package org.linagora.linshare.auth.sso;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.httpclient.cookie.Cookie2;
import org.linagora.linshare.auth.dao.LdapUserDetailsProvider;
import org.linagora.linshare.core.domain.entities.Root;
import org.linagora.linshare.core.domain.entities.User;
import org.linagora.linshare.core.exception.BusinessException;
import org.linagora.linshare.core.repository.RootUserRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/classes/org/linagora/linshare/auth/sso/PreAuthenticationHeader.class */
public class PreAuthenticationHeader extends RequestHeaderAuthenticationFilter {
    private static Logger logger = LoggerFactory.getLogger(PreAuthenticationHeader.class);
    private RootUserRepository rootUserRepository;
    private LdapUserDetailsProvider userDetailsProvider;
    private String principalRequestHeader;
    private String domainRequestHeader;
    private List<String> authorizedAddresses;

    public PreAuthenticationHeader(String str) {
        if (str != null) {
            this.authorizedAddresses = Arrays.asList(str.split(StringArrayPropertyEditor.DEFAULT_SEPARATOR));
        } else {
            this.authorizedAddresses = new ArrayList();
        }
    }

    @Override // org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter, org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
    protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(this.principalRequestHeader);
        String parameter = httpServletRequest.getParameter(Cookie2.DOMAIN);
        if (parameter == null) {
            parameter = httpServletRequest.getHeader(this.domainRequestHeader);
        }
        if (header != null) {
            if (!this.authorizedAddresses.contains(httpServletRequest.getRemoteAddr())) {
                logger.error("SECURITY ALERT: Unauthorized header value '" + header + "' from IP: " + httpServletRequest.getRemoteAddr() + ":" + httpServletRequest.getRemotePort());
                return null;
            }
            User preAuthenticatedUser = getPreAuthenticatedUser(header, parameter);
            if (preAuthenticatedUser == null) {
                logger.debug("No user was found with : " + header);
                logger.warn("PreAuthenticationHeader (SSO) is looking for someone who does not belong to the ldap domain anymore.");
                return null;
            }
            header = preAuthenticatedUser.getLsUuid();
        }
        return header;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v16, types: [org.linagora.linshare.core.domain.entities.User] */
    /* JADX WARN: Type inference failed for: r0v9, types: [org.linagora.linshare.core.domain.entities.User] */
    private User getPreAuthenticatedUser(String str, String str2) {
        Root findByLogin = this.rootUserRepository.findByLogin(str);
        if (findByLogin == null) {
            logger.debug("looking into ldap.");
            try {
                findByLogin = this.userDetailsProvider.retrieveUser(str2, str);
            } catch (UsernameNotFoundException e) {
                logger.error(e.getMessage());
                findByLogin = null;
            }
        }
        if (findByLogin != null) {
            try {
                findByLogin = this.userDetailsProvider.findOrCreateUser(findByLogin.getDomainId(), findByLogin.getMail());
            } catch (BusinessException e2) {
                logger.error(e2.getMessage());
                throw new AuthenticationServiceException("Could not create user account : " + findByLogin.getDomainId() + " : " + findByLogin.getMail(), e2);
            }
        }
        return findByLogin;
    }

    @Override // org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
    public void setPrincipalRequestHeader(String str) {
        Assert.hasText(str, "principalRequestHeader must not be empty or null");
        this.principalRequestHeader = str;
    }

    public void setDomainRequestHeader(String str) {
        Assert.hasText(str, "domainRequestHeader must not be empty or null");
        this.domainRequestHeader = str;
    }

    public void setRootUserRepository(RootUserRepository rootUserRepository) {
        this.rootUserRepository = rootUserRepository;
    }

    public void setUserDetailsProvider(LdapUserDetailsProvider ldapUserDetailsProvider) {
        this.userDetailsProvider = ldapUserDetailsProvider;
    }
}
