package net.sf.jguard.jee.authentication.http;

import java.io.IOException;
import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import net.sf.jguard.core.authentication.AccessContext;
import net.sf.jguard.core.authentication.AuthenticationUtils;
import net.sf.jguard.core.authentication.Stateful;
import net.sf.jguard.core.authorization.AuthorizationBindings;
import net.sf.jguard.core.authorization.permissions.URLPermission;
import net.sf.jguard.ext.authentication.AbstractAuthenticationBindings;
import net.sf.jguard.jee.authentication.callbacks.HttpServletCallbackHandler;
import net.sf.jguard.jee.authorization.http.HttpAccessControllerUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/sf/jguard/jee/authentication/http/HttpServletAuthenticationBindings.class */
public class HttpServletAuthenticationBindings extends AbstractJEEAuthenticationBindings implements Stateful {
    private static final Logger logger;
    private String indexURI;
    private String logonURI;
    static Class class$net$sf$jguard$jee$authentication$http$HttpServletAuthenticationBindings;

    public HttpServletAuthenticationBindings(AuthorizationBindings authorizationBindings) {
        super(authorizationBindings);
    }

    public void process(AccessContext accessContext) {
        accessContext.setAttribute(AccessFilter.SERVLET_REQUEST, new JGuardServletRequestWrapper((HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST)));
    }

    public boolean authenticationFailed(AccessContext accessContext) {
        accessContext.setAttribute("redirect", "true");
        HttpServletRequest httpServletRequest = (HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST);
        HttpServletResponse httpServletResponse = (HttpServletResponse) accessContext.getAttribute(AccessFilter.SERVLET_RESPONSE);
        if (httpServletResponse.isCommitted()) {
            logger.warn(" response is already committed ");
        }
        if (HttpConstants.BASIC_AUTH.equalsIgnoreCase(((AbstractAuthenticationBindings) this).authScheme)) {
            HttpServletCallbackHandler.buildBasicChallenge(httpServletResponse, (String) httpServletRequest.getSession(true).getServletContext().getAttribute("applicationName"));
            return false;
        }
        if (((AbstractAuthenticationBindings) this).authenticationFailedPermission == null || ((AbstractAuthenticationBindings) this).authenticationFailedPermission.getURI().equals("")) {
            ((AbstractAuthenticationBindings) this).authZbindings.accessDenied(accessContext);
            return true;
        }
        try {
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(new StringBuffer().append(httpServletRequest.getContextPath()).append(((AbstractAuthenticationBindings) this).authenticationFailedPermission.getURI()).toString()));
            logger.debug(new StringBuffer().append("authentication failed redirect to ").append(((AbstractAuthenticationBindings) this).authenticationFailedPermission.getURI()).toString());
            logger.debug(new StringBuffer().append(" NOT BASIC AUTHENTICATION - user is not authenticated  redirect to ").append(httpServletRequest.getContextPath()).append(((AbstractAuthenticationBindings) this).authenticationFailedPermission.getURI()).toString());
            return true;
        } catch (IOException e) {
            logger.error(e.getMessage(), e);
            return false;
        }
    }

    public boolean authenticationSucceed(AccessContext accessContext) {
        accessContext.setAttribute("redirect", "true");
        HttpServletRequest httpServletRequest = (HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST);
        HttpServletResponse httpServletResponse = (HttpServletResponse) accessContext.getAttribute(AccessFilter.SERVLET_RESPONSE);
        String str = this.indexURI;
        URLPermission uRLPermission = (URLPermission) getSessionAttribute(accessContext, "lastAccessDeniedPermission");
        String uri = uRLPermission == null ? this.logonURI : uRLPermission.getURI();
        AuthenticationUtils authenticationUtils = getAuthenticationUtils(accessContext);
        if (!httpServletResponse.isCommitted()) {
            setSessionAttribute(accessContext, "authenticationUtils", authenticationUtils);
        }
        if (uri != null && !"".equals(uri)) {
            if (((AbstractAuthenticationBindings) this).goToLastAccessDeniedUriOnSuccess) {
                str = uri;
            } else if (!HttpAccessControllerUtils.hasPermission(httpServletRequest, ((AbstractAuthenticationBindings) this).indexPermission)) {
                str = this.logonURI;
            }
        }
        logger.debug(" user is authenticated ", new StringBuffer().append(" redirect to ").append(str).toString());
        if (httpServletResponse.isCommitted()) {
            return true;
        }
        try {
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(new StringBuffer().append(httpServletRequest.getContextPath()).append(str).toString()));
            return true;
        } catch (IOException e) {
            logger.error(e.getMessage(), e);
            return false;
        }
    }

    @Override // net.sf.jguard.jee.authentication.http.AbstractJEEAuthenticationBindings
    protected void init(Map map) {
        this.indexURI = (String) map.get(HttpConstants.INDEX_URI);
        ((AbstractAuthenticationBindings) this).indexPermission = new URLPermission(HttpConstants.INDEX_URI, this.indexURI);
        ((AbstractAuthenticationBindings) this).authenticationFailedPermission = new URLPermission(HttpConstants.AUTHENTICATION_FAILED_URI, (String) map.get(HttpConstants.AUTHENTICATION_FAILED_URI));
        ((AbstractAuthenticationBindings) this).logonProcessPermission = new URLPermission(HttpConstants.LOGON_PROCESS_URI, (String) map.get(HttpConstants.LOGON_PROCESS_URI));
        AbstractAuthenticationBindings.logonPermission = new URLPermission(HttpConstants.LOGON_URI, (String) map.get(HttpConstants.LOGON_URI));
        ((AbstractAuthenticationBindings) this).logoffPermission = new URLPermission(HttpConstants.LOGOFF_URI, (String) map.get(HttpConstants.LOGOFF_URI));
        ((AbstractAuthenticationBindings) this).authScheme = (String) map.get("authScheme");
        HttpServletCallbackHandler.setAuthSchemes(((AbstractAuthenticationBindings) this).authScheme);
        ((AbstractAuthenticationBindings) this).authSchemes = AuthSchemesHelper.validateAuthScheme(((AbstractAuthenticationBindings) this).authScheme);
        if (((AbstractAuthenticationBindings) this).authSchemes.contains(HttpConstants.FORM_AUTH)) {
            HttpServletCallbackHandler.setLoginField((String) map.get(HttpConstants.LOGIN_FIELD));
            HttpServletCallbackHandler.setPasswordField((String) map.get(HttpConstants.PASSWORD_FIELD));
        }
        String str = (String) map.get(HttpConstants.GO_TO_LAST_ACCESS_DENIED_URI_ON_SUCCESS);
        if ("false".equalsIgnoreCase(str) || "no".equalsIgnoreCase(str)) {
            ((AbstractAuthenticationBindings) this).goToLastAccessDeniedUriOnSuccess = false;
        }
    }

    public CallbackHandler getCallbackHandler(AccessContext accessContext) {
        return new HttpServletCallbackHandler((HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST), (HttpServletResponse) accessContext.getAttribute(AccessFilter.SERVLET_RESPONSE));
    }

    public Object getSessionAttribute(AccessContext accessContext, String str) {
        return ((HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST)).getSession(true).getAttribute(str);
    }

    public void setSessionAttribute(AccessContext accessContext, String str, Object obj) {
        ((HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST)).getSession(true).setAttribute(str, obj);
    }

    public void removeSessionAttribute(AccessContext accessContext, String str) {
        ((HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST)).getSession(true).removeAttribute(str);
    }

    public void removeApplicationAttribute(AccessContext accessContext, String str) {
        ((HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST)).getSession(true).getServletContext().removeAttribute(str);
    }

    public void removeRequestAttribute(AccessContext accessContext, String str) {
        ((HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST)).removeAttribute(str);
    }

    public void setRequestAttribute(AccessContext accessContext, String str, Object obj) {
        ((HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST)).setAttribute(str, obj);
    }

    public void setApplicationAttribute(AccessContext accessContext, String str, Object obj) {
        ((HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST)).getSession(true).getServletContext().setAttribute(str, obj);
    }

    public Object getRequestAttribute(AccessContext accessContext, String str) {
        return ((HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST)).getAttribute(str);
    }

    public Object getApplicationAttribute(AccessContext accessContext, String str) {
        return ((HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST)).getSession(true).getServletContext().getAttribute(str);
    }

    public boolean isStateful() {
        return true;
    }

    public void invalidateSession(AccessContext accessContext) {
        HttpSession session = ((HttpServletRequest) accessContext.getAttribute(AccessFilter.SERVLET_REQUEST)).getSession(false);
        if (session != null) {
            session.invalidate();
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$net$sf$jguard$jee$authentication$http$HttpServletAuthenticationBindings == null) {
            cls = class$("net.sf.jguard.jee.authentication.http.HttpServletAuthenticationBindings");
            class$net$sf$jguard$jee$authentication$http$HttpServletAuthenticationBindings = cls;
        } else {
            cls = class$net$sf$jguard$jee$authentication$http$HttpServletAuthenticationBindings;
        }
        logger = LoggerFactory.getLogger(cls.getName());
    }
}
