package com.dotcms.rest;

import com.dotcms.auth.providers.jwt.JsonWebTokenAuthCredentialProcessor;
import com.dotcms.auth.providers.jwt.services.JsonWebTokenAuthCredentialProcessorImpl;
import com.dotcms.repackage.com.google.common.annotations.VisibleForTesting;
import com.dotcms.repackage.com.google.common.base.Optional;
import com.dotcms.repackage.javax.ws.rs.core.Response;
import com.dotcms.repackage.org.apache.commons.io.IOUtils;
import com.dotcms.repackage.org.apache.commons.lang.StringUtils;
import com.dotcms.repackage.org.codehaus.jettison.json.JSONException;
import com.dotcms.repackage.org.codehaus.jettison.json.JSONObject;
import com.dotcms.repackage.org.glassfish.jersey.internal.util.Base64;
import com.dotcms.rest.exception.SecurityException;
import com.dotcms.rest.validation.ServletPreconditions;
import com.dotcms.util.CollectionsUtils;
import com.dotmarketing.business.APILocator;
import com.dotmarketing.business.ApiProvider;
import com.dotmarketing.business.LayoutAPI;
import com.dotmarketing.business.UserAPI;
import com.dotmarketing.business.web.UserWebAPI;
import com.dotmarketing.cms.factories.PublicCompanyFactory;
import com.dotmarketing.cms.login.factories.LoginFactory;
import com.dotmarketing.exception.DotDataException;
import com.dotmarketing.exception.DotSecurityException;
import com.dotmarketing.util.Config;
import com.dotmarketing.util.Logger;
import com.dotmarketing.util.SecurityLogger;
import com.dotmarketing.util.UtilMethods;
import com.liferay.portal.model.Company;
import com.liferay.portal.model.User;
import com.liferay.portal.util.WebKeys;
import com.liferay.util.StringPool;
import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/dotcms/rest/WebResource.class */
public class WebResource {
    public static final String BASIC = "Basic ";
    public static final String BEARER = "Bearer ";
    private final UserWebAPI userWebAPI;
    private final UserAPI userAPI;
    private final LayoutAPI layoutAPI;
    private final JsonWebTokenAuthCredentialProcessor jsonWebTokenAuthCredentialProcessor;

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/dotcms/rest/WebResource$UsernamePassword.class */
    public static final class UsernamePassword {
        final String username;
        final String password;

        private UsernamePassword(String str, String str2) {
            this.username = str;
            this.password = str2;
        }
    }

    public WebResource() {
        this(new ApiProvider());
    }

    public WebResource(ApiProvider apiProvider) {
        this(apiProvider, JsonWebTokenAuthCredentialProcessorImpl.getInstance());
    }

    public WebResource(ApiProvider apiProvider, JsonWebTokenAuthCredentialProcessor jsonWebTokenAuthCredentialProcessor) {
        this.userAPI = apiProvider.userAPI();
        this.userWebAPI = apiProvider.userWebAPI();
        this.layoutAPI = apiProvider.layoutAPI();
        this.jsonWebTokenAuthCredentialProcessor = jsonWebTokenAuthCredentialProcessor;
    }

    public void init(HttpServletRequest httpServletRequest) {
        checkForceSSL(httpServletRequest);
    }

    public InitDataObject init(String str, HttpServletRequest httpServletRequest) {
        checkForceSSL(httpServletRequest);
        InitDataObject initDataObject = new InitDataObject();
        if (!UtilMethods.isSet(str)) {
            return initDataObject;
        }
        initDataObject.setParamsMap(buildParamsMap(str));
        return initDataObject;
    }

    public InitDataObject init(boolean z, HttpServletRequest httpServletRequest, boolean z2) throws SecurityException {
        return init(null, z, httpServletRequest, z2, null);
    }

    public InitDataObject init(String str, boolean z, HttpServletRequest httpServletRequest, boolean z2, String str2) throws SecurityException {
        checkForceSSL(httpServletRequest);
        if (!UtilMethods.isSet(str)) {
            str = StringPool.BLANK;
        }
        return initWithMap(buildParamsMap(str), z, httpServletRequest, z2, str2);
    }

    public InitDataObject init(String str, String str2, boolean z, HttpServletRequest httpServletRequest, boolean z2, String str3) throws SecurityException {
        return initWithMap(CollectionsUtils.map("userid", str, "pwd", str2), z, httpServletRequest, z2, str3);
    }

    private InitDataObject initWithMap(Map<String, String> map, boolean z, HttpServletRequest httpServletRequest, boolean z2, String str) throws SecurityException {
        InitDataObject initDataObject = new InitDataObject();
        User currentUser = getCurrentUser(httpServletRequest, map, z2);
        if (UtilMethods.isSet(str)) {
            try {
                if (!this.layoutAPI.doesUserHaveAccessToPortlet(str, currentUser)) {
                    throw new SecurityException("User does not have access to required Portlet", Response.Status.UNAUTHORIZED);
                }
            } catch (DotDataException e) {
                throw new SecurityException("User does not have access to required Portlet", Response.Status.UNAUTHORIZED);
            }
        }
        initDataObject.setParamsMap(map);
        initDataObject.setUser(currentUser);
        return initDataObject;
    }

    private User getCurrentUser(HttpServletRequest httpServletRequest, Map<String, String> map, boolean z) {
        User loadUserById;
        HttpSession session = httpServletRequest.getSession();
        if (isLoggedAsUser(session)) {
            try {
                loadUserById = this.userAPI.loadUserById((String) session.getAttribute(WebKeys.USER_ID));
            } catch (DotDataException | DotSecurityException e) {
                throw new RuntimeException(e);
            }
        } else {
            loadUserById = authenticate(httpServletRequest, map, z);
        }
        return loadUserById;
    }

    private boolean isLoggedAsUser(HttpSession httpSession) {
        boolean z = false;
        if (httpSession != null && httpSession.getAttribute(WebKeys.PRINCIPAL_USER_ID) != null && httpSession.getAttribute(WebKeys.USER_ID) != null) {
            z = true;
        }
        return z;
    }

    public User authenticate(HttpServletRequest httpServletRequest, Map<String, String> map, boolean z) throws SecurityException {
        HttpServletRequest checkSslIsEnabledIfRequired = ServletPreconditions.checkSslIsEnabledIfRequired(httpServletRequest);
        boolean booleanProperty = Config.getBooleanProperty("REST_API_FORCE_FRONT_END_SESSION_AUTH", false);
        User user = null;
        Optional<UsernamePassword> authCredentialsFromMap = getAuthCredentialsFromMap(map);
        if (!authCredentialsFromMap.isPresent()) {
            authCredentialsFromMap = getAuthCredentialsFromHeaderAuth(checkSslIsEnabledIfRequired);
        }
        if (!authCredentialsFromMap.isPresent()) {
            authCredentialsFromMap = getAuthCredentialsFromBasicAuth(checkSslIsEnabledIfRequired);
        }
        if (authCredentialsFromMap.isPresent()) {
            user = authenticateUser(((UsernamePassword) authCredentialsFromMap.get()).username, ((UsernamePassword) authCredentialsFromMap.get()).password, checkSslIsEnabledIfRequired, this.userAPI);
        }
        if (null == user) {
            user = processAuthCredentialsFromJWT(checkSslIsEnabledIfRequired, this.jsonWebTokenAuthCredentialProcessor);
        }
        if (user == null && !booleanProperty) {
            user = getBackUserFromRequest(checkSslIsEnabledIfRequired, this.userWebAPI);
        }
        if (user == null) {
            user = getFrontEndUserFromRequest(checkSslIsEnabledIfRequired, this.userWebAPI);
        }
        if (user == null && (Config.getBooleanProperty("REST_API_REJECT_WITH_NO_USER", false) || z)) {
            throw new SecurityException("Invalid User", Response.Status.UNAUTHORIZED);
        }
        if (user == null) {
            user = getAnonymousUser();
        }
        return user;
    }

    public User getAnonymousUser() {
        User user;
        try {
            user = APILocator.getUserAPI().getAnonymousUser();
        } catch (DotDataException e) {
            user = null;
            Logger.debug((Class) getClass(), "Could not get Anonymous User. ");
        }
        return user;
    }

    private static User processAuthCredentialsFromJWT(HttpServletRequest httpServletRequest, JsonWebTokenAuthCredentialProcessor jsonWebTokenAuthCredentialProcessor) {
        return jsonWebTokenAuthCredentialProcessor.processAuthCredentialsFromJWT(httpServletRequest);
    }

    private static Optional<UsernamePassword> getAuthCredentialsFromMap(Map<String, String> map) {
        Optional<UsernamePassword> absent = Optional.absent();
        String str = map.get(RESTParams.USER.getValue());
        String str2 = map.get(RESTParams.PASSWORD.getValue());
        if (StringUtils.isNotEmpty(str) && StringUtils.isNotEmpty(str2)) {
            absent = Optional.of(new UsernamePassword(str, str2));
        }
        return absent;
    }

    @VisibleForTesting
    static Optional<UsernamePassword> getAuthCredentialsFromBasicAuth(HttpServletRequest httpServletRequest) throws SecurityException {
        Optional<UsernamePassword> absent = Optional.absent();
        String header = httpServletRequest.getHeader("Authorization");
        if (StringUtils.isNotEmpty(header) && header.startsWith(BASIC)) {
            String[] split = Base64.decodeAsString(header.substring(BASIC.length())).split(":");
            if (split.length < 2) {
                throw new SecurityException("Invalid syntax for username and password", Response.Status.BAD_REQUEST);
            }
            absent = Optional.of(new UsernamePassword(split[0], split[1]));
        }
        return absent;
    }

    @VisibleForTesting
    static Optional<UsernamePassword> getAuthCredentialsFromHeaderAuth(HttpServletRequest httpServletRequest) throws SecurityException {
        Optional<UsernamePassword> absent = Optional.absent();
        String header = httpServletRequest.getHeader("DOTAUTH");
        if (StringUtils.isNotEmpty(header)) {
            String[] split = Base64.decodeAsString(header).split(":");
            if (split.length < 2) {
                throw new SecurityException("Invalid syntax for username and password", Response.Status.BAD_REQUEST);
            }
            absent = Optional.of(new UsernamePassword(split[0], split[1]));
        }
        return absent;
    }

    @VisibleForTesting
    static User authenticateUser(String str, String str2, HttpServletRequest httpServletRequest, UserAPI userAPI) throws SecurityException {
        User user = null;
        String remoteAddr = httpServletRequest != null ? httpServletRequest.getRemoteAddr() : StringPool.BLANK;
        if (StringUtils.isNotEmpty(str) && StringUtils.isNotEmpty(str2)) {
            try {
                if (!LoginFactory.doLogin(str, str2)) {
                    Logger.warn(WebResource.class, "Request IP: " + remoteAddr + ". Can't authenticate user. Username: " + str);
                    SecurityLogger.logDebug(WebResource.class, "Request IP: " + remoteAddr + ". Can't authenticate user. Username: " + str);
                    throw new SecurityException("Invalid credentials", Response.Status.UNAUTHORIZED);
                }
                user = PublicCompanyFactory.getDefaultCompany().getAuthType().equals(Company.AUTH_TYPE_EA) ? userAPI.loadByUserByEmail(str, userAPI.getSystemUser(), false) : userAPI.loadUserById(str, userAPI.getSystemUser(), false);
            } catch (SecurityException e) {
                throw e;
            } catch (Exception e2) {
                Logger.warn(WebResource.class, "Request IP: " + remoteAddr + ". Can't authenticate user. Username: " + str);
                SecurityLogger.logDebug(WebResource.class, "Request IP: " + remoteAddr + ". Can't authenticate user. Username: " + str);
                throw new SecurityException("Authentication credentials are required", Response.Status.UNAUTHORIZED);
            }
        } else if (StringUtils.isNotEmpty(str) || StringUtils.isNotEmpty(str2)) {
            Logger.warn(WebResource.class, "Request IP: " + remoteAddr + ". Can't authenticate user.");
            SecurityLogger.logDebug(WebResource.class, "Request IP: " + remoteAddr + ". Can't authenticate user.");
            throw new SecurityException("Authentication credentials are required", Response.Status.UNAUTHORIZED);
        }
        return user;
    }

    private static User getBackUserFromRequest(HttpServletRequest httpServletRequest, UserWebAPI userWebAPI) {
        User user = null;
        if (httpServletRequest != null) {
            try {
                user = userWebAPI.getLoggedInUser(httpServletRequest);
            } catch (Exception e) {
                Logger.warn(WebResource.class, "Can't retrieve Backend User from session");
            }
        }
        return user;
    }

    private static User getFrontEndUserFromRequest(HttpServletRequest httpServletRequest, UserWebAPI userWebAPI) {
        User user = null;
        if (httpServletRequest != null) {
            try {
                user = userWebAPI.getLoggedInFrontendUser(httpServletRequest);
            } catch (Exception e) {
                Logger.warn(WebResource.class, "Can't retrieve user from session");
            }
        }
        return user;
    }

    private static Map<String, String> buildParamsMap(String str) {
        if (str.startsWith("/")) {
            str = str.substring(1);
        }
        String[] split = str.split("/");
        HashMap hashMap = new HashMap();
        for (int i = 0; i < split.length / 2; i++) {
            String lowerCase = split[2 * i].toLowerCase();
            String str2 = split[(2 * i) + 1];
            if (UtilMethods.isSet(str2)) {
                hashMap.put(lowerCase, str2);
            }
        }
        return hashMap;
    }

    private static void checkForceSSL(HttpServletRequest httpServletRequest) {
        if (Config.getBooleanProperty("FORCE_SSL_ON_RESP_API", false) && UtilMethods.isSet(httpServletRequest) && !httpServletRequest.isSecure()) {
            throw new SecurityException("SSL Required.", Response.Status.FORBIDDEN);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Map processJSON(InputStream inputStream) throws JSONException, IOException {
        HashMap hashMap = new HashMap();
        JSONObject jSONObject = new JSONObject(IOUtils.toString(inputStream));
        Iterator keys = jSONObject.keys();
        while (keys.hasNext()) {
            String str = (String) keys.next();
            hashMap.put(str, jSONObject.get(str).toString());
        }
        return hashMap;
    }
}
