package org.apache.drill.exec.server.rest;

import com.google.common.annotations.VisibleForTesting;
import java.net.URLDecoder;
import java.util.Set;
import javax.annotation.security.PermitAll;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import org.apache.commons.lang3.StringUtils;
import org.apache.drill.common.config.DrillConfig;
import org.apache.drill.exec.ExecConstants;
import org.apache.drill.exec.server.rest.auth.AuthDynamicFeature;
import org.apache.drill.exec.server.rest.auth.DrillHttpSecurityHandlerProvider;
import org.apache.drill.exec.work.WorkManager;
import org.glassfish.jersey.server.mvc.Viewable;

@Path(WebServerConstants.WEBSERVER_ROOT_PATH)
@PermitAll
/* loaded from: input_file:org/apache/drill/exec/server/rest/LogInLogOutResources.class */
public class LogInLogOutResources {

    @Inject
    WorkManager workManager;

    @VisibleForTesting
    /* loaded from: input_file:org/apache/drill/exec/server/rest/LogInLogOutResources$MainLoginPageModel.class */
    public class MainLoginPageModel {
        private final String error;
        private final boolean authEnabled;
        private final Set<String> configuredMechs;

        MainLoginPageModel(String str) {
            this.error = str;
            DrillConfig config = LogInLogOutResources.this.workManager.getContext().getConfig();
            this.authEnabled = config.getBoolean(ExecConstants.USER_AUTHENTICATION_ENABLED);
            this.configuredMechs = DrillHttpSecurityHandlerProvider.getHttpAuthMechanisms(config);
        }

        public boolean isSpnegoEnabled() {
            return this.authEnabled && this.configuredMechs.contains("SPNEGO");
        }

        public boolean isFormEnabled() {
            return this.authEnabled && this.configuredMechs.contains("FORM");
        }

        public String getError() {
            return this.error;
        }
    }

    private void updateSessionRedirectInfo(String str, HttpServletRequest httpServletRequest) throws Exception {
        if (StringUtils.isEmpty(str)) {
            return;
        }
        httpServletRequest.getSession(true).setAttribute("org.eclipse.jetty.security.form_URI", UriBuilder.fromUri(URLDecoder.decode(str, "UTF-8")).build(new Object[0]).toString());
    }

    @GET
    @Produces({"text/html"})
    @Path(WebServerConstants.FORM_LOGIN_RESOURCE_PATH)
    public Viewable getLoginPage(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @Context SecurityContext securityContext, @Context UriInfo uriInfo, @QueryParam("redirect") String str) throws Exception {
        if (AuthDynamicFeature.isUserLoggedIn(securityContext)) {
            httpServletRequest.getRequestDispatcher(WebServerConstants.WEBSERVER_ROOT_PATH).forward(httpServletRequest, httpServletResponse);
            return null;
        }
        updateSessionRedirectInfo(str, httpServletRequest);
        return ViewableWithPermissions.createLoginPage(null);
    }

    @GET
    @Produces({"text/html"})
    @Path(WebServerConstants.SPENGO_LOGIN_RESOURCE_PATH)
    public Viewable getSpnegoLogin(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @Context SecurityContext securityContext, @Context UriInfo uriInfo, @QueryParam("redirect") String str) throws Exception {
        if (!AuthDynamicFeature.isUserLoggedIn(securityContext)) {
            return ViewableWithPermissions.createMainLoginPage(new MainLoginPageModel("Invalid SPNEGO credentials or SPNEGO is not configured"));
        }
        httpServletRequest.getRequestDispatcher(WebServerConstants.WEBSERVER_ROOT_PATH).forward(httpServletRequest, httpServletResponse);
        return null;
    }

    @POST
    @Produces({"text/html"})
    @Path(WebServerConstants.FORM_LOGIN_RESOURCE_PATH)
    public Viewable getLoginPageAfterValidationError() {
        return ViewableWithPermissions.createLoginPage("Invalid username/password credentials.");
    }

    @GET
    @Path(WebServerConstants.LOGOUT_RESOURCE_PATH)
    public void logout(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) throws Exception {
        HttpSession session = httpServletRequest.getSession();
        if (session != null) {
            session.invalidate();
        }
        httpServletRequest.getRequestDispatcher(WebServerConstants.WEBSERVER_ROOT_PATH).forward(httpServletRequest, httpServletResponse);
    }

    @GET
    @Produces({"text/html"})
    @Path(WebServerConstants.MAIN_LOGIN_RESOURCE_PATH)
    public Viewable getMainLoginPage(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @Context SecurityContext securityContext, @Context UriInfo uriInfo, @QueryParam("redirect") String str) throws Exception {
        updateSessionRedirectInfo(str, httpServletRequest);
        return ViewableWithPermissions.createMainLoginPage(new MainLoginPageModel(null));
    }
}
