package org.wso2.carbon.identity.authenticator.iwa.ui;

import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.axis2.AxisFault;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
import org.wso2.carbon.core.common.AuthenticationException;
import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
import org.wso2.carbon.identity.authenticator.iwa.stub.client.IWAAuthenticatorStub;
import org.wso2.carbon.identity.base.IdentityBaseUtil;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.ui.CarbonUIUtil;
import org.wso2.carbon.ui.DefaultCarbonAuthenticator;

/* loaded from: input_file:org/wso2/carbon/identity/authenticator/iwa/ui/IWAUIAuthenticator.class */
public class IWAUIAuthenticator extends DefaultCarbonAuthenticator {
    public static final String NEGOTIATE = "Negotiate";
    public static final String NTLM = "NTLM";
    protected static final Log log = LogFactory.getLog(IWAUIAuthenticator.class);
    private static final int DEFAULT_PRIORITY_LEVEL = 10;
    private static final String AUTHENTICATOR_NAME = "IWAUIAuthenticator";

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        if ((!NEGOTIATE.equalsIgnoreCase(httpServletRequest.getAuthType()) && !NTLM.equalsIgnoreCase(httpServletRequest.getAuthType())) || httpServletRequest.getRemoteUser() == null) {
            return false;
        }
        if (!log.isDebugEnabled()) {
            return true;
        }
        log.debug("IWA request received for url: " + ((Object) httpServletRequest.getRequestURL()) + " Auth type:" + httpServletRequest.getAuthType());
        return true;
    }

    public int getPriority() {
        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = AuthenticatorsConfiguration.getInstance().getAuthenticatorConfig(AUTHENTICATOR_NAME);
        return (authenticatorConfig == null || authenticatorConfig.getPriority() <= 0) ? DEFAULT_PRIORITY_LEVEL : authenticatorConfig.getPriority();
    }

    public String getAuthenticatorName() {
        return AUTHENTICATOR_NAME;
    }

    public void authenticate(HttpServletRequest httpServletRequest) throws AuthenticationException {
        String remoteUser = httpServletRequest.getRemoteUser();
        String substring = remoteUser.substring(remoteUser.indexOf("\\") + 1);
        if (log.isDebugEnabled()) {
            log.debug("Authenticate request received : Authtype - " + httpServletRequest.getAuthType() + ", User - " + substring);
        }
        ServletContext servletContext = httpServletRequest.getSession().getServletContext();
        HttpSession session = httpServletRequest.getSession();
        String parameter = httpServletRequest.getParameter("backendURL");
        if (parameter == null) {
            parameter = CarbonUIUtil.getServerURL(servletContext, httpServletRequest.getSession());
        }
        session.setAttribute("ServerURL", parameter);
        handleSecurity(substring, httpServletRequest.getParameter("rememberMe") != null, httpServletRequest);
        httpServletRequest.setAttribute("username", substring);
    }

    public String doAuthentication(Object obj, boolean z, ServiceClient serviceClient, HttpServletRequest httpServletRequest) throws AuthenticationException {
        try {
            String str = (String) obj;
            if (str == null) {
                throw new AuthenticationException("Invalid Credentials.");
            }
            ServletContext servletContext = httpServletRequest.getSession().getServletContext();
            if (((ConfigurationContext) servletContext.getAttribute("ConfigurationContext")) == null) {
                log.error("Configuration context is null.");
            }
            HttpSession session = httpServletRequest.getSession();
            String parameter = httpServletRequest.getParameter("backendURL");
            if (parameter == null) {
                parameter = CarbonUIUtil.getServerURL(servletContext, httpServletRequest.getSession());
            }
            session.setAttribute("ServerURL", parameter);
            if (getIWAClient(httpServletRequest).login(str, httpServletRequest.getRemoteAddr())) {
                setAdminCookie(session, serviceClient, null);
            }
            return str;
        } catch (Exception e) {
            throw new AuthenticationException("System error occured while trying to authenticate the user", e);
        }
    }

    public boolean isDisabled() {
        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = AuthenticatorsConfiguration.getInstance().getAuthenticatorConfig(AUTHENTICATOR_NAME);
        if (authenticatorConfig != null) {
            return authenticatorConfig.isDisabled();
        }
        return true;
    }

    protected boolean isAdminCookieSet() {
        return true;
    }

    public boolean skipLoginPage() {
        return true;
    }

    private IWAAuthenticatorStub getIWAClient(HttpServletRequest httpServletRequest) throws AxisFault, IdentityException {
        ServletContext servletContext = httpServletRequest.getSession().getServletContext();
        String parameter = httpServletRequest.getParameter("backendURL");
        if (parameter == null) {
            parameter = CarbonUIUtil.getServerURL(servletContext, httpServletRequest.getSession());
        }
        IWAAuthenticatorStub iWAAuthenticatorStub = new IWAAuthenticatorStub((ConfigurationContext) servletContext.getAttribute("ConfigurationContext"), parameter + "IWAAuthenticator");
        ServiceClient _getServiceClient = iWAAuthenticatorStub._getServiceClient();
        _getServiceClient.engageModule("rampart");
        Policy merge = IdentityBaseUtil.getSignOnlyPolicy().merge(IdentityBaseUtil.getDefaultRampartConfig());
        Options options = _getServiceClient.getOptions();
        options.setProperty("rampartPolicy", merge);
        options.setManageSession(true);
        return iWAAuthenticatorStub;
    }
}
