package com.openexchange.ajax.login;

import com.openexchange.ajax.LoginServlet;
import com.openexchange.ajax.SessionServletInterceptor;
import com.openexchange.ajax.SessionServletInterceptorRegistry;
import com.openexchange.ajax.SessionUtility;
import com.openexchange.ajax.fields.FolderFields;
import com.openexchange.ajax.fields.Header;
import com.openexchange.ajax.login.LoginRequestImpl;
import com.openexchange.authentication.Cookie;
import com.openexchange.authentication.LoginExceptionCodes;
import com.openexchange.exception.OXException;
import com.openexchange.groupware.container.CalendarObject;
import com.openexchange.groupware.contexts.Context;
import com.openexchange.groupware.contexts.impl.ContextStorage;
import com.openexchange.groupware.ldap.User;
import com.openexchange.groupware.ldap.UserStorage;
import com.openexchange.java.util.UUIDs;
import com.openexchange.login.Interface;
import com.openexchange.login.LoginResult;
import com.openexchange.login.internal.LoginPerformer;
import com.openexchange.login.internal.LoginResultImpl;
import com.openexchange.server.services.ServerServiceRegistry;
import com.openexchange.session.Session;
import com.openexchange.sessiond.SessiondService;
import com.openexchange.tools.servlet.http.Authorization;
import com.openexchange.tools.servlet.http.Tools;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/openexchange/ajax/login/HTTPAuthLogin.class */
public final class HTTPAuthLogin implements LoginRequestHandler {
    private static final Logger LOG = LoggerFactory.getLogger(HTTPAuthLogin.class);
    private final LoginConfiguration conf;

    public HTTPAuthLogin(LoginConfiguration loginConfiguration) {
        this.conf = loginConfiguration;
    }

    @Override // com.openexchange.ajax.login.LoginRequestHandler
    public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            doAuthHeaderLogin(httpServletRequest, httpServletResponse);
        } catch (OXException e) {
            LOG.error(e.getMessage(), e);
            httpServletResponse.addHeader("WWW-Authenticate", "NEGOTIATE");
            httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=\"Open-Xchange\"");
            httpServletResponse.sendError(CalendarObject.FULL_TIME, e.getMessage());
        }
    }

    private void doAuthHeaderLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OXException, IOException {
        Authorization.Credentials credentials;
        String str;
        LoginResult tryAutologin = tryAutologin(httpServletRequest, httpServletResponse);
        if (null == tryAutologin) {
            String header = httpServletRequest.getHeader(Header.AUTH_HEADER);
            if (null == header) {
                httpServletResponse.addHeader("WWW-Authenticate", "NEGOTIATE");
                httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=\"Open-Xchange\"");
                httpServletResponse.sendError(CalendarObject.FULL_TIME, "Authorization Required!");
                return;
            }
            if (!Authorization.checkForAuthorizationHeader(header)) {
                throw LoginExceptionCodes.UNKNOWN_HTTP_AUTHORIZATION.create(new Object[]{""});
            }
            if (Authorization.checkForBasicAuthorization(header)) {
                credentials = Authorization.decode(header);
                str = this.conf.getClientVersion();
            } else {
                if (!Authorization.checkForKerberosAuthorization(header)) {
                    throw LoginExceptionCodes.UNKNOWN_HTTP_AUTHORIZATION.create(new Object[]{""});
                }
                credentials = new Authorization.Credentials("kerberos", "");
                str = "Kerberos";
            }
            String parseClient = LoginTools.parseClient(httpServletRequest, false, this.conf.getDefaultClient());
            String parseClientIP = LoginTools.parseClientIP(httpServletRequest);
            String parseUserAgent = LoginTools.parseUserAgent(httpServletRequest);
            Map<String, List<String>> copyHeaders = Tools.copyHeaders(httpServletRequest);
            Cookie[] cookieFromHeader = Tools.getCookieFromHeader(httpServletRequest);
            String id = httpServletRequest.getSession(true).getId();
            LoginRequestImpl.Builder clientIP = new LoginRequestImpl.Builder().login(credentials.getLogin()).password(credentials.getPassword()).clientIP(parseClientIP);
            clientIP.userAgent(parseUserAgent).authId(UUIDs.getUnformattedString(UUID.randomUUID())).client(parseClient).version(str);
            clientIP.hash(HashCalculator.getInstance().getHash(httpServletRequest, parseUserAgent, parseClient));
            clientIP.iface(Interface.HTTP_JSON).headers(copyHeaders).cookies(cookieFromHeader).secure(Tools.considerSecure(httpServletRequest, this.conf.isCookieForceHTTPS()));
            clientIP.serverName(httpServletRequest.getServerName()).serverPort(httpServletRequest.getServerPort()).httpSessionID(id);
            LoginRequestImpl build = clientIP.build();
            HashMap hashMap = new HashMap(1);
            String parameter = httpServletRequest.getParameter(FolderFields.CAPABILITIES);
            if (null != parameter) {
                hashMap.put("client.capabilities", parameter);
            }
            tryAutologin = LoginPerformer.getInstance().doLogin(build, hashMap);
        }
        Session session = tryAutologin.getSession();
        Tools.disableCaching(httpServletResponse);
        LoginServlet.writeSecretCookie(httpServletRequest, httpServletResponse, session, session.getHash(), httpServletRequest.isSecure(), httpServletRequest.getServerName(), this.conf);
        LoginServlet.addHeadersAndCookies(tryAutologin, httpServletResponse);
        httpServletResponse.sendRedirect(LoginTools.generateRedirectURL(null, this.conf.getHttpAuthAutoLogin(), session.getSessionID(), this.conf.getUiWebPath()));
    }

    private LoginResult tryAutologin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OXException {
        SessiondService sessiondService;
        Session session;
        javax.servlet.http.Cookie[] cookies = httpServletRequest.getCookies();
        if (!Boolean.valueOf(this.conf.getHttpAuthAutoLogin()).booleanValue() || null == cookies || 0 == cookies.length) {
            return null;
        }
        String str = null;
        String str2 = null;
        String hash = HashCalculator.getInstance().getHash(httpServletRequest, LoginTools.parseUserAgent(httpServletRequest), LoginTools.parseClient(httpServletRequest, false, this.conf.getDefaultClient()));
        String str3 = LoginServlet.SESSION_PREFIX + hash;
        String str4 = LoginServlet.SECRET_PREFIX + hash;
        for (int i = 0; i < cookies.length && (null == str || null == str2); i++) {
            String name = cookies[i].getName();
            if (name.startsWith(str3)) {
                str = cookies[i].getValue();
            } else if (name.startsWith(str4)) {
                str2 = cookies[i].getValue();
            }
        }
        if (null == str || null == str2 || null == (session = (sessiondService = (SessiondService) ServerServiceRegistry.getInstance().getService(SessiondService.class)).getSession(str)) || !session.getSecret().equals(str2)) {
            return null;
        }
        String remoteAddr = httpServletRequest.getRemoteAddr();
        if (this.conf.isIpCheck()) {
            SessionUtility.checkIP(true, this.conf.getRanges(), session, remoteAddr, this.conf.getIpCheckWhitelist());
        }
        LoginTools.updateIPAddress(this.conf, remoteAddr, session);
        Context context = ContextStorage.getInstance().getContext(session.getContextId());
        User user = UserStorage.getInstance().getUser(session.getUserId(), context);
        if (false == context.isEnabled() || false == user.isMailEnabled()) {
            throw LoginExceptionCodes.INVALID_CREDENTIALS.create();
        }
        Iterator it = SessionServletInterceptorRegistry.getInstance().getInterceptors().iterator();
        while (it.hasNext()) {
            try {
                ((SessionServletInterceptor) it.next()).intercept(session, httpServletRequest, httpServletResponse);
            } catch (OXException e) {
                sessiondService.removeSession(str);
                SessionUtility.removeOXCookies(httpServletRequest, httpServletResponse, (List<String>) Arrays.asList(LoginServlet.SESSION_PREFIX + hash));
                return null;
            }
        }
        return new LoginResultImpl(session, context, user);
    }
}
