package org.dspace.authenticate;

import com.hp.hpl.jena.util.FileManager;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.dspace.authorize.AuthorizeException;
import org.dspace.core.ConfigurationManager;
import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
import org.dspace.storage.rdbms.DatabaseManager;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;

/* loaded from: input_file:WEB-INF/lib/dspace-api-4.0-rc1.jar:org/dspace/authenticate/ShibAuthentication.class */
public class ShibAuthentication implements AuthenticationMethod {
    private static Logger log = Logger.getLogger(ShibAuthentication.class);
    private static Map<String, String> metadataHeaderMap = null;
    private static final int NAME_MAX_SIZE = 64;
    private static final int PHONE_MAX_SIZE = 32;
    private static final int METADATA_MAX_SIZE = 1024;
    private static final String COLUMN_NAME_REGEX = "^[_A-Za-z0-9]+$";

    @Override // org.dspace.authenticate.AuthenticationMethod
    public int authenticate(Context context, String str, String str2, String str3, HttpServletRequest httpServletRequest) throws SQLException {
        if (ConfigurationManager.getBooleanProperty("authentication-shibboleth", "sword.compatibility", true) && str != null && str.length() > 0 && str2 != null && str2.length() > 0) {
            return swordCompatibility(context, str, str2, httpServletRequest);
        }
        if (httpServletRequest == null) {
            log.warn("Unable to authenticate using Shibboleth because the request object is null.");
            return 5;
        }
        initialize();
        if (log.isDebugEnabled()) {
            log.debug("Starting Shibboleth Authentication");
            String str4 = "Received the following headers:\n";
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String str5 = (String) headerNames.nextElement();
                Enumeration headers = httpServletRequest.getHeaders(str5);
                while (headers.hasMoreElements()) {
                    str4 = str4 + "" + str5 + "='" + ((String) headers.nextElement()) + "'\n";
                }
            }
            log.debug(str4);
        }
        boolean booleanProperty = ConfigurationManager.getBooleanProperty("authentication-shibboleth", "autoregister", true);
        try {
            EPerson findEPerson = findEPerson(context, httpServletRequest);
            if (findEPerson == null && booleanProperty) {
                findEPerson = registerNewEPerson(context, httpServletRequest);
            }
            if (findEPerson == null) {
                return 4;
            }
            updateEPerson(context, httpServletRequest, findEPerson);
            context.setCurrentUser(findEPerson);
            httpServletRequest.getSession().setAttribute("shib.authenticated", true);
            AuthenticationManager.initEPerson(context, httpServletRequest, findEPerson);
            log.info(findEPerson.getEmail() + " has been authenticated via shibboleth.");
            return 1;
        } catch (Throwable th) {
            log.error("Unable to successfully authenticate using shibboleth for user because of an exception.", th);
            context.setCurrentUser(null);
            return 4;
        }
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public int[] getSpecialGroups(Context context, HttpServletRequest httpServletRequest) {
        int indexOf;
        int indexOf2;
        if (httpServletRequest != null) {
            try {
                if (context.getCurrentUser() != null && httpServletRequest.getSession().getAttribute("shib.authenticated") != null) {
                    if (httpServletRequest.getSession().getAttribute("shib.specialgroup") != null) {
                        log.debug("Returning cached special groups.");
                        return (int[]) httpServletRequest.getSession().getAttribute("shib.specialgroup");
                    }
                    log.debug("Starting to determine special groups");
                    String property = ConfigurationManager.getProperty("authentication-shibboleth", "default-roles");
                    String property2 = ConfigurationManager.getProperty("authentication-shibboleth", "role-header");
                    boolean booleanProperty = ConfigurationManager.getBooleanProperty("authentication-shibboleth", "role-header.ignore-scope", true);
                    boolean booleanProperty2 = ConfigurationManager.getBooleanProperty("authentication-shibboleth", "role-header.ignore-value", false);
                    if (booleanProperty && booleanProperty2) {
                        throw new IllegalStateException("Both config parameters for ignoring an roll attributes scope and value are turned on, this is not a permissable configuration. (Note: ignore-scope defaults to true) The configuration parameters are: 'authentication.shib.role-header.ignore-scope' and 'authentication.shib.role-header.ignore-value'");
                    }
                    List<String> findMultipleAttributes = findMultipleAttributes(httpServletRequest, property2);
                    if (findMultipleAttributes == null) {
                        if (property != null) {
                            findMultipleAttributes = Arrays.asList(property.split(StringArrayPropertyEditor.DEFAULT_SEPARATOR));
                        }
                        log.debug("Failed to find Shibboleth role header, '" + property2 + "', falling back to the default roles: '" + property + "'");
                    } else {
                        log.debug("Found Shibboleth role header: '" + property2 + "' = '" + findMultipleAttributes + "'");
                    }
                    HashSet hashSet = new HashSet();
                    if (findMultipleAttributes != null) {
                        Iterator<String> it = findMultipleAttributes.iterator();
                        while (it.hasNext()) {
                            String next = it.next();
                            if (booleanProperty && (indexOf2 = next.indexOf(64)) != -1) {
                                next = next.substring(0, indexOf2);
                            }
                            if (booleanProperty2 && (indexOf = next.indexOf(64)) != -1) {
                                next = next.substring(indexOf + 1, next.length());
                            }
                            String property3 = ConfigurationManager.getProperty("authentication-shibboleth", "role." + next);
                            if (property3 == null || property3.trim().length() == 0) {
                                property3 = ConfigurationManager.getProperty("authentication-shibboleth", "role." + next.toLowerCase());
                            }
                            if (property3 == null) {
                                log.debug("Unable to find role mapping for the value, '" + next + "', there should be a mapping in config/modules/authentication-shibboleth.cfg:  role." + next + " = <some group name>");
                            } else {
                                log.debug("Mapping role affiliation to DSpace group: '" + property3 + "'");
                                String[] split = property3.split(StringArrayPropertyEditor.DEFAULT_SEPARATOR);
                                for (int i = 0; i < split.length; i++) {
                                    try {
                                        Group findByName = Group.findByName(context, split[i].trim());
                                        if (findByName != null) {
                                            hashSet.add(Integer.valueOf(findByName.getID()));
                                        } else {
                                            log.debug("Unable to find group: '" + split[i].trim() + "'");
                                        }
                                    } catch (SQLException e) {
                                        log.error("Exception thrown while trying to lookup affiliation role for group name: '" + split[i].trim() + "'", e);
                                    }
                                }
                            }
                        }
                    }
                    log.info("Added current EPerson to special groups: " + hashSet);
                    int[] iArr = new int[hashSet.size()];
                    Iterator it2 = hashSet.iterator();
                    int i2 = 0;
                    while (it2.hasNext()) {
                        iArr[i2] = ((Integer) it2.next()).intValue();
                        i2++;
                    }
                    httpServletRequest.getSession().setAttribute("shib.specialgroup", iArr);
                    return iArr;
                }
            } catch (Throwable th) {
                log.error("Unable to validate any sepcial groups this user may belong too because of an exception.", th);
                return new int[0];
            }
        }
        return new int[0];
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean allowSetPassword(Context context, HttpServletRequest httpServletRequest, String str) throws SQLException {
        return false;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean isImplicit() {
        return false;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean canSelfRegister(Context context, HttpServletRequest httpServletRequest, String str) throws SQLException {
        return false;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public void initEPerson(Context context, HttpServletRequest httpServletRequest, EPerson ePerson) throws SQLException {
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public String loginPageURL(Context context, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!ConfigurationManager.getBooleanProperty("authentication-shibboleth", "lazysession", false)) {
            return httpServletResponse.encodeRedirectURL(httpServletRequest.getContextPath() + "/shibboleth-login");
        }
        String property = ConfigurationManager.getProperty("authentication-shibboleth", "lazysession.loginurl");
        boolean booleanProperty = ConfigurationManager.getBooleanProperty("authentication-shibboleth", "lazysession.secure", true);
        if (property == null || property.length() == 0) {
            property = "/Shibboleth.sso/Login";
        }
        property.trim();
        String serverName = httpServletRequest.getServerName();
        int serverPort = httpServletRequest.getServerPort();
        String contextPath = httpServletRequest.getContextPath();
        String str = ((httpServletRequest.isSecure() || booleanProperty) ? "https://" : "http://") + serverName;
        if (serverPort != 443 && serverPort != 80) {
            str = str + ":" + serverPort;
        }
        try {
            property = property + "?target=" + URLEncoder.encode(str + "/" + contextPath + "/shibboleth-login", "UTF-8");
        } catch (UnsupportedEncodingException e) {
            log.error("Unable to generate lazysession authentication", e);
        }
        log.debug("Redirecting user to Shibboleth initiator: " + property);
        return httpServletResponse.encodeRedirectURL(property);
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public String loginPageTitle(Context context) {
        return "org.dspace.authenticate.ShibAuthentication.title";
    }

    private EPerson findEPerson(Context context, HttpServletRequest httpServletRequest) throws SQLException, AuthorizeException {
        String remoteUser;
        String findSingleAttribute;
        String findSingleAttribute2;
        boolean booleanProperty = ConfigurationManager.getBooleanProperty("authentication-shibboleth", "email-use-tomcat-remote-user");
        String property = ConfigurationManager.getProperty("authentication-shibboleth", "netid-header");
        String property2 = ConfigurationManager.getProperty("authentication-shibboleth", "email-header");
        EPerson ePerson = null;
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        if (property != null && (findSingleAttribute2 = findSingleAttribute(httpServletRequest, property)) != null) {
            z = true;
            ePerson = EPerson.findByNetid(context, findSingleAttribute2);
            if (ePerson == null) {
                log.info("Unable to identify EPerson based upon Shibboleth netid header: '" + property + "'='" + findSingleAttribute2 + "'.");
            } else {
                log.debug("Identified EPerson based upon Shibboleth netid header: '" + property + "'='" + findSingleAttribute2 + "'.");
            }
        }
        if (ePerson == null && property2 != null && (findSingleAttribute = findSingleAttribute(httpServletRequest, property2)) != null) {
            z2 = true;
            String lowerCase = findSingleAttribute.toLowerCase();
            ePerson = EPerson.findByEmail(context, lowerCase);
            if (ePerson == null) {
                log.info("Unable to identify EPerson based upon Shibboleth email header: '" + property2 + "'='" + lowerCase + "'.");
            } else {
                log.info("Identified EPerson based upon Shibboleth email header: '" + property2 + "'='" + lowerCase + "'.");
            }
            if (ePerson != null && ePerson.getNetid() != null) {
                log.error("The identified EPerson based upon Shibboleth email header, '" + property2 + "'='" + lowerCase + "', is locked to another netid: '" + ePerson.getNetid() + "'. This might be a possible hacking attempt to steal another users credentials. If the user's netid has changed you will need to manually change it to the correct value or unset it in the database.");
                ePerson = null;
            }
        }
        if (ePerson == null && booleanProperty && (remoteUser = httpServletRequest.getRemoteUser()) != null) {
            z3 = true;
            remoteUser.toLowerCase();
            ePerson = EPerson.findByEmail(context, remoteUser);
            if (ePerson == null) {
                log.info("Unable to identify EPerson based upon Tomcat's remote user: '" + remoteUser + "'.");
            } else {
                log.info("Identified EPerson based upon Tomcat's remote user: '" + remoteUser + "'.");
            }
            if (ePerson != null && ePerson.getNetid() != null) {
                log.error("The identified EPerson based upon Tomcat's remote user, '" + remoteUser + "', is locked to another netid: '" + ePerson.getNetid() + "'. This might be a possible hacking attempt to steal another users credentials. If the user's netid has changed you will need to manually change it to the correct value or unset it in the database.");
                ePerson = null;
            }
        }
        if (!z && !z2 && !z3) {
            log.error("Shibboleth authentication was not able to find a NetId, Email, or Tomcat Remote user for which to indentify a user from.");
        }
        return ePerson;
    }

    /* JADX WARN: String concatenation convert failed
    jadx.core.utils.exceptions.JadxRuntimeException: Can't remove SSA var: r16v0 java.lang.String, still in use, count: 1, list:
      (r16v0 java.lang.String) from STR_CONCAT (r16v0 java.lang.String), ("  NetId: '"), (r0v9 java.lang.String), ("'
    ") A[MD:():java.lang.String (c), SYNTHETIC, WRAPPED]
    	at jadx.core.utils.InsnRemover.removeSsaVar(InsnRemover.java:151)
    	at jadx.core.utils.InsnRemover.unbindResult(InsnRemover.java:116)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:80)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.dex.visitors.SimplifyVisitor.removeStringBuilderInsns(SimplifyVisitor.java:495)
    	at jadx.core.dex.visitors.SimplifyVisitor.convertStringBuilderChain(SimplifyVisitor.java:422)
    	at jadx.core.dex.visitors.SimplifyVisitor.convertInvoke(SimplifyVisitor.java:314)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:145)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyBlock(SimplifyVisitor.java:86)
    	at jadx.core.dex.visitors.SimplifyVisitor.visit(SimplifyVisitor.java:71)
     */
    /* JADX WARN: String concatenation convert failed
    jadx.core.utils.exceptions.JadxRuntimeException: Can't remove SSA var: r16v0 java.lang.String, still in use, count: 2, list:
      (r16v0 java.lang.String) from STR_CONCAT (r16v0 java.lang.String), ("  NetId: '"), (r0v9 java.lang.String), ("'
    ") A[MD:():java.lang.String (c), SYNTHETIC, WRAPPED]
      (r16v0 java.lang.String) from STR_CONCAT (r16v0 java.lang.String), ("  NetId: '"), (r0v9 java.lang.String), ("'
    ") A[DONT_GENERATE, MD:():java.lang.String (c), REMOVE, SYNTHETIC, WRAPPED]
    	at jadx.core.utils.InsnRemover.removeSsaVar(InsnRemover.java:151)
    	at jadx.core.utils.InsnRemover.unbindResult(InsnRemover.java:116)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:80)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.dex.visitors.SimplifyVisitor.removeStringBuilderInsns(SimplifyVisitor.java:495)
    	at jadx.core.dex.visitors.SimplifyVisitor.convertStringBuilderChain(SimplifyVisitor.java:422)
    	at jadx.core.dex.visitors.SimplifyVisitor.convertInvoke(SimplifyVisitor.java:314)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:145)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyBlock(SimplifyVisitor.java:86)
    	at jadx.core.dex.visitors.SimplifyVisitor.visit(SimplifyVisitor.java:71)
     */
    /* JADX WARN: String concatenation convert failed
    jadx.core.utils.exceptions.JadxRuntimeException: Can't remove SSA var: r16v0 java.lang.String, still in use, count: 3, list:
      (r16v0 java.lang.String) from STR_CONCAT (r16v0 java.lang.String), ("  NetId: '"), (r0v9 java.lang.String), ("'
    ") A[MD:():java.lang.String (c), SYNTHETIC, WRAPPED]
      (r16v0 java.lang.String) from STR_CONCAT (r16v0 java.lang.String), ("  NetId: '"), (r0v9 java.lang.String), ("'
    ") A[DONT_GENERATE, MD:():java.lang.String (c), REMOVE, SYNTHETIC, WRAPPED]
      (r16v0 java.lang.String) from STR_CONCAT (r16v0 java.lang.String), ("  NetId: '"), (r0v9 java.lang.String), ("'
    ") A[DONT_GENERATE, MD:():java.lang.String (c), REMOVE, SYNTHETIC, WRAPPED]
    	at jadx.core.utils.InsnRemover.removeSsaVar(InsnRemover.java:151)
    	at jadx.core.utils.InsnRemover.unbindResult(InsnRemover.java:116)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:80)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.utils.InsnRemover.unbindInsn(InsnRemover.java:79)
    	at jadx.core.utils.InsnRemover.unbindArgUsage(InsnRemover.java:163)
    	at jadx.core.utils.InsnRemover.unbindAllArgs(InsnRemover.java:95)
    	at jadx.core.dex.visitors.SimplifyVisitor.removeStringBuilderInsns(SimplifyVisitor.java:495)
    	at jadx.core.dex.visitors.SimplifyVisitor.convertStringBuilderChain(SimplifyVisitor.java:422)
    	at jadx.core.dex.visitors.SimplifyVisitor.convertInvoke(SimplifyVisitor.java:314)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:145)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyArgs(SimplifyVisitor.java:114)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyInsn(SimplifyVisitor.java:132)
    	at jadx.core.dex.visitors.SimplifyVisitor.simplifyBlock(SimplifyVisitor.java:86)
    	at jadx.core.dex.visitors.SimplifyVisitor.visit(SimplifyVisitor.java:71)
     */
    private EPerson registerNewEPerson(Context context, HttpServletRequest httpServletRequest) throws SQLException, AuthorizeException {
        String str;
        String property = ConfigurationManager.getProperty("authentication-shibboleth", "netid-header");
        String property2 = ConfigurationManager.getProperty("authentication-shibboleth", "email-header");
        String property3 = ConfigurationManager.getProperty("authentication-shibboleth", "firstname-header");
        String property4 = ConfigurationManager.getProperty("authentication-shibboleth", "lastname-header");
        String findSingleAttribute = findSingleAttribute(httpServletRequest, property);
        String findSingleAttribute2 = findSingleAttribute(httpServletRequest, property2);
        String findSingleAttribute3 = findSingleAttribute(httpServletRequest, property3);
        String findSingleAttribute4 = findSingleAttribute(httpServletRequest, property4);
        if (findSingleAttribute2 == null || findSingleAttribute3 == null || findSingleAttribute4 == null) {
            log.error(((("Unable to register new eperson because we are unable to find an email address along with first and last name for the user.\n  NetId Header: '" + property + "'='" + findSingleAttribute + "' (Optional) \n") + "  Email Header: '" + property2 + "'='" + findSingleAttribute2 + "' \n") + "  First Name Header: '" + property3 + "'='" + findSingleAttribute3 + "' \n") + "  Last Name Header: '" + property4 + "'='" + findSingleAttribute4 + "'");
            return null;
        }
        if (findSingleAttribute3.length() > 64) {
            log.warn("Truncating eperson's first name because it is longer than 64: '" + findSingleAttribute3 + "'");
            findSingleAttribute3 = findSingleAttribute3.substring(0, 64);
        }
        if (findSingleAttribute4.length() > 64) {
            log.warn("Truncating eperson's last name because it is longer than 64: '" + findSingleAttribute4 + "'");
            findSingleAttribute4 = findSingleAttribute4.substring(0, 64);
        }
        context.turnOffAuthorisationSystem();
        EPerson create = EPerson.create(context);
        if (findSingleAttribute != null) {
            create.setNetid(findSingleAttribute);
        }
        create.setEmail(findSingleAttribute2.toLowerCase());
        create.setFirstName(findSingleAttribute3);
        create.setLastName(findSingleAttribute4);
        create.setCanLogIn(true);
        AuthenticationManager.initEPerson(context, httpServletRequest, create);
        create.update();
        context.commit();
        context.restoreAuthSystemState();
        if (log.isInfoEnabled()) {
            log.info(new StringBuilder().append(new StringBuilder().append(new StringBuilder().append(findSingleAttribute != null ? str + "  NetId: '" + findSingleAttribute + "'\n" : "Auto registered new eperson using Shibboleth-based attributes:").append("  Email: '").append(findSingleAttribute2).append("' \n").toString()).append("  First Name: '").append(findSingleAttribute3).append("' \n").toString()).append("  Last Name: '").append(findSingleAttribute4).append("'").toString());
        }
        return create;
    }

    private void updateEPerson(Context context, HttpServletRequest httpServletRequest, EPerson ePerson) throws SQLException, AuthorizeException {
        String property = ConfigurationManager.getProperty("authentication-shibboleth", "netid-header");
        String property2 = ConfigurationManager.getProperty("authentication-shibboleth", "email-header");
        String property3 = ConfigurationManager.getProperty("authentication-shibboleth", "firstname-header");
        String property4 = ConfigurationManager.getProperty("authentication-shibboleth", "lastname-header");
        String findSingleAttribute = findSingleAttribute(httpServletRequest, property);
        String findSingleAttribute2 = findSingleAttribute(httpServletRequest, property2);
        String findSingleAttribute3 = findSingleAttribute(httpServletRequest, property3);
        String findSingleAttribute4 = findSingleAttribute(httpServletRequest, property4);
        if (findSingleAttribute3.length() > 64) {
            log.warn("Truncating eperson's first name because it is longer than 64: '" + findSingleAttribute3 + "'");
            findSingleAttribute3 = findSingleAttribute3.substring(0, 64);
        }
        if (findSingleAttribute4.length() > 64) {
            log.warn("Truncating eperson's last name because it is longer than 64: '" + findSingleAttribute4 + "'");
            findSingleAttribute4 = findSingleAttribute4.substring(0, 64);
        }
        context.turnOffAuthorisationSystem();
        if (findSingleAttribute != null && ePerson.getNetid() == null) {
            ePerson.setNetid(findSingleAttribute);
        }
        if (findSingleAttribute2 != null) {
            ePerson.setEmail(findSingleAttribute2.toLowerCase());
        }
        if (findSingleAttribute3 != null) {
            ePerson.setFirstName(findSingleAttribute3);
        }
        if (findSingleAttribute4 != null) {
            ePerson.setLastName(findSingleAttribute4);
        }
        if (log.isDebugEnabled()) {
            log.debug((("Updated the eperson's minimal metadata: \n Email Header: '" + property2 + "' = '" + findSingleAttribute2 + "' \n") + " First Name Header: '" + property3 + "' = '" + findSingleAttribute3 + "' \n") + " Last Name Header: '" + property3 + "' = '" + findSingleAttribute4 + "'");
        }
        for (String str : metadataHeaderMap.keySet()) {
            String str2 = metadataHeaderMap.get(str);
            String findSingleAttribute5 = findSingleAttribute(httpServletRequest, str);
            if (findSingleAttribute5 == null) {
                log.warn("Unable to update the eperson's '" + str2 + "' metadata because the header '" + str + "' does not exist.");
            } else {
                if ("phone".equals(str2) && findSingleAttribute5.length() > 32) {
                    log.warn("Truncating eperson phone metadata because it is longer than 32: '" + findSingleAttribute5 + "'");
                    findSingleAttribute5 = findSingleAttribute5.substring(0, 32);
                } else if (findSingleAttribute5.length() > 1024) {
                    log.warn("Truncating eperson " + str2 + " metadata because it is longer than 1024: '" + findSingleAttribute5 + "'");
                    findSingleAttribute5 = findSingleAttribute5.substring(0, 1024);
                }
                ePerson.setMetadata(str2, findSingleAttribute5);
                log.debug("Updated the eperson's '" + str2 + "' metadata using header: '" + str + "' = '" + findSingleAttribute5 + "'.");
            }
        }
        ePerson.update();
        context.commit();
        context.restoreAuthSystemState();
    }

    protected int swordCompatibility(Context context, String str, String str2, HttpServletRequest httpServletRequest) throws SQLException {
        EPerson ePerson = null;
        log.debug("Shibboleth Sword compatibility activated.");
        try {
            ePerson = EPerson.findByEmail(context, str.toLowerCase());
        } catch (AuthorizeException e) {
        }
        if (ePerson == null) {
            log.error("Shibboleth-based password authentication failed for user " + str + " because no such user exists.");
            return 4;
        }
        if (!ePerson.canLogIn()) {
            log.error("Shibboleth-based password authentication failed for user " + str + " because the eperson object is not allowed to login.");
            return 5;
        }
        if (ePerson.getRequireCertificate()) {
            log.error("Shibboleth-based password authentication failed for user " + str + " because the eperson object requires a certificate to authenticate..");
            return 3;
        }
        if (!ePerson.checkPassword(str2)) {
            log.error("Shibboleth-based password authentication failed for user " + str + " because a bad password was supplied.");
            return 2;
        }
        AuthenticationManager.initEPerson(context, httpServletRequest, ePerson);
        context.setCurrentUser(ePerson);
        log.info(ePerson.getEmail() + " has been authenticated via shibboleth using password-based sword compatibility mode.");
        return 1;
    }

    private static synchronized void initialize() throws SQLException {
        if (metadataHeaderMap != null) {
            return;
        }
        HashMap hashMap = new HashMap();
        String property = ConfigurationManager.getProperty("authentication-shibboleth", "eperson.metadata");
        boolean booleanProperty = ConfigurationManager.getBooleanProperty("authentication-shibboleth", "eperson.metadata.autocreate", true);
        if (property == null || property.trim().length() == 0) {
            log.debug("No additional eperson metadata mapping found: authentication.shib.eperson.metadata");
            metadataHeaderMap = hashMap;
            return;
        }
        log.debug("Loading additional eperson metadata from: 'authentication.shib.eperson.metadata' = '" + property + "'");
        for (String str : property.split(StringArrayPropertyEditor.DEFAULT_SEPARATOR)) {
            String trim = str.trim();
            String[] split = trim.split("=>");
            if (split.length != 2) {
                log.error("Unable to parse metadat mapping string: '" + trim + "'");
            } else {
                String trim2 = split[0].trim();
                String lowerCase = split[1].trim().toLowerCase();
                boolean checkIfEpersonMetadataFieldExists = checkIfEpersonMetadataFieldExists(lowerCase);
                if (!checkIfEpersonMetadataFieldExists && booleanProperty) {
                    checkIfEpersonMetadataFieldExists = autoCreateEpersonMetadataField(lowerCase);
                }
                if (checkIfEpersonMetadataFieldExists) {
                    log.debug("Loading additional eperson metadata mapping for: '" + trim2 + "' = '" + lowerCase + "'");
                    hashMap.put(trim2, lowerCase);
                } else {
                    log.error("Skipping the additional eperson metadata mapping for: '" + trim2 + "' = '" + lowerCase + "' because the field is not supported by the current configuration.");
                }
            }
        }
        metadataHeaderMap = hashMap;
    }

    private static synchronized boolean checkIfEpersonMetadataFieldExists(String str) throws SQLException {
        if (str == null) {
            return false;
        }
        if ("phone".equals(str)) {
            return true;
        }
        Connection connection = null;
        try {
            Connection connection2 = DatabaseManager.getConnection();
            ResultSet columns = connection2.getMetaData().getColumns(connection2.getCatalog(), null, "eperson", "%");
            boolean z = false;
            boolean z2 = false;
            while (true) {
                if (!columns.next()) {
                    break;
                }
                String string = columns.getString("COLUMN_NAME");
                String string2 = columns.getString("TYPE_NAME");
                int i = columns.getInt("COLUMN_SIZE");
                if (str.equalsIgnoreCase(string)) {
                    z = true;
                    if ("varchar".equals(string2) && i >= 1024) {
                        z2 = true;
                    }
                }
            }
            columns.close();
            if (z && z2) {
                if (connection2 != null) {
                    connection2.close();
                }
                return true;
            }
            if (!z) {
                log.error("Unable to find eperson column for additional metadata named: '" + str + "'");
            } else if (!z2) {
                log.error("The eperson column for additional metadata, '" + str + "', is not defined as a varchar with at least a length of 1024");
            }
            if (connection2 == null) {
                return false;
            }
            connection2.close();
            return false;
        } catch (Throwable th) {
            if (0 != 0) {
                connection.close();
            }
            throw th;
        }
    }

    private static synchronized boolean autoCreateEpersonMetadataField(String str) throws SQLException {
        if (str == null) {
            return false;
        }
        if ("phone".equals(str)) {
            return true;
        }
        if (!str.matches(COLUMN_NAME_REGEX)) {
            return false;
        }
        String str2 = "ALTER TABLE eperson ADD COLUMN " + str + " varchar(1024" + DefaultExpressionEngine.DEFAULT_INDEX_END;
        Connection connection = null;
        try {
            try {
                connection = DatabaseManager.getConnection();
                Statement createStatement = connection.createStatement();
                createStatement.execute(str2);
                createStatement.close();
                connection.commit();
                log.info("Auto created the eperson column for additional metadata: '" + str + "'");
                if (connection != null) {
                    connection.close();
                }
                return true;
            } catch (SQLException e) {
                log.error("Unable to auto-create the eperson column for additional metadata '" + str + "', because of error: ", e);
                if (connection != null) {
                    connection.close();
                }
                return false;
            }
        } catch (Throwable th) {
            if (connection != null) {
                connection.close();
            }
            throw th;
        }
    }

    private String findAttribute(HttpServletRequest httpServletRequest, String str) {
        String str2 = (String) httpServletRequest.getAttribute(str);
        if (StringUtils.isEmpty(str2)) {
            str2 = (String) httpServletRequest.getAttribute(str.toLowerCase());
        }
        if (StringUtils.isEmpty(str2)) {
            str2 = (String) httpServletRequest.getAttribute(str.toUpperCase());
        }
        if (StringUtils.isEmpty(str2)) {
            str2 = httpServletRequest.getHeader(str);
        }
        if (StringUtils.isEmpty(str2)) {
            str2 = httpServletRequest.getHeader(str.toLowerCase());
        }
        if (StringUtils.isEmpty(str2)) {
            str2 = httpServletRequest.getHeader(str.toUpperCase());
        }
        return str2;
    }

    private String findSingleAttribute(HttpServletRequest httpServletRequest, String str) {
        String findAttribute = findAttribute(httpServletRequest, str);
        if (findAttribute != null) {
            int i = 0;
            while (true) {
                i = findAttribute.indexOf(59, i);
                if (i != -1 && findAttribute.charAt(i - 1) != '\\') {
                    findAttribute = findAttribute.substring(0, i);
                    break;
                }
                if (i < 0) {
                    break;
                }
            }
            findAttribute = findAttribute.replaceAll("\\;", FileManager.PATH_DELIMITER);
        }
        return findAttribute;
    }

    private List<String> findMultipleAttributes(HttpServletRequest httpServletRequest, String str) {
        String findAttribute = findAttribute(httpServletRequest, str);
        if (findAttribute == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        int i = 0;
        do {
            i = findAttribute.indexOf(59, i);
            if (i == 0) {
                findAttribute = findAttribute.substring(1, findAttribute.length());
            } else if (i > 0 && findAttribute.charAt(i - 1) == '\\') {
                i++;
            } else if (i > 0) {
                arrayList.add(findAttribute.substring(0, i).replaceAll("\\\\;", FileManager.PATH_DELIMITER));
                findAttribute = findAttribute.substring(i + 1, findAttribute.length());
                i = 0;
            }
        } while (i >= 0);
        if (findAttribute.length() > 0) {
            arrayList.add(findAttribute.replaceAll("\\\\;", FileManager.PATH_DELIMITER));
        }
        return arrayList;
    }
}
