package org.eclipse.smarthome.io.http.auth.internal;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.CopyOnWriteArrayList;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.smarthome.core.auth.Authentication;
import org.eclipse.smarthome.core.auth.AuthenticationException;
import org.eclipse.smarthome.core.auth.AuthenticationManager;
import org.eclipse.smarthome.core.auth.Credentials;
import org.eclipse.smarthome.io.http.Handler;
import org.eclipse.smarthome.io.http.HandlerContext;
import org.eclipse.smarthome.io.http.auth.CredentialsExtractor;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(configurationPid = "org.eclipse.smarthome.auth")
/* loaded from: input_file:org/eclipse/smarthome/io/http/auth/internal/AuthenticationHandler.class */
public class AuthenticationHandler implements Handler {
    private static final String AUTHENTICATION_ENABLED = "enabled";
    private static final String AUTHENTICATION_ENDPOINT = "loginUri";
    private static final String DEFAULT_LOGIN_URI = "/login";
    static final String REDIRECT_PARAM_NAME = "redirect";
    private AuthenticationManager authenticationManager;
    private final Logger logger = LoggerFactory.getLogger(AuthenticationManager.class);
    private final List<CredentialsExtractor<HttpServletRequest>> extractors = new CopyOnWriteArrayList();
    private boolean enabled = false;
    private String loginUri = DEFAULT_LOGIN_URI;

    public int getPriority() {
        return 100;
    }

    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HandlerContext handlerContext) throws Exception {
        String requestURI = httpServletRequest.getRequestURI();
        if (this.enabled && isSecured(requestURI, httpServletRequest.getMethod())) {
            if (this.authenticationManager == null) {
                throw new AuthenticationException("Failed to authenticate request.");
            }
            int i = 0;
            int i2 = 0;
            Iterator<CredentialsExtractor<HttpServletRequest>> it = this.extractors.iterator();
            while (it.hasNext()) {
                Optional<Credentials> retrieveCredentials = it.next().retrieveCredentials(httpServletRequest);
                if (retrieveCredentials.isPresent()) {
                    i++;
                    Credentials credentials = retrieveCredentials.get();
                    try {
                        httpServletRequest.setAttribute(Authentication.class.getName(), this.authenticationManager.authenticate(credentials));
                        handlerContext.execute(httpServletRequest, httpServletResponse);
                        return;
                    } catch (AuthenticationException e) {
                        i2++;
                        if (this.logger.isDebugEnabled()) {
                            this.logger.debug("Failed to authenticate using credentials {}", credentials, e);
                        } else {
                            this.logger.info("Failed to authenticate using credentials {}", credentials);
                        }
                    }
                }
            }
            throw new AuthenticationException("Could not authenticate request. Found " + i + " credentials in request out of which " + i2 + " were invalid");
        }
    }

    public void handleError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HandlerContext handlerContext) {
        Object attribute = httpServletRequest.getAttribute("handler.error");
        if (httpServletResponse.getStatus() == 403 || httpServletResponse.getStatus() == 401) {
            return;
        }
        if (!(attribute instanceof AuthenticationException)) {
            handlerContext.execute(httpServletRequest, httpServletResponse);
            return;
        }
        String str = String.valueOf(this.loginUri) + "?" + REDIRECT_PARAM_NAME + "=" + httpServletRequest.getRequestURI();
        httpServletResponse.setHeader("Location", str);
        try {
            PrintWriter writer = httpServletResponse.getWriter();
            writer.println("<html><head>");
            writer.println("<meta http-equiv=\"refresh\" content=\"0; url=" + str + "\" />");
            writer.println("</head><body>Redirecting to login page</body></html>");
            writer.flush();
        } catch (IOException e) {
            this.logger.warn("Couldn't generate or send client response", e);
        }
    }

    private boolean isSecured(String str, String str2) {
        return !str.startsWith(this.loginUri) || "post".equalsIgnoreCase(str2);
    }

    @Activate
    void activate(Map<String, Object> map) {
        modified(map);
    }

    @Modified
    void modified(Map<String, Object> map) {
        Object obj = map.get(AUTHENTICATION_ENABLED);
        if (obj != null) {
            this.enabled = Boolean.valueOf(obj.toString()).booleanValue();
        }
        Object obj2 = map.get(AUTHENTICATION_ENDPOINT);
        if (obj2 == null || !(obj2 instanceof String)) {
            return;
        }
        this.loginUri = (String) obj2;
    }

    @Reference(cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.DYNAMIC)
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void unsetAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = null;
    }

    @Reference(cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC, target = "(context=javax.servlet.http.HttpServletRequest)")
    public void addCredentialsExtractor(CredentialsExtractor<HttpServletRequest> credentialsExtractor) {
        this.extractors.add(credentialsExtractor);
    }

    public void removeCredentialsExtractor(CredentialsExtractor<HttpServletRequest> credentialsExtractor) {
        this.extractors.remove(credentialsExtractor);
    }
}
