package org.hippoecm.hst.security.servlet;

import freemarker.cache.ClassTemplateLoader;
import freemarker.template.Configuration;
import freemarker.template.DefaultObjectWrapper;
import freemarker.template.Template;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.UUID;
import javax.jcr.Credentials;
import javax.jcr.SimpleCredentials;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.lang.StringUtils;
import org.hippoecm.hst.configuration.model.HstManager;
import org.hippoecm.hst.core.container.ContainerConstants;
import org.hippoecm.hst.core.request.ResolvedVirtualHost;
import org.hippoecm.hst.security.PolicyContextWrapper;
import org.hippoecm.hst.site.HstServices;
import org.hippoecm.hst.util.HstRequestUtils;
import org.hippoecm.hst.util.ServletConfigUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.AdviceModeImportSelector;
import org.springframework.web.servlet.tags.form.ErrorsTag;

/* loaded from: input_file:WEB-INF/lib/hst-security-2.28.07.jar:org/hippoecm/hst/security/servlet/LoginServlet.class */
public class LoginServlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    public static final String DEFAULT_LOGIN_RESOURCE_PATH = "/login/resource";
    public static final String MODE_LOGIN_FORM = "form";
    public static final String MODE_LOGIN_PROXY = "proxy";
    public static final String MODE_LOGIN_LOGIN = "login";
    public static final String MODE_LOGIN_RESOURCE = "resource";
    public static final String MODE_LOGIN_LOGOUT = "logout";
    public static final String MODE_LOGIN_ERROR = "error";
    protected String requestCharacterEncoding;
    protected String defaultLoginFormPagePath;
    protected String defaultLoginResourcePath;
    protected String defaultLoginSecurityCheckFormPagePath;
    protected String defaultLoginErrorPagePath;
    private Configuration freeMarkerConfiguration;
    public static final String BASE_NAME = LoginServlet.class.getPackage().getName();
    public static final String DESTINATION = "destination";
    public static final String DESTINATION_ATTR_NAME = BASE_NAME + "." + DESTINATION;
    public static final String USERNAME = "username";
    public static final String USERNAME_ATTR_NAME = BASE_NAME + "." + USERNAME;
    public static final String PASSWORD = "password";
    public static final String PASSWORD_ATTR_NAME = BASE_NAME + "." + PASSWORD;
    private static final String RESOURCE_BUNDLE_BASE_NAME = LoginServlet.class.getName();
    private static Logger log = LoggerFactory.getLogger(LoginServlet.class);

    public void init(ServletConfig servletConfig) throws ServletException {
        this.requestCharacterEncoding = ServletConfigUtils.getInitParameter(servletConfig, null, "requestCharacterEncoding", null);
        this.defaultLoginFormPagePath = ServletConfigUtils.getInitParameter(servletConfig, null, "loginFormPagePath", null);
        this.defaultLoginResourcePath = ServletConfigUtils.getInitParameter(servletConfig, null, "loginResource", DEFAULT_LOGIN_RESOURCE_PATH);
        this.defaultLoginSecurityCheckFormPagePath = ServletConfigUtils.getInitParameter(servletConfig, null, "loginSecurityCheckFormPagePath", null);
        this.defaultLoginErrorPagePath = ServletConfigUtils.getInitParameter(servletConfig, null, "loginErrorPage", null);
        this.freeMarkerConfiguration = new Configuration();
        this.freeMarkerConfiguration.setObjectWrapper(new DefaultObjectWrapper());
        this.freeMarkerConfiguration.setTemplateLoader(new ClassTemplateLoader(getClass(), ""));
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        resolveVirtualHost(httpServletRequest);
        if (this.requestCharacterEncoding != null) {
            httpServletRequest.setCharacterEncoding(this.requestCharacterEncoding);
        }
        String mode = getMode(httpServletRequest);
        if (MODE_LOGIN_FORM.equals(mode)) {
            doLoginForm(httpServletRequest, httpServletResponse);
            return;
        }
        if (MODE_LOGIN_PROXY.equals(mode)) {
            doLoginProxy(httpServletRequest, httpServletResponse);
            return;
        }
        if ("resource".equals(mode)) {
            doLoginResource(httpServletRequest, httpServletResponse);
            return;
        }
        if (MODE_LOGIN_LOGOUT.equals(mode)) {
            doLoginLogout(httpServletRequest, httpServletResponse);
        } else if ("error".equals(mode)) {
            doLoginError(httpServletRequest, httpServletResponse);
        } else {
            doLoginLogin(httpServletRequest, httpServletResponse);
        }
    }

    public final void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        doGet(httpServletRequest, httpServletResponse);
    }

    protected String getMode(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(AdviceModeImportSelector.DEFAULT_ADVICE_MODE_ATTRIBUTE_NAME);
        if (parameter == null) {
            String requestURI = HstRequestUtils.getRequestURI(httpServletRequest, true);
            parameter = requestURI.substring(requestURI.lastIndexOf(47) + 1);
        }
        return parameter;
    }

    protected void doLoginForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String requestOrSessionAttributeAsString = getRequestOrSessionAttributeAsString(httpServletRequest, BASE_NAME + ".loginFormPagePath", this.defaultLoginFormPagePath);
        if (requestOrSessionAttributeAsString != null) {
            httpServletRequest.getRequestDispatcher(requestOrSessionAttributeAsString).forward(httpServletRequest, httpServletResponse);
        } else {
            renderLoginFormPage(httpServletRequest, httpServletResponse);
        }
    }

    protected void doLoginProxy(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        HttpSession session = httpServletRequest.getSession(true);
        String parameter = httpServletRequest.getParameter(DESTINATION);
        if (parameter != null) {
            session.setAttribute(DESTINATION_ATTR_NAME, parameter);
        } else {
            session.removeAttribute(DESTINATION_ATTR_NAME);
        }
        String parameter2 = httpServletRequest.getParameter(USERNAME);
        if (parameter2 != null) {
            session.setAttribute(USERNAME_ATTR_NAME, parameter2);
        } else {
            session.removeAttribute(USERNAME_ATTR_NAME);
        }
        String parameter3 = httpServletRequest.getParameter(PASSWORD);
        if (parameter3 != null) {
            session.setAttribute(PASSWORD_ATTR_NAME, parameter3);
        } else {
            session.removeAttribute(PASSWORD_ATTR_NAME);
        }
        String requestOrSessionAttributeAsString = getRequestOrSessionAttributeAsString(httpServletRequest, BASE_NAME + ".loginResourcePath", this.defaultLoginResourcePath);
        String str = isContextPathInUrl(httpServletRequest) ? getBaseURL(httpServletRequest) + httpServletResponse.encodeURL(httpServletRequest.getContextPath() + requestOrSessionAttributeAsString) : getBaseURL(httpServletRequest) + httpServletResponse.encodeURL(requestOrSessionAttributeAsString);
        String uuid = UUID.randomUUID().toString();
        String str2 = str.contains("?") ? str + "&token=" + uuid : str + "?token=" + uuid;
        session.setAttribute(ContainerConstants.HST_JAAS_LOGIN_ATTEMPT_RESOURCE_URL_ATTR, str2);
        session.setAttribute(ContainerConstants.HST_JAAS_LOGIN_ATTEMPT_RESOURCE_TOKEN, uuid);
        httpServletResponse.sendRedirect(str2);
    }

    protected void doLoginLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        if (httpServletRequest.getUserPrincipal() == null) {
            String requestOrSessionAttributeAsString = getRequestOrSessionAttributeAsString(httpServletRequest, BASE_NAME + ".loginSecurityCheckFormPagePath", this.defaultLoginSecurityCheckFormPagePath);
            if (requestOrSessionAttributeAsString != null) {
                httpServletRequest.getRequestDispatcher(requestOrSessionAttributeAsString).forward(httpServletRequest, httpServletResponse);
                return;
            } else {
                renderAutoLoginPage(httpServletRequest, httpServletResponse);
                return;
            }
        }
        String str = null;
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            str = (String) session.getAttribute(DESTINATION_ATTR_NAME);
        }
        httpServletResponse.sendRedirect(httpServletResponse.encodeURL(getFullyQualifiedURL(httpServletRequest, normalizeDestination(str, httpServletRequest))));
    }

    protected void doLoginResource(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        Credentials createSubjectRepositoryCredentials;
        String str = null;
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            if (!PolicyContextWrapper.isAvailable() && (createSubjectRepositoryCredentials = createSubjectRepositoryCredentials(httpServletRequest)) != null) {
                session.setAttribute("org.hippoecm.hst.security.servlet.subject.repo.creds", createSubjectRepositoryCredentials);
            }
            session.removeAttribute(USERNAME_ATTR_NAME);
            session.removeAttribute(PASSWORD_ATTR_NAME);
            str = (String) session.getAttribute(DESTINATION_ATTR_NAME);
            if (str != null) {
                session.removeAttribute(DESTINATION_ATTR_NAME);
            }
        }
        httpServletResponse.sendRedirect(httpServletResponse.encodeURL(getFullyQualifiedURL(httpServletRequest, normalizeDestination(str, httpServletRequest))));
    }

    protected void doLoginLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String normalizeDestination = normalizeDestination(httpServletRequest.getParameter(DESTINATION), httpServletRequest);
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            session.invalidate();
        }
        httpServletResponse.sendRedirect(httpServletResponse.encodeURL(getFullyQualifiedURL(httpServletRequest, normalizeDestination)));
    }

    protected void doLoginError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String requestOrSessionAttributeAsString = getRequestOrSessionAttributeAsString(httpServletRequest, BASE_NAME + ".loginErrorPagePath", this.defaultLoginErrorPagePath);
        if (requestOrSessionAttributeAsString != null) {
            httpServletRequest.getRequestDispatcher(requestOrSessionAttributeAsString).forward(httpServletRequest, httpServletResponse);
        } else {
            renderLoginErrorPage(httpServletRequest, httpServletResponse);
        }
    }

    protected String normalizeDestination(String str, HttpServletRequest httpServletRequest) {
        if (str == null || "".equals(str.trim())) {
            str = isContextPathInUrl(httpServletRequest) ? httpServletRequest.getContextPath() + "/" : "/";
        }
        return str;
    }

    protected Credentials createSubjectRepositoryCredentials(HttpServletRequest httpServletRequest) {
        String str = (String) httpServletRequest.getSession().getAttribute(USERNAME_ATTR_NAME);
        String str2 = (String) httpServletRequest.getSession().getAttribute(PASSWORD_ATTR_NAME);
        if (str != null && str2 != null) {
            return new SimpleCredentials(str, str2.toCharArray());
        }
        log.warn("Invalid username or password: " + str);
        return null;
    }

    protected void renderLoginFormPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String defaultString = StringUtils.defaultString(httpServletRequest.getParameter(USERNAME));
        String defaultString2 = StringUtils.defaultString(httpServletRequest.getParameter(DESTINATION));
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            if (StringUtils.isBlank(defaultString)) {
                defaultString = StringUtils.defaultString((String) session.getAttribute(USERNAME_ATTR_NAME));
            }
            if (StringUtils.isBlank(defaultString2)) {
                defaultString2 = normalizeDestination((String) session.getAttribute(DESTINATION_ATTR_NAME), httpServletRequest);
            }
            if (BooleanUtils.toBoolean(httpServletRequest.getParameter("invalidate"))) {
                session.invalidate();
            }
        }
        HashMap hashMap = new HashMap();
        hashMap.put("j_username", defaultString);
        hashMap.put(DESTINATION, httpServletResponse.encodeURL(defaultString2));
        renderTemplatePage(httpServletRequest, httpServletResponse, "login_form.ftl", hashMap);
    }

    protected void renderAutoLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String encodeURL = httpServletResponse.encodeURL("j_security_check");
        String str = "";
        String str2 = "";
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            str = StringUtils.defaultString((String) session.getAttribute(USERNAME_ATTR_NAME));
            str2 = StringUtils.defaultString((String) session.getAttribute(PASSWORD_ATTR_NAME));
        }
        HashMap hashMap = new HashMap();
        hashMap.put("j_security_check", encodeURL);
        hashMap.put("j_username", str);
        hashMap.put("j_password", str2);
        renderTemplatePage(httpServletRequest, httpServletResponse, "login_security_check.ftl", hashMap);
    }

    protected void renderLoginErrorPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String str = "";
        String str2 = "";
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            str = StringUtils.defaultString((String) session.getAttribute(USERNAME_ATTR_NAME));
            str2 = normalizeDestination((String) session.getAttribute(DESTINATION_ATTR_NAME), httpServletRequest);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("j_username", str);
        hashMap.put(DESTINATION, httpServletResponse.encodeURL(str2));
        renderTemplatePage(httpServletRequest, httpServletResponse, "login_failure.ftl", hashMap);
    }

    protected void renderTemplatePage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Map<String, Object> map) throws IOException, ServletException {
        httpServletResponse.setContentType("text/html; charset=UTF-8");
        Template template = this.freeMarkerConfiguration.getTemplate(str);
        PrintWriter writer = httpServletResponse.getWriter();
        HashMap hashMap = new HashMap();
        if (map != null && !map.isEmpty()) {
            for (Map.Entry<String, Object> entry : map.entrySet()) {
                hashMap.put(entry.getKey(), entry.getValue());
            }
        }
        try {
            hashMap.put(ErrorsTag.MESSAGES_ATTRIBUTE, httpServletRequest.getLocale() != null ? ResourceBundle.getBundle(RESOURCE_BUNDLE_BASE_NAME, httpServletRequest.getLocale()) : ResourceBundle.getBundle(RESOURCE_BUNDLE_BASE_NAME));
            hashMap.put("request", httpServletRequest);
            template.process(hashMap, writer);
            writer.flush();
        } catch (Exception e) {
            log.warn("Cannot find resource bundle. " + RESOURCE_BUNDLE_BASE_NAME);
        }
    }

    protected boolean isContextPathInUrl(HttpServletRequest httpServletRequest) {
        ResolvedVirtualHost resolvedVirtualHost;
        if (loginSiteFromTemplateComposer(httpServletRequest) || (resolvedVirtualHost = (ResolvedVirtualHost) httpServletRequest.getAttribute(ContainerConstants.VIRTUALHOSTS_REQUEST_ATTR)) == null) {
            return true;
        }
        return resolvedVirtualHost.getVirtualHost().isContextPathInUrl();
    }

    private boolean loginSiteFromTemplateComposer(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        return (session == null || session.getAttribute(ContainerConstants.RENDERING_HOST) == null) ? false : true;
    }

    private String getRequestOrSessionAttributeAsString(HttpServletRequest httpServletRequest, String str, String str2) {
        HttpSession session;
        String str3 = (String) httpServletRequest.getAttribute(str);
        if (str3 == null && (session = httpServletRequest.getSession(false)) != null) {
            str3 = (String) session.getAttribute(str);
        }
        return str3 != null ? str3 : str2;
    }

    private void resolveVirtualHost(HttpServletRequest httpServletRequest) {
        if (((ResolvedVirtualHost) httpServletRequest.getAttribute(ContainerConstants.VIRTUALHOSTS_REQUEST_ATTR)) != null) {
            return;
        }
        String farthestRequestHost = HstRequestUtils.getFarthestRequestHost(httpServletRequest);
        try {
            httpServletRequest.setAttribute(ContainerConstants.VIRTUALHOSTS_REQUEST_ATTR, ((HstManager) HstServices.getComponentManager().getComponent(HstManager.class.getName())).getVirtualHosts().matchVirtualHost(farthestRequestHost));
        } catch (Exception e) {
            log.warn("Unable to match '" + farthestRequestHost + "' to a hst host. Try to complete request without but contextpath might be included in URLs while not desired", e);
        }
    }

    public static String getBaseURL(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder();
        String farthestRequestScheme = HstRequestUtils.getFarthestRequestScheme(httpServletRequest);
        String farthestRequestHost = HstRequestUtils.getFarthestRequestHost(httpServletRequest, false);
        sb.append(farthestRequestScheme);
        sb.append("://").append(farthestRequestHost);
        return sb.toString();
    }

    public static String getFullyQualifiedURL(HttpServletRequest httpServletRequest, String str) {
        return (str.startsWith("http:") || str.startsWith("https:")) ? str : str.startsWith("/") ? getBaseURL(httpServletRequest) + str : getBaseURL(httpServletRequest) + "/" + str;
    }
}
