package org.craftercms.security.processors.impl;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.commons.http.RequestContext;
import org.craftercms.profile.api.AttributeDefinition;
import org.craftercms.profile.api.Profile;
import org.craftercms.profile.api.Tenant;
import org.craftercms.profile.api.exceptions.ProfileException;
import org.craftercms.profile.api.services.ProfileService;
import org.craftercms.profile.api.services.TenantService;
import org.craftercms.security.authentication.Authentication;
import org.craftercms.security.authentication.AuthenticationManager;
import org.craftercms.security.processors.RequestSecurityProcessor;
import org.craftercms.security.processors.RequestSecurityProcessorChain;
import org.craftercms.security.utils.SecurityUtils;
import org.craftercms.security.utils.tenant.TenantsResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:WEB-INF/lib/crafter-security-provider-2.5.13.jar:org/craftercms/security/processors/impl/MellonAutoLoginProcessor.class */
public class MellonAutoLoginProcessor implements RequestSecurityProcessor {
    public static final Logger logger = LoggerFactory.getLogger(MellonAutoLoginProcessor.class);
    public static final String DEFAULT_MELLON_HEADER_PREFIX = "MELLON_";
    public static final String DEFAULT_USERNAME_HEADER_NAME = "MELLON_username";
    public static final String DEFAULT_EMAIL_HEADER_NAME = "MELLON_email";
    protected TenantService tenantService;
    protected ProfileService profileService;
    protected TenantsResolver tenantsResolver;
    protected AuthenticationManager authenticationManager;
    protected String mellonHeaderPrefix = DEFAULT_MELLON_HEADER_PREFIX;
    protected String usernameHeaderName = DEFAULT_USERNAME_HEADER_NAME;
    protected String emailHeaderName = DEFAULT_EMAIL_HEADER_NAME;

    @Required
    public void setTenantService(TenantService tenantService) {
        this.tenantService = tenantService;
    }

    @Required
    public void setProfileService(ProfileService profileService) {
        this.profileService = profileService;
    }

    @Required
    public void setTenantsResolver(TenantsResolver tenantsResolver) {
        this.tenantsResolver = tenantsResolver;
    }

    @Required
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setMellonHeaderPrefix(String str) {
        this.mellonHeaderPrefix = str;
    }

    public void setUsernameHeaderName(String str) {
        this.usernameHeaderName = str;
    }

    public void setEmailHeaderName(String str) {
        this.emailHeaderName = str;
    }

    @Override // org.craftercms.security.processors.RequestSecurityProcessor
    public void processRequest(RequestContext requestContext, RequestSecurityProcessorChain requestSecurityProcessorChain) throws Exception {
        HttpServletRequest request = requestContext.getRequest();
        String header = request.getHeader(this.usernameHeaderName);
        Authentication authentication = SecurityUtils.getAuthentication(request);
        if (StringUtils.isNotEmpty(header) && (authentication == null || !authentication.getProfile().getUsername().equals(header))) {
            String[] tenants = this.tenantsResolver.getTenants();
            Tenant ssoEnabledTenant = getSsoEnabledTenant(tenants);
            if (ssoEnabledTenant != null) {
                Profile profileByUsername = this.profileService.getProfileByUsername(ssoEnabledTenant.getName(), header, new String[0]);
                if (profileByUsername == null) {
                    profileByUsername = createProfileWithSsoInfo(header, ssoEnabledTenant, request);
                }
                SecurityUtils.setAuthentication(request, this.authenticationManager.authenticateUser(profileByUsername));
            } else {
                logger.warn("An SSO login was attempted, but none of the tenants [{}] is enabled for SSO", (Object[]) tenants);
            }
        }
        requestSecurityProcessorChain.processRequest(requestContext);
    }

    protected Tenant getSsoEnabledTenant(String[] strArr) throws ProfileException {
        for (String str : strArr) {
            Tenant tenant = this.tenantService.getTenant(str);
            if (tenant != null && tenant.isSsoEnabled()) {
                return tenant;
            }
        }
        return null;
    }

    protected Profile createProfileWithSsoInfo(String str, Tenant tenant, HttpServletRequest httpServletRequest) throws ProfileException {
        HashMap hashMap = null;
        Set<AttributeDefinition> attributeDefinitions = tenant.getAttributeDefinitions();
        String header = httpServletRequest.getHeader(this.emailHeaderName);
        Iterator<AttributeDefinition> it = attributeDefinitions.iterator();
        while (it.hasNext()) {
            String name = it.next().getName();
            String header2 = httpServletRequest.getHeader(this.mellonHeaderPrefix + name);
            if (StringUtils.isNotEmpty(header2)) {
                if (hashMap == null) {
                    hashMap = new HashMap();
                }
                hashMap.put(name, header2);
            }
        }
        logger.info("Creating new profile with SSO info: username={}, email={}, tenant={}, attributes={}", new Object[]{str, header, tenant.getName(), hashMap});
        return this.profileService.createProfile(tenant.getName(), str, null, header, true, null, hashMap, null);
    }
}
