package org.acegisecurity.ui.rememberme;

import java.util.Date;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.util.JSONUtils;
import org.acegisecurity.Authentication;
import org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken;
import org.acegisecurity.ui.AuthenticationDetailsSource;
import org.acegisecurity.ui.AuthenticationDetailsSourceImpl;
import org.acegisecurity.ui.logout.LogoutHandler;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.netbeans.lib.cvsclient.command.commit.CommitInformation;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.RequestUtils;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/jenkins-core-2.269-rc30600.1a931943f2c2.jar:org/acegisecurity/ui/rememberme/TokenBasedRememberMeServices.class
 */
/* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/lib/acegi-security-1.0.7.jar:org/acegisecurity/ui/rememberme/TokenBasedRememberMeServices.class */
public class TokenBasedRememberMeServices implements RememberMeServices, InitializingBean, LogoutHandler {
    public static final String ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY = "ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE";
    public static final String DEFAULT_PARAMETER = "_acegi_security_remember_me";
    protected static final Log logger;
    private String key;
    private UserDetailsService userDetailsService;
    private static final int DEFAULT_ORDER = Integer.MAX_VALUE;
    static Class class$org$acegisecurity$ui$rememberme$TokenBasedRememberMeServices;
    static Class class$org$acegisecurity$userdetails$UserDetailsService;
    protected AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl();
    private String parameter = DEFAULT_PARAMETER;
    protected long tokenValiditySeconds = 1209600;
    private boolean alwaysRemember = false;
    private String cookieName = ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY;

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.hasLength(this.key);
        Assert.hasLength(this.parameter);
        Assert.hasLength(this.cookieName);
        Assert.notNull(this.userDetailsService);
    }

    private void autoDetectAndUseAnyUserDetailsService(ApplicationContext applicationContext) {
        Class cls;
        if (class$org$acegisecurity$userdetails$UserDetailsService == null) {
            cls = class$("org.acegisecurity.userdetails.UserDetailsService");
            class$org$acegisecurity$userdetails$UserDetailsService = cls;
        } else {
            cls = class$org$acegisecurity$userdetails$UserDetailsService;
        }
        Map beansOfType = applicationContext.getBeansOfType(cls);
        if (beansOfType.size() > 1) {
            throw new IllegalArgumentException("More than one UserDetailsService beans detected please refer to the one using  [ principalRepositoryBeanRef  ] attribute");
        }
        if (beansOfType.size() == 1) {
            setUserDetailsService((UserDetailsService) beansOfType.values().iterator().next());
        }
    }

    @Override // org.acegisecurity.ui.rememberme.RememberMeServices
    public Authentication autoLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null || cookies.length == 0) {
            return null;
        }
        for (int i = 0; i < cookies.length; i++) {
            if (this.cookieName.equals(cookies[i].getName())) {
                String value = cookies[i].getValue();
                for (int i2 = 0; i2 < value.length() % 4; i2++) {
                    value = new StringBuffer().append(value).append("=").toString();
                }
                if (!Base64.isArrayByteBase64(value.getBytes())) {
                    cancelCookie(httpServletRequest, httpServletResponse, new StringBuffer().append("Cookie token was not Base64 encoded; value was '").append(value).append(JSONUtils.SINGLE_QUOTE).toString());
                    return null;
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("Remember-me cookie detected");
                }
                String str = new String(Base64.decodeBase64(value.getBytes()));
                String[] delimitedListToStringArray = StringUtils.delimitedListToStringArray(str, ":");
                if (delimitedListToStringArray.length != 3) {
                    cancelCookie(httpServletRequest, httpServletResponse, new StringBuffer().append("Cookie token did not contain 3 tokens; decoded value was '").append(str).append(JSONUtils.SINGLE_QUOTE).toString());
                    return null;
                }
                try {
                    long longValue = new Long(delimitedListToStringArray[1]).longValue();
                    if (isTokenExpired(longValue)) {
                        cancelCookie(httpServletRequest, httpServletResponse, new StringBuffer().append("Cookie token[1] has expired (expired on '").append(new Date(longValue)).append("'; current time is '").append(new Date()).append("')").toString());
                        return null;
                    }
                    UserDetails loadUserDetails = loadUserDetails(httpServletRequest, httpServletResponse, delimitedListToStringArray);
                    if (loadUserDetails == null) {
                        cancelCookie(httpServletRequest, httpServletResponse, new StringBuffer().append("Cookie token[0] contained username '").append(delimitedListToStringArray[0]).append("' but was not found").toString());
                        return null;
                    }
                    if (!isValidUserDetails(httpServletRequest, httpServletResponse, loadUserDetails, delimitedListToStringArray)) {
                        return null;
                    }
                    String makeTokenSignature = makeTokenSignature(longValue, loadUserDetails);
                    if (!makeTokenSignature.equals(delimitedListToStringArray[2])) {
                        cancelCookie(httpServletRequest, httpServletResponse, new StringBuffer().append("Cookie token[2] contained signature '").append(delimitedListToStringArray[2]).append("' but expected '").append(makeTokenSignature).append(JSONUtils.SINGLE_QUOTE).toString());
                        return null;
                    }
                    if (logger.isDebugEnabled()) {
                        logger.debug("Remember-me cookie accepted");
                    }
                    RememberMeAuthenticationToken rememberMeAuthenticationToken = new RememberMeAuthenticationToken(this.key, loadUserDetails, loadUserDetails.getAuthorities());
                    rememberMeAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
                    return rememberMeAuthenticationToken;
                } catch (NumberFormatException e) {
                    cancelCookie(httpServletRequest, httpServletResponse, new StringBuffer().append("Cookie token[1] did not contain a valid number (contained '").append(delimitedListToStringArray[1]).append("')").toString());
                    return null;
                }
            }
        }
        return null;
    }

    protected String makeTokenSignature(long j, UserDetails userDetails) {
        return DigestUtils.md5Hex(new StringBuffer().append(userDetails.getUsername()).append(":").append(j).append(":").append(userDetails.getPassword()).append(":").append(this.key).toString());
    }

    protected boolean isValidUserDetails(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UserDetails userDetails, String[] strArr) {
        if (userDetails.isAccountNonExpired() && userDetails.isCredentialsNonExpired() && userDetails.isEnabled()) {
            return true;
        }
        cancelCookie(httpServletRequest, httpServletResponse, new StringBuffer().append("Cookie token[0] contained username '").append(strArr[0]).append("' but account has expired, credentials have expired, or user is disabled").toString());
        return false;
    }

    protected UserDetails loadUserDetails(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String[] strArr) {
        try {
            return this.userDetailsService.loadUserByUsername(strArr[0]);
        } catch (UsernameNotFoundException e) {
            cancelCookie(httpServletRequest, httpServletResponse, new StringBuffer().append("Cookie token[0] contained username '").append(strArr[0]).append("' but was not found").toString());
            return null;
        }
    }

    protected boolean isTokenExpired(long j) {
        return j < System.currentTimeMillis();
    }

    protected void cancelCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        if (str != null && logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Cancelling cookie for reason: ").append(str).toString());
        }
        httpServletResponse.addCookie(makeCancelCookie(httpServletRequest));
    }

    public String getKey() {
        return this.key;
    }

    public String getParameter() {
        return this.parameter;
    }

    public long getTokenValiditySeconds() {
        return this.tokenValiditySeconds;
    }

    public UserDetailsService getUserDetailsService() {
        return this.userDetailsService;
    }

    @Override // org.acegisecurity.ui.rememberme.RememberMeServices
    public void loginFail(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        cancelCookie(httpServletRequest, httpServletResponse, "Interactive authentication attempt was unsuccessful");
    }

    protected boolean rememberMeRequested(HttpServletRequest httpServletRequest, String str) {
        if (this.alwaysRemember) {
            return true;
        }
        return RequestUtils.getBooleanParameter(httpServletRequest, str, false);
    }

    @Override // org.acegisecurity.ui.rememberme.RememberMeServices
    public void loginSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        if (!rememberMeRequested(httpServletRequest, this.parameter)) {
            if (logger.isDebugEnabled()) {
                logger.debug(new StringBuffer().append("Did not send remember-me cookie (principal did not set parameter '").append(this.parameter).append("')").toString());
                return;
            }
            return;
        }
        Assert.notNull(authentication.getPrincipal());
        Assert.notNull(authentication.getCredentials());
        String retrieveUserName = retrieveUserName(authentication);
        String retrievePassword = retrievePassword(authentication);
        if (StringUtils.hasLength(retrieveUserName) && StringUtils.hasLength(retrievePassword)) {
            long currentTimeMillis = System.currentTimeMillis() + (this.tokenValiditySeconds * 1000);
            httpServletResponse.addCookie(makeValidCookie(new String(Base64.encodeBase64(new StringBuffer().append(retrieveUserName).append(":").append(currentTimeMillis).append(":").append(DigestUtils.md5Hex(new StringBuffer().append(retrieveUserName).append(":").append(currentTimeMillis).append(":").append(retrievePassword).append(":").append(this.key).toString())).toString().getBytes())), httpServletRequest, this.tokenValiditySeconds));
            if (logger.isDebugEnabled()) {
                logger.debug(new StringBuffer().append("Added remember-me cookie for user '").append(retrieveUserName).append("', expiry: '").append(new Date(currentTimeMillis)).append(JSONUtils.SINGLE_QUOTE).toString());
            }
        }
    }

    @Override // org.acegisecurity.ui.logout.LogoutHandler
    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        cancelCookie(httpServletRequest, httpServletResponse, new StringBuffer().append("Logout of user ").append(authentication == null ? CommitInformation.UNKNOWN : authentication.getName()).toString());
    }

    protected String retrieveUserName(Authentication authentication) {
        return isInstanceOfUserDetails(authentication) ? ((UserDetails) authentication.getPrincipal()).getUsername() : authentication.getPrincipal().toString();
    }

    protected String retrievePassword(Authentication authentication) {
        return isInstanceOfUserDetails(authentication) ? ((UserDetails) authentication.getPrincipal()).getPassword() : authentication.getCredentials().toString();
    }

    private boolean isInstanceOfUserDetails(Authentication authentication) {
        return authentication.getPrincipal() instanceof UserDetails;
    }

    protected Cookie makeCancelCookie(HttpServletRequest httpServletRequest) {
        Cookie cookie = new Cookie(this.cookieName, null);
        cookie.setMaxAge(0);
        cookie.setPath(StringUtils.hasLength(httpServletRequest.getContextPath()) ? httpServletRequest.getContextPath() : "/");
        return cookie;
    }

    protected Cookie makeValidCookie(String str, HttpServletRequest httpServletRequest, long j) {
        Cookie cookie = new Cookie(this.cookieName, str);
        cookie.setMaxAge(new Long(j).intValue());
        cookie.setPath(StringUtils.hasLength(httpServletRequest.getContextPath()) ? httpServletRequest.getContextPath() : "/");
        return cookie;
    }

    public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    public void setKey(String str) {
        this.key = str;
    }

    public void setParameter(String str) {
        this.parameter = str;
    }

    public void setCookieName(String str) {
        this.cookieName = str;
    }

    public void setTokenValiditySeconds(long j) {
        this.tokenValiditySeconds = j;
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    public boolean isAlwaysRemember() {
        return this.alwaysRemember;
    }

    public void setAlwaysRemember(boolean z) {
        this.alwaysRemember = z;
    }

    public String getCookieName() {
        return this.cookieName;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$acegisecurity$ui$rememberme$TokenBasedRememberMeServices == null) {
            cls = class$("org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices");
            class$org$acegisecurity$ui$rememberme$TokenBasedRememberMeServices = cls;
        } else {
            cls = class$org$acegisecurity$ui$rememberme$TokenBasedRememberMeServices;
        }
        logger = LogFactory.getLog(cls);
    }
}
