package org.eaglei.repository.auth;

import java.security.Principal;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.log4j.LogManager;
import org.apache.log4j.Logger;
import org.eaglei.repository.Configuration;
import org.eaglei.repository.Lifecycle;
import org.eaglei.repository.model.User;
import org.eaglei.repository.status.BadRequestException;
import org.eaglei.repository.status.InternalServerErrorException;
import org.eaglei.repository.vocabulary.REPO;
import org.openrdf.model.URI;

/* loaded from: input_file:WEB-INF/classes/org/eaglei/repository/auth/Authentication.class */
public class Authentication {
    private static Logger log = LogManager.getLogger(Authentication.class);
    private static final String S_USER = "org.eaglei.repository.authentication.User";
    private static final String S_REMOTE_IP = "org.eaglei.repository.authentication.REMOTE_IP";
    public static final String SUPERUSER_ROLE_NAME = "superuser";

    public static URI getPrincipalURI(HttpServletRequest httpServletRequest) {
        User principalUser = getPrincipalUser(httpServletRequest);
        if (principalUser != null && principalUser.getURI() != null) {
            return principalUser.getURI();
        }
        URI uri = httpServletRequest.isUserInRole(SUPERUSER_ROLE_NAME) ? REPO.ROLE_SUPERUSER : REPO.ROLE_ANONYMOUS;
        log.debug("getPrincipalURI: Undocumented user, returning Role: " + uri);
        return uri;
    }

    public static void decacheAuthentication(HttpServletRequest httpServletRequest, User user) {
        HttpSession validatedSession = getValidatedSession(httpServletRequest);
        User user2 = (User) validatedSession.getAttribute(S_USER);
        if (user2 == null || !user2.equals(user)) {
            return;
        }
        validatedSession.removeAttribute(S_USER);
        log.debug("Decached authenticated user from Session.");
        logout(httpServletRequest);
    }

    public static String getAuthenticatedUsername(HttpServletRequest httpServletRequest) {
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        if (userPrincipal == null) {
            return null;
        }
        return userPrincipal.getName();
    }

    public static User getPrincipalUser(HttpServletRequest httpServletRequest) {
        User user = (User) httpServletRequest.getAttribute(S_USER);
        if (user != null) {
            if (log.isDebugEnabled()) {
                log.debug("Returning Request-cached user = " + user);
            }
            return user;
        }
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        if (userPrincipal == null) {
            return null;
        }
        String name = userPrincipal.getName();
        String configurationProperty = Configuration.getInstance().getConfigurationProperty("eaglei.repository.anonymous.user");
        if (configurationProperty != null && configurationProperty.equals(name)) {
            log.info("Anonymous login because of configured anonymous user: " + name);
            return null;
        }
        HttpSession validatedSession = getValidatedSession(httpServletRequest);
        if (Lifecycle.getInstance().isSessionStale(validatedSession)) {
            validatedSession.removeAttribute(S_USER);
            log.debug("Invalidating cached user URI in stale session, principal=" + name);
        } else {
            User user2 = (User) validatedSession.getAttribute(S_USER);
            if (user2 != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Returning cached user for principal=" + name + " from session context: " + user2);
                }
                httpServletRequest.setAttribute(S_USER, user2);
                return user2;
            }
        }
        try {
            User findByUsername = User.findByUsername(httpServletRequest, name);
            if (findByUsername != null) {
                if (httpServletRequest.isUserInRole(SUPERUSER_ROLE_NAME) && !findByUsername.isSuperuser()) {
                    findByUsername.setIsSuperuser(true);
                }
                validatedSession.setAttribute(S_USER, findByUsername);
                httpServletRequest.setAttribute(S_USER, findByUsername);
            }
            return findByUsername;
        } catch (ServletException e) {
            throw new InternalServerErrorException(e.getMessage(), e);
        }
    }

    public static boolean isSuperuser(HttpServletRequest httpServletRequest) {
        User principalUser = getPrincipalUser(httpServletRequest);
        return principalUser == null ? httpServletRequest.isUserInRole(SUPERUSER_ROLE_NAME) : principalUser.isSuperuser();
    }

    public static void logout(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            log.debug("Logout finds no session to destroy!");
        } else {
            session.invalidate();
            log.debug("Logout is destroying session ID=" + session.getId());
        }
    }

    private static HttpSession getValidatedSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        String remoteAddr = httpServletRequest.getRemoteAddr();
        if (session == null) {
            session = httpServletRequest.getSession(true);
            session.setAttribute(S_REMOTE_IP, remoteAddr);
        } else {
            String str = (String) session.getAttribute(S_REMOTE_IP);
            if (str == null) {
                log.debug("Initializing session's record of remote address, IP=" + remoteAddr);
                session.setAttribute(S_REMOTE_IP, remoteAddr);
            } else if (!str.equals(remoteAddr)) {
                log.error("POSSIBLE SESSION HIJACKING: session created by IP=" + str + ", but is being accessed by IP=" + remoteAddr);
                throw new BadRequestException("Authentication denied, this session may only be accessed from the address that created it. Please login again.");
            }
        }
        return session;
    }
}
