package jetbrains.mps.webr.userManagement.runtime;

import com.jetbrains.teamsys.dnq.database.TransientStoreUtil;
import java.util.Map;
import jetbrains.exodus.database.TransientStoreSession;
import jetbrains.mps.baseLanguage.closures.runtime.Wrappers;
import jetbrains.mps.baseLanguage.closures.runtime._FunctionTypes;
import jetbrains.mps.webr.runtime.requestProcessor.ResponseFactory;
import jetbrains.mps.webr.runtime.requestProcessor.WindowManager;
import jetbrains.mps.webr.runtime.templateComponent.ActionFactoryContainer;
import jetbrains.mps.webr.runtime.templateComponent.RootTemplateController;
import jetbrains.mps.webr.runtime.templateComponent.RootTemplateControllerContainer;
import jetbrains.mps.webr.runtime.templateComponent.TemplateActionController;
import jetbrains.mps.webr.runtime.url.RequestUri;
import jetbrains.springframework.configuration.runtime.ServiceLocator;
import jetbrains.teamsys.dnq.runtime.txn._Txn;
import jetbrains.teamsys.dnq.runtime.util.DnqUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import webr.framework.controller.BaseApplication;
import webr.framework.controller.CentralManager;
import webr.framework.controller.ControllerOperations;
import webr.framework.controller.requestProcessor.RequestProcessor;
import webr.framework.runtime.response.ResponseAction;

/* loaded from: input_file:jetbrains/mps/webr/userManagement/runtime/SecurityRequestProcessor.class */
public abstract class SecurityRequestProcessor implements RequestProcessor {
    private static String AUTHORIZATION = "Authorization";
    private static String BASIC = "Basic ";
    protected static Log log = LogFactory.getLog(SecurityRequestProcessor.class);
    private Map<RequestProcessor, String> dependentRequestProcessors;

    public boolean isApplicable(RequestUri requestUri) {
        String element = requestUri.getElement(0);
        return (((((0 != 0 || ((ActionFactoryContainer) ServiceLocator.getBean("actionFactoryContainer")).containsFactory(element)) || "_events".equalsIgnoreCase(element)) || "rest".equalsIgnoreCase(element)) || "_rss".equalsIgnoreCase(element)) || "_persistent".equalsIgnoreCase(element)) || ((RootTemplateControllerContainer) ServiceLocator.getBean("rootTemplateControllerContainer")).containsTemplate(element);
    }

    public Map<RequestProcessor, String> getDependentRequestProcessors() {
        return this.dependentRequestProcessors;
    }

    public void setDependentRequestProcessors(Map<RequestProcessor, String> map) {
        this.dependentRequestProcessors = map;
    }

    public ResponseAction processRequest(RequestUri requestUri) {
        if (BaseApplication.getRequest().getHeader(AUTHORIZATION) != null) {
            tryBasicAuthentication(BaseApplication.getRequest().getHeader(AUTHORIZATION));
        }
        if (requestToLogin(requestUri)) {
            return null;
        }
        boolean z = (((PrincipalManager) ServiceLocator.getBean("principalManager")).isLoggedIn() || loginUsingClientInfo() || loginAsGuest()) ? false : true;
        String element = requestUri.getElement(0);
        return "_persistent".equalsIgnoreCase(element) ? !allowPersistentFileAccess(requestUri) ? ResponseFactory.getInstance().getForbiddenResponse("You have no access to requested file.") : null : "rest".equalsIgnoreCase(element) ? isRestAllowed(requestUri) ? null : ResponseFactory.getInstance().getNotImplementedServerErrorResponse("REST API is disabled. Contact " + ((CentralManager) ServiceLocator.getBean("centralManager")).getApplicationName() + " administrator") : "_rss".equalsIgnoreCase(element) ? null : z ? ((SecurityNavigator) ServiceLocator.getBean("securityNavigator")).getRedirectToLoginAction() : getCustomResponse(requestUri);
    }

    public ResponseAction getCustomResponse(RequestUri requestUri) {
        return null;
    }

    public boolean allowPersistentFileAccess(RequestUri requestUri) {
        return true;
    }

    public boolean isRestAllowed(RequestUri requestUri) {
        return true;
    }

    private boolean requestToLogin(RequestUri requestUri) {
        boolean allowAnonymous;
        String element = requestUri.getElement(0);
        if ("_events".equalsIgnoreCase(element)) {
            allowAnonymous = false;
            WindowManager windowManager = WindowManager.getWindowManager();
            String requestWindowId = windowManager.getRequestWindowId();
            if (requestWindowId != null) {
                TemplateActionController actionController = windowManager.getActionController(requestWindowId);
                if (actionController instanceof TemplateActionController) {
                    allowAnonymous = actionController.allowAnonymous();
                } else if ("_heart_beat".equals(ControllerOperations.getEventName())) {
                    allowAnonymous = true;
                }
            }
        } else {
            RootTemplateController rootTemplateController = ((RootTemplateControllerContainer) ServiceLocator.getBean("rootTemplateControllerContainer")).getRootTemplateController(element);
            if (rootTemplateController == null) {
                if (((ActionFactoryContainer) ServiceLocator.getBean("actionFactoryContainer")).getFactory(element) == null) {
                    return false;
                }
                if (((PrincipalManager) ServiceLocator.getBean("principalManager")).isLoggedIn()) {
                    return true;
                }
                loginUsingClientInfo();
                return true;
            }
            allowAnonymous = rootTemplateController.getAllowAnonymous();
        }
        return allowAnonymous;
    }

    private boolean tryBasicAuthentication(String str) {
        String decode;
        int indexOf;
        if (!str.startsWith(BASIC) || (indexOf = (decode = DecodeUtil.decode(str.substring(BASIC.length()))).indexOf(":")) < 0) {
            return false;
        }
        String substring = decode.substring(0, indexOf);
        String substring2 = decode.substring(indexOf + 1);
        boolean z = DnqUtils.getCurrentTransientSession() == null;
        TransientStoreSession beginTransientSession = DnqUtils.beginTransientSession();
        try {
            Object doBasicAuthentication = doBasicAuthentication(substring, substring2);
            DnqUtils.getCurrentTransientSession().flush();
            if (doBasicAuthentication == null) {
                if (!z || !beginTransientSession.isOpened()) {
                    return false;
                }
                if (0 != 0) {
                    beginTransientSession.abort();
                    return false;
                }
                beginTransientSession.commit();
                return false;
            }
            ((PrincipalManager) ServiceLocator.getBean("principalManager")).setServerPrincipal(doBasicAuthentication);
            if (log.isDebugEnabled()) {
                log.debug("Logged in using basic authentification");
            }
            boolean doOnLoginAction = ((SecurityNavigator) ServiceLocator.getBean("securityNavigator")).doOnLoginAction();
            if (z && beginTransientSession.isOpened()) {
                if (1 != 0) {
                    beginTransientSession.abort();
                } else {
                    beginTransientSession.commit();
                }
            }
            return doOnLoginAction;
        } catch (Throwable th) {
            if (z && beginTransientSession.isOpened()) {
                if (1 != 0) {
                    beginTransientSession.abort();
                } else {
                    beginTransientSession.commit();
                }
            }
            throw th;
        }
    }

    public Object getGuestPrincipal() {
        return _Txn.eval(new _FunctionTypes._return_P0_E0<Object>() { // from class: jetbrains.mps.webr.userManagement.runtime.SecurityRequestProcessor.1
            public Object invoke() {
                Object doGetGuestPrincipal = SecurityRequestProcessor.this.doGetGuestPrincipal();
                DnqUtils.getCurrentTransientSession().flush();
                return doGetGuestPrincipal;
            }
        });
    }

    protected abstract Object doGetGuestPrincipal();

    protected Object doBasicAuthentication(String str, String str2) {
        return null;
    }

    private boolean loginUsingClientInfo() {
        final Wrappers._T _t = new Wrappers._T((Object) null);
        _Txn.run(new _FunctionTypes._void_P0_E0() { // from class: jetbrains.mps.webr.userManagement.runtime.SecurityRequestProcessor.2
            public void invoke() {
                try {
                    _t.value = ((PrincipalManager) ServiceLocator.getBean("principalManager")).getClientPrincipal();
                } catch (Exception e) {
                    if (SecurityRequestProcessor.log.isErrorEnabled()) {
                        SecurityRequestProcessor.log.error("Can't restore user principal from client", e);
                    }
                }
                TransientStoreUtil.abort(DnqUtils.getCurrentTransientSession());
            }
        });
        if (_t.value == null) {
            return false;
        }
        ((PrincipalManager) ServiceLocator.getBean("principalManager")).setServerPrincipal(_t.value);
        if (log.isDebugEnabled()) {
            log.debug("Logged in using remembered principal");
        }
        return ((SecurityNavigator) ServiceLocator.getBean("securityNavigator")).doOnLoginAction();
    }

    private boolean loginAsGuest() {
        Object guestPrincipal = getGuestPrincipal();
        if (guestPrincipal == null) {
            return false;
        }
        ((PrincipalManager) ServiceLocator.getBean("principalManager")).setServerPrincipal(guestPrincipal);
        if (log.isDebugEnabled()) {
            log.debug("Logged in as guest");
        }
        return ((SecurityNavigator) ServiceLocator.getBean("securityNavigator")).doOnLoginAction();
    }
}
