package net.sf.ooweb.http;

import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import net.sf.ooweb.objectmapping.Authenticator;
import net.sf.ooweb.objectmapping.ObjectAndMethod;
import net.sf.ooweb.objectmapping.Registry;
import net.sf.ooweb.objectmapping.User;
import net.sf.ooweb.util.Base64;

/* loaded from: input_file:ooweb-0.8.0.jar:net/sf/ooweb/http/SecurityManager.class */
public class SecurityManager {
    public static final String PASSWORD_FIELD = "password";
    public static final String USERNAME_FIELD = "name";
    public static final String LOGIN_FORM_POST = "/j_security_check";
    public static final String USER_SESSION_KEY = "ooweb.user";
    public static final String LOGIN_REDIRECT_COOKIE_NAME = "ooweb.redirectUrl";
    private static String[] zeroRoles = new String[0];
    private Registry registry;
    private Map<String, String[]> secureMethodCache = new ConcurrentHashMap();
    protected final Logger logger = Logger.getLogger(getClass().getName());

    public SecurityManager(Registry registry) {
        this.registry = registry;
    }

    public ResponseState checkRequest(String str, ObjectAndMethod objectAndMethod, Map<String, String> map, Map<String, Object> map2, String str2, Map map3) throws NotAuthenticatedException, NotAuthorisedException {
        String[] securedFor = securedFor(objectAndMethod, this.registry);
        Authenticator authenticator = this.registry.getAuthenticator();
        ResponseState responseState = new ResponseState();
        User user = map3 != null ? (User) map3.get(USER_SESSION_KEY) : null;
        if (securedFor.length <= 0) {
            if (!isLoginFormPost(objectAndMethod)) {
                return null;
            }
            checkCredentials(map3, authenticator, (String) map2.get(USERNAME_FIELD), (String) map2.get(PASSWORD_FIELD));
            responseState.sendRedirect(map.get(LOGIN_REDIRECT_COOKIE_NAME));
            return responseState;
        }
        if (user == null && str2 != null && str2.length() > 7) {
            String decode = Base64.decode(str2.substring(6));
            int indexOf = decode.indexOf(":");
            user = checkCredentials(map3, authenticator, decode.substring(0, indexOf), decode.substring(indexOf + 1));
        }
        if (map3 != null && user != null) {
            for (String str3 : securedFor) {
                if (user.hasRole(str3)) {
                    return null;
                }
            }
            throw new NotAuthorisedException("Not Authorised");
        }
        if (!this.registry.hasLoginForm()) {
            throw new NotAuthenticatedException(objectAndMethod.getObject());
        }
        String str4 = map.get(LOGIN_REDIRECT_COOKIE_NAME);
        if (str4 == null) {
            str4 = str + objectAndMethod.getFullPath();
        }
        responseState.addCookie(new Cookie(LOGIN_REDIRECT_COOKIE_NAME, str4, null, null, null, false));
        try {
            responseState.setBody(this.registry.getLoginForm().loginForm(str + LOGIN_FORM_POST, USERNAME_FIELD, PASSWORD_FIELD));
        } catch (Exception e) {
            this.logger.log(Level.SEVERE, "Failed to display login form", (Throwable) e);
        }
        return responseState;
    }

    private User checkCredentials(Map map, Authenticator authenticator, String str, String str2) {
        User user = null;
        try {
            user = authenticator.authenticate(str, str2);
            map.put(USER_SESSION_KEY, user);
        } catch (Exception e) {
            this.logger.log(Level.SEVERE, "Failed to authenticate [" + str + "]");
        }
        return user;
    }

    private String[] securedFor(ObjectAndMethod objectAndMethod, Registry registry) {
        String fullPath = objectAndMethod.getFullPath();
        if (this.secureMethodCache.containsKey(fullPath)) {
            return this.secureMethodCache.get(fullPath);
        }
        String[] rolesFor = registry.getRolesFor(objectAndMethod);
        if (rolesFor == null) {
            rolesFor = zeroRoles;
        }
        this.secureMethodCache.put(fullPath, rolesFor);
        return rolesFor;
    }

    private boolean isLoginFormPost(ObjectAndMethod objectAndMethod) {
        return objectAndMethod.getFullPath().equals(LOGIN_FORM_POST);
    }
}
