package com.tridium.web;

import com.tridium.httpd.CookieUtil;
import com.tridium.nre.auth.ScramSha256Server;
import java.security.MessageDigest;
import javax.baja.io.HtmlWriter;
import javax.baja.log.Log;
import javax.baja.naming.BOrd;
import javax.baja.nre.util.Array;
import javax.baja.nre.util.TextUtil;
import javax.baja.security.AuditEvent;
import javax.baja.security.Auditor;
import javax.baja.security.BICredentials;
import javax.baja.security.BPbkdf2HmacSha256PasswordEncoder;
import javax.baja.security.BUsernameAndPassword;
import javax.baja.sys.BString;
import javax.baja.sys.BajaRuntimeException;
import javax.baja.sys.Clock;
import javax.baja.sys.Property;
import javax.baja.sys.Sys;
import javax.baja.sys.Type;
import javax.baja.user.BAuthAgent;
import javax.baja.user.BUser;
import javax.baja.user.BUserService;
import javax.baja.util.BTypeSpec;
import javax.baja.util.Lexicon;
import javax.baja.web.BAuthenticationType;
import javax.baja.web.BLoginTemplate;
import javax.baja.web.BWebService;
import javax.baja.web.IStateLoginTemplate;
import javax.baja.web.LoginState;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/tridium/web/BHttpAuthAgent.class */
public abstract class BHttpAuthAgent extends BAuthAgent {
    private static final String DIGEST_TYPE = System.getProperty("niagara.web.messageDigest", "SHA-1");
    protected static final String CNAME_NIAGARA_LOGIN_STATE = "niagara_login_state";
    protected static final String CNAME_NIAGARA_LOGIN_STATE_DATA = "niagara_login_state_data";
    protected static final String CNAME_NIAGARA_SESSION = "niagara_session";
    protected static final String CNAME_NIAGARA_AUTH = "niagara_auth";
    protected static final String CNAME_NIAGARA_AUTH_AUTO = "niagara_auth_auto";
    protected static final String LOGIN_STATE_DATA_DUP_PASSWORD = "duplicatePassword";
    public static final int LOGIN_STATE_OK = 0;
    public static final int LOGIN_STATE_RETRY = 1;
    public static final int LOGIN_STATE_UNKNOWN_ERROR = 2;
    public static final int LOGIN_STATE_PASSWORD_RESET = 3;
    public static final int LOGIN_STATE_KERB_FAILED = 4;
    public static final int LOGIN_STATE_ILLEGAL_NETWORK_USER = 5;
    public static final int LOGIN_STATE_HTTP_FOX_SSL_MISMATCH = 6;
    public static final Type TYPE;
    protected static BLoginTemplate defaultTemplate;
    protected static long AUTH_TIMESTAMP_TOLERANCE;
    protected static Log authLog;
    private static BHttpAuthAgent authAgent;
    private BWebService webService;
    private BUserService userService;
    static Class class$com$tridium$web$BHttpAuthAgent;
    static Class class$java$lang$String;
    static Class class$com$tridium$web$BHttpAuthAgent$AuthContext;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/tridium/web/BHttpAuthAgent$AuthContext.class */
    public abstract class AuthContext {
        protected boolean audit;
        protected String scheme;
        protected BICredentials credentials;
        protected String username;
        protected Cookie cookieSource;
        protected boolean extendExpiration;
        protected String remoteHost;
        protected HttpSession session;

        /* renamed from: this, reason: not valid java name */
        final BHttpAuthAgent f5this;

        public void setAudit(boolean z) {
            this.audit = z;
        }

        public boolean getAudit() {
            return this.audit;
        }

        public void setScheme(String str) {
            this.scheme = str;
        }

        public String getScheme() {
            return this.scheme;
        }

        public void setCookieSource(Cookie cookie) {
            this.cookieSource = cookie;
        }

        public Cookie getCookieSource() {
            return this.cookieSource;
        }

        public void setExtendExpiration(boolean z) {
            this.extendExpiration = z;
        }

        public boolean getExtendExpiration() {
            return this.extendExpiration;
        }

        public void setRemoteHost(String str) {
            this.remoteHost = str;
        }

        public String getRemoteHost() {
            return this.remoteHost;
        }

        public String toString() {
            return this.scheme;
        }

        public void setSession(HttpSession httpSession) {
            this.session = httpSession;
        }

        public HttpSession getSession() {
            return this.session;
        }

        public String getUsername() {
            return this.username;
        }

        /* renamed from: this, reason: not valid java name */
        private final void m41this() {
            this.audit = false;
            this.scheme = null;
            this.credentials = null;
            this.username = null;
            this.cookieSource = null;
            this.extendExpiration = false;
            this.remoteHost = null;
            this.session = null;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public AuthContext(BHttpAuthAgent bHttpAuthAgent) {
            this.f5this = bHttpAuthAgent;
            m41this();
        }
    }

    /* loaded from: input_file:com/tridium/web/BHttpAuthAgent$HttpUserKeyFactory.class */
    protected class HttpUserKeyFactory implements ScramSha256Server.IUserKeyFactory {

        /* renamed from: this, reason: not valid java name */
        final BHttpAuthAgent f6this;

        public String getUserKey(String str) {
            BUserService service = Sys.getService(BUserService.TYPE);
            BUser user = service.getUser(str);
            if (user == null || !service.canLogin(user)) {
                return BPbkdf2HmacSha256PasswordEncoder.makeFake(str).getValue();
            }
            BPbkdf2HmacSha256PasswordEncoder.makeFake(str);
            return user.getPassword().getPasswordEncoder().getValue();
        }

        public HttpUserKeyFactory(BHttpAuthAgent bHttpAuthAgent) {
            this.f6this = bHttpAuthAgent;
        }
    }

    public void doLoginGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        BLoginTemplate bLoginTemplate;
        BTypeSpec bTypeSpec = getWebService().get("loginTemplate");
        if (bTypeSpec == null || bTypeSpec.isNull()) {
            bLoginTemplate = defaultTemplate;
        } else {
            try {
                bLoginTemplate = (BLoginTemplate) bTypeSpec.getInstance();
            } catch (Exception e) {
                e.printStackTrace();
                bLoginTemplate = defaultTemplate;
            }
        }
        LoginState make = LoginState.make(0);
        Cookie[] cookies = httpServletRequest.getCookies();
        String cookieName = CookieUtil.getCookieName(httpServletRequest, CNAME_NIAGARA_LOGIN_STATE);
        String loginStateData = getLoginStateData(httpServletRequest, httpServletResponse);
        if (cookies != null) {
            for (int i = 0; i < cookies.length; i++) {
                if (cookies[i].getName().equals(cookieName)) {
                    if (cookies[i].getValue().equals(String.valueOf(1))) {
                        make = LoginState.make(1, loginStateData);
                    } else if (cookies[i].getValue().equals(String.valueOf(3))) {
                        make = LoginState.make(3, loginStateData);
                    } else if (cookies[i].getValue().equals(String.valueOf(4))) {
                        make = LoginState.make(4, loginStateData);
                    } else if (cookies[i].getValue().equals(String.valueOf(5))) {
                        make = LoginState.make(5, loginStateData);
                    } else if (cookies[i].getValue().equals(String.valueOf(6))) {
                        make = LoginState.make(6, loginStateData);
                    }
                    removeCookie(httpServletResponse, cookieName);
                }
            }
        }
        httpServletResponse.setContentType("text/html");
        if (bLoginTemplate instanceof IStateLoginTemplate) {
            ((IStateLoginTemplate) bLoginTemplate).write(getWebService(), httpServletRequest, httpServletResponse, make);
            return;
        }
        if (make.getState() == 0) {
            bLoginTemplate.write(getWebService(), httpServletRequest, httpServletResponse, false);
        } else if (make.getState() == 1) {
            bLoginTemplate.write(getWebService(), httpServletRequest, httpServletResponse, true);
        } else {
            ((IStateLoginTemplate) defaultTemplate).write(getWebService(), httpServletRequest, httpServletResponse, make);
        }
    }

    public void writeHeader(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        HtmlWriter htmlWriter = new HtmlWriter(httpServletResponse.getWriter());
        htmlWriter.println(new StringBuffer(" <title>").append(Lexicon.make("web", WebUtil.getLanguage(httpServletRequest, null)).getHtmlSafeText("login")).append("</title>").toString());
        String absolutePathBase = WebUtil.getAbsolutePathBase(httpServletRequest);
        htmlWriter.println(" <meta http-equiv='Content-type' content='text/html;charset=UTF-8' />");
        htmlWriter.println(new StringBuffer(" <link rel='stylesheet' type='text/css' href='").append(absolutePathBase).append("login/login.css'/>").toString());
        htmlWriter.println(new StringBuffer(" <script type='text/javascript' src='").append(absolutePathBase).append("login/sha1.js'></script>").toString());
        htmlWriter.println(new StringBuffer(" <script type='text/javascript' src='").append(absolutePathBase).append("login/login.js'></script>").toString());
    }

    public String getLoginMessageContent(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, LoginState loginState) {
        if (loginState.getState() == 0) {
            return null;
        }
        Lexicon make = Lexicon.make("web", WebUtil.getLanguage(httpServletRequest, null));
        StringBuffer stringBuffer = new StringBuffer();
        if (loginState.getState() == 2) {
            stringBuffer.append(new StringBuffer(" <b>").append(make.getHtmlSafeText("login.failed")).append("</b><br/>").toString());
            stringBuffer.append(new StringBuffer(" ").append(make.getHtmlSafeText("login.failed.unknown.details")).toString());
        } else if (loginState.getState() == 3) {
            stringBuffer.append(new StringBuffer(" <b>").append(make.getHtmlSafeText("login.password.reset")).append("</b><br/>").toString());
            stringBuffer.append(new StringBuffer(" ").append(make.getHtmlSafeText("login.password.reset.details")).toString());
            String str = (String) loginState.getData();
            if (str != null && str.equals(LOGIN_STATE_DATA_DUP_PASSWORD)) {
                stringBuffer.append(new StringBuffer("<br>").append(Lexicon.make("baja").get("user.strongPassword.alreadyUsed")).toString());
            }
        } else if (loginState.getState() == 5) {
            stringBuffer.append(new StringBuffer(" <b>").append(make.getHtmlSafeText("login.failed")).append("</b><br/>").toString());
            stringBuffer.append(new StringBuffer(" ").append(make.getHtmlSafeText("login.illegal.network.user.passwordReset")).toString());
        } else if (loginState.getState() == 6) {
            stringBuffer.append(new StringBuffer(" <b>").append(make.getHtmlSafeText("login.failed")).append("</b><br/>").toString());
            stringBuffer.append(new StringBuffer(" ").append(make.getHtmlSafeText("login.failed.httpFox.mismatch.details")).toString());
        } else {
            stringBuffer.append(new StringBuffer(" <b>").append(make.getHtmlSafeText("login.failed")).append("</b><br/>").toString());
            stringBuffer.append(new StringBuffer(" ").append(make.getHtmlSafeText("login.failed.details")).toString());
        }
        return stringBuffer.toString();
    }

    private final String getLoginStateData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie[] cookies = httpServletRequest.getCookies();
        String cookieName = CookieUtil.getCookieName(httpServletRequest, CNAME_NIAGARA_LOGIN_STATE_DATA);
        if (cookies == null) {
            return null;
        }
        for (int i = 0; i < cookies.length; i++) {
            if (cookies[i].getName().equals(cookieName)) {
                return cookies[i].getValue();
            }
            removeCookie(httpServletResponse, cookieName);
        }
        return null;
    }

    public abstract void writeLoginForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, LoginState loginState) throws Exception;

    public BOrd resourceToOrd(String str) {
        return BOrd.make(new StringBuffer("module://web/com/tridium/web/rc/").append(str).toString());
    }

    public void doLogoutGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        try {
            Auditor auditor = Sys.getAuditor();
            if (auditor != null) {
                String remoteHost = httpServletRequest.getRemoteHost();
                if (remoteHost == null) {
                    remoteHost = httpServletRequest.getRemoteAddr();
                }
                String remoteUser = httpServletRequest.getRemoteUser();
                auditor.audit(new AuditEvent("Logout", getWebService().toPathString(), remoteHost != null ? remoteHost : "", "", "", remoteUser != null ? remoteUser : ""));
            }
        } catch (Throwable th) {
            th.printStackTrace();
        }
        invalidateSession(httpServletRequest, httpServletResponse);
        httpServletResponse.sendRedirect(WebUtil.getRedirect(httpServletRequest, "/"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void invalidateSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String str = null;
        Property property = getWebService().getProperty("cookieDomain");
        if (property != null) {
            String trim = getWebService().getString(property).trim();
            if (trim.length() > 0 && TextUtil.toLowerCase(httpServletRequest.getServerName()).indexOf(TextUtil.toLowerCase(trim)) >= 0) {
                str = trim;
            }
        }
        try {
            Class loadClass = Sys.loadClass("fox", "com.tridium.fox.sys.BFoxService");
            Class<?>[] clsArr = new Class[1];
            Class<?> cls = class$java$lang$String;
            if (cls == null) {
                cls = m38class("[Ljava.lang.String;", false);
                class$java$lang$String = cls;
            }
            clsArr[0] = cls;
            loadClass.getMethod("httpSessionClosed", clsArr).invoke(null, httpServletRequest.getRequestedSessionId());
            httpServletRequest.getSession().invalidate();
        } catch (Exception e) {
            e.printStackTrace();
        }
        Cookie[] cookies = httpServletRequest.getCookies();
        for (int i = 0; cookies != null && i < cookies.length; i++) {
            String name = cookies[i].getName();
            if (name.startsWith(CNAME_NIAGARA_AUTH) || name.startsWith(CNAME_NIAGARA_SESSION)) {
                Cookie cookie = new Cookie(name, "");
                cookie.setValue(null);
                cookie.setMaxAge(0);
                cookie.setPath("/");
                if (str != null) {
                    cookie.setDomain(str);
                }
                httpServletResponse.addCookie(cookie);
            }
        }
    }

    public abstract void doLoginPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception;

    public abstract UserAndCredentials doWebProcessAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception;

    protected abstract AuthContext getFromHeader(String str) throws Exception;

    protected abstract void updateCookie(AuthContext authContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse);

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeCookie(HttpServletResponse httpServletResponse, String str) {
        Cookie cookie = new Cookie(str, "false");
        cookie.setMaxAge(0);
        cookie.setPath("/");
        httpServletResponse.addCookie(cookie);
    }

    protected String getAuditKey(AuthContext authContext) {
        return (authContext.credentials == null || !(authContext.credentials instanceof BUsernameAndPassword)) ? authContext.getUsername() != null ? authContext.getUsername() : "unknown" : authContext.credentials.getUsername();
    }

    protected abstract AuthContext getFromCookie(Cookie cookie, boolean z) throws Exception;

    protected String makeNonce(HttpServletRequest httpServletRequest) {
        long millis = Clock.millis();
        return new StringBuffer().append(TextUtil.padZeros(Long.toHexString(millis), 16)).append(getNonceDigest(millis, httpServletRequest)).toString();
    }

    public boolean isNonceValid(String str, HttpServletRequest httpServletRequest) {
        try {
            long parseLong = Long.parseLong(str.substring(0, 16), 16);
            if (getWebService().getCookieDigestSessionTimeout() < 0 || Clock.millis() - parseLong <= getWebService().getCookieDigestSessionTimeout() * 60000) {
                return getNonceDigest(parseLong, httpServletRequest).equals(str.substring(16));
            }
            return false;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    protected String getNonceDigest(long j, HttpServletRequest httpServletRequest) {
        String bString;
        BString bString2 = getWebService().get("cookieDomain");
        if (bString2 == null) {
            HttpSession session = httpServletRequest.getSession(true);
            bString = session.getId();
            session.setMaxInactiveInterval(getWebService().getCookieDigestSessionTimeout() * 60);
        } else {
            bString = bString2.toString();
        }
        return TextUtil.bytesToHexString(digest(new StringBuffer().append(Long.toHexString(j)).append(bString).append("30e7e918c8474db68536e6653e4978df").toString()));
    }

    public boolean isDigest() {
        return getWebService().getAuthenticationScheme() == BAuthenticationType.cookieDigest;
    }

    public AuthContext[] getAuthContexts(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        AuthContext[] contextFromCookieName;
        int[] iArr = getWebService().getAuthenticationScheme() == BAuthenticationType.basic ? new int[]{1} : getWebService().getAuthenticationScheme() == BAuthenticationType.cookieDigest ? new int[]{2, 1} : new int[]{0, 1};
        for (int i = 0; i < iArr.length; i++) {
            AuthContext[] contextFromCookieName2 = getContextFromCookieName(httpServletRequest, httpServletResponse, CNAME_NIAGARA_SESSION);
            if (contextFromCookieName2 == null) {
                contextFromCookieName2 = getContextFromSession(httpServletRequest);
            }
            if (contextFromCookieName2 != null) {
                for (int i2 = 0; i2 < contextFromCookieName2.length; i2++) {
                    if (contextFromCookieName2[i2].getScheme() == null) {
                        switch (iArr[i]) {
                            case 0:
                                contextFromCookieName2[i2].setScheme("Cookie");
                                break;
                            case 1:
                                contextFromCookieName2[i2].setScheme("Basic");
                                break;
                            case 2:
                                contextFromCookieName2[i2].setScheme("CookieDigest");
                                break;
                        }
                    }
                }
                return contextFromCookieName2;
            }
            if (iArr[i] == 1) {
                String header = httpServletRequest.getHeader("Authorization");
                if (header != null) {
                    return new AuthContext[]{getFromHeader(header)};
                }
            } else if (iArr[i] != 0) {
                continue;
            } else {
                if (getWebService().getAutoLoginEnabled() && (contextFromCookieName = getContextFromCookieName(httpServletRequest, httpServletResponse, CNAME_NIAGARA_AUTH_AUTO)) != null) {
                    return contextFromCookieName;
                }
                AuthContext[] contextFromCookieName3 = getContextFromCookieName(httpServletRequest, httpServletResponse, CNAME_NIAGARA_AUTH);
                if (contextFromCookieName3 != null) {
                    return contextFromCookieName3;
                }
            }
        }
        return null;
    }

    private final AuthContext[] getContextFromCookieName(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws Exception {
        AuthContext fromCookie;
        AuthContext fromCookie2;
        Cookie[] cookies = httpServletRequest.getCookies();
        String cookieName = CookieUtil.getCookieName(httpServletRequest, str);
        Class cls = class$com$tridium$web$BHttpAuthAgent$AuthContext;
        if (cls == null) {
            cls = m38class("[Lcom.tridium.web.BHttpAuthAgent$AuthContext;", false);
            class$com$tridium$web$BHttpAuthAgent$AuthContext = cls;
        }
        Array array = new Array(cls);
        for (int i = 0; cookies != null && i < cookies.length; i++) {
            if (cookies[i].getName().equals(cookieName) && (fromCookie2 = getFromCookie(cookies[i], false)) != null) {
                array.add(fromCookie2);
            }
        }
        if (array.size() > 0) {
            return (AuthContext[]) array.trim();
        }
        if (cookieName.equals(str)) {
            return null;
        }
        for (int i2 = 0; cookies != null && i2 < cookies.length; i2++) {
            if (cookies[i2].getName().equals(str) && (fromCookie = getFromCookie(cookies[i2], false)) != null) {
                array.add(fromCookie);
            }
        }
        if (array.size() > 0) {
            return (AuthContext[]) array.trim();
        }
        return null;
    }

    private final AuthContext[] getContextFromSession(HttpServletRequest httpServletRequest) throws Exception {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        Cookie cookie = new Cookie(CookieUtil.getCookieName(httpServletRequest, CNAME_NIAGARA_SESSION), session.getId());
        cookie.setPath("/");
        cookie.setMaxAge(-1);
        AuthContext fromCookie = getFromCookie(cookie, false);
        if (fromCookie != null) {
            return new AuthContext[]{fromCookie};
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BWebService getWebService() {
        if (this.webService == null) {
            this.webService = Sys.getService(BWebService.TYPE);
        }
        return this.webService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BUserService getUserService() {
        if (this.userService == null) {
            this.userService = Sys.getService(BUserService.TYPE);
        }
        return this.userService;
    }

    public byte[] digest(String str) {
        return digest(str.getBytes());
    }

    public byte[] digest(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(DIGEST_TYPE);
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (Exception e) {
            throw new BajaRuntimeException("Error creating digest", e);
        }
    }

    public static final BHttpAuthAgent getAuthAgent() {
        if (authAgent == null) {
            BUserService service = BUserService.getService();
            if (service == null) {
                authAgent = BHttpUsernamePasswordAuthAgent.INSTANCE;
            } else {
                authAgent = (BHttpAuthAgent) service.getAuthAgent(TYPE);
                if (authAgent == null) {
                    authAgent = BHttpUsernamePasswordAuthAgent.INSTANCE;
                }
            }
        }
        return authAgent;
    }

    /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Throwable, java.lang.Class] */
    /* renamed from: class, reason: not valid java name */
    static Class m38class(String str, boolean z) {
        ?? componentType;
        try {
            Class<?> cls = Class.forName(str);
            if (z) {
                return cls;
            }
            componentType = cls.getComponentType();
            return componentType;
        } catch (ClassNotFoundException unused) {
            throw new NoClassDefFoundError(componentType.getMessage());
        }
    }

    /* renamed from: this, reason: not valid java name */
    private final void m39this() {
        this.webService = null;
        this.userService = null;
    }

    public BHttpAuthAgent() {
        m39this();
    }

    static {
        Class cls = class$com$tridium$web$BHttpAuthAgent;
        if (cls == null) {
            cls = m38class("[Lcom.tridium.web.BHttpAuthAgent;", false);
            class$com$tridium$web$BHttpAuthAgent = cls;
        }
        TYPE = Sys.loadType(cls);
        defaultTemplate = new BDefaultLoginTemplate();
        AUTH_TIMESTAMP_TOLERANCE = 20000L;
        authLog = Log.getLog("web.auth");
        authAgent = null;
    }
}
