package de.superx.saiku;

import de.superx.common.SxUser;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.saiku.service.util.security.authorisation.AuthorisationPredicate;
import org.saiku.web.service.SessionService;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.web.context.request.RequestContextHolder;

/* loaded from: input_file:de/superx/saiku/SuperxSaikuSessionService.class */
public class SuperxSaikuSessionService extends SessionService {
    public static Logger logger = Logger.getLogger(SuperxSaikuSessionService.class);
    public static final String VIEW_OLAP_RIGHT = "RIGHT_CS_BIA_OLAP_CREATE_TABLES";
    public static final String ADMIN_RIGHT = "RIGHT_CS_BIA_STANDARDREPORTS_ADMIN";
    public static final String STANDARDREPORTS_RIGHT = "RIGHT_CS_BIA_STANDARDREPORTS_VIEW_REPORTS";
    public static final String ROLE_BI_ADMIN = "ROLE_BI_ADMIN";
    public static final String ROLE_BI_SPECIALIST = "ROLE_BI_SPECIALIST";
    private transient AuthenticationManager authenticationManager;
    private transient AuthorisationPredicate authorisationPredicate;
    private transient SuperxSaikuConnectionManager connectionManager;
    Map<SxUser, Map<String, Object>> sessionHolder = new HashMap();
    private Boolean anonymous = Boolean.FALSE;

    public void setConnectionManager(SuperxSaikuConnectionManager superxSaikuConnectionManager) {
        this.connectionManager = superxSaikuConnectionManager;
    }

    public void setAuthorisationPredicate(AuthorisationPredicate authorisationPredicate) {
        this.authorisationPredicate = authorisationPredicate;
    }

    public void setAllowAnonymous(Boolean bool) {
        this.anonymous = bool;
    }

    public void authenticate(HttpServletRequest httpServletRequest, String str, String str2) {
        SxUser superxUserFromSession = getSuperxUserFromSession(httpServletRequest);
        if (superxUserFromSession == null) {
            throw new RuntimeException("SuperX-Session Authentication failed for: " + str);
        }
        if (superxUserFromSession.getHis1Rights().isEmpty()) {
            throw new RuntimeException("SuperX Authentication failed. Missing rights!");
        }
        try {
            PreAuthenticatedAuthenticationToken preAuthenticatedAuthenticationToken = new PreAuthenticatedAuthenticationToken(superxUserFromSession, superxUserFromSession.getPassword());
            preAuthenticatedAuthenticationToken.setDetails(superxUserFromSession);
            Authentication authenticate = this.authenticationManager.authenticate(preAuthenticatedAuthenticationToken);
            logger.info("Logging in with " + authenticate.getPrincipal());
            SecurityContextHolder.getContext().setAuthentication(authenticate);
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (!this.authorisationPredicate.isAuthorised(authentication)) {
                logger.info(str + " failed authorisation. Rejecting login");
                throw new RuntimeException("Authorisation failed for: " + str);
            }
            Object principal = authentication.getPrincipal();
            principal.hashCode();
            if (this.sessionHolder.containsKey(principal)) {
                return;
            }
            createSession(authentication, str, str2);
        } catch (BadCredentialsException e) {
            throw new RuntimeException("Authentication failed for: " + str, e);
        }
    }

    public Map<String, Object> getSession() {
        if (SecurityContextHolder.getContext() != null && SecurityContextHolder.getContext().getAuthentication() != null) {
            Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
            if (this.sessionHolder.containsKey(principal)) {
                HashMap hashMap = new HashMap();
                hashMap.putAll(this.sessionHolder.get(principal));
                hashMap.remove("password");
                return hashMap;
            }
        }
        return new HashMap();
    }

    public Map<String, Object> getAllSessionObjects() {
        if (SecurityContextHolder.getContext() != null && SecurityContextHolder.getContext().getAuthentication() != null) {
            Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
            if (this.sessionHolder.containsKey(principal)) {
                HashMap hashMap = new HashMap();
                hashMap.putAll(this.sessionHolder.get(principal));
                return hashMap;
            }
        }
        return new HashMap();
    }

    public Map<String, Object> login(HttpServletRequest httpServletRequest, String str, String str2) {
        if (this.authenticationManager != null) {
            authenticate(httpServletRequest, str, str2);
        }
        if (SecurityContextHolder.getContext() == null || SecurityContextHolder.getContext().getAuthentication() == null) {
            return new HashMap();
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (this.authorisationPredicate.isAuthorised(authentication)) {
            return this.sessionHolder.get(authentication.getPrincipal());
        }
        logger.info(str + " failed authorisation. Rejecting login");
        throw new RuntimeException("Authorisation failed for: " + str);
    }

    private void createSession(Authentication authentication, String str, String str2) {
        if (authentication == null || !authentication.isAuthenticated()) {
            return;
        }
        boolean z = authentication instanceof AnonymousAuthenticationToken;
        SxUser sxUser = (SxUser) authentication.getPrincipal();
        String username = sxUser.getUsername();
        Integer hisInOneOrgUnitLidOfRole = sxUser.getHisInOneOrgUnitLidOfRole();
        if (username == null) {
            throw new RuntimeException("No username found for: " + str);
        }
        boolean z2 = z || StringUtils.equals("anonymousUser", username);
        if (!(!z2 || (z2 && this.anonymous.booleanValue())) || !authentication.isAuthenticated() || sxUser == null || this.sessionHolder.containsKey(sxUser)) {
            return;
        }
        HashMap hashMap = new HashMap();
        if (z2) {
            logger.debug("Creating Session for Anonymous User");
        }
        if (StringUtils.isNotBlank(str)) {
            hashMap.put("username", str);
            hashMap.put("userinfo_id", sxUser.getId());
            hashMap.put("useruuid", sxUser.getUUID());
        } else {
            hashMap.put("username", username);
        }
        if (StringUtils.isNotBlank(str2)) {
            hashMap.put("password", str2);
        }
        hashMap.put("sessionid", UUID.randomUUID().toString());
        hashMap.put("authid", RequestContextHolder.currentRequestAttributes().getSessionId());
        ArrayList arrayList = new ArrayList();
        Iterator it = SecurityContextHolder.getContext().getAuthentication().getAuthorities().iterator();
        while (it.hasNext()) {
            arrayList.add(((GrantedAuthority) it.next()).getAuthority());
        }
        hashMap.put("roles", arrayList);
        hashMap.put("rights", sxUser.getHis1Rights());
        hashMap.put("orgunit", hisInOneOrgUnitLidOfRole);
        this.sessionHolder.put(sxUser, hashMap);
    }

    public void logout(HttpServletRequest httpServletRequest) {
        this.connectionManager.removeConnection("BI");
        if (SecurityContextHolder.getContext() != null && SecurityContextHolder.getContext().getAuthentication() != null) {
            Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
            if (this.sessionHolder.containsKey(principal)) {
                this.sessionHolder.remove(principal);
            }
        }
        SecurityContextHolder.clearContext();
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public static SxUser getSuperxUserFromSession(HttpServletRequest httpServletRequest) {
        SxUser sxUser = null;
        HttpSession session = httpServletRequest.getSession();
        if (session != null) {
            sxUser = (SxUser) session.getAttribute("user");
        }
        return sxUser;
    }
}
