package org.dspace.sword2;

import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.dspace.authenticate.factory.AuthenticateServiceFactory;
import org.dspace.authenticate.service.AuthenticationService;
import org.dspace.authorize.factory.AuthorizeServiceFactory;
import org.dspace.authorize.service.AuthorizeService;
import org.dspace.content.Bundle;
import org.dspace.content.Collection;
import org.dspace.content.Community;
import org.dspace.content.DSpaceObject;
import org.dspace.content.Item;
import org.dspace.content.factory.ContentServiceFactory;
import org.dspace.content.service.CollectionService;
import org.dspace.content.service.CommunityService;
import org.dspace.content.service.ItemService;
import org.dspace.core.Context;
import org.dspace.core.LogManager;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
import org.dspace.eperson.factory.EPersonServiceFactory;
import org.dspace.eperson.service.EPersonService;
import org.dspace.services.ConfigurationService;
import org.dspace.services.factory.DSpaceServicesFactory;
import org.swordapp.server.AuthCredentials;
import org.swordapp.server.SwordAuthException;
import org.swordapp.server.SwordError;
import org.swordapp.server.UriRegistry;

/* loaded from: input_file:org/dspace/sword2/SwordAuthenticator.class */
public class SwordAuthenticator {
    private static Logger log = Logger.getLogger(SwordAuthenticator.class);
    protected AuthenticationService authenticationService = AuthenticateServiceFactory.getInstance().getAuthenticationService();
    protected AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
    protected EPersonService ePersonService = EPersonServiceFactory.getInstance().getEPersonService();
    protected CommunityService communityService = ContentServiceFactory.getInstance().getCommunityService();
    protected CollectionService collectionService = ContentServiceFactory.getInstance().getCollectionService();
    protected ItemService itemService = ContentServiceFactory.getInstance().getItemService();
    protected ConfigurationService configurationService = DSpaceServicesFactory.getInstance().getConfigurationService();

    public boolean authenticates(Context context, String str, String str2) {
        return this.authenticationService.authenticate(context, str, str2, (String) null, (HttpServletRequest) null) == 1;
    }

    private Context constructContext() throws DSpaceSwordException {
        Context context = new Context();
        context.setExtraLogInfo("session_id=0");
        return context;
    }

    public SwordContext authenticate(AuthCredentials authCredentials) throws DSpaceSwordException, SwordError, SwordAuthException {
        Context constructContext = constructContext();
        try {
            return authenticate(constructContext, authCredentials);
        } catch (RuntimeException | DSpaceSwordException | SwordAuthException | SwordError e) {
            if (constructContext != null && constructContext.isValid()) {
                constructContext.abort();
            }
            throw e;
        }
    }

    private SwordContext authenticate(Context context, AuthCredentials authCredentials) throws SwordAuthException, SwordError, DSpaceSwordException {
        String onBehalfOf = authCredentials.getOnBehalfOf();
        String username = authCredentials.getUsername();
        String password = authCredentials.getPassword();
        if (StringUtils.isBlank(onBehalfOf)) {
            onBehalfOf = null;
        }
        if (!this.configurationService.getBooleanProperty("swordv2-server.on-behalf-of.enable", false) && onBehalfOf != null) {
            log.error("Attempted mediated deposit on service not configured to do so");
            throw new SwordError(UriRegistry.ERROR_MEDIATION_NOT_ALLOWED, "Mediated deposit to this service is not permitted");
        }
        log.info(LogManager.getHeader(context, "sword_authenticate", "username=" + username + ",on_behalf_of=" + onBehalfOf));
        try {
            SwordContext swordContext = new SwordContext();
            EPerson ePerson = null;
            boolean z = false;
            if (authenticates(context, username, password)) {
                ePerson = context.getCurrentUser();
                if (ePerson != null) {
                    z = true;
                    swordContext.setAuthenticated(ePerson);
                    for (Group group : this.authenticationService.getSpecialGroups(context, (HttpServletRequest) null)) {
                        context.setSpecialGroup(group.getID());
                        log.debug("Adding Special Group id=" + group.getID());
                    }
                    swordContext.setAuthenticatorContext(context);
                    swordContext.setContext(context);
                }
                if (onBehalfOf != null) {
                    EPerson findByEmail = this.ePersonService.findByEmail(context, onBehalfOf);
                    if (findByEmail == null) {
                        findByEmail = this.ePersonService.findByNetid(context, onBehalfOf);
                    }
                    if (findByEmail == null) {
                        throw new SwordError(UriRegistry.ERROR_TARGET_OWNER_UNKNOWN, "unable to identify on-behalf-of user: " + onBehalfOf);
                    }
                    swordContext.setOnBehalfOf(findByEmail);
                    Context constructContext = constructContext();
                    constructContext.setCurrentUser(findByEmail);
                    for (Group group2 : this.authenticationService.getSpecialGroups(constructContext, (HttpServletRequest) null)) {
                        constructContext.setSpecialGroup(group2.getID());
                        log.debug("Adding Special Group id=" + group2.getID());
                    }
                    swordContext.setContext(constructContext);
                }
            }
            if (z) {
                return swordContext;
            }
            if (ePerson != null) {
                log.info(LogManager.getHeader(context, "sword_unable_to_set_user", "username=" + username));
                throw new SwordAuthException("Unable to authenticate with the supplied credentials");
            }
            log.info(LogManager.getHeader(context, "sword_unable_to_set_on_behalf_of", "username=" + username + ",on_behalf_of=" + onBehalfOf));
            throw new SwordAuthException("Unable to authenticate the onBehalfOf account");
        } catch (SQLException e) {
            log.error("caught exception: ", e);
            throw new DSpaceSwordException("There was a problem accessing the repository user database", e);
        }
    }

    public boolean canSubmit(SwordContext swordContext, DSpaceObject dSpaceObject, VerboseDescription verboseDescription) throws DSpaceSwordException, SwordError {
        boolean canSubmitTo = canSubmitTo(swordContext, dSpaceObject);
        if (canSubmitTo) {
            verboseDescription.append("User is authorised to submit to collection");
        } else {
            verboseDescription.append("User is not authorised to submit to collection");
        }
        return canSubmitTo;
    }

    public boolean isUserAdmin(SwordContext swordContext) throws DSpaceSwordException {
        try {
            if (swordContext.getAuthenticated() != null) {
                return this.authorizeService.isAdmin(swordContext.getAuthenticatorContext());
            }
            return false;
        } catch (SQLException e) {
            log.error("Caught exception: ", e);
            throw new DSpaceSwordException(e);
        }
    }

    public boolean isOnBehalfOfAdmin(SwordContext swordContext) throws DSpaceSwordException {
        if (swordContext.getOnBehalfOf() == null) {
            return false;
        }
        try {
            return this.authorizeService.isAdmin(swordContext.getOnBehalfOfContext());
        } catch (SQLException e) {
            log.error("Caught exception: ", e);
            throw new DSpaceSwordException(e);
        }
    }

    public boolean isUserInGroup(SwordContext swordContext, Group group) {
        EPerson authenticated = swordContext.getAuthenticated();
        if (authenticated != null) {
            return isInGroup(group, authenticated);
        }
        return false;
    }

    public boolean isOnBehalfOfInGroup(SwordContext swordContext, Group group) {
        EPerson onBehalfOf = swordContext.getOnBehalfOf();
        if (onBehalfOf != null) {
            return isInGroup(group, onBehalfOf);
        }
        return false;
    }

    public boolean isInGroup(Group group, EPerson ePerson) {
        List members = group.getMembers();
        List memberGroups = group.getMemberGroups();
        Iterator it = members.iterator();
        while (it.hasNext()) {
            if (ePerson.getID().equals(((EPerson) it.next()).getID())) {
                return true;
            }
        }
        if (memberGroups == null || memberGroups.isEmpty()) {
            return false;
        }
        Iterator it2 = memberGroups.iterator();
        while (it2.hasNext()) {
            if (isInGroup((Group) it2.next(), ePerson)) {
                return true;
            }
        }
        return false;
    }

    public List<Community> getAllowedCommunities(SwordContext swordContext) throws DSpaceSwordException {
        try {
            Context context = swordContext.getContext();
            ArrayList arrayList = new ArrayList();
            for (Community community : this.communityService.findAllTop(context)) {
                boolean z = swordContext.getOnBehalfOf() == null;
                boolean authorizeActionBoolean = 0 == 0 ? this.authorizeService.authorizeActionBoolean(swordContext.getAuthenticatorContext(), community, 0) : false;
                if (!z) {
                    z = this.authorizeService.authorizeActionBoolean(swordContext.getOnBehalfOfContext(), community, 0);
                }
                if (authorizeActionBoolean && z) {
                    arrayList.add(community);
                }
            }
            return arrayList;
        } catch (SQLException e) {
            log.error("Caught exception: ", e);
            throw new DSpaceSwordException(e);
        }
    }

    public List<Community> getCommunities(SwordContext swordContext, Community community) throws DSpaceSwordException {
        try {
            List<Community> subcommunities = community.getSubcommunities();
            ArrayList arrayList = new ArrayList();
            for (Community community2 : subcommunities) {
                boolean z = swordContext.getOnBehalfOf() == null;
                boolean authorizeActionBoolean = 0 == 0 ? this.authorizeService.authorizeActionBoolean(swordContext.getAuthenticatorContext(), community2, 0) : false;
                if (!z) {
                    z = this.authorizeService.authorizeActionBoolean(swordContext.getOnBehalfOfContext(), community2, 0);
                }
                if (authorizeActionBoolean && z) {
                    arrayList.add(community2);
                }
            }
            return arrayList;
        } catch (SQLException e) {
            log.error("Caught exception: ", e);
            throw new DSpaceSwordException(e);
        }
    }

    public List<Collection> getAllowedCollections(SwordContext swordContext) throws DSpaceSwordException {
        return getAllowedCollections(swordContext, null);
    }

    public List<Collection> getAllowedCollections(SwordContext swordContext, Community community) throws DSpaceSwordException {
        try {
            List<Collection> findAuthorized = this.collectionService.findAuthorized(swordContext.getAuthenticatorContext(), community, 3);
            ArrayList arrayList = new ArrayList();
            for (Collection collection : findAuthorized) {
                boolean z = swordContext.getOnBehalfOf() == null;
                if (!z) {
                    z = this.authorizeService.authorizeActionBoolean(swordContext.getOnBehalfOfContext(), collection, 3);
                }
                if (z) {
                    arrayList.add(collection);
                }
            }
            return arrayList;
        } catch (SQLException e) {
            log.error("Caught exception: ", e);
            throw new DSpaceSwordException(e);
        }
    }

    public List<Item> getAllowedItems(SwordContext swordContext, Collection collection) throws DSpaceSwordException {
        try {
            ArrayList arrayList = new ArrayList();
            Iterator findByCollection = this.itemService.findByCollection(swordContext.getContext(), collection);
            while (findByCollection.hasNext()) {
                Item item = (Item) findByCollection.next();
                boolean z = false;
                boolean z2 = swordContext.getOnBehalfOf() == null;
                List<Bundle> bundles = item.getBundles();
                if (0 == 0) {
                    boolean authorizeActionBoolean = this.authorizeService.authorizeActionBoolean(swordContext.getAuthenticatorContext(), item, 1);
                    boolean z3 = false;
                    if (bundles.isEmpty()) {
                        z3 = this.authorizeService.authorizeActionBoolean(swordContext.getAuthenticatorContext(), item, 3);
                    } else {
                        for (Bundle bundle : bundles) {
                            if ("ORIGINAL".equals(bundle.getName())) {
                                z3 = this.authorizeService.authorizeActionBoolean(swordContext.getAuthenticatorContext(), bundle, 3);
                                if (!z3) {
                                    break;
                                }
                            }
                        }
                    }
                    z = authorizeActionBoolean && z3;
                }
                if (!z2) {
                    boolean authorizeActionBoolean2 = this.authorizeService.authorizeActionBoolean(swordContext.getOnBehalfOfContext(), item, 1);
                    boolean z4 = false;
                    if (bundles.isEmpty()) {
                        z4 = this.authorizeService.authorizeActionBoolean(swordContext.getAuthenticatorContext(), item, 3);
                    } else {
                        for (Bundle bundle2 : bundles) {
                            if ("ORIGINAL".equals(bundle2.getName())) {
                                z4 = this.authorizeService.authorizeActionBoolean(swordContext.getAuthenticatorContext(), bundle2, 3);
                                if (!z4) {
                                    break;
                                }
                            }
                        }
                    }
                    z2 = authorizeActionBoolean2 && z4;
                }
                if (z && z2) {
                    arrayList.add(item);
                }
            }
            return arrayList;
        } catch (SQLException e) {
            throw new DSpaceSwordException(e);
        }
    }

    public boolean canSubmitTo(SwordContext swordContext, Collection collection) throws DSpaceSwordException {
        try {
            boolean z = false;
            boolean z2 = false;
            if (swordContext.getOnBehalfOf() == null) {
                z2 = true;
            }
            if (0 == 0) {
                z = this.authorizeService.authorizeActionBoolean(swordContext.getAuthenticatorContext(), collection, 3);
            }
            if (!z2) {
                z2 = this.authorizeService.authorizeActionBoolean(swordContext.getOnBehalfOfContext(), collection, 3);
            }
            return z && z2;
        } catch (SQLException e) {
            log.error("Caught exception: ", e);
            throw new DSpaceSwordException(e);
        }
    }

    public boolean canSubmitTo(SwordContext swordContext, Item item) throws DSpaceSwordException {
        Context authenticatorContext;
        try {
            if (!(swordContext.getOnBehalfOf() != null)) {
                authenticatorContext = swordContext.getAuthenticatorContext();
            } else {
                if (!allowedToMediate(swordContext.getAuthenticatorContext())) {
                    return false;
                }
                authenticatorContext = swordContext.getOnBehalfOfContext();
            }
            boolean authorizeActionBoolean = this.authorizeService.authorizeActionBoolean(authenticatorContext, item, 1);
            List<Bundle> bundles = item.getBundles();
            boolean z = false;
            if (bundles.isEmpty()) {
                z = this.authorizeService.authorizeActionBoolean(authenticatorContext, item, 3);
            } else {
                for (Bundle bundle : bundles) {
                    if ("ORIGINAL".equals(bundle.getName())) {
                        z = this.authorizeService.authorizeActionBoolean(authenticatorContext, bundle, 3);
                        if (!z) {
                            break;
                        }
                    }
                }
            }
            return authorizeActionBoolean && z;
        } catch (SQLException e) {
            log.error("Caught exception: ", e);
            throw new DSpaceSwordException(e);
        }
    }

    private boolean allowedToMediate(Context context) {
        String[] arrayProperty = this.configurationService.getArrayProperty("swordv2-server.on-behalf-of.update.mediators");
        if (arrayProperty == null || arrayProperty.length == 0) {
            return true;
        }
        EPerson currentUser = context.getCurrentUser();
        if (currentUser == null) {
            return false;
        }
        String email = currentUser.getEmail();
        String netid = currentUser.getNetid();
        for (String str : arrayProperty) {
            String trim = str.trim();
            if (email != null && trim.equals(email.trim())) {
                return true;
            }
            if (netid != null && trim.equals(netid.trim())) {
                return true;
            }
        }
        return false;
    }

    public boolean canSubmitTo(SwordContext swordContext, DSpaceObject dSpaceObject) throws DSpaceSwordException {
        return dSpaceObject instanceof Collection ? canSubmitTo(swordContext, (Collection) dSpaceObject) : (dSpaceObject instanceof Item) && canSubmitTo(swordContext, (Item) dSpaceObject);
    }
}
