package com.zimbra.cs.service;

import com.google.common.base.Strings;
import com.zimbra.common.account.Key;
import com.zimbra.common.localconfig.LC;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.Element;
import com.zimbra.common.util.Log;
import com.zimbra.common.util.LogFactory;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.AuthToken;
import com.zimbra.cs.account.AuthTokenException;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.auth.AuthMechanism;
import com.zimbra.cs.service.admin.AdminAccessControl;
import com.zimbra.cs.servlet.ZimbraServlet;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/zimbra/cs/service/AuthProvider.class */
public abstract class AuthProvider {
    private static Log sLog = LogFactory.getLog(AuthProvider.class);
    private static Map<String, AuthProvider> registeredProviders = new HashMap();
    private static List<AuthProvider> enabledProviders = null;
    private String mName;

    public static synchronized void register(AuthProvider authProvider) {
        String name = authProvider.getName();
        logger().info("Adding auth provider: " + name + " " + authProvider.getClass().getName());
        if (registeredProviders.get(name) == null) {
            registeredProviders.put(name, authProvider);
        } else {
            logger().error("auth provider " + name + " already exists, not adding " + authProvider.getClass().getName());
        }
    }

    public static void refresh() {
        AuthProvider authProvider;
        ArrayList arrayList = new ArrayList();
        for (String str : LC.zimbra_auth_provider.value().split(FileUploadServlet.UPLOAD_DELIMITER)) {
            String trim = str.trim();
            if (!Strings.isNullOrEmpty(trim) && (authProvider = registeredProviders.get(trim)) != null) {
                arrayList.add(authProvider);
            }
        }
        if (arrayList.size() == 0) {
            arrayList.add(registeredProviders.get("zimbra"));
        }
        setProviders(arrayList);
    }

    private static synchronized void setProviders(List<AuthProvider> list) {
        enabledProviders = list;
    }

    private static synchronized List<AuthProvider> getProviders() {
        return enabledProviders;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthProvider(String str) {
        this.mName = str;
    }

    private String getName() {
        return this.mName;
    }

    protected static Log logger() {
        return sLog;
    }

    protected abstract AuthToken authToken(HttpServletRequest httpServletRequest, boolean z) throws AuthProviderException, AuthTokenException;

    protected abstract AuthToken authToken(Element element, Map map) throws AuthProviderException, AuthTokenException;

    protected AuthToken authToken(Element element, Account account) throws AuthProviderException, AuthTokenException {
        return authToken(element.getText());
    }

    protected AuthToken authToken(String str) throws AuthProviderException, AuthTokenException {
        throw AuthProviderException.NOT_SUPPORTED();
    }

    protected AuthToken authToken(Account account) throws AuthProviderException {
        return authToken(account, false, null);
    }

    protected AuthToken authToken(Account account, boolean z, AuthMechanism.AuthMech authMech) throws AuthProviderException {
        if (account == null) {
            throw AuthProviderException.NOT_SUPPORTED();
        }
        return authToken(account, z ? account.getTimeInterval("zimbraAdminAuthTokenLifetime", 43200000L) : account.getTimeInterval("zimbraAuthTokenLifetime", 43200000L));
    }

    protected AuthToken authToken(Account account, long j) throws AuthProviderException {
        throw AuthProviderException.NOT_SUPPORTED();
    }

    protected AuthToken authToken(Account account, long j, boolean z, Account account2) throws AuthProviderException {
        throw AuthProviderException.NOT_SUPPORTED();
    }

    protected boolean allowHttpBasicAuth(HttpServletRequest httpServletRequest, ZimbraServlet zimbraServlet) {
        return true;
    }

    protected boolean allowURLAccessKeyAuth(HttpServletRequest httpServletRequest, ZimbraServlet zimbraServlet) {
        return false;
    }

    /* JADX WARN: Type inference failed for: r12v0, types: [com.zimbra.cs.service.AuthProviderException, java.lang.Throwable] */
    public static AuthToken getAuthToken(HttpServletRequest httpServletRequest, boolean z) throws AuthTokenException {
        AuthToken authToken;
        AuthTokenException authTokenException = null;
        for (AuthProvider authProvider : getProviders()) {
            try {
                authToken = authProvider.authToken(httpServletRequest, z);
            } catch (AuthTokenException e) {
                authTokenException = e;
                logger().debug("getAuthToken error: provider=" + authProvider.getName() + ", err=" + e.getMessage(), e);
            } catch (AuthProviderException e2) {
                if (e2.canIgnore()) {
                    logger().debug(authProvider.getName() + ":" + e2.getMessage());
                } else {
                    authTokenException = new AuthTokenException("auth provider error", e2);
                }
            }
            if (authToken != null) {
                return authToken;
            }
            authTokenException = new AuthTokenException("auth provider " + authProvider.getName() + " returned null");
        }
        if (null != authTokenException) {
            throw authTokenException;
        }
        return null;
    }

    /* JADX WARN: Type inference failed for: r12v0, types: [com.zimbra.cs.service.AuthProviderException, java.lang.Throwable] */
    public static AuthToken getAuthToken(Element element, Map map) throws AuthTokenException {
        AuthToken authToken;
        AuthTokenException authTokenException = null;
        for (AuthProvider authProvider : getProviders()) {
            try {
                authToken = authProvider.authToken(element, map);
            } catch (AuthTokenException e) {
                authTokenException = e;
                logger().debug("getAuthToken error: provider=" + authProvider.getName() + ", err=" + e.getMessage(), e);
            } catch (AuthProviderException e2) {
                if (e2.canIgnore()) {
                    logger().debug(authProvider.getName() + ":" + e2.getMessage());
                } else {
                    authTokenException = new AuthTokenException("auth provider error", e2);
                }
            }
            if (authToken != null) {
                return authToken;
            }
            authTokenException = new AuthTokenException("auth provider " + authProvider.getName() + " returned null");
        }
        if (null != authTokenException) {
            throw authTokenException;
        }
        return null;
    }

    /* JADX WARN: Type inference failed for: r12v0, types: [com.zimbra.cs.service.AuthProviderException, java.lang.Throwable] */
    public static AuthToken getAuthToken(Element element, Account account) throws AuthTokenException {
        AuthToken authToken;
        AuthTokenException authTokenException = null;
        for (AuthProvider authProvider : getProviders()) {
            try {
                authToken = authProvider.authToken(element, account);
            } catch (AuthTokenException e) {
                authTokenException = e;
                logger().debug("getAuthToken error: provider=" + authProvider.getName() + ", err=" + e.getMessage(), e);
            } catch (AuthProviderException e2) {
                if (e2.canIgnore()) {
                    logger().debug(authProvider.getName() + ":" + e2.getMessage());
                } else {
                    authTokenException = new AuthTokenException("auth provider error", e2);
                }
            }
            if (authToken != null) {
                return authToken;
            }
            authTokenException = new AuthTokenException("auth provider " + authProvider.getName() + " returned null");
        }
        if (null != authTokenException) {
            throw authTokenException;
        }
        return null;
    }

    /* JADX WARN: Type inference failed for: r11v0, types: [com.zimbra.cs.service.AuthProviderException, java.lang.Throwable] */
    public static AuthToken getAuthToken(String str) throws AuthTokenException {
        AuthToken authToken;
        AuthTokenException authTokenException = null;
        for (AuthProvider authProvider : getProviders()) {
            try {
                authToken = authProvider.authToken(str);
            } catch (AuthTokenException e) {
                authTokenException = e;
                logger().debug("getAuthToken error: provider=" + authProvider.getName() + ", err=" + e.getMessage(), e);
            } catch (AuthProviderException e2) {
                if (e2.canIgnore()) {
                    logger().warn(authProvider.getName() + ":" + e2.getMessage());
                } else {
                    authTokenException = new AuthTokenException("auth provider error", e2);
                }
            }
            if (authToken != null) {
                return authToken;
            }
            authTokenException = new AuthTokenException("auth provider " + authProvider.getName() + " returned null");
        }
        if (null != authTokenException) {
            throw authTokenException;
        }
        logger().error("unable to get AuthToken from encoded " + str);
        return null;
    }

    public static AuthToken getAuthToken(Account account) throws AuthProviderException {
        AuthToken authToken;
        AuthProviderException authProviderException = null;
        for (AuthProvider authProvider : getProviders()) {
            try {
                authToken = authProvider.authToken(account);
            } catch (AuthProviderException e) {
                if (e.canIgnore()) {
                    logger().debug(authProvider.getName() + ":" + e.getMessage());
                } else {
                    authProviderException = e;
                }
            }
            if (authToken != null) {
                return authToken;
            }
            authProviderException = AuthProviderException.FAILURE("auth provider " + authProvider.getName() + " returned null");
        }
        if (null != authProviderException) {
            throw authProviderException;
        }
        throw AuthProviderException.FAILURE("cannot get authtoken from account " + account.getName());
    }

    public static AuthToken getAuthToken(Account account, boolean z) throws AuthProviderException {
        return getAuthToken(account, z, null);
    }

    public static AuthToken getAuthToken(Account account, boolean z, AuthMechanism.AuthMech authMech) throws AuthProviderException {
        AuthToken authToken;
        AuthProviderException authProviderException = null;
        for (AuthProvider authProvider : getProviders()) {
            try {
                authToken = authProvider.authToken(account, z, authMech);
            } catch (AuthProviderException e) {
                if (e.canIgnore()) {
                    logger().debug(authProvider.getName() + ":" + e.getMessage());
                } else {
                    authProviderException = e;
                }
            }
            if (authToken != null) {
                return authToken;
            }
            authProviderException = AuthProviderException.FAILURE("auth provider " + authProvider.getName() + " returned null");
        }
        String name = account != null ? account.getName() : "null";
        if (null != authProviderException) {
            throw authProviderException;
        }
        throw AuthProviderException.FAILURE("cannot get authtoken from account " + name);
    }

    public static AuthToken getAdminAuthToken() throws ServiceException {
        return getAuthToken(Provisioning.getInstance().get(Key.AccountBy.adminName, LC.zimbra_ldap_user.value()), true);
    }

    public static AuthToken getAuthToken(Account account, long j) throws AuthProviderException {
        AuthToken authToken;
        AuthProviderException authProviderException = null;
        for (AuthProvider authProvider : getProviders()) {
            try {
                authToken = authProvider.authToken(account, j);
            } catch (AuthProviderException e) {
                if (e.canIgnore()) {
                    logger().debug(authProvider.getName() + ":" + e.getMessage());
                } else {
                    authProviderException = e;
                }
            }
            if (authToken != null) {
                return authToken;
            }
            authProviderException = AuthProviderException.FAILURE("auth provider " + authProvider.getName() + " returned null");
        }
        if (null != authProviderException) {
            throw authProviderException;
        }
        throw AuthProviderException.FAILURE("cannot get authtoken from account " + account.getName());
    }

    public static AuthToken getAuthToken(Account account, long j, boolean z, Account account2) throws AuthProviderException {
        AuthToken authToken;
        AuthProviderException authProviderException = null;
        for (AuthProvider authProvider : getProviders()) {
            try {
                authToken = authProvider.authToken(account, j, z, account2);
            } catch (AuthProviderException e) {
                if (e.canIgnore()) {
                    logger().debug(authProvider.getName() + ":" + e.getMessage());
                } else {
                    authProviderException = e;
                }
            }
            if (authToken != null) {
                return authToken;
            }
            authProviderException = AuthProviderException.FAILURE("auth provider " + authProvider.getName() + " returned null");
        }
        if (null != authProviderException) {
            throw authProviderException;
        }
        throw AuthProviderException.FAILURE("cannot get authtoken from account " + account.getName());
    }

    public static AuthToken getAuthToken(Account account, AuthToken.Usage usage) throws AuthProviderException {
        AuthToken authToken;
        AuthProviderException authProviderException = null;
        for (AuthProvider authProvider : getProviders()) {
            try {
                authToken = authProvider.authToken(account, usage);
            } catch (AuthProviderException e) {
                if (e.canIgnore()) {
                    logger().debug(authProvider.getName() + ":" + e.getMessage());
                } else {
                    authProviderException = e;
                }
            }
            if (authToken != null) {
                return authToken;
            }
            authProviderException = AuthProviderException.FAILURE("auth provider " + authProvider.getName() + " returned null");
        }
        if (null != authProviderException) {
            throw authProviderException;
        }
        throw AuthProviderException.FAILURE("cannot get authtoken from account " + account.getName());
    }

    protected AuthToken authToken(Account account, AuthToken.Usage usage) throws AuthProviderException {
        throw AuthProviderException.NOT_SUPPORTED();
    }

    public static boolean allowBasicAuth(HttpServletRequest httpServletRequest, ZimbraServlet zimbraServlet) {
        Iterator<AuthProvider> it = getProviders().iterator();
        while (it.hasNext()) {
            if (it.next().allowHttpBasicAuth(httpServletRequest, zimbraServlet)) {
                return true;
            }
        }
        return false;
    }

    public static boolean allowAccessKeyAuth(HttpServletRequest httpServletRequest, ZimbraServlet zimbraServlet) {
        Iterator<AuthProvider> it = getProviders().iterator();
        while (it.hasNext()) {
            if (it.next().allowURLAccessKeyAuth(httpServletRequest, zimbraServlet)) {
                return true;
            }
        }
        return false;
    }

    public static Account validateAuthToken(Provisioning provisioning, AuthToken authToken, boolean z) throws ServiceException {
        return validateAuthToken(provisioning, authToken, z, AuthToken.Usage.AUTH);
    }

    public static Account validateAuthToken(Provisioning provisioning, AuthToken authToken, boolean z, AuthToken.Usage usage) throws ServiceException {
        try {
            return validateAuthTokenInternal(provisioning, authToken, z, usage);
        } catch (ServiceException e) {
            if (!"service.AUTH_EXPIRED".equals(e.getCode())) {
                throw e;
            }
            ZimbraLog.account.debug("auth token validation failed", e);
            throw ServiceException.AUTH_EXPIRED();
        }
    }

    private static Account validateAuthTokenInternal(Provisioning provisioning, AuthToken authToken, boolean z, AuthToken.Usage usage) throws ServiceException {
        if (provisioning == null) {
            provisioning = Provisioning.getInstance();
        }
        if (authToken.getUsage() != usage) {
            throw ServiceException.AUTH_EXPIRED("invalid usage value");
        }
        if (authToken.isExpired()) {
            if (authToken.isRegistered()) {
                try {
                    authToken.deRegister();
                } catch (AuthTokenException e) {
                    ZimbraLog.account.error(e);
                }
            }
            throw ServiceException.AUTH_EXPIRED();
        }
        if (!authToken.isRegistered()) {
            throw ServiceException.AUTH_EXPIRED();
        }
        String accountId = authToken.getAccountId();
        Account account = provisioning.get(Key.AccountBy.id, accountId, authToken);
        if (account == null && authToken.isZMGAppBootstrap()) {
            return null;
        }
        if (account == null) {
            throw ServiceException.AUTH_EXPIRED("account " + accountId + " not found");
        }
        if (z) {
            ZimbraLog.addAccountNameToContext(account.getName());
        }
        if (!account.checkAuthTokenValidityValue(authToken)) {
            throw ServiceException.AUTH_EXPIRED("invalid validity value");
        }
        boolean isDelegatedAuth = authToken.isDelegatedAuth();
        String accountStatus = account.getAccountStatus(provisioning);
        if (!isDelegatedAuth && !"active".equals(accountStatus)) {
            if (authToken.getUsage() == AuthToken.Usage.TWO_FACTOR_AUTH) {
                throw AccountServiceException.AuthFailedServiceException.AUTH_FAILED(account.getName(), "account not active");
            }
            throw ServiceException.AUTH_EXPIRED("account not active");
        }
        if (isDelegatedAuth) {
            if ("maintenance".equals(accountStatus)) {
                throw ServiceException.AUTH_EXPIRED("delegated account in MAINTENANCE mode");
            }
            Account account2 = provisioning.get(Key.AccountBy.id, authToken.getAdminAccountId());
            if (account2 == null) {
                throw ServiceException.AUTH_EXPIRED("delegating account " + authToken.getAdminAccountId() + " not found");
            }
            if (!AdminAccessControl.isAdequateAdminAccount(account2)) {
                throw ServiceException.PERM_DENIED("not an admin for delegated auth");
            }
            if (!"active".equals(account2.getAccountStatus(provisioning))) {
                throw ServiceException.AUTH_EXPIRED("delegating account is not active");
            }
        }
        return account;
    }

    static {
        register(new ZimbraAuthProvider());
        register(new ZimbraAuthProviderForOAuth());
        refresh();
    }
}
