package com.axelor.auth;

import com.axelor.app.AppSettings;
import com.axelor.auth.cas.AuthCasFilter;
import com.axelor.auth.cas.AuthCasLogoutFilter;
import com.axelor.auth.cas.AuthCasRealm;
import com.axelor.auth.cas.AuthCasUserFilter;
import com.axelor.common.StringUtils;
import com.axelor.db.JpaSecurity;
import com.google.inject.AbstractModule;
import com.google.inject.Injector;
import com.google.inject.Key;
import com.google.inject.Singleton;
import com.google.inject.name.Names;
import java.util.Properties;
import javax.inject.Inject;
import javax.servlet.ServletContext;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.guice.ShiroModule;
import org.apache.shiro.guice.web.ShiroWebModule;
import org.apache.shiro.mgt.SecurityManager;

/* loaded from: input_file:com/axelor/auth/AuthModule.class */
public class AuthModule extends AbstractModule {
    private Properties properties = new Properties();
    private ServletContext context;

    @Singleton
    /* loaded from: input_file:com/axelor/auth/AuthModule$Initializer.class */
    public static class Initializer {
        @Inject
        public Initializer(Injector injector) {
            SecurityUtils.setSecurityManager((SecurityManager) injector.getInstance(SecurityManager.class));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/axelor/auth/AuthModule$MyShiroModule.class */
    public static final class MyShiroModule extends ShiroModule {
        MyShiroModule() {
        }

        protected void configureShiro() {
            bindRealm().to(AuthRealm.class);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/axelor/auth/AuthModule$MyShiroWebModule.class */
    public static final class MyShiroWebModule extends ShiroWebModule {
        public MyShiroWebModule(ServletContext servletContext) {
            super(servletContext);
        }

        protected void configureShiroWeb() {
            addFilterChain("/public/**", new Key[]{ANON});
            addFilterChain("/lib/**", new Key[]{ANON});
            addFilterChain("/img/**", new Key[]{ANON});
            addFilterChain("/ico/**", new Key[]{ANON});
            addFilterChain("/css/**", new Key[]{ANON});
            addFilterChain("/error.jsp", new Key[]{ANON});
            if (!bindCas()) {
                bindRealm().to(AuthRealm.class);
                addFilterChain("/logout", new Key[]{LOGOUT});
                addFilterChain("/**", new Key[]{Key.get(AuthFilter.class)});
            } else {
                bindRealm().to(AuthCasRealm.class);
                addFilterChain("/cas", new Key[]{Key.get(AuthCasFilter.class)});
                addFilterChain("/logout", new Key[]{Key.get(AuthCasLogoutFilter.class)});
                addFilterChain("/**", new Key[]{Key.get(AuthCasUserFilter.class)});
            }
        }

        private boolean bindCas() {
            AppSettings appSettings = AppSettings.get();
            String str = appSettings.get(AuthCasRealm.CONFIG_CAS_SERVER_PREFIX_URL);
            String str2 = appSettings.get(AuthCasRealm.CONFIG_CAS_SERVICE);
            if (StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
                return false;
            }
            String str3 = appSettings.get(AuthCasRealm.CONFIG_CAS_LOGIN_URL);
            String str4 = appSettings.get(AuthCasRealm.CONFIG_CAS_LOGOUT_URL);
            String str5 = appSettings.get(AuthCasRealm.CONFIG_CAS_PROTOCOL);
            if (StringUtils.isBlank(str3)) {
                str3 = String.format("%s/login?service=%s", str, str2);
            }
            if (StringUtils.isBlank(str4)) {
                str4 = String.format("%s/logout?service=%s", str, str2);
            }
            if (StringUtils.isBlank(str5)) {
                str5 = "SAML";
            }
            bindConstant().annotatedWith(Names.named("shiro.cas.failure.url")).to("/error.jsp");
            bindConstant().annotatedWith(Names.named("shiro.cas.server.url.prefix")).to(str);
            bindConstant().annotatedWith(Names.named("shiro.cas.service")).to(str2);
            bindConstant().annotatedWith(Names.named("shiro.cas.login.url")).to(str3);
            bindConstant().annotatedWith(Names.named("shiro.cas.logout.url")).to(str4);
            bindConstant().annotatedWith(Names.named("shiro.cas.protocol")).to(str5);
            return true;
        }
    }

    public AuthModule() {
    }

    public AuthModule(ServletContext servletContext) {
        this.context = servletContext;
    }

    public AuthModule properties(Properties properties) {
        this.properties = properties;
        return this;
    }

    protected final void configure() {
        bindConstant().annotatedWith(Names.named("app.loginUrl")).to("/login.jsp");
        bindConstant().annotatedWith(Names.named("auth.hash.algorithm")).to("SHA-512");
        bindConstant().annotatedWith(Names.named("auth.hash.iterations")).to(500000);
        bind(Properties.class).annotatedWith(Names.named("auth.ldap.config")).toInstance(this.properties);
        bind(JpaSecurity.class).toProvider(AuthSecurity.class);
        bind(AuthService.class).asEagerSingleton();
        bind(AuthLdap.class).asEagerSingleton();
        configureAuth();
        bind(Initializer.class).asEagerSingleton();
    }

    protected void configureAuth() {
        install(this.context == null ? new MyShiroModule() : new MyShiroWebModule(this.context));
    }
}
