package org.apache.guacamole.rest.auth;

import com.google.inject.Singleton;
import java.util.ArrayList;
import java.util.List;
import javax.inject.Inject;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException;
import org.apache.guacamole.GuacamoleSession;
import org.apache.guacamole.GuacamoleUnauthorizedException;
import org.apache.guacamole.net.auth.AuthenticatedUser;
import org.apache.guacamole.net.auth.AuthenticationProvider;
import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.net.auth.credentials.GuacamoleCredentialsException;
import org.apache.guacamole.net.auth.credentials.GuacamoleInsufficientCredentialsException;
import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
import org.apache.guacamole.net.event.AuthenticationFailureEvent;
import org.apache.guacamole.net.event.AuthenticationSuccessEvent;
import org.apache.guacamole.rest.event.ListenerService;
import org.glassfish.jersey.server.ContainerRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:WEB-INF/classes/org/apache/guacamole/rest/auth/AuthenticationService.class */
public class AuthenticationService {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AuthenticationService.class);

    @Inject
    private List<AuthenticationProvider> authProviders;

    @Inject
    private TokenSessionMap tokenSessionMap;

    @Inject
    private AuthTokenGenerator authTokenGenerator;

    @Inject
    private DecorationService decorationService;

    @Inject
    private ListenerService listenerService;
    public static final String TOKEN_HEADER_NAME = "Guacamole-Token";
    public static final String TOKEN_PARAMETER_NAME = "token";

    private AuthenticatedUser authenticateUser(Credentials credentials) throws GuacamoleAuthenticationProcessException {
        AuthenticatedUser authenticateUser;
        AuthenticationProvider authenticationProvider = null;
        GuacamoleCredentialsException guacamoleCredentialsException = null;
        for (AuthenticationProvider authenticationProvider2 : this.authProviders) {
            try {
                authenticateUser = authenticationProvider2.authenticateUser(credentials);
            } catch (Error | RuntimeException | GuacamoleException e) {
                throw new GuacamoleAuthenticationProcessException("User authentication was aborted.", authenticationProvider2, e);
            } catch (GuacamoleInsufficientCredentialsException e2) {
                if (guacamoleCredentialsException == null || (guacamoleCredentialsException instanceof GuacamoleInvalidCredentialsException)) {
                    authenticationProvider = authenticationProvider2;
                    guacamoleCredentialsException = e2;
                }
            } catch (GuacamoleCredentialsException e3) {
                if (guacamoleCredentialsException == null) {
                    authenticationProvider = authenticationProvider2;
                    guacamoleCredentialsException = e3;
                }
            }
            if (authenticateUser != null) {
                return authenticateUser;
            }
        }
        throw new GuacamoleAuthenticationProcessException("User authentication failed.", authenticationProvider, guacamoleCredentialsException);
    }

    private AuthenticatedUser updateAuthenticatedUser(AuthenticatedUser authenticatedUser, Credentials credentials) throws GuacamoleAuthenticationProcessException {
        AuthenticationProvider authenticationProvider = authenticatedUser.getAuthenticationProvider();
        try {
            AuthenticatedUser updateAuthenticatedUser = authenticationProvider.updateAuthenticatedUser(authenticatedUser, credentials);
            if (updateAuthenticatedUser == null) {
                throw new GuacamoleSecurityException("User re-authentication failed.");
            }
            return updateAuthenticatedUser;
        } catch (Error | RuntimeException | GuacamoleException e) {
            throw new GuacamoleAuthenticationProcessException("User re-authentication failed.", authenticationProvider, e);
        }
    }

    private AuthenticatedUser getAuthenticatedUser(GuacamoleSession guacamoleSession, Credentials credentials) throws GuacamoleAuthenticationProcessException {
        return guacamoleSession != null ? updateAuthenticatedUser(guacamoleSession.getAuthenticatedUser(), credentials) : authenticateUser(credentials);
    }

    private List<DecoratedUserContext> getUserContexts(GuacamoleSession guacamoleSession, AuthenticatedUser authenticatedUser, Credentials credentials) throws GuacamoleAuthenticationProcessException {
        ArrayList arrayList = new ArrayList(this.authProviders.size());
        if (guacamoleSession != null) {
            for (DecoratedUserContext decoratedUserContext : guacamoleSession.getUserContexts()) {
                UserContext undecoratedUserContext = decoratedUserContext.getUndecoratedUserContext();
                AuthenticationProvider authenticationProvider = undecoratedUserContext.getAuthenticationProvider();
                try {
                    UserContext updateUserContext = authenticationProvider.updateUserContext(undecoratedUserContext, authenticatedUser, credentials);
                    if (updateUserContext != null) {
                        arrayList.add(this.decorationService.redecorate(decoratedUserContext, updateUserContext, authenticatedUser, credentials));
                    } else {
                        logger.debug("AuthenticationProvider \"{}\" retroactively destroyed its UserContext.", authenticationProvider.getClass().getName());
                    }
                } catch (Error | RuntimeException | GuacamoleException e) {
                    throw new GuacamoleAuthenticationProcessException("User authentication aborted during UserContext update.", authenticationProvider, e);
                }
            }
        } else {
            for (AuthenticationProvider authenticationProvider2 : this.authProviders) {
                try {
                    UserContext userContext = authenticationProvider2.getUserContext(authenticatedUser);
                    if (userContext != null) {
                        arrayList.add(this.decorationService.decorate(userContext, authenticatedUser, credentials));
                    }
                } catch (Error | RuntimeException | GuacamoleException e2) {
                    throw new GuacamoleAuthenticationProcessException("User authentication aborted during initial UserContext creation.", authenticationProvider2, e2);
                }
            }
        }
        return arrayList;
    }

    public String authenticate(Credentials credentials, String str) throws GuacamoleException {
        String token;
        try {
            for (AuthenticationProvider authenticationProvider : this.authProviders) {
                try {
                    credentials = authenticationProvider.updateCredentials(credentials);
                } catch (Error | RuntimeException | GuacamoleException e) {
                    throw new GuacamoleAuthenticationProcessException("User authentication aborted during credential update/revision.", authenticationProvider, e);
                }
            }
            Credentials credentials2 = credentials;
            this.listenerService.handleEvent(() -> {
                return credentials2;
            });
            GuacamoleSession guacamoleSession = str != null ? this.tokenSessionMap.get(str) : null;
            AuthenticatedUser authenticatedUser = getAuthenticatedUser(guacamoleSession, credentials2);
            List<DecoratedUserContext> userContexts = getUserContexts(guacamoleSession, authenticatedUser, credentials2);
            if (guacamoleSession != null) {
                token = str;
                guacamoleSession.setAuthenticatedUser(authenticatedUser);
                guacamoleSession.setUserContexts(userContexts);
            } else {
                token = this.authTokenGenerator.getToken();
                this.tokenSessionMap.put(token, new GuacamoleSession(this.listenerService, authenticatedUser, userContexts));
            }
            try {
                this.listenerService.handleEvent(new AuthenticationSuccessEvent(authenticatedUser, guacamoleSession != null));
                return token;
            } catch (GuacamoleException e2) {
                throw new GuacamoleAuthenticationProcessException("User authentication aborted by event listener.", null, e2);
            }
        } catch (GuacamoleAuthenticationProcessException e3) {
            this.listenerService.handleEvent(new AuthenticationFailureEvent(credentials, e3.getAuthenticationProvider(), e3.getCause()));
            e3.rethrowCause();
            Throwable cause = e3.getCause();
            if (cause != null) {
                logger.warn("An underlying internal error was not correctly rethrown by rethrowCause(): {}", cause.getMessage());
                logger.debug("Internal error not rethrown by rethrowCause().", cause);
            } else {
                logger.warn("An underlying internal error was not correctly rethrown by rethrowCause().");
            }
            throw e3.getCauseAsGuacamoleException();
        }
    }

    public GuacamoleSession getGuacamoleSession(String str) throws GuacamoleException {
        GuacamoleSession guacamoleSession = this.tokenSessionMap.get(str);
        if (guacamoleSession == null) {
            throw new GuacamoleUnauthorizedException("Permission Denied.");
        }
        return guacamoleSession;
    }

    public boolean destroyGuacamoleSession(String str) {
        GuacamoleSession remove = this.tokenSessionMap.remove(str);
        if (remove == null) {
            return false;
        }
        remove.invalidate();
        return true;
    }

    public List<DecoratedUserContext> getUserContexts(String str) throws GuacamoleException {
        return getGuacamoleSession(str).getUserContexts();
    }

    public String getAuthenticationToken(ContainerRequest containerRequest) {
        String headerString = containerRequest.getHeaderString(TOKEN_HEADER_NAME);
        if (headerString != null && !headerString.isEmpty()) {
            return headerString;
        }
        String first = containerRequest.getUriInfo().getQueryParameters().getFirst("token");
        if (first == null || first.isEmpty()) {
            return null;
        }
        return first;
    }
}
