package pt.digitalis.dif.controller.http;

import com.google.inject.Inject;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.batik.util.XMLConstants;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.validation.Assertion;
import pt.digitalis.dif.controller.interfaces.IDIFRequest;
import pt.digitalis.dif.controller.objects.ControllerExecutionStep;
import pt.digitalis.dif.controller.objects.DIFRequest;
import pt.digitalis.dif.controller.objects.DispatcherAuthenticationResult;
import pt.digitalis.dif.controller.security.managers.IAuthenticationManager;
import pt.digitalis.dif.controller.security.managers.IAuthorizationManager;
import pt.digitalis.dif.controller.security.managers.IIdentityManager;
import pt.digitalis.dif.controller.security.managers.ISessionManager;
import pt.digitalis.dif.exception.controller.ControllerException;
import pt.digitalis.dif.exception.security.IdentityManagerException;
import pt.digitalis.dif.utils.logging.DIFLogger;
import pt.digitalis.utils.config.IConfigurations;

/* loaded from: input_file:WEB-INF/lib/dif-cas-authentication-2.1.6-3.jar:pt/digitalis/dif/controller/http/CASDispatcherHTTPImpl.class */
public class CASDispatcherHTTPImpl extends DispatcherHTTPImpl {
    private static final String CAS_LOGOUT_URL = "cas.logoutUrl";

    public static String getLogoutUrl() {
        return System.getProperty(CAS_LOGOUT_URL);
    }

    public static String getUserName(HttpSession httpSession) {
        Assertion assertion = (Assertion) httpSession.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
        if (assertion == null || assertion.getPrincipal() == null) {
            return null;
        }
        return assertion.getPrincipal().getName();
    }

    @Inject
    public CASDispatcherHTTPImpl(IIdentityManager iIdentityManager, IAuthenticationManager iAuthenticationManager, IAuthorizationManager iAuthorizationManager, ISessionManager iSessionManager, IConfigurations iConfigurations) {
        super(iIdentityManager, iAuthenticationManager, iAuthorizationManager, iSessionManager, iConfigurations);
    }

    public String getUserName() {
        return getUserName(((HttpServletRequest) getContext().getRequest().getAttribute(DIFRequest.ORIGINAL_REQUEST)).getSession());
    }

    @Override // pt.digitalis.dif.controller.AbstractDIFDispatcher
    protected DispatcherAuthenticationResult performAuthentication() throws ControllerException {
        if (!HTTPControllerConfiguration.getInstance().getCentralAuthencication().booleanValue()) {
            return super.performAuthentication();
        }
        Boolean valueOf = Boolean.valueOf((getContext().getRequest().getParameter(IDIFRequest.USER_PARAMETER_ID) == null || getContext().getRequest().getParameter(IDIFRequest.PASSWORD_PARAMETER_ID) == null) ? false : true);
        if (getUserName() == null && ("true".equals(getContext().getRequest().getParameter(IDIFRequest.LOGIN_PARAMETER_ID)) || valueOf.booleanValue())) {
            DIFLogger.getLogger().debug("Central Authentication - Performing user login in Central Service...");
            String str = "AuthenticationHandler?goBackTo=page&stage=" + getContext().getRequest().getStage();
            for (Map.Entry<String, Object> entry : getContext().getRequest().getParameters().entrySet()) {
                str = str + "&" + entry.getKey() + XMLConstants.XML_EQUAL_SIGN + entry.getValue().toString();
            }
            getContext().getRequest().getParameters().put(IDIFRequest.REDIRECT_TO_URL, str);
        } else {
            if (getUserName() != null && getContext().getSession().getUser() == null) {
                DIFLogger.getLogger().debug("Central Authentication - User is Authenticated in Central Service but not in DIF2. Performing login in DIF2...");
                getContext().getRequest().addParameter(IDIFRequest.USER_PARAMETER_ID, getUserName());
                getContext().getRequest().addParameter(IDIFRequest.PASSWORD_PARAMETER_ID, "dummyPassword");
                return super.performAuthentication();
            }
            try {
                Boolean valueOf2 = Boolean.valueOf((getUserName() == null || validateUserCredentials(getUserName(), null)) ? false : true);
                if ((getContext().getSession().getUser() != null && !getContext().getSession().getUser().getID().equals(getUserName())) || valueOf2.booleanValue()) {
                    DIFLogger.getLogger().warn("Central Authentication - User is Authenticated in Central Service and maybee on DIF2 but the user doesn't exist in DIF2 or the Central and DIF2 users are not the same...");
                    getContext().getRequest().addParameter(IDIFRequest.LOGOUT_PARAMETER_ID, "true");
                }
                if (valueOf2.booleanValue()) {
                    performLogoutOnCentral();
                    return DispatcherAuthenticationResult.LOGOUT;
                }
                if ("true".equals(getContext().getRequest().getParameter(IDIFRequest.LOGOUT_PARAMETER_ID))) {
                    return super.performAuthentication();
                }
            } catch (IdentityManagerException e) {
                throw new ControllerException(ControllerExecutionStep.DISPATCHER_AUTHENTICATION, "Could not access identity manager to validate the user's credentials! ", new Exception(e));
            }
        }
        return DispatcherAuthenticationResult.NO_ACTION;
    }

    private void performLogoutOnCentral() {
        getContext().getRequest().getParameters().put(IDIFRequest.REDIRECT_TO_URL, getLogoutUrl());
    }

    @Override // pt.digitalis.dif.controller.AbstractDIFDispatcher
    protected void postAuthentication(DispatcherAuthenticationResult dispatcherAuthenticationResult) {
        if (HTTPControllerConfiguration.getInstance().getCentralAuthencication().booleanValue() && dispatcherAuthenticationResult == DispatcherAuthenticationResult.LOGOUT) {
            performLogoutOnCentral();
        }
        super.postAuthentication(dispatcherAuthenticationResult);
    }

    @Override // pt.digitalis.dif.controller.AbstractDIFDispatcher
    protected boolean validateUserCredentials(String str, String str2) throws IdentityManagerException, ControllerException {
        return HTTPControllerConfiguration.getInstance().getCentralAuthencication().booleanValue() ? str != null && super.getIdentityManager().userExists(str) : super.validateUserCredentials(str, str2);
    }
}
