package no.kantega.publishing.security;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import no.kantega.commons.exception.ConfigurationException;
import no.kantega.commons.exception.SystemException;
import no.kantega.commons.log.Log;
import no.kantega.publishing.common.Aksess;
import no.kantega.publishing.common.cache.SiteCache;
import no.kantega.publishing.common.data.BaseObject;
import no.kantega.publishing.common.data.Content;
import no.kantega.publishing.org.OrganizationManager;
import no.kantega.publishing.security.data.CachedBaseObject;
import no.kantega.publishing.security.data.Role;
import no.kantega.publishing.security.data.User;
import no.kantega.publishing.security.login.PostLoginHandler;
import no.kantega.publishing.security.login.PostLoginHandlerFactory;
import no.kantega.publishing.security.realm.SecurityRealm;
import no.kantega.publishing.security.realm.SecurityRealmFactory;
import no.kantega.publishing.security.service.SecurityService;
import no.kantega.publishing.security.util.SecurityHelper;
import no.kantega.publishing.spring.RootContext;
import no.kantega.publishing.topicmaps.ao.TopicAO;
import no.kantega.publishing.topicmaps.data.Topic;
import no.kantega.security.api.identity.AuthenticatedIdentity;
import no.kantega.security.api.identity.DefaultLoginContext;
import no.kantega.security.api.identity.DefaultLogoutContext;
import no.kantega.security.api.identity.IdentificationFailedException;
import no.kantega.security.api.identity.Identity;
import no.kantega.security.api.identity.IdentityResolver;
import no.kantega.security.api.profile.Profile;
import org.apache.log4j.spi.LocationInfo;
import org.hibernate.hql.classic.ParserHelper;

/* loaded from: input_file:WEB-INF/lib/openaksess-core-6.0.3.jar:no/kantega/publishing/security/SecuritySession.class */
public class SecuritySession {
    private static String SOURCE = "SecuritySession";
    private User user = null;
    private Identity identity = null;
    private SecurityRealm realm = null;
    private CachedBaseObject prevObject = null;
    private int prevPrivilege = -1;
    private boolean prevResult = false;

    public static SecuritySession getInstance(HttpServletRequest httpServletRequest) throws SystemException {
        SecuritySession securitySession = (SecuritySession) httpServletRequest.getSession(true).getAttribute("aksess.securitySession");
        if (securitySession == null) {
            securitySession = createNewInstance();
            httpServletRequest.getSession(true).setAttribute("aksess.securitySession", securitySession);
        }
        try {
            AuthenticatedIdentity identity = securitySession.realm.getIdentityResolver().getIdentity(httpServletRequest);
            Identity identity2 = securitySession.identity;
            if (identity != null && (identity2 == null || !identity.getUserId().equals(identity2.getUserId()) || !identity.getDomain().equals(identity2.getDomain()))) {
                securitySession = createNewInstance();
                httpServletRequest.getSession(true).setAttribute("aksess.securitySession", securitySession);
                try {
                    Profile profileForUser = securitySession.realm.getProfileManager().getProfileForUser(identity);
                    User user = new User();
                    if (profileForUser != null) {
                        user = SecurityHelper.createAksessUser(profileForUser);
                    } else {
                        user.setId(identity.getDomain() + ParserHelper.HQL_VARIABLE_PREFIX + identity.getUserId());
                        user.setGivenName(identity.getUserId());
                    }
                    securitySession.user = user;
                    securitySession.identity = identity;
                    securitySession.prevObject = null;
                    if (httpServletRequest.getSession().getMaxInactiveInterval() < Aksess.getSecuritySessionTimeout()) {
                        httpServletRequest.getSession().setMaxInactiveInterval(Aksess.getSecuritySessionTimeout());
                    }
                    try {
                        securitySession.handlePostLogin(httpServletRequest);
                    } catch (ConfigurationException e) {
                        throw new SystemException(SOURCE, "Konfigurasjonsfeil", e);
                    }
                } catch (no.kantega.security.api.common.SystemException e2) {
                    throw new SystemException(SOURCE, "Feil ved henting av profil", e2);
                }
            } else if (identity == null && identity2 != null) {
                securitySession = createNewInstance();
                httpServletRequest.getSession(true).setAttribute("aksess.securitySession", securitySession);
                httpServletRequest.getSession(true).removeAttribute("adminMode");
            }
            return securitySession;
        } catch (IdentificationFailedException e3) {
            throw new SystemException(SOURCE, "IdentificationFailedException", e3);
        }
    }

    public static SecuritySession createNewAdminInstance() throws SystemException {
        SecuritySession createNewInstance = createNewInstance();
        User user = new User();
        user.setGivenName("Aksess");
        user.setSurname("CMS");
        user.setId("admin");
        Role role = new Role();
        role.setId(Aksess.getAdminRole());
        role.setName(Aksess.getAdminRole());
        user.addRole(role);
        createNewInstance.user = user;
        return createNewInstance;
    }

    private static SecuritySession createNewInstance() throws SystemException {
        SecuritySession securitySession = new SecuritySession();
        securitySession.realm = SecurityRealmFactory.getInstance();
        return securitySession;
    }

    public void handlePostLogin(HttpServletRequest httpServletRequest) throws SystemException, ConfigurationException {
        List lookupRolesForUser = this.realm.lookupRolesForUser(this.user.getId());
        for (int i = 0; i < lookupRolesForUser.size(); i++) {
            this.user.addRole((Role) lookupRolesForUser.get(i));
        }
        if (Aksess.isTopicMapsEnabled()) {
            List<Topic> topicsBySID = TopicAO.getTopicsBySID(this.user);
            for (int i2 = 0; i2 < topicsBySID.size(); i2++) {
                this.user.addTopic(topicsBySID.get(i2));
            }
            if (this.user.getRoles() != null) {
                for (int i3 = 0; i3 < lookupRolesForUser.size(); i3++) {
                    List<Topic> topicsBySID2 = TopicAO.getTopicsBySID((Role) lookupRolesForUser.get(i3));
                    for (int i4 = 0; i4 < topicsBySID2.size(); i4++) {
                        this.user.addTopic(topicsBySID2.get(i4));
                    }
                }
            }
        }
        Map beansOfType = RootContext.getInstance().getBeansOfType(OrganizationManager.class);
        if (beansOfType.size() > 0) {
            this.user.setOrgUnits(((OrganizationManager) beansOfType.values().iterator().next()).getOrgUnitsAboveUser(this.user.getId()));
        }
        PostLoginHandler newInstance = PostLoginHandlerFactory.newInstance();
        if (newInstance != null) {
            newInstance.handlePostLogin(this.user, httpServletRequest);
        }
    }

    public boolean isLoggedIn() {
        return getUser() != null;
    }

    public void initiateLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        HttpSession session;
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        String str = (String) httpServletRequest.getAttribute("javax.servlet.error.request_uri");
        if (str != null) {
            stringBuffer = str;
        }
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null && queryString.length() > 0) {
            stringBuffer = stringBuffer + LocationInfo.NA + queryString;
        }
        IdentityResolver identityResolver = this.realm.getIdentityResolver();
        DefaultLoginContext defaultLoginContext = new DefaultLoginContext();
        defaultLoginContext.setRequest(httpServletRequest);
        defaultLoginContext.setResponse(httpServletResponse);
        try {
            defaultLoginContext.setTargetUri(new URI(stringBuffer));
        } catch (URISyntaxException e) {
            Log.error(SOURCE, e, (Object) null, (Object) null);
        }
        if (Aksess.isInvalidateSessionBeforeLogin() && (session = httpServletRequest.getSession()) != null) {
            try {
                session.invalidate();
            } catch (Exception e2) {
            }
        }
        identityResolver.initateLogin(defaultLoginContext);
    }

    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter("redirect");
        if (parameter == null || parameter.length() == 0) {
            parameter = Aksess.getContextPath();
        }
        IdentityResolver identityResolver = this.realm.getIdentityResolver();
        DefaultLogoutContext defaultLogoutContext = new DefaultLogoutContext();
        defaultLogoutContext.setRequest(httpServletRequest);
        defaultLogoutContext.setResponse(httpServletResponse);
        try {
            defaultLogoutContext.setTargetUri(new URI(parameter));
        } catch (URISyntaxException e) {
            Log.error(SOURCE, e, (Object) null, (Object) null);
        }
        try {
            identityResolver.initiateLogout(defaultLogoutContext);
        } catch (Exception e2) {
        }
        this.user = null;
        this.identity = null;
        this.prevObject = null;
    }

    public User getUser() {
        return this.user;
    }

    public Identity getIdentity() {
        return this.identity;
    }

    public boolean isUserInRole(String[] strArr) {
        for (String str : strArr) {
            if (SecurityService.isUserInRole(this.user, str.trim())) {
                return true;
            }
        }
        return false;
    }

    public boolean isUserInRole(String str) {
        return SecurityService.isUserInRole(this.user, str);
    }

    public boolean isAuthorized(BaseObject baseObject, int i) throws SystemException {
        if ((baseObject instanceof Content) && SiteCache.getSiteById(((Content) baseObject).getAssociation().getSiteId()).isDisabled()) {
            return false;
        }
        if (this.prevObject != null && this.prevObject.isSameAs(baseObject) && i == this.prevPrivilege) {
            return this.prevResult;
        }
        this.prevResult = SecurityService.isAuthorized(this.user, baseObject, i);
        this.prevObject = new CachedBaseObject(baseObject);
        this.prevPrivilege = i;
        return this.prevResult;
    }

    public boolean isApprover(Content content) throws SystemException {
        return SecurityService.isApprover(this.user, content);
    }

    public List getAllRoles() throws SystemException {
        return this.realm.getAllRoles();
    }

    public List getUsersWithRole(String str) throws SystemException {
        return this.realm.lookupUsersWithRole(str);
    }

    public List searchUsers(String str) throws SystemException {
        return this.realm.searchUsers(str);
    }

    public SecurityRealm getRealm() {
        return this.realm;
    }
}
