package blackboard.platform.security.authentication;

import blackboard.data.user.User;
import blackboard.persist.PersistenceException;
import blackboard.platform.config.ConfigurationService;
import blackboard.platform.security.authentication.servlet.LoginBrokerServletConstants;
import blackboard.platform.user.MyPlacesUtil;
import blackboard.util.StringUtil;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:blackboard/platform/security/authentication/ExternalAuthModule.class */
public class ExternalAuthModule extends BaseAuthenticationModule {
    private static final String WEBSERVER_AUTH_TYPE = "webserver";
    public static final String REMOTE_USER_KEY = "remote-user";
    private static final String USER_ACCOUNT_RECONCILE = "reconcile";
    private static final String USER_ACCOUNT_DENY = "deny";
    private List<String> _allowedDomains = null;
    private String _requestAuthUri = null;
    protected static final String USER_ACCOUNT_MANAGEMENT_KEY = "user_account";
    private static final String ALLOWED_DOMAINS_KEY = "allowed_domains";
    protected static final String AUTH_PROPS_DEF_KEY = "def_key";
    private static final String[] PROP_KEYS = {"impl", USER_ACCOUNT_MANAGEMENT_KEY, ALLOWED_DOMAINS_KEY, AUTH_PROPS_DEF_KEY};

    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule, blackboard.platform.security.authentication.HttpAuthModule
    public void init(ConfigurationService configurationService) {
        super.init(configurationService);
        if (isReconcileAccount()) {
            this._requestAuthUri = LoginBrokerServletConstants.BB_RECONCILE_ACCT_PAGE;
        }
    }

    protected boolean getErrorFallbackToBb() {
        return false;
    }

    protected boolean getUserNotFoundFallbackToBb() {
        return false;
    }

    private String getUserAccountAction() {
        if (this._config == null) {
            return null;
        }
        return (String) this._config.getProperty(USER_ACCOUNT_MANAGEMENT_KEY);
    }

    public boolean isReconcileAccount() {
        return "reconcile".equals(getUserAccountAction());
    }

    private boolean isDeny() {
        return USER_ACCOUNT_DENY.equals(getUserAccountAction());
    }

    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule, blackboard.platform.security.authentication.HttpAuthModule
    public String getAuthType() {
        return WEBSERVER_AUTH_TYPE;
    }

    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule
    public boolean isExternalAuth() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<String> getAllowedDomains() {
        if (this._config == null) {
            return null;
        }
        if (this._allowedDomains == null) {
            ArrayList arrayList = new ArrayList();
            String str = (String) this._config.getProperty(ALLOWED_DOMAINS_KEY);
            if (StringUtil.notEmpty(str)) {
                StringTokenizer stringTokenizer = new StringTokenizer(str.trim(), MyPlacesUtil.DELIMITER);
                while (stringTokenizer.hasMoreTokens()) {
                    arrayList.add(stringTokenizer.nextToken());
                }
            }
            this._allowedDomains = arrayList;
        }
        return this._allowedDomains;
    }

    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule, blackboard.platform.security.authentication.HttpAuthModule
    public String[] getPropKeys() {
        return PROP_KEYS;
    }

    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule, blackboard.platform.security.authentication.HttpAuthModule
    public String doAuthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbSecurityException, BbAuthenticationFailedException, BbCredentialsNotFoundException {
        User user = null;
        String str = null;
        String authenticate = authenticate(httpServletRequest);
        boolean notEmpty = StringUtil.notEmpty(authenticate);
        if (notEmpty) {
            httpServletRequest.setAttribute(REMOTE_USER_KEY, authenticate);
        }
        if (notEmpty) {
            this._logger.logDebug("REMOTE_USER header is set in the request as: " + authenticate);
        }
        if (notEmpty) {
            try {
                user = new ExternalUserAccount(authenticate).getAssociatedBbUser();
                if (user != null && user.getId().isSet()) {
                    str = user.getUserName();
                }
            } catch (Exception e) {
                this._logger.logDebug("Failed to identify user associated with REMOTE_USER value in the request.", e);
            }
        }
        boolean z = notEmpty && user != null && StringUtil.notEmpty(str);
        if (z) {
            this._logger.logDebug("REMOTE_USER \"" + authenticate + "\" is associated with Blackboard username \"" + str + "\".");
        }
        Map<String, String> doAuthenticateParams = getDoAuthenticateParams(httpServletRequest);
        boolean z2 = (doAuthenticateParams == null || doAuthenticateParams.isEmpty()) ? false : true;
        if (isReconcileAccount() && !z2 && !notEmpty) {
            throw new RuntimeException(getBundle().getString("auth.impl.general.error"));
        }
        if (z) {
            if (z2) {
                throw new RuntimeException(getBundle().getString("auth.impl.invalid.request"));
            }
            return str;
        }
        if (isDeny()) {
            throw new RuntimeException(getBundle().getString("auth.impl.external.deny"));
        }
        boolean z3 = false;
        if (isReconcileAccount() && notEmpty && z2) {
            str = super.doAuthenticate(httpServletRequest, httpServletResponse);
            z3 = StringUtil.notEmpty(str);
        }
        if (isReconcileAccount() && notEmpty && z3) {
            try {
                new ExternalUserAccount(doAuthenticateParams.get(REMOTE_USER_KEY), str).associateWithBbUser();
            } catch (Exception e2) {
                String string = getBundle().getString("auth.external.reconcile.error");
                this._logger.logError(string, e2);
                if (externalUserAccountExceptionShouldBeRuntime()) {
                    throw new RuntimeException(string);
                }
                throw new BbSecurityException(string);
            }
        }
        return str;
    }

    private String authenticate(HttpServletRequest httpServletRequest) throws BbSecurityException {
        String remoteUser = getRemoteUser(httpServletRequest);
        try {
            validateRemoteUser(remoteUser);
            return remoteUser;
        } catch (BbSecurityException e) {
            String string = getBundle().getString("auth.external.invalid.remote.user");
            this._logger.logInfo(string + ":" + remoteUser, e);
            if (externalUserAccountExceptionShouldBeRuntime()) {
                throw new RuntimeException(string);
            }
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateRemoteUser(String str) throws BbSecurityException {
        if (StringUtil.isEmpty(str)) {
            throw new BbSecurityException(getBundle().getString("auth.external.no.remote.user"));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule
    public Map<String, String> getDoAuthenticateParams(HttpServletRequest httpServletRequest) {
        Map<String, String> doAuthenticateParams = super.getDoAuthenticateParams(httpServletRequest);
        if (doAuthenticateParams != null) {
            String parameter = httpServletRequest.getParameter(REMOTE_USER_KEY);
            if (StringUtil.isEmpty(parameter)) {
                parameter = (String) httpServletRequest.getAttribute(REMOTE_USER_KEY);
            }
            this._logger.logDebug(getClass().getName() + " : getDoAuthenticateParams : remoteUserParam=" + parameter);
            if (parameter != null) {
                doAuthenticateParams.put(REMOTE_USER_KEY, parameter);
            }
        }
        return doAuthenticateParams;
    }

    public String getRemoteUser(HttpServletRequest httpServletRequest) {
        String remoteUser = httpServletRequest.getRemoteUser();
        if (StringUtil.isEmpty(remoteUser)) {
            remoteUser = httpServletRequest.getHeader(getRemoteUserKey());
            if (StringUtil.isEmpty(remoteUser)) {
                remoteUser = (String) httpServletRequest.getAttribute(getRemoteUserKey());
            }
            if (StringUtil.isEmpty(remoteUser)) {
                remoteUser = null;
            }
        }
        return remoteUser;
    }

    protected String getRemoteUserKey() {
        return REMOTE_USER_KEY;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule
    public String getRequestAuthenticateUri(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, SecurityException, FileNotFoundException, PersistenceException {
        String remoteUserUri = getRemoteUserUri(httpServletRequest, httpServletResponse);
        if (remoteUserUri != null) {
            return remoteUserUri;
        }
        String string = getBundle().getString("auth.impl.forwarding.failure");
        this._logger.logDebug(string + "  The system was unable to discover the appropriate login page for this authentication request.");
        throw new SecurityException(string);
    }

    private String getRemoteUserUri(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, SecurityException, FileNotFoundException, PersistenceException {
        String str = null;
        String remoteUser = getRemoteUser(httpServletRequest);
        if (remoteUser == null || remoteUser.length() <= 0) {
            if (getErrorFallbackToBb() || getUserNotFoundFallbackToBb()) {
                str = super.getRequestAuthenticateUri(httpServletRequest, httpServletResponse);
            }
        } else {
            if (isDeny()) {
                throw new SecurityException(getBundle().getString("auth.impl.external.deny"));
            }
            if (StringUtil.notEmpty(this._requestAuthUri)) {
                str = "/" + this._requestAuthUri;
            }
        }
        if (str != null) {
            return str;
        }
        String string = getBundle().getString("auth.impl.forwarding.failure");
        this._logger.logDebug(string + "  The system was unable to discover the appropriate login page for this authentication request.");
        throw new SecurityException(string);
    }

    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule, blackboard.platform.security.authentication.HttpAuthModule
    public boolean suppressFirstLoadError(HttpServletRequest httpServletRequest) {
        return false;
    }

    protected boolean externalUserAccountExceptionShouldBeRuntime() {
        return false;
    }
}
