package com.iplanet.server.http.servlet;

import com.iplanet.server.http.session.IWSHttpSessionManager;
import com.iplanet.server.http.util.LogUtil;
import com.iplanet.server.http.util.ResUtil;
import com.iplanet.server.http.util.XmlConfig;
import com.netscape.management.client.comm.HttpManager;
import java.io.IOException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:115611-18/SUNWasvu/reloc/usr/sadm/mps/admin/v5.2/bin/https/jar/NSServletLayer.jar:com/iplanet/server/http/servlet/FormAuthenticator.class */
public class FormAuthenticator {
    public static final String FORMLOGIN_SERVLET_NAME = "/j_security_check";
    public static final String FORMLOGIN_USERNAME_FIELD = "j_username";
    public static final String FORMLOGIN_PASSWORD_FIELD = "j_password";
    public static final String FORMLOGIN_PRINCIPAL_KEY = "com.iplanet.server.http.servlet.LOGIN";
    public static final String FORMLOGIN_SAVEDREQUEST_KEY = "com.iplanet.server.http.servlet.SAVED_REQ";
    public static final String FORMLOGIN_COOKIE_NAME = "iwsformloginid";
    public static final int FORMLOGIN_SESSION_TIMEOUT = 600;
    String _formLoginPage;
    String _formErrorPage;
    private VirtualServer _vs;
    private WebApplication _webapp;
    private String _contextPath;
    private IWSHttpSessionManager _smFormLogin;
    private String _cookieName;
    private int _sessionTimeout;
    private static ResUtil _res = ResUtil.getDefaultResUtil();

    /* JADX INFO: Access modifiers changed from: package-private */
    public FormAuthenticator(WebApplication webApplication) {
        this._webapp = webApplication;
        this._vs = webApplication.getVS();
        this._contextPath = webApplication.getContextPath();
        this._smFormLogin = this._vs.getFormLoginSessionManager();
        XmlConfig config = this._vs.getConfig();
        this._cookieName = config.getString("/vs/form-login-session/cookie-name", FORMLOGIN_COOKIE_NAME);
        if (config.findConfig("/vs/form-login-session/timeOut") != null) {
            this._sessionTimeout = config.getInt("/vs/form-login-session/timeOut", FORMLOGIN_SESSION_TIMEOUT);
        } else {
            this._sessionTimeout = this._webapp.getSessionTimeout();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int Authenticate(NSHttpServletRequest nSHttpServletRequest, NSHttpServletResponse nSHttpServletResponse, NSServletSession nSServletSession) {
        String _getRequestURI = nSHttpServletRequest._getRequestURI();
        if (_getRequestURI.endsWith(FORMLOGIN_SERVLET_NAME)) {
            return jSecurityCheck(nSHttpServletRequest, nSHttpServletResponse);
        }
        if (_getRequestURI.equals(new StringBuffer(String.valueOf(this._contextPath)).append(this._formLoginPage).toString()) || _getRequestURI.equals(new StringBuffer(String.valueOf(this._contextPath)).append(this._formErrorPage).toString())) {
            return -2;
        }
        NSPrincipal userPrincipal = getUserPrincipal(nSHttpServletRequest, nSHttpServletResponse);
        String method = nSHttpServletRequest.getMethod();
        String str = "anyone";
        if (userPrincipal == null) {
            if (LogUtil.enableTrace) {
                LogUtil.TRACE(5, "Principal not found");
            }
            if (nSServletSession.isAuthRequired(_getRequestURI, method)) {
                if (LogUtil.enableTrace) {
                    LogUtil.TRACE(5, new StringBuffer("Authorization required for ").append(_getRequestURI).append(", redirecting to login page").toString());
                }
                return saveRequestAndLogin(nSHttpServletRequest, nSHttpServletResponse);
            }
            if (LogUtil.enableTrace) {
                LogUtil.TRACE(5, new StringBuffer("Authorization not required for ").append(_getRequestURI).toString());
            }
        } else {
            str = userPrincipal.getName();
            nSServletSession.setRemoteUser(str);
        }
        if (nSServletSession.Authorize(str, _getRequestURI, method)) {
            if (!LogUtil.enableTrace) {
                return -2;
            }
            LogUtil.TRACE(5, new StringBuffer("User authorization succeeded for ").append(_getRequestURI).toString());
            return -2;
        }
        if (LogUtil.enableTrace) {
            LogUtil.TRACE(5, new StringBuffer("User authorization failed for ").append(_getRequestURI).toString());
        }
        try {
            nSHttpServletResponse._sendError(HttpManager.HTTP_FORBIDDEN, null);
            return -1;
        } catch (IOException unused) {
            return -1;
        }
    }

    private HttpSession createCookieSession(NSHttpServletRequest nSHttpServletRequest, NSHttpServletResponse nSHttpServletResponse) {
        String generateSID = this._smFormLogin.generateSID();
        HttpSession createSession = this._smFormLogin.createSession(generateSID, this._webapp);
        if (createSession != null) {
            createSession.setMaxInactiveInterval(this._sessionTimeout);
            Cookie cookie = new Cookie(this._cookieName, generateSID);
            cookie.setPath("/");
            nSHttpServletResponse._addCookie(cookie);
        } else {
            LogUtil.logFailure(_res.getProp("servlet.FormAuthenticator.msg_couldnotCreateLoginSession"));
        }
        return createSession;
    }

    private HttpSession getSession(NSHttpServletRequest nSHttpServletRequest, NSHttpServletResponse nSHttpServletResponse, boolean z) {
        HttpSession session;
        if (this._smFormLogin != null) {
            session = nSHttpServletRequest.getSessionViaCookie(this._cookieName, this._smFormLogin);
            if (session == null && z) {
                session = createCookieSession(nSHttpServletRequest, nSHttpServletResponse);
            }
        } else {
            session = nSHttpServletRequest.getSession(z);
        }
        return session;
    }

    private NSPrincipal getUserPrincipal(NSHttpServletRequest nSHttpServletRequest, NSHttpServletResponse nSHttpServletResponse) {
        HttpSession session = getSession(nSHttpServletRequest, nSHttpServletResponse, false);
        if (session != null) {
            return (NSPrincipal) session.getAttribute(FORMLOGIN_PRINCIPAL_KEY);
        }
        return null;
    }

    private int jSecurityCheck(NSHttpServletRequest nSHttpServletRequest, NSHttpServletResponse nSHttpServletResponse) {
        String str;
        if (LogUtil.enableTrace) {
            LogUtil.TRACE(5, "In j_security_check servlet");
        }
        if (getUserPrincipal(nSHttpServletRequest, nSHttpServletResponse) != null) {
            if (LogUtil.enableTrace) {
                LogUtil.TRACE(5, "User principal already exists in session");
            }
            return redirectToURI(this._contextPath, nSHttpServletRequest, nSHttpServletResponse);
        }
        String parameter = nSHttpServletRequest.getParameter(FORMLOGIN_USERNAME_FIELD);
        String parameter2 = nSHttpServletRequest.getParameter(FORMLOGIN_PASSWORD_FIELD);
        if (parameter == null || parameter.length() == 0) {
            LogUtil.logWarning(_res.getProp("servlet.FormAuthenticator.msg_userFieldEmpty"));
            return sendErrorPage(nSHttpServletRequest, nSHttpServletResponse);
        }
        if (!this._vs.Authenticate(parameter, parameter2, this._webapp.getAuthDB())) {
            LogUtil.logInfo(new StringBuffer(String.valueOf(parameter)).append(_res.getProp("servlet.FormAuthenticator.msg_authenticationFailed")).toString());
            return sendErrorPage(nSHttpServletRequest, nSHttpServletResponse);
        }
        if (LogUtil.enableTrace) {
            LogUtil.TRACE(5, new StringBuffer(String.valueOf(parameter)).append(" successfully authenticated").toString());
        }
        if (!setUserPrincipal(parameter, nSHttpServletRequest, nSHttpServletResponse)) {
            if (!LogUtil.enableTrace) {
                return -1;
            }
            LogUtil.TRACE(5, "Unable to set principal in the session");
            return -1;
        }
        String str2 = this._contextPath;
        HttpSession session = getSession(nSHttpServletRequest, nSHttpServletResponse, false);
        if (session != null && (str = (String) session.getAttribute(FORMLOGIN_SAVEDREQUEST_KEY)) != null) {
            session.removeAttribute(FORMLOGIN_SAVEDREQUEST_KEY);
            str2 = str;
        }
        return redirectToURI(str2, nSHttpServletRequest, nSHttpServletResponse);
    }

    private int redirectToURI(String str, NSHttpServletRequest nSHttpServletRequest, NSHttpServletResponse nSHttpServletResponse) {
        try {
            nSHttpServletResponse.sendRedirect(nSHttpServletResponse.encodeRedirectURL(str));
            return 0;
        } catch (IOException unused) {
            LogUtil.logWarning(_res.getProp("servlet.FormAuthenticator.msg_redirectUriFailed", str));
            return -1;
        }
    }

    private int saveRequestAndLogin(NSHttpServletRequest nSHttpServletRequest, NSHttpServletResponse nSHttpServletResponse) {
        if (nSHttpServletRequest.getMethod().equalsIgnoreCase("GET")) {
            String _getRequestURI = nSHttpServletRequest._getRequestURI();
            String _getQueryString = nSHttpServletRequest._getQueryString();
            if (_getQueryString != null) {
                _getRequestURI = new StringBuffer(String.valueOf(_getRequestURI)).append("?").append(_getQueryString).toString();
            }
            HttpSession session = getSession(nSHttpServletRequest, nSHttpServletResponse, true);
            if (session != null) {
                session.setAttribute(FORMLOGIN_SAVEDREQUEST_KEY, _getRequestURI);
            } else {
                LogUtil.logInfo(_res.getProp("servlet.FormAuthenticator.msg_couldnotSaveRequest"));
            }
        }
        return redirectToURI(new StringBuffer(String.valueOf(this._contextPath)).append(this._formLoginPage).toString(), nSHttpServletRequest, nSHttpServletResponse);
    }

    private int sendErrorPage(NSHttpServletRequest nSHttpServletRequest, NSHttpServletResponse nSHttpServletResponse) {
        return redirectToURI(new StringBuffer(String.valueOf(this._contextPath)).append(this._formErrorPage).toString(), nSHttpServletRequest, nSHttpServletResponse);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setFormErrorPage(String str) {
        if (str.startsWith("/")) {
            this._formErrorPage = str;
        } else {
            this._formErrorPage = new StringBuffer("/").append(str).toString();
        }
        if (LogUtil.enableTrace) {
            LogUtil.TRACE(7, new StringBuffer("Form error page : ").append(this._formErrorPage).toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setFormLoginPage(String str) {
        if (str.startsWith("/")) {
            this._formLoginPage = str;
        } else {
            this._formLoginPage = new StringBuffer("/").append(str).toString();
        }
        if (LogUtil.enableTrace) {
            LogUtil.TRACE(7, new StringBuffer("Form login page : ").append(this._formLoginPage).toString());
        }
    }

    private boolean setUserPrincipal(String str, NSHttpServletRequest nSHttpServletRequest, NSHttpServletResponse nSHttpServletResponse) {
        HttpSession session = getSession(nSHttpServletRequest, nSHttpServletResponse, true);
        if (session == null) {
            LogUtil.logInfo(_res.getProp("servlet.FormAuthenticator.msg_couldnotSetUserPrinicipal"));
            return false;
        }
        session.setAttribute(FORMLOGIN_PRINCIPAL_KEY, new NSPrincipal(str));
        return true;
    }
}
