package com.zimbra.cs.servlet.util;

import com.zimbra.common.account.Key;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.HttpUtil;
import com.zimbra.common.util.Log;
import com.zimbra.common.util.LogFactory;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AuthToken;
import com.zimbra.cs.account.AuthTokenException;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.GuestAccount;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.Server;
import com.zimbra.cs.account.auth.AuthContext;
import com.zimbra.cs.dav.DavProtocol;
import com.zimbra.cs.dav.service.DavServlet;
import com.zimbra.cs.httpclient.URLUtil;
import com.zimbra.cs.service.AuthProvider;
import com.zimbra.cs.service.UserServletException;
import com.zimbra.cs.servlet.ZimbraServlet;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/zimbra/cs/servlet/util/AuthUtil.class */
public class AuthUtil {
    private static Log mLog = LogFactory.getLog(AuthUtil.class);
    public static final String WWW_AUTHENTICATE_HEADER = "WWW-Authenticate";
    public static final String HTTP_AUTH_HEADER = "Authorization";
    public static final String IGNORE_LOGIN_URL = "?ignoreLoginURL=1";

    /* loaded from: input_file:com/zimbra/cs/servlet/util/AuthUtil$AuthResult.class */
    public static final class AuthResult {
        public final boolean sendErrorCalled;
        public final Account authorizedAccount;

        public AuthResult(Account account, boolean z) {
            this.sendErrorCalled = z;
            this.authorizedAccount = account;
        }
    }

    public static boolean isAdminRequest(HttpServletRequest httpServletRequest) throws ServiceException {
        int intAttr = Provisioning.getInstance().getLocalServer().getIntAttr("zimbraAdminPort", -1);
        if (httpServletRequest.getLocalPort() == intAttr) {
            return (Provisioning.getInstance().getLocalServer().getIntAttr("zimbraMailPort", -1) == intAttr && getAdminAuthTokenFromCookie(httpServletRequest) == null) ? false : true;
        }
        return false;
    }

    public static AuthToken getAuthTokenFromCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        return getAuthTokenFromHttpReq(httpServletRequest, httpServletResponse, false, false);
    }

    public static AuthToken getAuthTokenFromCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException {
        return getAuthTokenFromHttpReq(httpServletRequest, httpServletResponse, false, z);
    }

    public static AuthToken getAuthTokenFromHttpReq(HttpServletRequest httpServletRequest, boolean z) {
        try {
            AuthToken authToken = AuthProvider.getAuthToken(httpServletRequest, z);
            if (authToken == null || authToken.isExpired()) {
                return null;
            }
            if (authToken.isRegistered()) {
                return authToken;
            }
            return null;
        } catch (AuthTokenException e) {
            return null;
        }
    }

    public static AuthToken getAuthTokenFromHttpReq(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, boolean z2) throws IOException {
        try {
            AuthToken authToken = AuthProvider.getAuthToken(httpServletRequest, z);
            if (authToken == null) {
                if (z2) {
                    return null;
                }
                httpServletResponse.sendError(401, "no authtoken cookie");
                return null;
            }
            if (!authToken.isExpired() && authToken.isRegistered()) {
                return authToken;
            }
            if (z2) {
                return null;
            }
            httpServletResponse.sendError(401, "authtoken expired");
            return null;
        } catch (AuthTokenException e) {
            if (z2) {
                return null;
            }
            httpServletResponse.sendError(401, "unable to parse authtoken");
            return null;
        }
    }

    public static AuthToken getAdminAuthTokenFromCookie(HttpServletRequest httpServletRequest) {
        return getAuthTokenFromHttpReq(httpServletRequest, true);
    }

    public static AuthToken getAdminAuthTokenFromCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        return getAuthTokenFromHttpReq(httpServletRequest, httpServletResponse, true, false);
    }

    public static AuthToken getAdminAuthTokenFromCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException {
        return getAuthTokenFromHttpReq(httpServletRequest, httpServletResponse, true, z);
    }

    public static Account basicAuthRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ZimbraServlet zimbraServlet, boolean z) throws IOException, ServiceException {
        if (AuthProvider.allowBasicAuth(httpServletRequest, zimbraServlet)) {
            return basicAuthRequest(httpServletRequest, httpServletResponse, z);
        }
        return null;
    }

    public static AuthResult basicAuthRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, ZimbraServlet zimbraServlet) throws IOException, ServiceException {
        if (!AuthProvider.allowBasicAuth(httpServletRequest, zimbraServlet)) {
            return new AuthResult(null, false);
        }
        Account basicAuthRequest = basicAuthRequest(httpServletRequest, httpServletResponse, z, zimbraServlet instanceof DavServlet);
        return new AuthResult(basicAuthRequest, basicAuthRequest == null);
    }

    public static Account basicAuthRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServiceException {
        return basicAuthRequest(httpServletRequest, httpServletResponse, z, false);
    }

    public static Account basicAuthRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, boolean z2) throws IOException, ServiceException {
        try {
            return basicAuthRequest(httpServletRequest, !z, z2);
        } catch (UserServletException e) {
            if (e.getHttpStatusCode() != 401) {
                httpServletResponse.sendError(e.getHttpStatusCode(), e.getMessage());
                return null;
            }
            if (!z) {
                return null;
            }
            httpServletResponse.addHeader(WWW_AUTHENTICATE_HEADER, getRealmHeader(httpServletRequest, null));
            httpServletResponse.sendError(e.getHttpStatusCode(), e.getMessage());
            return null;
        }
    }

    public static Account basicAuthRequest(HttpServletRequest httpServletRequest, boolean z) throws IOException, ServiceException, UserServletException {
        return basicAuthRequest(httpServletRequest, z, false);
    }

    public static Account basicAuthRequest(HttpServletRequest httpServletRequest, boolean z, boolean z2) throws IOException, ServiceException, UserServletException {
        String virtualHost;
        Domain domain;
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.startsWith("Basic ")) {
            throw new UserServletException(401, "must authenticate");
        }
        String str = new String(Base64.decodeBase64(header.substring(6).getBytes()), "UTF-8");
        int indexOf = str.indexOf(":");
        if (indexOf == -1) {
            throw new UserServletException(400, "invalid basic auth credentials");
        }
        String substring = str.substring(0, indexOf);
        String str2 = substring;
        String substring2 = str.substring(indexOf + 1);
        Provisioning provisioning = Provisioning.getInstance();
        if (str2.indexOf(64) == -1 && (virtualHost = HttpUtil.getVirtualHost(httpServletRequest)) != null && (domain = provisioning.get(Key.DomainBy.virtualHostname, virtualHost.toLowerCase())) != null) {
            str2 = str2 + "@" + domain.getName();
        }
        Account account = provisioning.get(Key.AccountBy.name, str2);
        if (account == null) {
            if (z) {
                return new GuestAccount(str2, substring2);
            }
            throw new UserServletException(401, "invalid username/password");
        }
        try {
            HashMap hashMap = new HashMap();
            hashMap.put(AuthContext.AC_ORIGINATING_CLIENT_IP, ZimbraServlet.getOrigIp(httpServletRequest));
            hashMap.put(AuthContext.AC_REMOTE_IP, ZimbraServlet.getClientIp(httpServletRequest));
            hashMap.put(AuthContext.AC_ACCOUNT_NAME_PASSEDIN, substring);
            hashMap.put("ua", httpServletRequest.getHeader(DavProtocol.HEADER_USER_AGENT));
            provisioning.authAccount(account, substring2, z2 ? AuthContext.Protocol.http_dav : AuthContext.Protocol.http_basic, hashMap);
            return account;
        } catch (ServiceException e) {
            throw new UserServletException(401, "invalid username/password");
        }
    }

    public AuthToken cookieAuthRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServiceException {
        return isAdminRequest(httpServletRequest) ? getAdminAuthTokenFromCookie(httpServletRequest, httpServletResponse, true) : getAuthTokenFromCookie(httpServletRequest, httpServletResponse, true);
    }

    public static String getRealmHeader(HttpServletRequest httpServletRequest, Domain domain) {
        String virtualHost;
        String str = null;
        if (domain == null && (virtualHost = HttpUtil.getVirtualHost(httpServletRequest)) != null) {
            try {
                domain = Provisioning.getInstance().getDomain(Key.DomainBy.virtualHostname, virtualHost.toLowerCase(), true);
            } catch (ServiceException e) {
                mLog.warn("caught exception while getting domain by virtual host: " + virtualHost, e);
            }
        }
        if (domain != null) {
            str = domain.getBasicAuthRealm();
        }
        return getRealmHeader(str);
    }

    public static String getRealmHeader(String str) {
        if (str == null) {
            str = "Zimbra";
        }
        return "BASIC realm=\"" + str + "\"";
    }

    private static String getAdminURL(Server server, boolean z) throws ServiceException {
        String adminURL = server.getAdminURL();
        return z ? adminURL : URLUtil.getAdminURL(server, adminURL, true);
    }

    private static String getMailURL(Server server, boolean z) throws ServiceException {
        String mailURL = server.getMailURL();
        return z ? mailURL : URLUtil.getServiceURL(server, mailURL, true);
    }

    public static String getRedirectURL(HttpServletRequest httpServletRequest, Server server, boolean z, boolean z2) throws ServiceException, MalformedURLException {
        String adminURL = z ? getAdminURL(server, z2) : getMailURL(server, z2);
        if (!z2) {
            URL url = new URL(adminURL);
            String serverName = httpServletRequest.getServerName();
            if (!serverName.equalsIgnoreCase(url.getHost())) {
                adminURL = new URL(url.getProtocol(), serverName, url.getPort(), url.getFile()).toString();
            }
        }
        return adminURL;
    }
}
