package org.tangram.components;

import java.io.IOException;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.tangram.Constants;
import org.tangram.authentication.AuthenticationService;
import org.tangram.authentication.User;
import org.tangram.content.BeanListener;
import org.tangram.content.CodeResource;
import org.tangram.content.CodeResourceCache;
import org.tangram.link.LinkFactoryAggregator;
import org.tangram.link.TargetDescriptor;
import org.tangram.protection.AuthorizationService;
import org.tangram.util.SystemUtils;
import org.tangram.view.Utils;

@Singleton
@Named("authorizationService")
/* loaded from: input_file:org/tangram/components/GenericAuthorizationService.class */
public class GenericAuthorizationService implements AuthorizationService, BeanListener {
    private static final Logger LOG = LoggerFactory.getLogger(GenericAuthorizationService.class);

    @Inject
    private AuthenticationService authenticationService;

    @Inject
    private LinkFactoryAggregator linkFactoryAggregator;

    @Inject
    private CodeResourceCache codeResourceCache;

    @Inject
    @Resource(name = "freeUrls")
    @Named("freeUrls")
    protected Set<String> freeUrls;

    @Inject
    @Resource(name = "allowedUsers")
    @Named("allowedUsers")
    protected Set<String> allowedUsers;

    @Inject
    @Resource(name = "adminUsers")
    @Named("adminUsers")
    protected Set<String> adminUsers;

    @Inject
    @Resource(name = "loginProviders")
    @Named("loginProviders")
    protected Set<String> loginProviders;
    private Set<String> effectiveAdminUsers;
    private Set<String> effectiveAllowedUsers;

    @Override // org.tangram.protection.AuthorizationService
    public boolean isAdminUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean z = false;
        for (User user : this.authenticationService.getUsers(httpServletRequest, httpServletResponse)) {
            z = z || this.effectiveAdminUsers.contains(user.getId());
            LOG.info("isAdminUser() {} in {}? {}", new Object[]{user, this.effectiveAdminUsers, Boolean.valueOf(z)});
        }
        return z;
    }

    @Override // org.tangram.protection.AuthorizationService
    public TargetDescriptor getLoginTarget(HttpServletRequest httpServletRequest) {
        String queryString = httpServletRequest.getQueryString();
        String str = httpServletRequest.getRequestURI() + (StringUtils.isEmpty(queryString) ? "" : "?" + queryString);
        LOG.info("getLoginTarget({}) {}", str, this.loginProviders);
        httpServletRequest.getSession(true).setAttribute(Constants.ATTRIBUTE_RETURN_URL, str);
        return this.authenticationService.getLoginTarget(this.loginProviders);
    }

    @Override // org.tangram.protection.AuthorizationService
    public void throwIfNotAdmin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws Exception {
        if (!isAdminUser(httpServletRequest, httpServletResponse)) {
            throw new Exception(str);
        }
    }

    @Override // org.tangram.protection.AuthorizationService
    public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String substring = httpServletRequest.getRequestURI().substring(Utils.getUriPrefix(httpServletRequest).length());
        LOG.debug("handleRequest({}) detected URI {}", this, substring);
        LOG.debug("handleRequest() allowed users {} ({})", this.effectiveAllowedUsers, Integer.valueOf(this.effectiveAllowedUsers.size()));
        LOG.debug("handleRequest() free urls {}", Boolean.valueOf(this.freeUrls != null));
        LOG.debug("handleRequest() free urls {} ({})", this.freeUrls, Integer.valueOf(this.freeUrls.size()));
        if (this.freeUrls.contains(substring)) {
            return;
        }
        Set<User> users = this.authenticationService.getUsers(httpServletRequest, httpServletResponse);
        boolean z = !this.effectiveAllowedUsers.isEmpty();
        if (isAdminUser(httpServletRequest, httpServletResponse)) {
            httpServletRequest.setAttribute("tangramAdminUser", true);
        }
        if (users.isEmpty()) {
            if (z) {
                LOG.info("handleRequest() no logged in user found while application is globally protected");
                TargetDescriptor loginTarget = getLoginTarget(httpServletRequest);
                httpServletResponse.sendRedirect(this.linkFactoryAggregator.createLink(httpServletRequest, httpServletResponse, loginTarget.getBean(), loginTarget.getAction(), loginTarget.getView()).getUrl());
                return;
            }
            return;
        }
        boolean z2 = false;
        httpServletRequest.setAttribute("tangramLogoutUrl", this.authenticationService.getLogoutLink(httpServletRequest, httpServletResponse).getUrl());
        for (User user : users) {
            z2 = z2 || this.effectiveAllowedUsers.contains(user.getId());
            LOG.info("handleRequest() check user {}: {}", user, Boolean.valueOf(z2));
        }
        if (!z || z2) {
            return;
        }
        LOG.warn("handleRequest() user not allowed to access page: {}", users);
        httpServletResponse.sendError(403, users + " not allowed to view page");
    }

    @Override // org.tangram.content.BeanListener
    public void reset() {
        this.effectiveAdminUsers = new HashSet(this.adminUsers);
        this.effectiveAllowedUsers = new HashSet(this.allowedUsers);
        try {
            LOG.info("reset() reading repository based additional admin users");
            CodeResource codeResource = this.codeResourceCache.getTypeCache(Constants.MIME_TYPE_PLAIN).get("users.properties");
            Properties properties = new Properties();
            if (codeResource != null) {
                properties.load(codeResource.getStream());
            }
            this.effectiveAdminUsers.addAll(SystemUtils.stringSetFromParameterString(properties.getProperty("adminUsers")));
            this.effectiveAllowedUsers.addAll(SystemUtils.stringSetFromParameterString(properties.getProperty("allowedUsers")));
            LOG.info("reset() effective admin user list is {}", this.effectiveAdminUsers);
            LOG.info("reset() effective allowed user list is {}", this.effectiveAllowedUsers);
        } catch (Exception e) {
            LOG.error("validate() error while reading admin user list", e);
        }
    }

    @PostConstruct
    public void afterPropertiesSet() {
        LOG.debug("afterPropertiesSet()");
        this.codeResourceCache.addListener(this);
    }
}
