package eu.openanalytics.containerproxy.service;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.Scheduler;
import eu.openanalytics.containerproxy.auth.IAuthenticationBackend;
import eu.openanalytics.containerproxy.auth.impl.NoAuthenticationBackend;
import eu.openanalytics.containerproxy.backend.strategy.IProxyLogoutStrategy;
import eu.openanalytics.containerproxy.event.AuthFailedEvent;
import eu.openanalytics.containerproxy.event.UserLoginEvent;
import eu.openanalytics.containerproxy.event.UserLogoutEvent;
import eu.openanalytics.containerproxy.model.runtime.Proxy;
import eu.openanalytics.containerproxy.model.spec.ProxySpec;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Lazy;
import org.springframework.context.event.EventListener;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.session.HttpSessionDestroyedEvent;
import org.springframework.stereotype.Service;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

@Service
/* loaded from: input_file:BOOT-INF/lib/containerproxy-1.2.0.jar:eu/openanalytics/containerproxy/service/UserService.class */
public class UserService {
    private static final String ATTRIBUTE_USER_INITIATED_LOGOUT = "SP_USER_INITIATED_LOGOUT";
    private final Logger log = LogManager.getLogger((Class<?>) UserService.class);
    private final Set<String> adminGroups = new HashSet();
    private final Set<String> adminUsers = new HashSet();
    private final Cache<String, Boolean> isAdminCache = Caffeine.newBuilder().scheduler(Scheduler.systemScheduler()).expireAfterAccess(60, TimeUnit.MINUTES).build();

    @Inject
    private Environment environment;

    @Inject
    @Lazy
    private IAuthenticationBackend authBackend;

    @Inject
    private IProxyLogoutStrategy logoutStrategy;

    @Inject
    private ApplicationEventPublisher applicationEventPublisher;

    @Inject
    @Lazy
    private ProxyAccessControlService accessControlService;

    @Inject
    @Lazy
    private AccessControlEvaluationService accessControlEvaluationService;

    public static List<String> getGroups(Authentication authentication) {
        ArrayList arrayList = new ArrayList();
        if (authentication != null) {
            Iterator<? extends GrantedAuthority> it = authentication.getAuthorities().iterator();
            while (it.hasNext()) {
                String upperCase = it.next().getAuthority().toUpperCase();
                if (upperCase.startsWith("ROLE_")) {
                    upperCase = upperCase.substring(5);
                }
                arrayList.add(upperCase);
            }
        }
        return arrayList;
    }

    @PostConstruct
    public void init() {
        String property = this.environment.getProperty("proxy.admin-groups");
        if (property != null && !property.isEmpty()) {
            this.adminGroups.add(property.toUpperCase());
        }
        int i = 0;
        while (true) {
            String property2 = this.environment.getProperty(String.format("proxy.admin-groups[%s]", Integer.valueOf(i)));
            if (property2 == null || property2.isEmpty()) {
                break;
            }
            this.adminGroups.add(property2.toUpperCase());
            i++;
        }
        String property3 = this.environment.getProperty("proxy.admin-users");
        if (property3 != null && !property3.isEmpty()) {
            this.adminUsers.add(property3);
        }
        int i2 = 0;
        while (true) {
            String property4 = this.environment.getProperty(String.format("proxy.admin-users[%s]", Integer.valueOf(i2)));
            if (property4 == null || property4.isEmpty()) {
                return;
            }
            this.adminUsers.add(property4);
            i2++;
        }
    }

    public Set<String> getAdminGroups() {
        return this.adminGroups;
    }

    public Authentication getCurrentAuth() {
        return SecurityContextHolder.getContext().getAuthentication();
    }

    public String getCurrentUserId() {
        return getCurrentAuth().getName();
    }

    public Set<String> getAdminUsers() {
        return this.adminUsers;
    }

    public List<String> getGroups() {
        return getGroups(getCurrentAuth());
    }

    public boolean isAdmin() {
        return isAdmin(getCurrentAuth());
    }

    public boolean isAdmin(Authentication authentication) {
        if (!this.authBackend.hasAuthorization() || authNull(authentication)) {
            return false;
        }
        String name = authentication.getName();
        return this.isAdminCache.get(((RequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getSessionId(), str -> {
            Iterator<String> it = getAdminGroups().iterator();
            while (it.hasNext()) {
                if (isMember(authentication, it.next())) {
                    return true;
                }
            }
            Iterator<String> it2 = getAdminUsers().iterator();
            while (it2.hasNext()) {
                if (this.accessControlEvaluationService.usernameEquals(name, it2.next())) {
                    return true;
                }
            }
            return false;
        }).booleanValue();
    }

    public boolean canAccess(ProxySpec proxySpec) {
        return this.accessControlService.canAccess(getCurrentAuth(), proxySpec);
    }

    public boolean canAccess(Authentication authentication, ProxySpec proxySpec) {
        return this.accessControlService.canAccess(authentication, proxySpec);
    }

    public boolean isOwner(Proxy proxy) {
        return isOwner(getCurrentAuth(), proxy);
    }

    public boolean isOwner(Authentication authentication, Proxy proxy) {
        if (authentication == null || proxy == null) {
            return false;
        }
        return this.accessControlEvaluationService.usernameEquals(proxy.getUserId(), authentication.getName());
    }

    public boolean isMember(Authentication authentication, String str) {
        if (authentication == null || (authentication instanceof AnonymousAuthenticationToken) || str == null) {
            return false;
        }
        Iterator<String> it = getGroups(authentication).iterator();
        while (it.hasNext()) {
            if (it.next().equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    @EventListener
    public void onAbstractAuthenticationFailureEvent(AbstractAuthenticationFailureEvent abstractAuthenticationFailureEvent) {
        Authentication authentication = abstractAuthenticationFailureEvent.getAuthentication();
        if (authNull(authentication)) {
            return;
        }
        AuthenticationException exception = abstractAuthenticationFailureEvent.getException();
        String name = authentication.getName();
        this.log.info(String.format("Authentication failure [user: %s] [error: %s]", name, exception.getMessage()));
        this.applicationEventPublisher.publishEvent((ApplicationEvent) new AuthFailedEvent(this, name));
    }

    public void logout(Authentication authentication) {
        if (authNull(authentication)) {
            return;
        }
        String name = authentication.getName();
        if (this.logoutStrategy != null) {
            this.logoutStrategy.onLogout(authentication);
        }
        this.log.info(String.format("User logged out [user: %s]", name));
        ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest().getSession().setAttribute(ATTRIBUTE_USER_INITIATED_LOGOUT, "true");
        this.applicationEventPublisher.publishEvent((ApplicationEvent) new UserLogoutEvent(this, name, false, authentication));
    }

    @EventListener
    public void onAuthenticationSuccessEvent(AuthenticationSuccessEvent authenticationSuccessEvent) {
        Authentication authentication = authenticationSuccessEvent.getAuthentication();
        if (authNull(authentication)) {
            return;
        }
        String name = authentication.getName();
        this.log.info(String.format("User logged in [user: %s]", name));
        this.applicationEventPublisher.publishEvent((ApplicationEvent) new UserLoginEvent(this, name, authentication));
    }

    @EventListener
    public void onHttpSessionDestroyedEvent(HttpSessionDestroyedEvent httpSessionDestroyedEvent) {
        String extractUserId;
        String str = (String) httpSessionDestroyedEvent.getSession().getAttribute(ATTRIBUTE_USER_INITIATED_LOGOUT);
        if (str == null || !str.equals("true")) {
            if (httpSessionDestroyedEvent.getSecurityContexts().isEmpty()) {
                if (!this.authBackend.getName().equals("none") || (extractUserId = NoAuthenticationBackend.extractUserId(httpSessionDestroyedEvent.getSession())) == null) {
                    return;
                }
                if (this.logoutStrategy != null) {
                    this.logoutStrategy.onLogout(extractUserId);
                }
                this.log.info(String.format("Anonymous user logged out [user: %s]", extractUserId));
                this.applicationEventPublisher.publishEvent((ApplicationEvent) new UserLogoutEvent(this, extractUserId, true, null));
                return;
            }
            SecurityContext securityContext = (SecurityContext) httpSessionDestroyedEvent.getSecurityContexts().getFirst();
            if (securityContext == null || authNull(securityContext.getAuthentication())) {
                return;
            }
            Authentication authentication = securityContext.getAuthentication();
            String name = securityContext.getAuthentication().getName();
            if (this.logoutStrategy != null) {
                this.logoutStrategy.onLogout(authentication);
            }
            this.log.info(String.format("User logged out [user: %s]", name));
            this.applicationEventPublisher.publishEvent((ApplicationEvent) new UserLogoutEvent(this, name, true, authentication));
        }
    }

    private boolean authNull(Authentication authentication) {
        return authentication == null || authentication.getName() == null;
    }
}
