package com.google.gerrit.httpd.auth.ldap;

import com.google.common.base.MoreObjects;
import com.google.common.base.Strings;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.common.PageLinks;
import com.google.gerrit.extensions.registration.DynamicItem;
import com.google.gerrit.httpd.CanonicalWebUrl;
import com.google.gerrit.httpd.HtmlDomUtil;
import com.google.gerrit.httpd.LoginUrlToken;
import com.google.gerrit.httpd.WebSession;
import com.google.gerrit.httpd.template.SiteHeaderFooter;
import com.google.gerrit.server.account.AccountException;
import com.google.gerrit.server.account.AccountManager;
import com.google.gerrit.server.account.AccountUserNameException;
import com.google.gerrit.server.account.AuthRequest;
import com.google.gerrit.server.account.AuthResult;
import com.google.gerrit.server.auth.AuthenticationUnavailableException;
import com.google.gwtexpui.server.CacheHeaders;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.servlet.VelocityServlet;
import org.eclipse.jgit.transport.AmazonS3;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

@Singleton
/* loaded from: input_file:com/google/gerrit/httpd/auth/ldap/LdapLoginServlet.class */
class LdapLoginServlet extends HttpServlet {
    private static final Logger log = LoggerFactory.getLogger(LdapLoginServlet.class);
    private final AccountManager accountManager;
    private final DynamicItem<WebSession> webSession;
    private final CanonicalWebUrl urlProvider;
    private final SiteHeaderFooter headers;

    @Inject
    LdapLoginServlet(AccountManager accountManager, DynamicItem<WebSession> dynamicItem, CanonicalWebUrl canonicalWebUrl, SiteHeaderFooter siteHeaderFooter) {
        this.accountManager = accountManager;
        this.webSession = dynamicItem;
        this.urlProvider = canonicalWebUrl;
        this.headers = siteHeaderFooter;
    }

    private void sendForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @Nullable String str) throws IOException {
        String requestURI = httpServletRequest.getRequestURI();
        String str2 = ((String) MoreObjects.firstNonNull(this.urlProvider.get(httpServletRequest), PageLinks.MINE)) + LoginUrlToken.getToken(httpServletRequest);
        Document parse = this.headers.parse(LdapLoginServlet.class, "LoginForm.html");
        HtmlDomUtil.find(parse, "hostName").setTextContent(httpServletRequest.getServerName());
        HtmlDomUtil.find(parse, "login_form").setAttribute("action", requestURI);
        HtmlDomUtil.find(parse, "cancel_link").setAttribute("href", str2);
        Element find = HtmlDomUtil.find(parse, "error_message");
        if (Strings.isNullOrEmpty(str)) {
            find.getParentNode().removeChild(find);
        } else {
            find.setTextContent(str);
        }
        byte[] utf8 = HtmlDomUtil.toUTF8(parse);
        httpServletResponse.setStatus(401);
        httpServletResponse.setContentType(VelocityServlet.DEFAULT_CONTENT_TYPE);
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentLength(utf8.length);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        try {
            outputStream.write(utf8);
            outputStream.close();
        } catch (Throwable th) {
            outputStream.close();
            throw th;
        }
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        sendForm(httpServletRequest, httpServletResponse, null);
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletRequest.setCharacterEncoding(StandardCharsets.UTF_8.name());
        String trim = Strings.nullToEmpty(httpServletRequest.getParameter("username")).trim();
        String nullToEmpty = Strings.nullToEmpty(httpServletRequest.getParameter(AmazonS3.Keys.PASSWORD));
        String nullToEmpty2 = Strings.nullToEmpty(httpServletRequest.getParameter("rememberme"));
        if (trim.isEmpty() || nullToEmpty.isEmpty()) {
            sendForm(httpServletRequest, httpServletResponse, "Invalid username or password.");
            return;
        }
        AuthRequest forUser = AuthRequest.forUser(trim);
        forUser.setPassword(nullToEmpty);
        try {
            AuthResult authenticate = this.accountManager.authenticate(forUser);
            CacheHeaders.setNotCacheable(httpServletResponse);
            this.webSession.get().login(authenticate, "1".equals(nullToEmpty2));
            httpServletResponse.sendRedirect(this.urlProvider.get(httpServletRequest) + LoginUrlToken.getToken(httpServletRequest));
        } catch (AccountUserNameException e) {
            sendForm(httpServletRequest, httpServletResponse, e.getMessage());
        } catch (AuthenticationUnavailableException e2) {
            sendForm(httpServletRequest, httpServletResponse, "Authentication unavailable at this time.");
        } catch (AccountException e3) {
            log.info(String.format("'%s' failed to sign in: %s", trim, e3.getMessage()));
            sendForm(httpServletRequest, httpServletResponse, "Invalid username or password.");
        } catch (RuntimeException e4) {
            log.error("LDAP authentication failed", (Throwable) e4);
            sendForm(httpServletRequest, httpServletResponse, "Authentication unavailable at this time.");
        }
    }
}
