package io.milton.http;

import io.milton.common.StringUtils;
import io.milton.http.Auth;
import io.milton.resource.GetableResource;
import io.milton.resource.Resource;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/milton-server-ce-2.6.5.6.jar:io/milton/http/AuthenticationService.class */
public class AuthenticationService {
    private static final Logger log = LoggerFactory.getLogger(AuthenticationService.class);
    public static final String ATT_AUTH_STATUS = "auth.service.status";
    public static final String ATT_AUTH_CALLED = "auth.service.called";
    private final List<AuthenticationHandler> authenticationHandlers;
    private List<ExternalIdentityProvider> externalIdentityProviders;
    private boolean disableExternal;
    private final String[] browserIds = {"msie", "firefox", "chrome", "safari", "opera"};

    /* loaded from: input_file:WEB-INF/lib/milton-server-ce-2.6.5.6.jar:io/milton/http/AuthenticationService$AuthStatus.class */
    public static class AuthStatus {
        public final Auth auth;
        public final boolean loginFailed;

        public AuthStatus(Auth auth, boolean z) {
            this.auth = auth;
            this.loginFailed = z;
        }

        public String toString() {
            return this.auth == null ? "AuthStatus: no creds" : this.loginFailed ? "AuthStatus: login failed: " + this.auth.getUser() : "AuthStatus: logged in: " + this.auth.getUser();
        }
    }

    public AuthenticationService(List<AuthenticationHandler> list) {
        this.authenticationHandlers = list;
    }

    public AuthStatus authenticate(Resource resource, Request request) {
        if (request.getAttributes().containsKey(ATT_AUTH_STATUS)) {
            return (AuthStatus) request.getAttributes().get(ATT_AUTH_STATUS);
        }
        if (request.getAttributes().containsKey(ATT_AUTH_CALLED)) {
            return null;
        }
        request.getAttributes().put(ATT_AUTH_CALLED, Boolean.TRUE);
        AuthStatus _authenticate = _authenticate(resource, request);
        request.getAttributes().put(ATT_AUTH_STATUS, _authenticate);
        return _authenticate;
    }

    private AuthStatus _authenticate(Resource resource, Request request) {
        log.trace("authenticate");
        Auth authorization = request.getAuthorization();
        if ((authorization == null || authorization.getTag() == null) ? false : true) {
            log.trace("request is pre-authenticated");
            return new AuthStatus(authorization, false);
        }
        if (log.isTraceEnabled()) {
            log.trace("Checking authentication with auth handlers: " + this.authenticationHandlers.size());
            Iterator<AuthenticationHandler> it = this.authenticationHandlers.iterator();
            while (it.hasNext()) {
                log.trace(" - " + it.next());
            }
        }
        for (AuthenticationHandler authenticationHandler : this.authenticationHandlers) {
            if (authenticationHandler.supports(resource, request)) {
                Object authenticate = authenticationHandler.authenticate(resource, request);
                if (authenticate == null) {
                    log.warn("authentication failed by AuthenticationHandler:" + authenticationHandler.getClass());
                    return new AuthStatus(authorization, true);
                }
                if (log.isTraceEnabled()) {
                    log.trace("authentication passed by: " + authenticationHandler.getClass());
                }
                if (authorization == null) {
                    authorization = new Auth(Auth.Scheme.FORM, null, authenticate);
                    request.setAuthorization(authorization);
                }
                authorization.setTag(authenticate);
                return new AuthStatus(authorization, false);
            }
            if (log.isTraceEnabled()) {
                log.trace("handler does not support this resource and request. handler: " + authenticationHandler.getClass() + " resource: " + resource.getClass());
            }
        }
        log.trace("authentication did not locate a user, because no handler accepted the request");
        return null;
    }

    public List<String> getChallenges(Resource resource, Request request) {
        ArrayList arrayList = new ArrayList();
        for (AuthenticationHandler authenticationHandler : this.authenticationHandlers) {
            if (authenticationHandler.isCompatible(resource, request)) {
                log.debug("challenge for auth: " + authenticationHandler.getClass());
                authenticationHandler.appendChallenges(resource, request, arrayList);
            } else {
                log.debug("not challenging for auth: " + authenticationHandler.getClass() + " for resource type: " + (resource == null ? "" : resource.getClass()));
            }
        }
        return arrayList;
    }

    public List<AuthenticationHandler> getAuthenticationHandlers() {
        return this.authenticationHandlers;
    }

    public List<ExternalIdentityProvider> getExternalIdentityProviders() {
        return this.externalIdentityProviders;
    }

    public void setExternalIdentityProviders(List<ExternalIdentityProvider> list) {
        this.externalIdentityProviders = list;
    }

    public boolean isDisableExternal() {
        return this.disableExternal;
    }

    public void setDisableExternal(boolean z) {
        this.disableExternal = z;
    }

    public boolean canUseExternalAuth(Resource resource, Request request) {
        if (isDisableExternal()) {
            log.trace("auth svc has disabled external auth");
            return false;
        }
        if (getExternalIdentityProviders() == null || getExternalIdentityProviders().isEmpty()) {
            log.trace("auth service has no external auth providers");
            return false;
        }
        if (!(resource instanceof GetableResource)) {
            log.trace("is not getable");
            return false;
        }
        String contentType = ((GetableResource) resource).getContentType(Response.HTTP);
        if (contentType == null || !contentType.contains("html")) {
            log.trace("is not of content type html");
            return false;
        }
        if (StringUtils.contains(request.getUserAgentHeader().toLowerCase(), this.browserIds)) {
            log.trace("is a known web browser, so can offer external auth");
            return true;
        }
        log.trace("not a known web browser, so cannot offer external auth");
        return false;
    }

    public boolean authenticateDetailsPresent(Request request) {
        Iterator<AuthenticationHandler> it = this.authenticationHandlers.iterator();
        while (it.hasNext()) {
            if (it.next().credentialsPresent(request)) {
                return true;
            }
        }
        return false;
    }
}
