package org.eclipse.jetty.security.jaspi.modules;

import java.io.IOException;
import java.io.Serializable;
import java.security.Principal;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionBindingEvent;
import javax.servlet.http.HttpSessionBindingListener;
import org.eclipse.jetty.security.CrossContextPsuedoSession;
import org.eclipse.jetty.security.authentication.DeferredAuthentication;
import org.eclipse.jetty.security.authentication.LoginCallbackImpl;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.URIUtil;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.security.Password;

/* loaded from: input_file:org/eclipse/jetty/security/jaspi/modules/FormAuthModule.class */
public class FormAuthModule extends BaseAuthModule {
    private static final Logger LOG = Log.getLogger(FormAuthModule.class);
    public static final String __J_URI = "org.eclipse.jetty.util.URI";
    public static final String __J_AUTHENTICATED = "org.eclipse.jetty.server.Auth";
    public static final String __J_SECURITY_CHECK = "/j_security_check";
    public static final String __J_USERNAME = "j_username";
    public static final String __J_PASSWORD = "j_password";
    public static final String LOGIN_PAGE_KEY = "org.eclipse.jetty.security.jaspi.modules.LoginPage";
    public static final String ERROR_PAGE_KEY = "org.eclipse.jetty.security.jaspi.modules.ErrorPage";
    public static final String SSO_SOURCE_KEY = "org.eclipse.jetty.security.jaspi.modules.SsoSource";
    private String _formErrorPage;
    private String _formErrorPath;
    private String _formLoginPage;
    private String _formLoginPath;
    private CrossContextPsuedoSession<UserInfo> ssoSource;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/jetty/security/jaspi/modules/FormAuthModule$FormCredential.class */
    public static class FormCredential implements Serializable, HttpSessionBindingListener {
        String _jUserName;
        char[] _jPassword;
        transient Principal _userPrincipal;
        transient Subject _subject;

        private FormCredential(String str, char[] cArr, Principal principal, Subject subject) {
            this._jUserName = str;
            this._jPassword = cArr;
            this._userPrincipal = principal;
            this._subject = subject;
        }

        public void valueBound(HttpSessionBindingEvent httpSessionBindingEvent) {
        }

        public void valueUnbound(HttpSessionBindingEvent httpSessionBindingEvent) {
            if (FormAuthModule.LOG.isDebugEnabled()) {
                FormAuthModule.LOG.debug("Logout " + this._jUserName, new Object[0]);
            }
        }

        public int hashCode() {
            return this._jUserName.hashCode() + this._jPassword.hashCode();
        }

        public boolean equals(Object obj) {
            if (!(obj instanceof FormCredential)) {
                return false;
            }
            FormCredential formCredential = (FormCredential) obj;
            return this._jUserName.equals(formCredential._jUserName) && Arrays.equals(this._jPassword, formCredential._jPassword);
        }

        public String toString() {
            return "Cred[" + this._jUserName + "]";
        }
    }

    public FormAuthModule() {
    }

    public FormAuthModule(CallbackHandler callbackHandler, String str, String str2) {
        super(callbackHandler);
        setLoginPage(str);
        setErrorPage(str2);
    }

    public FormAuthModule(CallbackHandler callbackHandler, CrossContextPsuedoSession<UserInfo> crossContextPsuedoSession, String str, String str2) {
        super(callbackHandler);
        this.ssoSource = crossContextPsuedoSession;
        setLoginPage(str);
        setErrorPage(str2);
    }

    @Override // org.eclipse.jetty.security.jaspi.modules.BaseAuthModule
    public void initialize(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map map) throws AuthException {
        super.initialize(messagePolicy, messagePolicy2, callbackHandler, map);
        setLoginPage((String) map.get(LOGIN_PAGE_KEY));
        setErrorPage((String) map.get(ERROR_PAGE_KEY));
        this.ssoSource = (CrossContextPsuedoSession) map.get(SSO_SOURCE_KEY);
    }

    private void setLoginPage(String str) {
        if (!str.startsWith("/")) {
            LOG.warn("form-login-page must start with /", new Object[0]);
            str = "/" + str;
        }
        this._formLoginPage = str;
        this._formLoginPath = str;
        if (this._formLoginPath.indexOf(63) > 0) {
            this._formLoginPath = this._formLoginPath.substring(0, this._formLoginPath.indexOf(63));
        }
    }

    private void setErrorPage(String str) {
        if (str == null || str.trim().length() == 0) {
            this._formErrorPath = null;
            this._formErrorPage = null;
            return;
        }
        if (!str.startsWith("/")) {
            LOG.warn("form-error-page must start with /", new Object[0]);
            str = "/" + str;
        }
        this._formErrorPage = str;
        this._formErrorPath = str;
        if (this._formErrorPath.indexOf(63) > 0) {
            this._formErrorPath = this._formErrorPath.substring(0, this._formErrorPath.indexOf(63));
        }
    }

    @Override // org.eclipse.jetty.security.jaspi.modules.BaseAuthModule
    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        UserInfo userInfo;
        String str;
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageInfo.getRequestMessage();
        HttpServletResponse httpServletResponse = (HttpServletResponse) messageInfo.getResponseMessage();
        String requestURI = httpServletRequest.getRequestURI();
        if (requestURI == null) {
            requestURI = "/";
        }
        boolean isMandatory = isMandatory(messageInfo) | isJSecurityCheck(requestURI);
        HttpSession session = httpServletRequest.getSession(isMandatory);
        if (!isMandatory || isLoginOrErrorPage(URIUtil.addPaths(httpServletRequest.getServletPath(), httpServletRequest.getPathInfo()))) {
            return AuthStatus.SUCCESS;
        }
        try {
            if (isJSecurityCheck(requestURI)) {
                String parameter = httpServletRequest.getParameter(__J_USERNAME);
                if (!tryLogin(messageInfo, subject, httpServletResponse, session, parameter, new Password(httpServletRequest.getParameter(__J_PASSWORD)))) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Form authentication FAILED for " + StringUtil.printable(parameter), new Object[0]);
                    }
                    if (this._formErrorPage != null) {
                        httpServletResponse.setContentLength(0);
                        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(URIUtil.addPaths(httpServletRequest.getContextPath(), this._formErrorPage)));
                    } else if (httpServletResponse != null) {
                        httpServletResponse.sendError(403);
                    }
                    return AuthStatus.SEND_FAILURE;
                }
                synchronized (session) {
                    str = (String) session.getAttribute(__J_URI);
                }
                if (str == null || str.length() == 0) {
                    str = httpServletRequest.getContextPath();
                    if (str.length() == 0) {
                        str = "/";
                    }
                }
                httpServletResponse.setContentLength(0);
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(str));
                return AuthStatus.SEND_CONTINUE;
            }
            FormCredential formCredential = (FormCredential) session.getAttribute(__J_AUTHENTICATED);
            if (formCredential != null) {
                if (formCredential._subject == null) {
                    return AuthStatus.SEND_FAILURE;
                }
                Set<Object> privateCredentials = formCredential._subject.getPrivateCredentials();
                if (privateCredentials == null || privateCredentials.isEmpty()) {
                    return AuthStatus.SEND_FAILURE;
                }
                subject.getPrivateCredentials().addAll(privateCredentials);
                return AuthStatus.SUCCESS;
            }
            if ((this.ssoSource == null || (userInfo = (UserInfo) this.ssoSource.fetch(httpServletRequest)) == null || !tryLogin(messageInfo, subject, httpServletResponse, session, userInfo.getUserName(), new Password(new String(userInfo.getPassword())))) && !DeferredAuthentication.isDeferred(httpServletResponse)) {
                StringBuffer requestURL = httpServletRequest.getRequestURL();
                if (httpServletRequest.getQueryString() != null) {
                    requestURL.append("?").append(httpServletRequest.getQueryString());
                }
                synchronized (session) {
                    session.setAttribute(__J_URI, requestURL.toString());
                }
                httpServletResponse.setContentLength(0);
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(URIUtil.addPaths(httpServletRequest.getContextPath(), this._formLoginPage)));
                return AuthStatus.SEND_CONTINUE;
            }
            return AuthStatus.SUCCESS;
        } catch (IOException e) {
            throw new AuthException(e.getMessage());
        } catch (UnsupportedCallbackException e2) {
            throw new AuthException(e2.getMessage());
        }
    }

    public boolean isJSecurityCheck(String str) {
        char charAt;
        int indexOf = str.indexOf(__J_SECURITY_CHECK);
        if (indexOf < 0) {
            return false;
        }
        int length = indexOf + __J_SECURITY_CHECK.length();
        return length == str.length() || (charAt = str.charAt(length)) == ';' || charAt == '#' || charAt == '/' || charAt == '?';
    }

    private boolean tryLogin(MessageInfo messageInfo, Subject subject, HttpServletResponse httpServletResponse, HttpSession httpSession, String str, Password password) throws AuthException, IOException, UnsupportedCallbackException {
        if (!login(subject, str, password, "FORM", messageInfo)) {
            return false;
        }
        char[] charArray = password.toString().toCharArray();
        Set privateCredentials = subject.getPrivateCredentials(LoginCallbackImpl.class);
        if (!privateCredentials.isEmpty()) {
            LoginCallbackImpl loginCallbackImpl = (LoginCallbackImpl) privateCredentials.iterator().next();
            httpSession.setAttribute(__J_AUTHENTICATED, new FormCredential(str, charArray, loginCallbackImpl.getUserPrincipal(), loginCallbackImpl.getSubject()));
        }
        if (this.ssoSource == null) {
            return true;
        }
        this.ssoSource.store(new UserInfo(str, charArray), httpServletResponse);
        return true;
    }

    public boolean isLoginOrErrorPage(String str) {
        return str != null && (str.equals(this._formErrorPath) || str.equals(this._formLoginPath));
    }
}
