package org.wso2.carbon.identity.application.authenticator.iwa.servlet;

import java.io.IOException;
import java.net.URLEncoder;
import java.security.Principal;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authenticator.iwa.IWAAuthenticator;
import org.wso2.carbon.identity.application.authenticator.iwa.IWAConstants;
import org.wso2.carbon.identity.application.authenticator.iwa.IWAServiceDataHolder;
import org.wso2.carbon.ui.CarbonUIUtil;
import waffle.servlet.AutoDisposableWindowsPrincipal;
import waffle.servlet.NegotiateSecurityFilter;
import waffle.servlet.WindowsPrincipal;
import waffle.servlet.spi.SecurityFilterProviderCollection;
import waffle.util.AuthorizationHeader;
import waffle.windows.auth.IWindowsAuthProvider;
import waffle.windows.auth.IWindowsIdentity;
import waffle.windows.auth.IWindowsImpersonationContext;
import waffle.windows.auth.PrincipalFormat;
import waffle.windows.auth.impl.WindowsAuthProviderImpl;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/iwa/servlet/IWAServelet.class */
public class IWAServelet extends HttpServlet {
    public static final String PRINCIPAL_SESSION_KEY = NegotiateSecurityFilter.class.getName() + ".PRINCIPAL";
    private static Log log = LogFactory.getLog(IWAServelet.class);

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doPost(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String replace = CarbonUIUtil.getAdminConsoleURL(httpServletRequest).replace(IWAConstants.IWA_CARBON_ROOT, IWAConstants.COMMON_AUTH_EP);
        String parameter = httpServletRequest.getParameter(IWAConstants.IWA_PARAM_STATE);
        if (parameter == null) {
            throw new IllegalArgumentException("state parameter is null.");
        }
        String str = replace + "?state=" + URLEncoder.encode(parameter, IWAConstants.UTF_8) + "&" + IWAAuthenticator.IWA_PROCESSED + "=1";
        if (doFilterPrincipal(httpServletRequest)) {
            httpServletResponse.sendRedirect(str);
            return;
        }
        if (new AuthorizationHeader(httpServletRequest).isNull()) {
            if (log.isDebugEnabled()) {
                log.debug("authorization required");
            }
            sendUnauthorized(httpServletResponse, false);
            return;
        }
        try {
            IWindowsIdentity doFilter = IWAServiceDataHolder.getInstance().getProviders().doFilter(httpServletRequest, httpServletResponse);
            if (doFilter == null) {
                return;
            }
            IWindowsImpersonationContext iWindowsImpersonationContext = null;
            try {
                if (!IWAServiceDataHolder.getInstance().isAllowGuestLogin() && doFilter.isGuest()) {
                    log.warn("guest login disabled: " + doFilter.getFqn());
                    sendUnauthorized(httpServletResponse, true);
                    if (!IWAServiceDataHolder.getInstance().isImpersonate() || 0 == 0) {
                        doFilter.dispose();
                        return;
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("terminating impersonation");
                    }
                    iWindowsImpersonationContext.revertToSelf();
                    return;
                }
                if (log.isDebugEnabled()) {
                    log.debug("logged in user: " + doFilter.getFqn() + " (" + doFilter.getSidString() + ")");
                }
                HttpSession session = httpServletRequest.getSession(true);
                if (session == null) {
                    throw new ServletException("Expected HttpSession");
                }
                Subject subject = (Subject) session.getAttribute(IWAConstants.SUBJECT_ATTRIBUTE);
                if (subject == null) {
                    subject = new Subject();
                }
                AutoDisposableWindowsPrincipal autoDisposableWindowsPrincipal = IWAServiceDataHolder.getInstance().isImpersonate() ? new AutoDisposableWindowsPrincipal(doFilter, IWAServiceDataHolder.getInstance().getPrincipalFormat(), IWAServiceDataHolder.getInstance().getRoleFormat()) : new WindowsPrincipal(doFilter, IWAServiceDataHolder.getInstance().getPrincipalFormat(), IWAServiceDataHolder.getInstance().getRoleFormat());
                if (log.isDebugEnabled()) {
                    log.debug("roles: " + autoDisposableWindowsPrincipal.getRolesString());
                }
                subject.getPrincipals().add(autoDisposableWindowsPrincipal);
                session.setAttribute(IWAConstants.SUBJECT_ATTRIBUTE, subject);
                log.info("Successfully logged in user: " + doFilter.getFqn());
                httpServletRequest.getSession().setAttribute(PRINCIPAL_SESSION_KEY, autoDisposableWindowsPrincipal);
                if (IWAServiceDataHolder.getInstance().isImpersonate()) {
                    if (log.isDebugEnabled()) {
                        log.debug("impersonating user");
                    }
                    iWindowsImpersonationContext = doFilter.impersonate();
                }
                if (!IWAServiceDataHolder.getInstance().isImpersonate() || iWindowsImpersonationContext == null) {
                    doFilter.dispose();
                } else {
                    if (log.isDebugEnabled()) {
                        log.debug("terminating impersonation");
                    }
                    iWindowsImpersonationContext.revertToSelf();
                }
                httpServletResponse.sendRedirect(str);
            } catch (Throwable th) {
                if (!IWAServiceDataHolder.getInstance().isImpersonate() || 0 == 0) {
                    doFilter.dispose();
                } else {
                    if (log.isDebugEnabled()) {
                        log.debug("terminating impersonation");
                    }
                    iWindowsImpersonationContext.revertToSelf();
                }
                throw th;
            }
        } catch (IOException e) {
            log.warn("error logging in user.", e);
            sendUnauthorized(httpServletResponse, true);
        }
    }

    private boolean doFilterPrincipal(HttpServletRequest httpServletRequest) throws IOException, ServletException {
        HttpSession session;
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        if (userPrincipal == null && (session = httpServletRequest.getSession(false)) != null) {
            userPrincipal = (Principal) session.getAttribute(PRINCIPAL_SESSION_KEY);
        }
        if (userPrincipal == null || IWAServiceDataHolder.getInstance().getProviders().isPrincipalException(httpServletRequest)) {
            return false;
        }
        if (!(userPrincipal instanceof WindowsPrincipal)) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("previously authenticated user: " + userPrincipal.getName());
            return true;
        }
        if (log.isDebugEnabled()) {
            log.debug("previously authenticated Windows user: " + userPrincipal.getName());
        }
        WindowsPrincipal windowsPrincipal = (WindowsPrincipal) userPrincipal;
        if (IWAServiceDataHolder.getInstance().isImpersonate() && windowsPrincipal.getIdentity() == null) {
            return false;
        }
        IWindowsImpersonationContext iWindowsImpersonationContext = null;
        if (IWAServiceDataHolder.getInstance().isImpersonate()) {
            if (log.isDebugEnabled()) {
                log.debug("re-impersonating user");
            }
            iWindowsImpersonationContext = windowsPrincipal.getIdentity().impersonate();
        }
        if (!IWAServiceDataHolder.getInstance().isImpersonate() || iWindowsImpersonationContext == null) {
            return true;
        }
        if (log.isDebugEnabled()) {
            log.debug("terminating impersonation");
        }
        iWindowsImpersonationContext.revertToSelf();
        return true;
    }

    private void sendUnauthorized(HttpServletResponse httpServletResponse, boolean z) {
        try {
            IWAServiceDataHolder.getInstance().getProviders().sendUnauthorized(httpServletResponse);
            if (z) {
                httpServletResponse.setHeader(IWAConstants.HTTP_CONNECTION_HEADER, IWAConstants.CONNECTION_CLOSE);
            } else {
                httpServletResponse.setHeader(IWAConstants.HTTP_CONNECTION_HEADER, IWAConstants.CONNECTION_KEEP_ALIVE);
            }
            httpServletResponse.sendError(401);
            httpServletResponse.flushBuffer();
        } catch (IOException e) {
            log.error("Error when sending unauthorized response." + e);
        }
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        HashMap hashMap = new HashMap();
        String str = null;
        String[] strArr = null;
        if (servletConfig != null) {
            Enumeration initParameterNames = servletConfig.getInitParameterNames();
            while (initParameterNames.hasMoreElements()) {
                String str2 = (String) initParameterNames.nextElement();
                String initParameter = servletConfig.getInitParameter(str2);
                if (str2.equals(IWAConstants.PRINCIPAL_FORMAT)) {
                    IWAServiceDataHolder.getInstance().setPrincipalFormat(PrincipalFormat.valueOf(initParameter));
                } else if (str2.equals(IWAConstants.ROLE_FORMAT)) {
                    IWAServiceDataHolder.getInstance().setRoleFormat(PrincipalFormat.valueOf(initParameter));
                } else if (str2.equals(IWAConstants.ALLOW_GUEST_LOGIN)) {
                    IWAServiceDataHolder.getInstance().setAllowGuestLogin(Boolean.parseBoolean(initParameter));
                } else if (str2.equals(IWAConstants.IMPERSONATE)) {
                    IWAServiceDataHolder.getInstance().setImpersonate(Boolean.parseBoolean(initParameter));
                } else if (str2.equals(IWAConstants.SECURITY_FILTER_PROVIDERS)) {
                    strArr = initParameter.split("\\s+");
                } else if (str2.equals(IWAConstants.AUTH_PROVIDER)) {
                    str = initParameter;
                } else {
                    hashMap.put(str2, initParameter);
                }
            }
        }
        if (str != null) {
            try {
                IWAServiceDataHolder.getInstance().setAuth((IWindowsAuthProvider) Class.forName(str).getConstructor(new Class[0]).newInstance(new Object[0]));
            } catch (Exception e) {
                throw new ServletException("Error loading '" + str, e);
            }
        }
        if (IWAServiceDataHolder.getInstance().getAuth() == null) {
            IWAServiceDataHolder.getInstance().setAuth(new WindowsAuthProviderImpl());
        }
        if (strArr != null) {
            IWAServiceDataHolder.getInstance().setProviders(new SecurityFilterProviderCollection(strArr, IWAServiceDataHolder.getInstance().getAuth()));
        }
        if (IWAServiceDataHolder.getInstance().getProviders() == null) {
            if (log.isDebugEnabled()) {
                log.debug("initializing default security filter providers");
            }
            IWAServiceDataHolder.getInstance().setProviders(new SecurityFilterProviderCollection(IWAServiceDataHolder.getInstance().getAuth()));
        }
        for (Map.Entry entry : hashMap.entrySet()) {
            String[] split = ((String) entry.getKey()).split("/", 2);
            if (split.length != 2) {
                throw new ServletException("Invalid parameter: " + ((String) entry.getKey()));
            }
            try {
                if (log.isDebugEnabled()) {
                    log.debug("Setting " + split[0] + ", " + split[1] + "=" + ((String) entry.getValue()));
                }
                IWAServiceDataHolder.getInstance().getProviders().getByClassName(split[0]).initParameter(split[1], (String) entry.getValue());
            } catch (ClassNotFoundException e2) {
                throw new ServletException("Invalid class: " + split[0] + " in " + ((String) entry.getKey()), e2);
            }
        }
    }
}
