package org.craftercms.engine.util.spring.security.profile;

import java.beans.ConstructorProperties;
import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.profile.api.PersistentLogin;
import org.craftercms.profile.api.exceptions.ProfileException;
import org.craftercms.profile.api.services.AuthenticationService;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
import org.springframework.security.web.authentication.rememberme.CookieTheftException;
import org.springframework.security.web.authentication.rememberme.InvalidCookieException;
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException;

/* loaded from: input_file:WEB-INF/classes/org/craftercms/engine/util/spring/security/profile/ProfileRememberMeServices.class */
public class ProfileRememberMeServices extends AbstractRememberMeServices {
    protected AuthenticationService authenticationService;

    @ConstructorProperties({"key", "userDetailsService", "authenticationService"})
    public ProfileRememberMeServices(String str, UserDetailsService userDetailsService, AuthenticationService authenticationService) {
        super(str, userDetailsService);
        this.authenticationService = authenticationService;
    }

    @Override // org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
    protected void onLoginSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        ProfileUser profileUser = (ProfileUser) authentication.getPrincipal();
        try {
            PersistentLogin createPersistentLogin = this.authenticationService.createPersistentLogin(profileUser.getProfile().getId().toHexString());
            setCookie(new String[]{createPersistentLogin.getId(), createPersistentLogin.getToken()}, getTokenValiditySeconds(), httpServletRequest, httpServletResponse);
        } catch (ProfileException e) {
            throw new RememberMeAuthenticationException("Error creating persistent login for " + profileUser.getUsername(), e);
        }
    }

    @Override // org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices, org.springframework.security.web.authentication.logout.LogoutHandler
    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        super.logout(httpServletRequest, httpServletResponse, authentication);
        String extractRememberMeCookie = extractRememberMeCookie(httpServletRequest);
        if (authentication == null || !StringUtils.isNotEmpty(extractRememberMeCookie)) {
            return;
        }
        String str = decodeCookie(extractRememberMeCookie)[0];
        try {
            this.authenticationService.deletePersistentLogin(str);
        } catch (ProfileException e) {
            throw new RememberMeAuthenticationException("Error deleting persistent login " + str, e);
        }
    }

    @Override // org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
    protected UserDetails processAutoLoginCookie(String[] strArr, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws RememberMeAuthenticationException, UsernameNotFoundException {
        if (strArr.length != 2) {
            throw new InvalidCookieException("Cookie token did not contain 2 tokens, but contained '" + Arrays.asList(strArr) + "'");
        }
        String str = strArr[0];
        String str2 = strArr[1];
        try {
            PersistentLogin persistentLogin = this.authenticationService.getPersistentLogin(str);
            if (persistentLogin == null) {
                throw new RememberMeAuthenticationException("No persistent token found for id: " + str);
            }
            if (!str2.equals(persistentLogin.getToken())) {
                this.authenticationService.deletePersistentLogin(str);
                throw new CookieTheftException("Invalid remember-me token (id/token) mismatch. Implies previous cookie theft attack.");
            }
            if (persistentLogin.getTimestamp().getTime() + (getTokenValiditySeconds() * 1000) < System.currentTimeMillis()) {
                throw new RememberMeAuthenticationException("Remember-me login has expired");
            }
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Refreshing persistent login token for profile '" + persistentLogin.getProfileId() + "', id '" + persistentLogin.getId() + "'");
            }
            PersistentLogin refreshPersistentLoginToken = this.authenticationService.refreshPersistentLoginToken(str);
            setCookie(new String[]{refreshPersistentLoginToken.getId(), refreshPersistentLoginToken.getToken()}, getTokenValiditySeconds(), httpServletRequest, httpServletResponse);
            return ((ProfileUserDetailsService) getUserDetailsService()).loadUserById(refreshPersistentLoginToken.getProfileId());
        } catch (ProfileException e) {
            throw new RememberMeAuthenticationException("Error validating persistent login " + str, e);
        }
    }
}
