package org.apache.catalina.authenticator;

import java.io.IOException;
import java.security.Principal;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.logging.Level;
import javax.servlet.ServletContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.HttpResponse;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.deploy.SecurityConstraint;
import org.eclipse.persistence.jpa.jpql.parser.Expression;
import org.glassfish.grizzly.http.util.MessageBytes;

/* loaded from: input_file:org/apache/catalina/authenticator/FormAuthenticator.class */
public class FormAuthenticator extends AuthenticatorBase {
    public static final String UNEXPECTED_ERROR_FORWARDING_TO_LOGIN_PAGE = "AS-WEB-CORE-00290";
    protected static final String info = "org.apache.catalina.authenticator.FormAuthenticator/1.0";

    @Override // org.apache.catalina.authenticator.AuthenticatorBase, org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve, org.glassfish.web.valve.GlassFishValve
    public String getInfo() {
        return info;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    public boolean authenticate(HttpRequest httpRequest, HttpResponse httpResponse, LoginConfig loginConfig) throws IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) httpRequest.getRequest();
        HttpServletResponse httpServletResponse = (HttpServletResponse) httpResponse.getResponse();
        Session session = null;
        String contextPath = httpServletRequest.getContextPath();
        String decodedRequestURI = httpRequest.getDecodedRequestURI();
        boolean z = decodedRequestURI.startsWith(contextPath) && decodedRequestURI.endsWith("/j_security_check");
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        if (userPrincipal != null && !z) {
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Already authenticated '" + userPrincipal.getName() + Expression.QUOTE);
            }
            if (((String) httpRequest.getNote(Constants.REQ_SSOID_NOTE)) == null) {
                return true;
            }
            getSession(httpRequest, true);
            return true;
        }
        if (!this.cache && !z) {
            session = getSession(httpRequest, true);
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Checking for reauthenticate in session " + session);
            }
            String str = (String) session.getNote(Constants.SESS_USERNAME_NOTE);
            char[] cArr = (char[]) session.getNote(Constants.SESS_PASSWORD_NOTE);
            if (str != null && cArr != null) {
                if (log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "Reauthenticating username '" + str + Expression.QUOTE);
                }
                Principal authenticate = this.context.getRealm().authenticate(str, cArr);
                if (authenticate != null) {
                    session.setNote(Constants.FORM_PRINCIPAL_NOTE, authenticate);
                    if (!matchRequest(httpRequest)) {
                        register(httpRequest, httpResponse, authenticate, "FORM", str, cArr);
                        return true;
                    }
                }
                if (log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "Reauthentication failed, proceed normally");
                }
            }
        }
        if (matchRequest(httpRequest)) {
            Session session2 = getSession(httpRequest, true);
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Restore request from session '" + session2.getIdInternal() + Expression.QUOTE);
            }
            register(httpRequest, httpResponse, (Principal) session2.getNote(Constants.FORM_PRINCIPAL_NOTE), "FORM", (String) session2.getNote(Constants.SESS_USERNAME_NOTE), (char[]) session2.getNote(Constants.SESS_PASSWORD_NOTE));
            String str2 = (String) httpRequest.getNote(Constants.REQ_SSOID_NOTE);
            if (str2 != null) {
                associate(str2, getSsoVersion(httpRequest), session2);
            }
            if (restoreRequest(httpRequest, session2)) {
                if (!log.isLoggable(Level.FINE)) {
                    return true;
                }
                log.log(Level.FINE, "Proceed to restored request");
                return true;
            }
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Restore of original request failed");
            }
            httpServletResponse.sendError(400);
            return false;
        }
        MessageBytes.newInstance().getCharChunk().setLimit(-1);
        httpResponse.setContext(httpRequest.getContext());
        if (!z) {
            Session session3 = getSession(httpRequest, true);
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "Save request in session '" + session3.getIdInternal() + Expression.QUOTE);
            }
            saveRequest(httpRequest, session3);
            forwardToLoginPage(httpRequest, httpResponse, loginConfig);
            return false;
        }
        Realm realm = this.context.getRealm();
        String parameter = httpServletRequest.getParameter(Constants.FORM_USERNAME);
        String parameter2 = httpServletRequest.getParameter(Constants.FORM_PASSWORD);
        char[] charArray = parameter2 != null ? parameter2.toCharArray() : null;
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "Authenticating username '" + parameter + Expression.QUOTE);
        }
        Principal authenticate2 = realm.authenticate(parameter, charArray);
        if (authenticate2 == null) {
            forwardToErrorPage(httpRequest, httpResponse, loginConfig);
            return false;
        }
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "Authentication of '" + parameter + "' was successful");
        }
        if (session == null) {
            session = getSession(httpRequest, true);
        }
        session.setNote(Constants.FORM_PRINCIPAL_NOTE, authenticate2);
        if (!this.cache) {
            session.setNote(Constants.SESS_USERNAME_NOTE, parameter);
            session.setNote(Constants.SESS_PASSWORD_NOTE, charArray);
        }
        String savedRequestURL = savedRequestURL(session);
        if (savedRequestURL == null) {
            savedRequestURL = httpServletRequest.getContextPath() + "/";
            register(httpRequest, httpResponse, authenticate2, "FORM", (String) session.getNote(Constants.SESS_USERNAME_NOTE), (char[]) session.getNote(Constants.SESS_PASSWORD_NOTE));
            String str3 = (String) httpRequest.getNote(Constants.REQ_SSOID_NOTE);
            if (str3 != null) {
                associate(str3, getSsoVersion(httpRequest), session);
            }
        }
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "Redirecting to original '" + savedRequestURL + Expression.QUOTE);
        }
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(savedRequestURL));
        return false;
    }

    protected boolean matchRequest(HttpRequest httpRequest) {
        SavedRequest savedRequest;
        String requestURI;
        Session session = getSession(httpRequest, false);
        if (session == null || (savedRequest = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE)) == null || session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null || (requestURI = ((HttpServletRequest) httpRequest.getRequest()).getRequestURI()) == null) {
            return false;
        }
        return requestURI.equals(savedRequest.getRequestURI());
    }

    protected boolean restoreRequest(HttpRequest httpRequest, Session session) {
        SavedRequest savedRequest = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
        session.removeNote(Constants.FORM_PRINCIPAL_NOTE);
        if (savedRequest == null) {
            return false;
        }
        httpRequest.clearCookies();
        Iterator<Cookie> cookies = savedRequest.getCookies();
        while (cookies.hasNext()) {
            httpRequest.addCookie(cookies.next());
        }
        httpRequest.clearHeaders();
        Iterator<String> headerNames = savedRequest.getHeaderNames();
        while (headerNames.hasNext()) {
            String next = headerNames.next();
            Iterator<String> headerValues = savedRequest.getHeaderValues(next);
            while (headerValues.hasNext()) {
                httpRequest.addHeader(next, headerValues.next());
            }
        }
        httpRequest.clearLocales();
        Iterator<Locale> locales = savedRequest.getLocales();
        while (locales.hasNext()) {
            httpRequest.addLocale(locales.next());
        }
        httpRequest.clearParameters();
        if ("POST".equalsIgnoreCase(savedRequest.getMethod())) {
            Iterator<String> parameterNames = savedRequest.getParameterNames();
            while (parameterNames.hasNext()) {
                String next2 = parameterNames.next();
                httpRequest.addParameter(next2, savedRequest.getParameterValues(next2));
            }
        }
        httpRequest.setMethod(savedRequest.getMethod());
        httpRequest.setQueryString(savedRequest.getQueryString());
        httpRequest.setRequestURI(savedRequest.getRequestURI());
        return true;
    }

    protected void forwardToLoginPage(HttpRequest httpRequest, HttpResponse httpResponse, LoginConfig loginConfig) {
        Realm realm;
        SecurityConstraint[] findSecurityConstraints;
        if (isChangeSessionIdOnAuthentication()) {
            httpRequest.changeSessionId();
        }
        ServletContext servletContext = this.context.getServletContext();
        try {
            String loginPage = loginConfig.getLoginPage();
            if (httpRequest.getRequest().isSecure() || (realm = this.context.getRealm()) == null || (findSecurityConstraints = realm.findSecurityConstraints(loginPage, "GET", this.context)) == null || realm.hasUserDataPermission(httpRequest, httpResponse, findSecurityConstraints, loginPage, "GET")) {
                servletContext.getRequestDispatcher(loginPage).forward(httpRequest.getRequest(), httpResponse.getResponse());
                httpResponse.finishResponse();
            }
        } catch (Throwable th) {
            log.log(Level.WARNING, UNEXPECTED_ERROR_FORWARDING_TO_LOGIN_PAGE, th);
        }
    }

    protected void forwardToErrorPage(HttpRequest httpRequest, HttpResponse httpResponse, LoginConfig loginConfig) {
        Realm realm;
        SecurityConstraint[] findSecurityConstraints;
        ServletContext servletContext = this.context.getServletContext();
        try {
            String errorPage = loginConfig.getErrorPage();
            if (httpRequest.getRequest().isSecure() || (realm = this.context.getRealm()) == null || (findSecurityConstraints = realm.findSecurityConstraints(errorPage, "GET", this.context)) == null || realm.hasUserDataPermission(httpRequest, httpResponse, findSecurityConstraints, errorPage, "GET")) {
                servletContext.getRequestDispatcher(errorPage).forward(httpRequest.getRequest(), httpResponse.getResponse());
            }
        } catch (Throwable th) {
            log.log(Level.WARNING, UNEXPECTED_ERROR_FORWARDING_TO_LOGIN_PAGE, th);
        }
    }

    protected void saveRequest(HttpRequest httpRequest, Session session) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) httpRequest.getRequest();
        SavedRequest savedRequest = new SavedRequest();
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                savedRequest.addCookie(cookie);
            }
        }
        Enumeration<String> headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String nextElement = headerNames.nextElement();
            Enumeration<String> headers = httpServletRequest.getHeaders(nextElement);
            while (headers.hasMoreElements()) {
                savedRequest.addHeader(nextElement, headers.nextElement());
            }
        }
        Enumeration<Locale> locales = httpServletRequest.getLocales();
        while (locales.hasMoreElements()) {
            savedRequest.addLocale(locales.nextElement());
        }
        for (Map.Entry<String, String[]> entry : httpServletRequest.getParameterMap().entrySet()) {
            savedRequest.addParameter(entry.getKey(), entry.getValue());
        }
        savedRequest.setMethod(httpServletRequest.getMethod());
        savedRequest.setQueryString(httpServletRequest.getQueryString());
        savedRequest.setRequestURI(httpServletRequest.getRequestURI());
        session.setNote(Constants.FORM_REQUEST_NOTE, savedRequest);
    }

    protected String savedRequestURL(Session session) {
        SavedRequest savedRequest = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
        if (savedRequest == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder(savedRequest.getRequestURI());
        if (savedRequest.getQueryString() != null) {
            sb.append('?');
            sb.append(savedRequest.getQueryString());
        }
        return sb.toString();
    }

    private long getSsoVersion(HttpRequest httpRequest) {
        long j = 0;
        Long l = (Long) httpRequest.getNote(Constants.REQ_SSO_VERSION_NOTE);
        if (l != null) {
            j = l.longValue();
        }
        return j;
    }
}
