package blackboard.platform.security.authentication;

import blackboard.base.BbList;
import blackboard.data.user.User;
import blackboard.db.CIConstants;
import blackboard.persist.PersistenceException;
import blackboard.platform.config.ConfigurationService;
import blackboard.util.StringUtil;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:blackboard/platform/security/authentication/ExternalAuthModule.class */
public class ExternalAuthModule extends BaseAuthenticationModule {
    private static final String WEBSERVER_AUTH_TYPE = "webserver";
    public static final String REMOTE_USER_KEY = "remote-user";
    public static final String USER_ACCOUNT_MANAGEMENT_KEY = "user_account";
    public static final String USER_ACCOUNT_RECONCILE = "reconcile";
    public static final String USER_ACCOUNT_AUTO_POPULATE = "create";
    public static final String USER_ACCOUNT_DENY = "deny";
    public static final String AUTH_PROPS_DEF_KEY = "def_key";
    public static final String ALLOWED_DOMAINS_KEY = "allowed_domains";
    private static final String[] PROP_KEYS = {"impl", "user_account", ALLOWED_DOMAINS_KEY, "def_key"};
    protected BbList _allowedDomains = null;
    protected String _requestAuthUri = null;

    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule, blackboard.platform.security.authentication.HttpAuthModule
    public void init(ConfigurationService configurationService) {
        super.init(configurationService);
        if (isReconcileAccount()) {
            this._requestAuthUri = CIConstants.DEF_RECONCILE_ACCT_URI;
        }
    }

    public boolean getErrorFallbackToBb() {
        return false;
    }

    public boolean getUserNotFoundFallbackToBb() {
        return false;
    }

    public String getUserAccountAction() {
        if (this._config == null) {
            return null;
        }
        return (String) this._config.getProperty("user_account");
    }

    public boolean isReconcileAccount() {
        return "reconcile".equals(getUserAccountAction());
    }

    public boolean isAutoPopulate() {
        return "create".equals(getUserAccountAction());
    }

    public boolean isDeny() {
        return "deny".equals(getUserAccountAction());
    }

    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule, blackboard.platform.security.authentication.HttpAuthModule
    public String getAuthType() {
        return WEBSERVER_AUTH_TYPE;
    }

    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule
    public boolean isExternalAuth() {
        return true;
    }

    public List getAllowedDomains() {
        if (this._config == null) {
            return null;
        }
        if (this._allowedDomains == null) {
            BbList bbList = new BbList();
            String str = (String) this._config.getProperty(ALLOWED_DOMAINS_KEY);
            if (!StringUtil.isEmpty(str)) {
                StringTokenizer stringTokenizer = new StringTokenizer(str.trim(), ",");
                while (stringTokenizer.hasMoreTokens()) {
                    bbList.add(stringTokenizer.nextToken());
                }
            }
            this._allowedDomains = bbList;
        }
        return this._allowedDomains;
    }

    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule, blackboard.platform.security.authentication.HttpAuthModule
    public String[] getPropKeys() {
        return PROP_KEYS;
    }

    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule, blackboard.platform.security.authentication.HttpAuthModule
    public String doAuthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbSecurityException, BbAuthenticationFailedException, BbCredentialsNotFoundException {
        User user = null;
        String str = null;
        String authenticate = authenticate(httpServletRequest, httpServletResponse);
        boolean notEmpty = StringUtil.notEmpty(authenticate);
        if (notEmpty) {
            httpServletRequest.setAttribute(REMOTE_USER_KEY, authenticate);
        }
        if (notEmpty) {
            this._logger.logDebug("REMOTE_USER header is set in the request as: " + authenticate);
        }
        if (notEmpty) {
            try {
                user = new ExternalUserAccount(authenticate).getAssociatedBbUser();
                if (user != null && user.getId().isSet()) {
                    str = user.getUserName();
                }
            } catch (Exception e) {
                this._logger.logDebug("Failed to identify user associated with REMOTE_USER value in the request.", e);
            }
        }
        boolean z = notEmpty && user != null && StringUtil.notEmpty(str);
        if (z) {
            this._logger.logDebug("REMOTE_USER \"" + authenticate + "\" is associated with Blackboard username \"" + str + "\".");
        }
        Map doAuthenticateParams = getDoAuthenticateParams(httpServletRequest);
        boolean z2 = (doAuthenticateParams == null || doAuthenticateParams.isEmpty()) ? false : true;
        if (isReconcileAccount() && !z2 && !notEmpty) {
            throw new RuntimeException(getBundle().getString("auth.impl.general.error"));
        }
        if (z) {
            if (z2) {
                throw new RuntimeException(getBundle().getString("auth.impl.invalid.request"));
            }
            return str;
        }
        if (isDeny()) {
            throw new RuntimeException(getBundle().getString("auth.impl.external.deny"));
        }
        boolean z3 = false;
        if (isReconcileAccount() && notEmpty && z2) {
            str = super.doAuthenticate(httpServletRequest, httpServletResponse);
            z3 = StringUtil.notEmpty(str);
        }
        if (isReconcileAccount() && notEmpty && z3) {
            try {
                new ExternalUserAccount((String) doAuthenticateParams.get(REMOTE_USER_KEY), str).associateWithBbUser();
            } catch (Exception e2) {
                String string = getBundle().getString("auth.external.reconcile.error");
                this._logger.logError(string, e2);
                if (externalUserAccountExceptionShouldBeRuntime()) {
                    throw new RuntimeException(string);
                }
                throw new BbSecurityException(string);
            }
        }
        return str;
    }

    protected String authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbAuthenticationFailedException, BbSecurityException {
        String remoteUser = getRemoteUser(httpServletRequest);
        try {
            validateRemoteUser(remoteUser);
            return remoteUser;
        } catch (BbSecurityException e) {
            String string = getBundle().getString("auth.external.invalid.remote.user");
            this._logger.logInfo(string, e);
            if (externalUserAccountExceptionShouldBeRuntime()) {
                throw new RuntimeException(string);
            }
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateRemoteUser(String str) throws BbSecurityException {
        if (StringUtil.isEmpty(str)) {
            throw new BbSecurityException(getBundle().getString("auth.external.no.remote.user"));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule
    public Map getDoAuthenticateParams(HttpServletRequest httpServletRequest) {
        Map<String, String> doAuthenticateParams = super.getDoAuthenticateParams(httpServletRequest);
        if (doAuthenticateParams != null) {
            String parameter = httpServletRequest.getParameter(REMOTE_USER_KEY);
            this._logger.logDebug(getClass().getName() + " : getDoAuthenticateParams : remoteUserParam=" + parameter);
            if (parameter != null) {
                doAuthenticateParams.put(REMOTE_USER_KEY, parameter);
            }
        }
        return doAuthenticateParams;
    }

    public String getRemoteUser(HttpServletRequest httpServletRequest) {
        String remoteUser = httpServletRequest.getRemoteUser();
        if (StringUtil.isEmpty(remoteUser)) {
            remoteUser = httpServletRequest.getHeader(getRemoteUserKey());
            if (StringUtil.isEmpty(remoteUser)) {
                remoteUser = (String) httpServletRequest.getAttribute(getRemoteUserKey());
            }
            if (StringUtil.isEmpty(remoteUser)) {
                remoteUser = null;
            }
        }
        return remoteUser;
    }

    protected String getRemoteUserKey() {
        return REMOTE_USER_KEY;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule
    public String getRequestAuthenticateUri(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, SecurityException, FileNotFoundException, PersistenceException {
        String remoteUserUri = getRemoteUserUri(httpServletRequest, httpServletResponse);
        if (remoteUserUri != null) {
            return remoteUserUri;
        }
        String string = getBundle().getString("auth.impl.forwarding.failure");
        this._logger.logDebug(string + "  The system was unable to discover the appropriate login page for this authentication request.");
        throw new SecurityException(string);
    }

    protected String getRemoteUserUri(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, SecurityException, FileNotFoundException, PersistenceException {
        String str = null;
        String remoteUser = getRemoteUser(httpServletRequest);
        if (remoteUser == null || remoteUser.length() <= 0) {
            if (getErrorFallbackToBb() || getUserNotFoundFallbackToBb()) {
                str = super.getRequestAuthenticateUri(httpServletRequest, httpServletResponse);
            }
        } else {
            if (isDeny()) {
                throw new SecurityException(getBundle().getString("auth.impl.external.deny"));
            }
            if (StringUtil.notEmpty(this._requestAuthUri)) {
                str = "/" + this._requestAuthUri;
            }
        }
        if (str != null) {
            return str;
        }
        String string = getBundle().getString("auth.impl.forwarding.failure");
        this._logger.logDebug(string + "  The system was unable to discover the appropriate login page for this authentication request.");
        throw new SecurityException(string);
    }

    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule, blackboard.platform.security.authentication.HttpAuthModule
    public boolean suppressFirstLoadError(HttpServletRequest httpServletRequest) {
        return false;
    }

    protected boolean externalUserAccountExceptionShouldBeRuntime() {
        return false;
    }
}
