoginToken);
            addRememberMeCookie(serializeLogin(refreshPersistentLoginToken), requestContext.getResponse());
        } catch (ProfileException e) {
            throw new RememberMeException("Unable to update persistent login '" + str + "'", e);
        }
    }

    protected String serializeLogin(PersistentLogin persistentLogin) throws RememberMeException {
        StringBuilder sb = new StringBuilder();
        sb.append(persistentLogin.getId()).append(':');
        sb.append(persistentLogin.getProfileId()).append(':');
        sb.append(persistentLogin.getToken());
        try {
            return this.encryptor.encrypt(sb.toString());
        } catch (CryptoException e) {
            throw new RememberMeException("Unable to encrypt remember me cookie", e);
        }
    }

    protected PersistentLogin deserializeLogin(String str) throws RememberMeException {
        try {
            String[] split = StringUtils.split(this.encryptor.decrypt(str), ':');
            if (!ArrayUtils.isNotEmpty(split) || split.length != 3) {
                throw new InvalidCookieException("Invalid format of remember me cookie");
            }
            PersistentLogin persistentLogin = new PersistentLogin();
            persistentLogin.setId(split[0]);
            persistentLogin.setProfileId(split[1]);
            persistentLogin.setToken(split[2]);
            return persistentLogin;
        } catch (CryptoException e) {
            throw new RememberMeException("Unable to decrypt remember me cookie", e);
        }
    }

    protected void addRememberMeCookie(String str, HttpServletResponse httpServletResponse) {
        this.rememberMeCookieManager.addCookie("remember-me", str, httpServletResponse);
    }

    protected String getRememberMeCookie(HttpServletRequest httpServletRequest) {
        return HttpUtils.getCookieValue("remember-me", httpServletRequest);
    }

    protected void deleteRememberMeCookie(HttpServletResponse httpServletResponse) {
        this.rememberMeCookieManager.deleteCookie("remember-me", httpServletResponse);
    }

    protected PersistentLogin getPersistentLoginFromCookie(HttpServletRequest httpServletRequest) {
        String rememberMeCookie = getRememberMeCookie(httpServletRequest);
        if (StringUtils.isNotEmpty(rememberMeCookie)) {
            return deserializeLogin(rememberMeCookie);
        }
        return null;
    }

    protected Authentication authenticate(String str) throws AuthenticationException {
        try {
            Profile profile = this.profileService.getProfile(str, new String[0]);
            if (profile != null) {
                return this.authenticationManager.authenticateUser(profile, true);
            }
            throw new AuthenticationSystemException("No profile found for ID '" + str + "'");
        } catch (ProfileException e) {
            throw new AuthenticationSystemException("Error retrieving profile '" + str + "'", e);
        }
    }
}
