package org.apache.guacamole.rest.auth;

import com.google.inject.Inject;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException;
import org.apache.guacamole.GuacamoleSession;
import org.apache.guacamole.GuacamoleUnauthorizedException;
import org.apache.guacamole.environment.Environment;
import org.apache.guacamole.net.auth.AuthenticatedUser;
import org.apache.guacamole.net.auth.AuthenticationProvider;
import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
import org.apache.guacamole.net.auth.credentials.GuacamoleCredentialsException;
import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
import org.apache.guacamole.net.event.AuthenticationFailureEvent;
import org.apache.guacamole.net.event.AuthenticationSuccessEvent;
import org.apache.guacamole.rest.event.ListenerService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/org/apache/guacamole/rest/auth/AuthenticationService.class */
public class AuthenticationService {

    @Inject
    private Environment environment;

    @Inject
    private List<AuthenticationProvider> authProviders;

    @Inject
    private TokenSessionMap tokenSessionMap;

    @Inject
    private AuthTokenGenerator authTokenGenerator;

    @Inject
    private DecorationService decorationService;

    @Inject
    private ListenerService listenerService;
    private static final String IPV4_ADDRESS_REGEX = "([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})";
    private static final String IPV6_ADDRESS_REGEX = "([0-9a-fA-F]*(:[0-9a-fA-F]*){0,7})";
    private static final String IP_ADDRESS_REGEX = "(([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})|([0-9a-fA-F]*(:[0-9a-fA-F]*){0,7}))";
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationService.class);
    private static final Pattern X_FORWARDED_FOR = Pattern.compile("^(([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})|([0-9a-fA-F]*(:[0-9a-fA-F]*){0,7}))(, (([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})|([0-9a-fA-F]*(:[0-9a-fA-F]*){0,7})))*$");

    private String getLoggableAddress(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("X-Forwarded-For");
        return (header == null || !X_FORWARDED_FOR.matcher(header).matches()) ? httpServletRequest.getRemoteAddr() : "[" + header + ", " + httpServletRequest.getRemoteAddr() + "]";
    }

    private AuthenticatedUser authenticateUser(Credentials credentials) throws GuacamoleException {
        AuthenticatedUser authenticateUser;
        GuacamoleCredentialsException guacamoleCredentialsException = null;
        Iterator<AuthenticationProvider> it = this.authProviders.iterator();
        while (it.hasNext()) {
            try {
                authenticateUser = it.next().authenticateUser(credentials);
            } catch (GuacamoleCredentialsException e) {
                if (guacamoleCredentialsException == null) {
                    guacamoleCredentialsException = e;
                }
            }
            if (authenticateUser != null) {
                return authenticateUser;
            }
        }
        if (guacamoleCredentialsException != null) {
            throw guacamoleCredentialsException;
        }
        throw new GuacamoleInvalidCredentialsException("Permission Denied.", CredentialsInfo.USERNAME_PASSWORD);
    }

    private AuthenticatedUser updateAuthenticatedUser(AuthenticatedUser authenticatedUser, Credentials credentials) throws GuacamoleException {
        AuthenticatedUser updateAuthenticatedUser = authenticatedUser.getAuthenticationProvider().updateAuthenticatedUser(authenticatedUser, credentials);
        if (updateAuthenticatedUser == null) {
            throw new GuacamoleSecurityException("User re-authentication failed.");
        }
        return updateAuthenticatedUser;
    }

    private void fireAuthenticationSuccessEvent(AuthenticatedUser authenticatedUser) throws GuacamoleException {
        this.listenerService.handleEvent(new AuthenticationSuccessEvent(authenticatedUser));
    }

    private void fireAuthenticationFailedEvent(Credentials credentials) throws GuacamoleException {
        this.listenerService.handleEvent(new AuthenticationFailureEvent(credentials));
    }

    private AuthenticatedUser getAuthenticatedUser(GuacamoleSession guacamoleSession, Credentials credentials) throws GuacamoleException {
        try {
            if (guacamoleSession != null) {
                AuthenticatedUser updateAuthenticatedUser = updateAuthenticatedUser(guacamoleSession.getAuthenticatedUser(), credentials);
                fireAuthenticationSuccessEvent(updateAuthenticatedUser);
                return updateAuthenticatedUser;
            }
            AuthenticatedUser authenticateUser = authenticateUser(credentials);
            fireAuthenticationSuccessEvent(authenticateUser);
            if (logger.isInfoEnabled()) {
                logger.info("User \"{}\" successfully authenticated from {}.", authenticateUser.getIdentifier(), getLoggableAddress(credentials.getRequest()));
            }
            return authenticateUser;
        } catch (GuacamoleException e) {
            fireAuthenticationFailedEvent(credentials);
            HttpServletRequest request = credentials.getRequest();
            String username = credentials.getUsername();
            if (username != null) {
                if (logger.isWarnEnabled()) {
                    logger.warn("Authentication attempt from {} for user \"{}\" failed.", getLoggableAddress(request), username);
                }
            } else if (logger.isDebugEnabled()) {
                logger.debug("Anonymous authentication attempt from {} failed.", getLoggableAddress(request));
            }
            throw e;
        }
    }

    private List<DecoratedUserContext> getUserContexts(GuacamoleSession guacamoleSession, AuthenticatedUser authenticatedUser, Credentials credentials) throws GuacamoleException {
        ArrayList arrayList = new ArrayList(this.authProviders.size());
        if (guacamoleSession != null) {
            for (DecoratedUserContext decoratedUserContext : guacamoleSession.getUserContexts()) {
                UserContext undecoratedUserContext = decoratedUserContext.getUndecoratedUserContext();
                AuthenticationProvider authenticationProvider = undecoratedUserContext.getAuthenticationProvider();
                UserContext updateUserContext = authenticationProvider.updateUserContext(undecoratedUserContext, authenticatedUser, credentials);
                if (updateUserContext != null) {
                    arrayList.add(this.decorationService.redecorate(decoratedUserContext, updateUserContext, authenticatedUser, credentials));
                } else {
                    logger.debug("AuthenticationProvider \"{}\" retroactively destroyed its UserContext.", authenticationProvider.getClass().getName());
                }
            }
        } else {
            Iterator<AuthenticationProvider> it = this.authProviders.iterator();
            while (it.hasNext()) {
                UserContext userContext = it.next().getUserContext(authenticatedUser);
                if (userContext != null) {
                    arrayList.add(this.decorationService.decorate(userContext, authenticatedUser, credentials));
                }
            }
        }
        return arrayList;
    }

    public String authenticate(Credentials credentials, String str) throws GuacamoleException {
        String token;
        GuacamoleSession guacamoleSession = str != null ? this.tokenSessionMap.get(str) : null;
        AuthenticatedUser authenticatedUser = getAuthenticatedUser(guacamoleSession, credentials);
        List<DecoratedUserContext> userContexts = getUserContexts(guacamoleSession, authenticatedUser, credentials);
        if (guacamoleSession != null) {
            token = str;
            guacamoleSession.setAuthenticatedUser(authenticatedUser);
            guacamoleSession.setUserContexts(userContexts);
        } else {
            token = this.authTokenGenerator.getToken();
            this.tokenSessionMap.put(token, new GuacamoleSession(this.environment, authenticatedUser, userContexts));
            logger.debug("Login was successful for user \"{}\".", authenticatedUser.getIdentifier());
        }
        return token;
    }

    public GuacamoleSession getGuacamoleSession(String str) throws GuacamoleException {
        GuacamoleSession guacamoleSession = this.tokenSessionMap.get(str);
        if (guacamoleSession == null) {
            throw new GuacamoleUnauthorizedException("Permission Denied.");
        }
        return guacamoleSession;
    }

    public boolean destroyGuacamoleSession(String str) {
        GuacamoleSession remove = this.tokenSessionMap.remove(str);
        if (remove == null) {
            return false;
        }
        remove.invalidate();
        return true;
    }

    public List<DecoratedUserContext> getUserContexts(String str) throws GuacamoleException {
        return getGuacamoleSession(str).getUserContexts();
    }
}
