package org.dspace.authenticate;

import java.sql.SQLException;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.dspace.authorize.AuthorizeException;
import org.dspace.core.ConfigurationManager;
import org.dspace.core.Context;
import org.dspace.core.LogManager;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;

/* loaded from: input_file:WEB-INF/lib/dspace-api-1.8.0-rc3.jar:org/dspace/authenticate/ShibAuthentication.class */
public class ShibAuthentication implements AuthenticationMethod {
    private static Logger log = Logger.getLogger(ShibAuthentication.class);

    @Override // org.dspace.authenticate.AuthenticationMethod
    public int authenticate(Context context, String str, String str2, String str3, HttpServletRequest httpServletRequest) throws SQLException {
        EPerson currentUser;
        EPerson ePerson;
        if (httpServletRequest == null) {
            return 5;
        }
        log.info("Shibboleth login started...");
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String obj = headerNames.nextElement().toString();
            log.debug("header:" + obj + "=" + httpServletRequest.getHeader(obj));
        }
        boolean booleanProperty = ConfigurationManager.getBooleanProperty("authentication-shibboleth", "email-use-tomcat-remote-user");
        String property = ConfigurationManager.getProperty("authentication-shibboleth", "email-header");
        String property2 = ConfigurationManager.getProperty("authentication-shibboleth", "firstname-header");
        String property3 = ConfigurationManager.getProperty("authentication-shibboleth", "lastname-header");
        String str4 = null;
        String str5 = null;
        String str6 = null;
        if (property != null) {
            str4 = httpServletRequest.getHeader(property);
            if (str4 == null || "".equals(str4)) {
                str4 = httpServletRequest.getHeader(property.toLowerCase());
            }
        }
        if ((str4 == null || "".equals(str4)) && booleanProperty) {
            str4 = httpServletRequest.getRemoteUser();
            log.info("RemoteUser identified as: " + str4);
        }
        if ((str4 == null || "".equals(str4)) && (currentUser = context.getCurrentUser()) != null) {
            str4 = currentUser.getEmail();
        }
        if (str4 == null || "".equals(str4)) {
            log.error("No email is given, you're denied access by Shib, please release email address");
            return 5;
        }
        String lowerCase = str4.toLowerCase();
        if (property2 != null) {
            str5 = httpServletRequest.getHeader(property2);
            if (str5 == null) {
                str5 = httpServletRequest.getHeader(property2.toLowerCase());
            }
        }
        if (property3 != null) {
            str6 = httpServletRequest.getHeader(property3);
            if (str6 == null) {
                str6 = httpServletRequest.getHeader(property3.toLowerCase());
            }
        }
        try {
            ePerson = EPerson.findByEmail(context, lowerCase);
            context.setCurrentUser(ePerson);
        } catch (AuthorizeException e) {
            log.warn("Fail to locate user with email:" + lowerCase, e);
            ePerson = null;
        }
        if (ePerson == null && ConfigurationManager.getBooleanProperty("authentication-shibboleth", "autoregister")) {
            log.info(LogManager.getHeader(context, "autoregister", "email=" + lowerCase));
            context.setIgnoreAuthorization(true);
            try {
                try {
                    ePerson = EPerson.create(context);
                    ePerson.setEmail(lowerCase);
                    if (str5 != null) {
                        ePerson.setFirstName(str5);
                    }
                    if (str6 != null) {
                        ePerson.setLastName(str6);
                    }
                    ePerson.setCanLogIn(true);
                    AuthenticationManager.initEPerson(context, httpServletRequest, ePerson);
                    ePerson.update();
                    context.commit();
                    context.setCurrentUser(ePerson);
                    context.setIgnoreAuthorization(false);
                } catch (Throwable th) {
                    context.setIgnoreAuthorization(false);
                    throw th;
                }
            } catch (AuthorizeException e2) {
                log.warn("Fail to authorize user with email:" + lowerCase, e2);
                ePerson = null;
                context.setIgnoreAuthorization(false);
            }
        }
        if (ePerson == null) {
            return 4;
        }
        context.setCurrentUser(ePerson);
        httpServletRequest.getSession().setAttribute("shib.authenticated", Boolean.TRUE);
        return 1;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public int[] getSpecialGroups(Context context, HttpServletRequest httpServletRequest) {
        int indexOf;
        if (httpServletRequest == null || context.getCurrentUser() == null || httpServletRequest.getSession().getAttribute("shib.authenticated") == null) {
            return new int[0];
        }
        if (httpServletRequest.getSession().getAttribute("shib.specialgroup") != null) {
            return (int[]) httpServletRequest.getSession().getAttribute("shib.specialgroup");
        }
        HashSet hashSet = new HashSet();
        String property = ConfigurationManager.getProperty("authentication-shibboleth", "role-header");
        boolean booleanProperty = ConfigurationManager.getBooleanProperty("authentication-shibboleth", "role-header.ignore-scope");
        if (property == null || property.trim().length() == 0) {
            property = "Shib-EP-UnscopedAffiliation";
        }
        String header = httpServletRequest.getHeader(property);
        if (header == null) {
            header = httpServletRequest.getHeader(property.toLowerCase());
        }
        String property2 = ConfigurationManager.getProperty("authentication-shibboleth", "default-roles");
        if (header == null && property2 != null) {
            header = property2;
        }
        if (header != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(header, ";,");
            while (stringTokenizer.hasMoreTokens()) {
                String trim = stringTokenizer.nextToken().trim();
                if (booleanProperty && (indexOf = trim.indexOf(64)) != -1) {
                    trim = trim.substring(0, indexOf);
                }
                String property3 = ConfigurationManager.getProperty("authentication-shibboleth", "role." + trim);
                if (property3 == null || property3.trim().length() == 0) {
                    property3 = ConfigurationManager.getProperty("authentication-shibboleth", "role." + trim.toLowerCase());
                }
                if (property3 == null) {
                    property3 = trim;
                }
                for (String str : property3.split(StringArrayPropertyEditor.DEFAULT_SEPARATOR)) {
                    addGroup(hashSet, context, str.trim());
                }
            }
        }
        int[] iArr = new int[hashSet.size()];
        Iterator it = hashSet.iterator();
        int i = 0;
        while (it.hasNext()) {
            iArr[i] = ((Integer) it.next()).intValue();
            i++;
        }
        if (iArr.length != 0) {
            httpServletRequest.getSession().setAttribute("shib.specialgroup", iArr);
        }
        return iArr;
    }

    private void addGroup(Collection collection, Context context, String str) {
        try {
            Group findByName = Group.findByName(context, str);
            if (findByName == null) {
                log.warn(LogManager.getHeader(context, str + " group is not found!! Admin needs to create one!", "requiredGroup=" + str));
                collection.add(0);
            } else {
                collection.add(Integer.valueOf(findByName.getID()));
            }
            log.info("Mapping group: " + str + " to groupID: " + (findByName == null ? 0 : findByName.getID()));
        } catch (SQLException e) {
            log.error("Mapping group:" + str + " failed with error", e);
        }
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean allowSetPassword(Context context, HttpServletRequest httpServletRequest, String str) throws SQLException {
        return false;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean isImplicit() {
        return true;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean canSelfRegister(Context context, HttpServletRequest httpServletRequest, String str) throws SQLException {
        return true;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public void initEPerson(Context context, HttpServletRequest httpServletRequest, EPerson ePerson) throws SQLException {
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public String loginPageURL(Context context, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return httpServletResponse.encodeRedirectURL(httpServletRequest.getContextPath() + "/shibboleth-login");
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public String loginPageTitle(Context context) {
        return "org.dspace.authenticate.ShibAuthentication.title";
    }
}
