package com.zimbra.cs.servlet;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.ZimbraCookie;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AuthTokenException;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.service.AuthProvider;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.eclipse.jetty.http.PathMap;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.UserAuthentication;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.UserIdentity;

/* loaded from: input_file:com/zimbra/cs/servlet/ZimbraAuthenticator.class */
public class ZimbraAuthenticator extends BasicAuthenticator {
    protected String urlPattern = "";
    static final /* synthetic */ boolean $assertionsDisabled;

    public String getUrlPattern() {
        return this.urlPattern;
    }

    public void setUrlPattern(String str) {
        this.urlPattern = str == null ? null : str.replace("//", "/");
    }

    public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        Cookie[] cookies;
        if (z && (servletRequest instanceof HttpServletRequest)) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            if (PathMap.match(this.urlPattern, httpServletRequest.getRequestURI()) && (cookies = httpServletRequest.getCookies()) != null) {
                for (Cookie cookie : cookies) {
                    if (ZimbraCookie.authTokenCookieName(true).equalsIgnoreCase(cookie.getName()) || ZimbraCookie.authTokenCookieName(false).equalsIgnoreCase(cookie.getName())) {
                        try {
                            Account validateAuthToken = AuthProvider.validateAuthToken(Provisioning.getInstance(), AuthProvider.getAuthToken(cookie.getValue()), false);
                            if (validateAuthToken != null) {
                                if (this._loginService instanceof ZimbraLoginService) {
                                    UserIdentity makeUserIdentity = ((ZimbraLoginService) this._loginService).makeUserIdentity(validateAuthToken.getMail());
                                    ZimbraLog.security.debug("Auth token validated");
                                    return new UserAuthentication(getAuthMethod(), makeUserIdentity);
                                }
                                ZimbraLog.security.warn("Misconfigured? _loginService not ZimbraLoginService");
                                if (!$assertionsDisabled) {
                                    throw new AssertionError();
                                }
                            }
                        } catch (AuthTokenException e) {
                            ZimbraLog.security.error("Unable to authenticate due to AuthTokenException", e);
                        } catch (ServiceException e2) {
                            ZimbraLog.security.error("Unable to authenticate due to ServiceException", e2);
                        }
                    }
                }
                ZimbraLog.security.debug("no valid auth token, fallback to basic");
            }
        }
        return super.validateRequest(servletRequest, servletResponse, z);
    }

    static {
        $assertionsDisabled = !ZimbraAuthenticator.class.desiredAssertionStatus();
    }
}
