package com.zimbra.cs.service;

import com.zimbra.common.localconfig.LC;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.Element;
import com.zimbra.common.util.Log;
import com.zimbra.common.util.LogFactory;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AuthToken;
import com.zimbra.cs.account.AuthTokenException;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.ZAttrProvisioning;
import com.zimbra.cs.service.admin.AdminAccessControl;
import com.zimbra.cs.servlet.ZimbraServlet;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/zimbra/cs/service/AuthProvider.class */
public abstract class AuthProvider {
    public static final String ZIMBRA_AUTH_PROVIDER = "zimbra";
    private static Log sLog = LogFactory.getLog(AuthProvider.class);
    private static Map<String, AuthProvider> sRegisteredProviders = new HashMap();
    private static List<AuthProvider> sEnabledProviders = null;
    private String mName;

    public static synchronized void register(AuthProvider authProvider) {
        String name = authProvider.getName();
        logger().info("Adding auth provider: " + name + " " + authProvider.getClass().getName());
        if (sRegisteredProviders.get(name) == null) {
            sRegisteredProviders.put(name, authProvider);
        } else {
            logger().error("auth provider " + name + " already exists, not adding " + authProvider.getClass().getName());
        }
    }

    public static void refresh() {
        ArrayList arrayList = new ArrayList();
        for (String str : LC.zimbra_auth_provider.value().split(FileUploadServlet.UPLOAD_DELIMITER)) {
            AuthProvider authProvider = sRegisteredProviders.get(str);
            if (authProvider != null) {
                arrayList.add(authProvider);
            }
        }
        if (arrayList.size() == 0) {
            arrayList.add(sRegisteredProviders.get("zimbra"));
        }
        setProviders(arrayList);
    }

    private static synchronized void setProviders(List<AuthProvider> list) {
        sEnabledProviders = list;
    }

    private static synchronized List<AuthProvider> getProviders() {
        return sEnabledProviders;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthProvider(String str) {
        this.mName = str;
    }

    private String getName() {
        return this.mName;
    }

    protected static Log logger() {
        return sLog;
    }

    protected abstract AuthToken authToken(HttpServletRequest httpServletRequest, boolean z) throws AuthProviderException, AuthTokenException;

    protected abstract AuthToken authToken(Element element, Map map) throws AuthProviderException, AuthTokenException;

    protected AuthToken authToken(String str) throws AuthProviderException, AuthTokenException {
        throw AuthProviderException.NOT_SUPPORTED();
    }

    protected AuthToken authToken(Account account) throws AuthProviderException {
        return authToken(account, false);
    }

    protected AuthToken authToken(Account account, boolean z) throws AuthProviderException {
        if (account == null) {
            throw AuthProviderException.NOT_SUPPORTED();
        }
        return authToken(account, z ? account.getTimeInterval(ZAttrProvisioning.A_zimbraAdminAuthTokenLifetime, 43200000L) : account.getTimeInterval(ZAttrProvisioning.A_zimbraAuthTokenLifetime, 43200000L));
    }

    protected AuthToken authToken(Account account, long j) throws AuthProviderException {
        throw AuthProviderException.NOT_SUPPORTED();
    }

    protected AuthToken authToken(Account account, long j, boolean z, Account account2) throws AuthProviderException {
        throw AuthProviderException.NOT_SUPPORTED();
    }

    protected boolean allowHttpBasicAuth(HttpServletRequest httpServletRequest, ZimbraServlet zimbraServlet) {
        return true;
    }

    protected boolean allowURLAccessKeyAuth(HttpServletRequest httpServletRequest, ZimbraServlet zimbraServlet) {
        return false;
    }

    /* JADX WARN: Type inference failed for: r11v0, types: [com.zimbra.cs.service.AuthProviderException, java.lang.Throwable] */
    public static AuthToken getAuthToken(HttpServletRequest httpServletRequest, boolean z) throws AuthTokenException {
        for (AuthProvider authProvider : getProviders()) {
            try {
                AuthToken authToken = authProvider.authToken(httpServletRequest, z);
                if (authToken != null) {
                    return authToken;
                }
                throw new AuthTokenException("auth provider " + authProvider.getName() + " returned null");
                break;
            } catch (AuthTokenException e) {
                logger().debug("getAuthToken error: provider=" + authProvider.getName() + ", err=" + e.getMessage(), e);
                throw e;
            } catch (AuthProviderException e2) {
                if (!e2.canIgnore()) {
                    throw new AuthTokenException("auth provider error", e2);
                }
                logger().debug(authProvider.getName() + ":" + e2.getMessage());
            }
        }
        return null;
    }

    /* JADX WARN: Type inference failed for: r11v0, types: [com.zimbra.cs.service.AuthProviderException, java.lang.Throwable] */
    public static AuthToken getAuthToken(Element element, Map map) throws AuthTokenException {
        for (AuthProvider authProvider : getProviders()) {
            try {
                AuthToken authToken = authProvider.authToken(element, map);
                if (authToken != null) {
                    return authToken;
                }
                throw new AuthTokenException("auth provider " + authProvider.getName() + " returned null");
                break;
            } catch (AuthTokenException e) {
                logger().debug("getAuthToken error: provider=" + authProvider.getName() + ", err=" + e.getMessage(), e);
                throw e;
            } catch (AuthProviderException e2) {
                if (!e2.canIgnore()) {
                    throw new AuthTokenException("auth provider error", e2);
                }
                logger().debug(authProvider.getName() + ":" + e2.getMessage());
            }
        }
        return null;
    }

    /* JADX WARN: Type inference failed for: r10v0, types: [com.zimbra.cs.service.AuthProviderException, java.lang.Throwable] */
    public static AuthToken getAuthToken(String str) throws AuthTokenException {
        for (AuthProvider authProvider : getProviders()) {
            try {
                AuthToken authToken = authProvider.authToken(str);
                if (authToken != null) {
                    return authToken;
                }
                throw new AuthTokenException("auth provider " + authProvider.getName() + " returned null");
                break;
            } catch (AuthTokenException e) {
                logger().debug("getAuthToken error: provider=" + authProvider.getName() + ", err=" + e.getMessage(), e);
                throw e;
            } catch (AuthProviderException e2) {
                if (!e2.canIgnore()) {
                    throw new AuthTokenException("auth provider error", e2);
                }
                logger().warn(authProvider.getName() + ":" + e2.getMessage());
            }
        }
        logger().error("unable to get AuthToken from encoded " + str);
        return null;
    }

    /* JADX WARN: Type inference failed for: r8v0, types: [com.zimbra.cs.service.AuthProviderException, java.lang.Throwable] */
    public static AuthToken getAuthToken(Account account) throws AuthProviderException {
        for (AuthProvider authProvider : getProviders()) {
            try {
                AuthToken authToken = authProvider.authToken(account);
                if (authToken != null) {
                    return authToken;
                }
                throw AuthProviderException.FAILURE("auth provider " + authProvider.getName() + " returned null");
                break;
            } catch (AuthProviderException e) {
                if (!e.canIgnore()) {
                    throw e;
                }
                logger().debug(authProvider.getName() + ":" + e.getMessage());
            }
        }
        throw AuthProviderException.FAILURE("cannot get authtoken from account " + account.getName());
    }

    /* JADX WARN: Type inference failed for: r9v0, types: [com.zimbra.cs.service.AuthProviderException, java.lang.Throwable] */
    public static AuthToken getAuthToken(Account account, boolean z) throws AuthProviderException {
        for (AuthProvider authProvider : getProviders()) {
            try {
                AuthToken authToken = authProvider.authToken(account, z);
                if (authToken != null) {
                    return authToken;
                }
                throw AuthProviderException.FAILURE("auth provider " + authProvider.getName() + " returned null");
                break;
            } catch (AuthProviderException e) {
                if (!e.canIgnore()) {
                    throw e;
                }
                logger().debug(authProvider.getName() + ":" + e.getMessage());
            }
        }
        throw AuthProviderException.FAILURE("cannot get authtoken from account " + (account != null ? account.getName() : "null"));
    }

    public static AuthToken getAdminAuthToken() throws ServiceException {
        return getAuthToken(Provisioning.getInstance().get(Provisioning.AccountBy.adminName, LC.zimbra_ldap_user.value()), true);
    }

    /* JADX WARN: Type inference failed for: r11v0, types: [com.zimbra.cs.service.AuthProviderException, java.lang.Throwable] */
    public static AuthToken getAuthToken(Account account, long j) throws AuthProviderException {
        for (AuthProvider authProvider : getProviders()) {
            try {
                AuthToken authToken = authProvider.authToken(account, j);
                if (authToken != null) {
                    return authToken;
                }
                throw AuthProviderException.FAILURE("auth provider " + authProvider.getName() + " returned null");
                break;
            } catch (AuthProviderException e) {
                if (!e.canIgnore()) {
                    throw e;
                }
                logger().debug(authProvider.getName() + ":" + e.getMessage());
            }
        }
        throw AuthProviderException.FAILURE("cannot get authtoken from account " + account.getName());
    }

    /* JADX WARN: Type inference failed for: r15v0, types: [com.zimbra.cs.service.AuthProviderException, java.lang.Throwable] */
    public static AuthToken getAuthToken(Account account, long j, boolean z, Account account2) throws AuthProviderException {
        for (AuthProvider authProvider : getProviders()) {
            try {
                AuthToken authToken = authProvider.authToken(account, j, z, account2);
                if (authToken != null) {
                    return authToken;
                }
                throw AuthProviderException.FAILURE("auth provider " + authProvider.getName() + " returned null");
                break;
            } catch (AuthProviderException e) {
                if (!e.canIgnore()) {
                    throw e;
                }
                logger().debug(authProvider.getName() + ":" + e.getMessage());
            }
        }
        throw AuthProviderException.FAILURE("cannot get authtoken from account " + account.getName());
    }

    public static boolean allowBasicAuth(HttpServletRequest httpServletRequest, ZimbraServlet zimbraServlet) {
        Iterator<AuthProvider> it = getProviders().iterator();
        while (it.hasNext()) {
            if (it.next().allowHttpBasicAuth(httpServletRequest, zimbraServlet)) {
                return true;
            }
        }
        return false;
    }

    public static boolean allowAccessKeyAuth(HttpServletRequest httpServletRequest, ZimbraServlet zimbraServlet) {
        Iterator<AuthProvider> it = getProviders().iterator();
        while (it.hasNext()) {
            if (it.next().allowURLAccessKeyAuth(httpServletRequest, zimbraServlet)) {
                return true;
            }
        }
        return false;
    }

    public static Account validateAuthToken(Provisioning provisioning, AuthToken authToken, boolean z) throws ServiceException {
        try {
            return validateAuthTokenInternal(provisioning, authToken, z);
        } catch (ServiceException e) {
            if (!"service.AUTH_EXPIRED".equals(e.getCode())) {
                throw e;
            }
            ZimbraLog.account.debug("auth token validation failed", e);
            throw ServiceException.AUTH_EXPIRED();
        }
    }

    private static Account validateAuthTokenInternal(Provisioning provisioning, AuthToken authToken, boolean z) throws ServiceException {
        if (provisioning == null) {
            provisioning = Provisioning.getInstance();
        }
        if (authToken.isExpired()) {
            throw ServiceException.AUTH_EXPIRED();
        }
        String accountId = authToken.getAccountId();
        Account account = provisioning.get(Provisioning.AccountBy.id, accountId, authToken);
        if (account == null) {
            throw ServiceException.AUTH_EXPIRED("account " + accountId + " not found");
        }
        if (z) {
            ZimbraLog.addAccountNameToContext(account.getName());
        }
        if (!account.checkAuthTokenValidityValue(authToken)) {
            throw ServiceException.AUTH_EXPIRED("invalid validity value");
        }
        boolean isDelegatedAuth = authToken.isDelegatedAuth();
        String accountStatus = account.getAccountStatus(provisioning);
        if (!isDelegatedAuth && !"active".equals(accountStatus)) {
            throw ServiceException.AUTH_EXPIRED("account not active");
        }
        if (isDelegatedAuth) {
            if ("maintenance".equals(accountStatus)) {
                throw ServiceException.AUTH_EXPIRED("delegated account in MAINTENANCE mode");
            }
            Account account2 = provisioning.get(Provisioning.AccountBy.id, authToken.getAdminAccountId());
            if (account2 == null) {
                throw ServiceException.AUTH_EXPIRED("delegating account " + authToken.getAdminAccountId() + " not found");
            }
            if (!AdminAccessControl.isAdequateAdminAccount(account2)) {
                throw ServiceException.PERM_DENIED("not an admin for delegated auth");
            }
            if (!"active".equals(account2.getAccountStatus(provisioning))) {
                throw ServiceException.AUTH_EXPIRED("delegating account is not active");
            }
        }
        return account;
    }

    static {
        register(new ZimbraAuthProvider());
        refresh();
    }
}
