package com.softmotions.weboot.security;

import com.google.inject.AbstractModule;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.ProvisionException;
import com.google.inject.Singleton;
import com.softmotions.commons.JVMResources;
import com.softmotions.commons.ServicesConfiguration;
import com.softmotions.commons.io.Loader;
import com.softmotions.web.AccessControlHDRFilter;
import com.softmotions.web.security.WSRole;
import com.softmotions.web.security.WSUser;
import com.softmotions.web.security.WSUserDatabase;
import com.softmotions.web.security.XMLWSUserDatabase;
import com.softmotions.weboot.WBConfiguration;
import com.softmotions.weboot.WBServletInitializerModule;
import com.softmotions.weboot.WBServletModule;
import com.softmotions.xconfig.XConfig;
import java.io.File;
import java.io.IOException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.attribute.PosixFilePermissions;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Locale;
import javax.annotation.Nullable;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.collections4.map.Flat3Map;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.ShiroException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.UnauthenticatedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/softmotions/weboot/security/WBSecurityModule.class */
public class WBSecurityModule extends AbstractModule implements WBServletInitializerModule {
    private static final Logger log = LoggerFactory.getLogger(WBSecurityModule.class);
    private final ServicesConfiguration cfg;
    private String appId;

    /* loaded from: input_file:com/softmotions/weboot/security/WBSecurityModule$WBSecurityContextImpl.class */
    public static class WBSecurityContextImpl implements WBSecurityContext {
        private final WSUserDatabase database;

        @Inject
        public WBSecurityContextImpl(WSUserDatabase wSUserDatabase) {
            this.database = wSUserDatabase;
        }

        @Override // com.softmotions.weboot.security.WBSecurityContext
        public WSUser getWSUser(Principal principal) throws ShiroException {
            return getWSUser(principal, null);
        }

        @Override // com.softmotions.weboot.security.WBSecurityContext
        public WSUser getWSUser(Principal principal, @Nullable Locale locale) throws ShiroException {
            if (principal == null) {
                throw new UnauthenticatedException();
            }
            WSUser findUser = this.database.findUser(principal.getName());
            if (findUser == null) {
                throw new UnknownAccountException();
            }
            return findUser;
        }

        @Override // com.softmotions.weboot.security.WBSecurityContext
        public WSUser getWSUser(HttpServletRequest httpServletRequest) throws ShiroException {
            return getWSUser(httpServletRequest.getUserPrincipal(), httpServletRequest.getLocale());
        }
    }

    /* loaded from: input_file:com/softmotions/weboot/security/WBSecurityModule$WSUserDatabaseProvider.class */
    public static class WSUserDatabaseProvider implements Provider<WSUserDatabase> {
        private final ServicesConfiguration env;
        private WSUserDatabase usersDb;

        @Inject
        public WSUserDatabaseProvider(ServicesConfiguration servicesConfiguration) {
            this.env = servicesConfiguration;
        }

        /* renamed from: get, reason: merged with bridge method [inline-methods] */
        public WSUserDatabase m1get() {
            if (this.usersDb != null) {
                return this.usersDb;
            }
            XConfig xcfg = this.env.xcfg();
            String text = xcfg.text("security.dbJVMName");
            String text2 = xcfg.text("security.dbJndiName");
            if (!StringUtils.isBlank(text)) {
                WBSecurityModule.log.info("Locating users database with JVM name: {}", text);
                String text3 = xcfg.text("security.xml-user-database");
                if (text3 != null) {
                    String text4 = xcfg.text("security.xml-user-database[@placeTo]");
                    if (text4 != null) {
                        File file = new File(text4);
                        if (file.exists()) {
                            text3 = file.getAbsolutePath();
                        } else {
                            File parentFile = file.getParentFile();
                            if (parentFile != null) {
                                parentFile.mkdirs();
                            }
                            URL resourceAsUrl = Loader.getResourceAsUrl(text3, getClass());
                            if (resourceAsUrl == null) {
                                throw new ProvisionException("Unable to find xml-user-database file/resource: " + text3);
                            }
                            try {
                                FileUtils.copyInputStreamToFile(resourceAsUrl.openStream(), file);
                                try {
                                    Files.setPosixFilePermissions(file.toPath(), PosixFilePermissions.fromString("rw-------"));
                                } catch (UnsupportedOperationException e) {
                                }
                                text3 = file.getAbsolutePath();
                            } catch (IOException e2) {
                                throw new ProvisionException("Failed to init xml-user-database file: " + file, e2);
                            }
                        }
                    }
                    WBSecurityModule.log.info("XML users database locations: {}", text3);
                    String textPattern = xcfg.textPattern("security.password-hash-algorithm", "");
                    WBSecurityModule.log.info("Password save hash algorithm: {}", textPattern.isEmpty() ? "plain text" : textPattern);
                    this.usersDb = new XMLWSUserDatabase(text, text3, true, textPattern);
                    JVMResources.set(text, this.usersDb);
                } else {
                    this.usersDb = (WSUserDatabase) JVMResources.getOrFail(text);
                }
            }
            if (this.usersDb == null && !StringUtils.isBlank(text2)) {
                WBSecurityModule.log.info("Locating users database with JNDI name: {}", text2);
                this.usersDb = WBSecurityModule.locateWSUserDatabaseJNDI(text2);
            }
            if (this.usersDb == null) {
                throw new RuntimeException("Unable to locate users database, please check the App config");
            }
            WBSecurityModule.log.info("Users database: {}", this.usersDb);
            return this.usersDb;
        }
    }

    public WBSecurityModule(ServicesConfiguration servicesConfiguration) {
        this.cfg = servicesConfiguration;
    }

    public WBSecurityModule(ServicesConfiguration servicesConfiguration, String str) {
        this.cfg = servicesConfiguration;
        this.appId = str;
    }

    protected void configure() {
        WSUserDatabaseProvider wSUserDatabaseProvider = new WSUserDatabaseProvider(this.cfg);
        wSUserDatabaseProvider.m1get();
        bind(WSUserDatabase.class).toProvider(wSUserDatabaseProvider);
        bind(WBSecurityContext.class).to(WBSecurityContextImpl.class).in(Singleton.class);
    }

    public void initServlets(WBServletModule wBServletModule) {
        WBConfiguration configuration = wBServletModule.getConfiguration();
        String text = configuration.xcfg().text("security.dbJndiName");
        String text2 = configuration.xcfg().text("security.dbJVMName");
        String text3 = configuration.xcfg().text("security.web-access-control-allow");
        if (this.appId == null) {
            this.appId = configuration.xcfg().text("messages.appId");
            if (StringUtils.isBlank(this.appId)) {
                this.appId = configuration.xcfg().textPattern("app-name", "App");
            }
        }
        WSUserDatabase wSUserDatabase = StringUtils.isBlank(text2) ? null : (WSUserDatabase) JVMResources.getOrFail(text2);
        if (wSUserDatabase == null && !StringUtils.isBlank(text)) {
            wSUserDatabase = locateWSUserDatabaseJNDI(text);
        }
        if (wSUserDatabase != null) {
            ArrayList arrayList = new ArrayList();
            Iterator roles = wSUserDatabase.getRoles();
            while (roles.hasNext()) {
                arrayList.add(((WSRole) roles.next()).getName());
            }
            log.info("Roles declared in the current servlet context: {}", arrayList);
            wBServletModule.getWBServletContext().declareRoles((String[]) arrayList.toArray(new String[arrayList.size()]));
        }
        if (text3 != null) {
            log.info("Enabled Access-Control-Allow-{Origin|Headers|Methods}={}", text3);
            Flat3Map flat3Map = new Flat3Map();
            flat3Map.put("enabled", "true");
            flat3Map.put("headerValue", text3);
            StringBuilder sb = new StringBuilder();
            sb.append("X-").append(this.appId);
            sb.append(",X-").append(this.appId).append("-Login");
            for (int i = 0; i < 10; i++) {
                sb.append(",X-").append(this.appId).append("-Err").append(i);
                sb.append(",X-").append(this.appId).append("-Msg").append(i);
            }
            flat3Map.put("exposeHeaders", sb.toString());
            wBServletModule.filterAndBind(configuration.getAppPrefix() + "/*", AccessControlHDRFilter.class, flat3Map);
        }
    }

    private static WSUserDatabase locateWSUserDatabaseJNDI(String str) {
        Context context = null;
        try {
            try {
                context = new InitialContext();
                WSUserDatabase wSUserDatabase = (WSUserDatabase) context.lookup(str);
                if (context != null) {
                    try {
                        context.close();
                    } catch (NamingException e) {
                    }
                }
                return wSUserDatabase;
            } catch (NamingException e2) {
                log.error("", e2);
                throw new RuntimeException((Throwable) e2);
            }
        } catch (Throwable th) {
            if (context != null) {
                try {
                    context.close();
                } catch (NamingException e3) {
                    throw th;
                }
            }
            throw th;
        }
    }
}
