package net.sf.jguard.jee.authentication.http;

import java.io.IOException;
import java.security.AccessController;
import java.security.Permission;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import net.sf.jguard.core.authorization.permissions.URLPermission;
import net.sf.jguard.ext.AccessContext;
import net.sf.jguard.ext.authentication.AuthenticationPhases;
import net.sf.jguard.ext.util.XMLUtils;
import net.sf.jguard.jee.authentication.callbacks.HttpServletCallbackHandler;
import net.sf.jguard.jee.authorization.http.HttpPermissionFactory;
import net.sf.jguard.jee.authorization.http.PermissionFactory;
import org.dom4j.Element;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/sf/jguard/jee/authentication/http/HttpServletAuthenticationPhases.class */
public class HttpServletAuthenticationPhases implements AuthenticationPhases {
    public static final Logger logger;
    private String indexURI;
    private boolean goToLastAccessDeniedUriOnSuccess;
    private URLPermission registerProcessPermission;
    private String registerURI;
    private URLPermission logonProcessPermission;
    private static URLPermission logonPermission;
    private String logonURIStr;
    private URLPermission logoffPermission;
    static Class class$net$sf$jguard$jee$authentication$http$HttpServletAuthenticationPhases;
    private String authScheme = null;
    private URLPermission authenticationFailedPermission = null;
    private boolean local = false;
    private PermissionFactory permissionFactory = new HttpPermissionFactory();

    public void init(String str, String str2) {
        setSettings(loadFilterConfiguration(str));
        if ("jvm".equalsIgnoreCase(str2)) {
            this.local = false;
        } else {
            this.local = true;
        }
    }

    private void setSettings(Map map) {
        this.indexURI = (String) map.get(HttpConstants.INDEX_URI);
        this.authenticationFailedPermission = new URLPermission(HttpConstants.AUTHENTICATION_FAILED_URI, (String) map.get(HttpConstants.AUTHENTICATION_FAILED_URI));
        this.logonProcessPermission = new URLPermission(HttpConstants.LOGON_PROCESS_URI, (String) map.get(HttpConstants.LOGON_PROCESS_URI));
        this.logonURIStr = (String) map.get(HttpConstants.LOGON_URI);
        logonPermission = new URLPermission(HttpConstants.LOGON_URI, this.logonURIStr);
        this.logoffPermission = new URLPermission(HttpConstants.LOGOFF_URI, (String) map.get(HttpConstants.LOGOFF_URI));
        this.registerProcessPermission = new URLPermission(HttpConstants.REGISTER_PROCESS_URI, (String) map.get(HttpConstants.REGISTER_PROCESS_URI));
        this.registerURI = (String) map.get(HttpConstants.REGISTER_URI);
        this.authScheme = (String) map.get("authScheme");
        HttpServletCallbackHandler.setAuthScheme(this.authScheme);
        if (AuthSchemesHelper.validateAuthScheme(this.authScheme).contains(HttpConstants.FORM_AUTH)) {
            HttpServletCallbackHandler.setLoginField((String) map.get(HttpConstants.LOGIN_FIELD));
            HttpServletCallbackHandler.setPasswordField((String) map.get(HttpConstants.PASSWORD_FIELD));
        }
        String str = (String) map.get(HttpConstants.GO_TO_LAST_ACCESS_DENIED_URI_ON_SUCCESS);
        if ("false".equalsIgnoreCase(str) || "no".equalsIgnoreCase(str)) {
            this.goToLastAccessDeniedUriOnSuccess = false;
        }
    }

    public void logonProcess(AccessContext accessContext) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) accessContext.getParameter("servletRequest");
        HttpServletResponse httpServletResponse = (HttpServletResponse) accessContext.getParameter("servletResponse");
        HttpSession session = httpServletRequest.getSession(true);
        Subject subject = HttpAuthenticationUtils.getSubject(session);
        if (!HttpConstants.BASIC_AUTH.equalsIgnoreCase(this.authScheme)) {
            logger.debug(new StringBuffer().append(" AUTHENTICATION TYPE =").append(this.authScheme).append("  authenticate phase  ").toString());
            authenticate(accessContext);
            return;
        }
        String header = httpServletRequest.getHeader(HttpServletCallbackHandler.AUTHORIZATION);
        logger.debug(new StringBuffer().append("authorizationHeader=").append(header).toString());
        if (subject == null) {
            new JGuardServletRequestWrapper(httpServletRequest).setHeader(HttpServletCallbackHandler.AUTHORIZATION, HttpServletCallbackHandler.buildBasicAuthHeader("guest", "guest", httpServletRequest.getCharacterEncoding()));
            logger.debug(" BASIC authentication subject is null  authenticate phase ");
            authenticate(accessContext);
            return;
        }
        if (header == null || !header.startsWith("Basic ")) {
            logger.debug(new StringBuffer().append(" subject is not null but BASIC HEADER is incorrect ").append(header).toString(), " jGuard build BASIC challenge  ");
            HttpServletCallbackHandler.buildBasicChallenge(httpServletResponse, (String) session.getServletContext().getAttribute("applicationName"));
        } else {
            logger.debug(" BASIC AUTHENTICATION TYPE   authenticate phase  ");
            authenticate(accessContext);
        }
    }

    public void logoff(AccessContext accessContext) {
        HttpSession session = ((HttpServletRequest) accessContext.getParameter("servletRequest")).getSession();
        HttpAuthenticationUtils httpAuthenticationUtils = (HttpAuthenticationUtils) session.getAttribute(HttpConstants.AUTHN_UTILS);
        if (httpAuthenticationUtils != null) {
            httpAuthenticationUtils.logout();
            logger.debug(" user logoff ");
        }
        session.removeAttribute(HttpConstants.AUTHN_UTILS);
        if (logger.isDebugEnabled()) {
            logger.debug("doFilter() -  user logoff ");
        }
        try {
            session.invalidate();
        } catch (IllegalStateException e) {
            logger.debug(" session is already invalidated ");
        }
    }

    public boolean authenticate(AccessContext accessContext) {
        try {
            return postAuthenticationProcess(accessContext, !HttpAuthenticationUtils.authenticate((HttpServletRequest) accessContext.getParameter("servletRequest"), (HttpServletResponse) accessContext.getParameter("servletResponse"), false, this.local));
        } catch (IOException e) {
            logger.error(e.getMessage());
            return false;
        }
    }

    public void process(AccessContext accessContext) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) accessContext.getParameter("servletRequest");
        HttpServletResponse httpServletResponse = (HttpServletResponse) accessContext.getParameter("servletResponse");
        try {
            ((FilterChain) accessContext.getParameter("filterChain")).doFilter(new JGuardServletRequestWrapper(httpServletRequest), httpServletResponse);
        } catch (IOException e) {
            throw new RuntimeException(e.getMessage());
        } catch (ServletException e2) {
            throw new RuntimeException(e2.getMessage());
        }
    }

    public void accessDenied(AccessContext accessContext) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) accessContext.getParameter("servletRequest");
        HttpServletResponse httpServletResponse = (HttpServletResponse) accessContext.getParameter("servletResponse");
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append(" access denied to ").append(httpServletRequest.getRequestURI()).toString());
        }
        logger.debug(new StringBuffer().append(" access is denied to ").append(httpServletRequest.getRequestURI()).append(" accessDeniedURI is not defined  jGuard send 401 http code ").toString());
        httpServletResponse.setStatus(401);
        try {
            httpServletResponse.sendError(401, new StringBuffer().append("access is denied to ").append(httpServletRequest.getRequestURI()).toString());
        } catch (IOException e) {
            try {
                httpServletResponse.sendError(500);
            } catch (IOException e2) {
                throw new RuntimeException(e2.getMessage());
            }
        }
    }

    public void redirectToLogon(AccessContext accessContext) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) accessContext.getParameter("servletRequest");
        HttpServletResponse httpServletResponse = (HttpServletResponse) accessContext.getParameter("servletResponse");
        try {
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(new StringBuffer().append(httpServletRequest.getContextPath()).append(this.logonURIStr).toString()));
        } catch (IOException e) {
            throw new RuntimeException(e.getMessage());
        }
    }

    public Subject getSubject(AccessContext accessContext) {
        return HttpAuthenticationUtils.getSubject(((HttpServletRequest) accessContext.getParameter("servletRequest")).getSession(true));
    }

    public Permission getPermissionRequested(AccessContext accessContext) {
        return this.permissionFactory.getPermission((HttpServletRequest) accessContext.getParameter("servletRequest"));
    }

    public void setLastAccessDeniedPermission(AccessContext accessContext, Permission permission) {
        if (permission instanceof URLPermission) {
            ((HttpServletRequest) accessContext.getParameter("servletRequest")).getSession(true).setAttribute(HttpConstants.LAST_ACCESS_DENIED_URI, ((URLPermission) permission).getURI());
        }
    }

    public Permission getAuthenticationFailedPermission() {
        return this.authenticationFailedPermission;
    }

    public Permission getLogonPermission() {
        return logonPermission;
    }

    public Permission getLogonProcessPermission() {
        return this.logonProcessPermission;
    }

    public Permission getLogoffPermission() {
        return this.logoffPermission;
    }

    private boolean postAuthenticationProcess(AccessContext accessContext, boolean z) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) accessContext.getParameter("servletRequest");
        HttpServletResponse httpServletResponse = (HttpServletResponse) accessContext.getParameter("servletResponse");
        HttpAuthenticationUtils.getSubject(httpServletRequest.getSession(true));
        if (z) {
            if (httpServletResponse.isCommitted()) {
                logger.warn(" response is already committed ");
            }
            if (HttpConstants.BASIC_AUTH.equalsIgnoreCase(this.authScheme)) {
                HttpServletCallbackHandler.buildBasicChallenge(httpServletResponse, (String) httpServletRequest.getSession(true).getServletContext().getAttribute("applicationName"));
                return !z;
            }
            logger.debug(new StringBuffer().append("authentication failed redirect to ").append(this.authenticationFailedPermission.getURI()).toString());
            if (this.authenticationFailedPermission == null || this.authenticationFailedPermission.getURI().equals("")) {
                accessDenied(accessContext);
            } else {
                try {
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(new StringBuffer().append(httpServletRequest.getContextPath()).append(this.authenticationFailedPermission.getURI()).toString()));
                    logger.debug(new StringBuffer().append(" NOT BASIC AUTHENTICATION - user is not authenticated  redirect to ").append(httpServletRequest.getContextPath()).append(this.authenticationFailedPermission.getURI()).toString());
                } catch (IOException e) {
                    logger.error(e.getMessage());
                    return false;
                }
            }
        } else {
            HttpSession session = httpServletRequest.getSession(true);
            String str = this.indexURI;
            String str2 = (String) session.getAttribute(HttpConstants.LAST_ACCESS_DENIED_URI);
            HttpAuthenticationUtils httpAuthenticationUtils = HttpAuthenticationUtils.getHttpAuthenticationUtils(httpServletRequest, this.local);
            httpAuthenticationUtils.getSubject();
            if (!httpServletResponse.isCommitted()) {
                session.removeAttribute(HttpConstants.AUTHN_UTILS);
                session.invalidate();
                httpServletRequest.getSession(true).setAttribute(HttpConstants.AUTHN_UTILS, httpAuthenticationUtils);
            }
            if (str2 != null && str2 != "") {
                if (this.goToLastAccessDeniedUriOnSuccess) {
                    str = str2;
                } else {
                    try {
                        AccessController.checkPermission(new URLPermission(HttpConstants.INDEX_URI, this.indexURI));
                    } catch (SecurityException e2) {
                        str = this.logonURIStr;
                    }
                }
            }
            logger.debug(" user is authenticated ", new StringBuffer().append(" redirect to ").append(str).toString());
            if (!httpServletResponse.isCommitted()) {
                try {
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(new StringBuffer().append(httpServletRequest.getContextPath()).append(str).toString()));
                } catch (IOException e3) {
                    logger.error(e3.getMessage());
                    return false;
                }
            }
        }
        return !z;
    }

    private Map loadFilterConfiguration(String str) {
        Element element = XMLUtils.read(str).getRootElement().element(HttpConstants.FILTER);
        HashMap hashMap = new HashMap();
        hashMap.put(HttpConstants.INDEX_URI, element.element(HttpConstants.INDEX_URI).getTextTrim());
        hashMap.put(HttpConstants.AUTHENTICATION_FAILED_URI, element.element(HttpConstants.AUTHENTICATION_FAILED_URI).getTextTrim());
        if (element.element(HttpConstants.REGISTER_PROCESS_URI) != null) {
            hashMap.put(HttpConstants.REGISTER_PROCESS_URI, element.element(HttpConstants.REGISTER_PROCESS_URI).getTextTrim());
        }
        if (element.element(HttpConstants.REGISTER_URI) != null) {
            hashMap.put(HttpConstants.REGISTER_URI, element.element(HttpConstants.REGISTER_URI).getTextTrim());
        }
        hashMap.put(HttpConstants.LOGON_PROCESS_URI, element.element(HttpConstants.LOGON_PROCESS_URI).getTextTrim());
        hashMap.put(HttpConstants.LOGON_URI, element.element(HttpConstants.LOGON_URI).getTextTrim());
        hashMap.put(HttpConstants.LOGOFF_URI, element.element(HttpConstants.LOGOFF_URI).getTextTrim());
        hashMap.put("authScheme", element.element("authScheme").getTextTrim());
        Element element2 = element.element(HttpConstants.LOGIN_FIELD);
        if (element2 != null) {
            hashMap.put(HttpConstants.LOGIN_FIELD, element2.getTextTrim());
        }
        Element element3 = element.element(HttpConstants.PASSWORD_FIELD);
        if (element3 != null) {
            hashMap.put(HttpConstants.PASSWORD_FIELD, element3.getTextTrim());
        }
        Element element4 = element.element(HttpConstants.GO_TO_LAST_ACCESS_DENIED_URI_ON_SUCCESS);
        if (element4 != null) {
            hashMap.put(HttpConstants.GO_TO_LAST_ACCESS_DENIED_URI_ON_SUCCESS, element4.getTextTrim());
        }
        return hashMap;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$net$sf$jguard$jee$authentication$http$HttpServletAuthenticationPhases == null) {
            cls = class$("net.sf.jguard.jee.authentication.http.HttpServletAuthenticationPhases");
            class$net$sf$jguard$jee$authentication$http$HttpServletAuthenticationPhases = cls;
        } else {
            cls = class$net$sf$jguard$jee$authentication$http$HttpServletAuthenticationPhases;
        }
        logger = LoggerFactory.getLogger(cls.getName());
    }
}
