package org.codehaus.plexus.security.ui.web.action;

import com.opensymphony.webwork.ServletActionContext;
import com.opensymphony.xwork.Action;
import org.codehaus.plexus.security.authentication.AuthenticationDataSource;
import org.codehaus.plexus.security.authentication.AuthenticationException;
import org.codehaus.plexus.security.keys.KeyManagerException;
import org.codehaus.plexus.security.policy.AccountLockedException;
import org.codehaus.plexus.security.system.SecuritySession;
import org.codehaus.plexus.security.system.SecuritySystem;
import org.codehaus.plexus.security.system.SecuritySystemConstants;
import org.codehaus.plexus.security.ui.web.util.CookieUtils;
import org.codehaus.plexus.security.user.UserNotFoundException;
import org.codehaus.plexus.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/plexus-security-ui-web-integration-1.0-alpha-4.jar:org/codehaus/plexus/security/ui/web/action/AbstractAuthenticationAction.class */
public abstract class AbstractAuthenticationAction extends AbstractSecurityAction {
    static final String LOGIN_SUCCESS = "security-login-success";
    static final String LOGIN_CANCEL = "security-login-cancel";
    static final String PASSWORD_CHANGE = "must-change-password";
    static final String ACCOUNT_LOCKED = "security-login-locked";
    private String domain;
    private String webappContext;

    /* JADX INFO: Access modifiers changed from: protected */
    public String webLogin(SecuritySystem securitySystem, AuthenticationDataSource authenticationDataSource, boolean z) {
        int lastIndexOf;
        setAuthTokens(null);
        clearErrorsAndMessages();
        if (StringUtils.isEmpty(this.domain)) {
            this.domain = new StringBuffer().append(".").append(ServletActionContext.getRequest().getServerName()).toString();
            int lastIndexOf2 = this.domain.lastIndexOf(46);
            if (lastIndexOf2 > 0 && (lastIndexOf = this.domain.lastIndexOf(46, lastIndexOf2 - 1)) > 0) {
                this.domain = this.domain.substring(lastIndexOf);
            }
        }
        if (StringUtils.isEmpty(this.webappContext)) {
            this.webappContext = ServletActionContext.getRequest().getContextPath();
            if (StringUtils.isEmpty(this.webappContext)) {
                this.webappContext = "/";
            }
        }
        try {
            SecuritySession authenticate = securitySystem.authenticate(authenticationDataSource);
            if (!authenticate.getAuthenticationResult().isAuthenticated()) {
                getLogger().debug(new StringBuffer().append("Login Action failed against principal : ").append(authenticate.getAuthenticationResult().getPrincipal()).toString(), authenticate.getAuthenticationResult().getException());
                addActionError("Authentication failed");
                return Action.ERROR;
            }
            setAuthTokens(authenticate);
            if (z) {
                try {
                    int cookieTimeout = securitySystem.getPolicy().getRememberMeSettings().getCookieTimeout();
                    CookieUtils.setCookie(ServletActionContext.getResponse(), this.domain, SecuritySystemConstants.REMEMBER_ME_KEY, securitySystem.getKeyManager().createKey(authenticationDataSource.getPrincipal(), "Remember Me Key", cookieTimeout).getKey(), this.webappContext, cookieTimeout);
                } catch (KeyManagerException e) {
                    getLogger().warn("Unable to set remember me cookie.");
                }
            }
            if (securitySystem.getPolicy().getSingleSignOnSettings().isEnabled()) {
                try {
                    CookieUtils.setCookie(ServletActionContext.getResponse(), this.domain, SecuritySystemConstants.SINGLE_SIGN_ON_KEY, securitySystem.getKeyManager().createKey(authenticationDataSource.getPrincipal(), "Single Sign On Key", securitySystem.getPolicy().getSingleSignOnSettings().getCookieTimeout()).getKey(), "/", -1);
                } catch (KeyManagerException e2) {
                    getLogger().warn("Unable to set single sign on cookie.");
                }
            }
            return authenticate.getUser().isPasswordChangeRequired() ? PASSWORD_CHANGE : LOGIN_SUCCESS;
        } catch (AuthenticationException e3) {
            addActionError(e3.getMessage());
            return Action.ERROR;
        } catch (AccountLockedException e4) {
            addActionError("Your Account is Locked.");
            return ACCOUNT_LOCKED;
        } catch (UserNotFoundException e5) {
            addActionError(e5.getMessage());
            return Action.ERROR;
        }
    }
}
