package org.apache.catalina.authenticator.jaspic.provider.modules;

import java.io.IOException;
import java.security.Principal;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.callback.PasswordValidationCallback;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletInputStream;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Context;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.authenticator.SavedRequest;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.servlets.WebdavStatus;
import org.apache.coyote.ActionCode;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.ExceptionUtils;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.http.MimeHeaders;

/* loaded from: input_file:org/apache/catalina/authenticator/jaspic/provider/modules/FormAuthModule.class */
public class FormAuthModule extends TomcatAuthModule {
    private static final Log log = LogFactory.getLog(FormAuthModule.class);
    private String landingPage;
    private String characterEncoding;
    private Realm realm;
    private LoginConfig loginConfig;

    public FormAuthModule(Context context) {
        super(context);
        this.realm = context.getRealm();
        this.loginConfig = context.getLoginConfig();
    }

    @Override // org.apache.catalina.authenticator.jaspic.provider.modules.TomcatAuthModule
    public void initializeModule(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map<String, String> map) throws AuthException {
        this.characterEncoding = map.get("characterEncoding");
        this.landingPage = map.get("landingPage");
    }

    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        if (!isMandatory(messageInfo)) {
            return AuthStatus.SUCCESS;
        }
        try {
            return validate(messageInfo, subject);
        } catch (Exception e) {
            throw new AuthException(e.getMessage());
        }
    }

    private AuthStatus validate(MessageInfo messageInfo, Subject subject) throws IOException, UnsupportedCallbackException {
        Request request = (Request) messageInfo.getRequestMessage();
        HttpServletResponse httpServletResponse = (HttpServletResponse) messageInfo.getResponseMessage();
        return (this.cache || !isUserAuthenticatedBefore(request)) ? isMatchingSavedRequest(request) ? submitSavedRequest(subject, request, httpServletResponse) : !isLoginActionRequest(request) ? handleRedirectToLoginPage(request, httpServletResponse) : handleLoginFormAction(request, httpServletResponse) : handleSavedCredentials(subject, request, httpServletResponse);
    }

    private AuthStatus handleSavedCredentials(Subject subject, Request request, HttpServletResponse httpServletResponse) throws IOException, UnsupportedCallbackException {
        Session sessionInternal = request.getSessionInternal(true);
        if (log.isDebugEnabled()) {
            log.debug("Checking for reauthenticate in session " + sessionInternal);
        }
        String str = (String) sessionInternal.getNote(Constants.SESS_USERNAME_NOTE);
        String str2 = (String) sessionInternal.getNote(Constants.SESS_PASSWORD_NOTE);
        char[] charArray = str2 != null ? str2.toCharArray() : null;
        if (log.isDebugEnabled()) {
            log.debug("Reauthenticating username '" + str + "'");
        }
        Callback passwordValidationCallback = new PasswordValidationCallback(subject, str, charArray);
        this.handler.handle(new Callback[]{passwordValidationCallback});
        if (!passwordValidationCallback.getResult()) {
            forwardToErrorPage(request, httpServletResponse);
            return AuthStatus.FAILURE;
        }
        GenericPrincipal principal = getPrincipal(passwordValidationCallback);
        sessionInternal.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
        if (isMatchingSavedRequest(request)) {
            return submitSavedRequest(subject, request, httpServletResponse);
        }
        handlePrincipalCallbacks(subject, principal);
        return AuthStatus.SUCCESS;
    }

    private boolean isUserAuthenticatedBefore(Request request) {
        Session sessionInternal = request.getSessionInternal(true);
        return (((String) sessionInternal.getNote(Constants.SESS_USERNAME_NOTE)) == null || ((String) sessionInternal.getNote(Constants.SESS_PASSWORD_NOTE)) == null) ? false : true;
    }

    private AuthStatus submitSavedRequest(Subject subject, Request request, HttpServletResponse httpServletResponse) throws IOException, UnsupportedCallbackException {
        Session sessionInternal = request.getSessionInternal(true);
        if (log.isDebugEnabled()) {
            log.debug("Restore request from session '" + sessionInternal.getIdInternal() + "'");
        }
        handlePrincipalCallbacks(subject, (Principal) sessionInternal.getNote(Constants.FORM_PRINCIPAL_NOTE));
        if (this.cache) {
            sessionInternal.removeNote(Constants.SESS_USERNAME_NOTE);
            sessionInternal.removeNote(Constants.SESS_PASSWORD_NOTE);
        }
        if (restoreRequest(request, sessionInternal)) {
            if (log.isDebugEnabled()) {
                log.debug("Proceed to restored request");
            }
            return AuthStatus.SUCCESS;
        }
        if (log.isDebugEnabled()) {
            log.debug("Restore of original request failed");
        }
        httpServletResponse.sendError(WebdavStatus.SC_BAD_REQUEST);
        return AuthStatus.FAILURE;
    }

    private AuthStatus handleRedirectToLoginPage(Request request, HttpServletResponse httpServletResponse) throws IOException {
        Session sessionInternal = request.getSessionInternal(true);
        if (log.isDebugEnabled()) {
            log.debug("Save request in session '" + sessionInternal.getIdInternal() + "'");
        }
        try {
            saveRequest(request, sessionInternal);
            forwardToLoginPage(request, httpServletResponse);
            return AuthStatus.SEND_CONTINUE;
        } catch (IOException e) {
            log.debug("Request body too big to save during authentication");
            httpServletResponse.sendError(WebdavStatus.SC_FORBIDDEN, sm.getString("authenticator.requestBodyTooBig"));
            return AuthStatus.FAILURE;
        }
    }

    private AuthStatus handleLoginFormAction(Request request, HttpServletResponse httpServletResponse) throws IOException {
        request.getResponse().sendAcknowledgement();
        if (this.characterEncoding != null) {
            request.setCharacterEncoding(this.characterEncoding);
        }
        String parameter = request.getParameter(Constants.FORM_USERNAME);
        String parameter2 = request.getParameter(Constants.FORM_PASSWORD);
        if (log.isDebugEnabled()) {
            log.debug("Authenticating username '" + parameter + "'");
        }
        Object authenticate = this.realm.authenticate(parameter, parameter2);
        if (authenticate == null) {
            forwardToErrorPage(request, httpServletResponse);
            return AuthStatus.FAILURE;
        }
        if (log.isDebugEnabled()) {
            log.debug("Authentication of '" + parameter + "' was successful");
        }
        Session sessionInternal = request.getSessionInternal(false);
        if (sessionInternal == null) {
            handleSessionExpired(request, httpServletResponse);
            return AuthStatus.FAILURE;
        }
        sessionInternal.setNote(Constants.FORM_PRINCIPAL_NOTE, authenticate);
        sessionInternal.setNote(Constants.SESS_USERNAME_NOTE, parameter);
        sessionInternal.setNote(Constants.SESS_PASSWORD_NOTE, parameter2);
        String savedRequestURL = savedRequestURL(sessionInternal);
        if (log.isDebugEnabled()) {
            log.debug("Redirecting to original '" + savedRequestURL + "'");
        }
        if (savedRequestURL != null) {
            Response response = request.getResponse();
            String encodeRedirectURL = httpServletResponse.encodeRedirectURL(savedRequestURL);
            if ("HTTP/1.1".equals(request.getProtocol())) {
                response.sendRedirect(encodeRedirectURL, 303);
            } else {
                response.sendRedirect(encodeRedirectURL, WebdavStatus.SC_MOVED_TEMPORARILY);
            }
        } else if (this.landingPage == null) {
            httpServletResponse.sendError(WebdavStatus.SC_BAD_REQUEST, sm.getString("authenticator.formlogin"));
        } else {
            String str = request.getContextPath() + this.landingPage;
            SavedRequest savedRequest = new SavedRequest();
            savedRequest.setMethod(org.apache.catalina.filters.Constants.METHOD_GET);
            savedRequest.setRequestURI(str);
            savedRequest.setDecodedRequestURI(str);
            sessionInternal.setNote(Constants.FORM_REQUEST_NOTE, savedRequest);
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(str));
        }
        return AuthStatus.FAILURE;
    }

    private void handleSessionExpired(Request request, HttpServletResponse httpServletResponse) throws IOException {
        if (this.landingPage == null) {
            httpServletResponse.sendError(408, sm.getString("authenticator.sessionExpired"));
            return;
        }
        String str = request.getContextPath() + this.landingPage;
        SavedRequest savedRequest = new SavedRequest();
        savedRequest.setMethod(org.apache.catalina.filters.Constants.METHOD_GET);
        savedRequest.setRequestURI(str);
        savedRequest.setDecodedRequestURI(str);
        request.getSessionInternal(true).setNote(Constants.FORM_REQUEST_NOTE, savedRequest);
    }

    protected void forwardToLoginPage(Request request, HttpServletResponse httpServletResponse) throws IOException {
        Session sessionInternal;
        if (log.isDebugEnabled()) {
            log.debug(sm.getString("formAuthenticator.forwardLogin", new Object[]{request.getRequestURI(), request.getMethod(), this.loginConfig.getLoginPage(), this.context.getName()}));
        }
        String loginPage = this.loginConfig.getLoginPage();
        if (loginPage == null || loginPage.length() == 0) {
            String string = sm.getString("formAuthenticator.noLoginPage", new Object[]{this.context.getName()});
            log.warn(string);
            httpServletResponse.sendError(WebdavStatus.SC_INTERNAL_SERVER_ERROR, string);
            return;
        }
        if (this.changeSessionIdOnAuthentication && (sessionInternal = request.getSessionInternal(false)) != null) {
            request.getContext().getManager().changeSessionId(sessionInternal);
            request.changeSessionId(sessionInternal.getId());
        }
        String method = request.getMethod();
        request.getCoyoteRequest().method().setString(org.apache.catalina.filters.Constants.METHOD_GET);
        RequestDispatcher requestDispatcher = this.context.getServletContext().getRequestDispatcher(loginPage);
        try {
            try {
                if (this.context.fireRequestInitEvent(request)) {
                    requestDispatcher.forward(request.getRequest(), httpServletResponse);
                    this.context.fireRequestDestroyEvent(request);
                }
            } catch (Throwable th) {
                ExceptionUtils.handleThrowable(th);
                String string2 = sm.getString("formAuthenticator.forwardLoginFail");
                log.warn(string2, th);
                request.setAttribute("javax.servlet.error.exception", th);
                httpServletResponse.sendError(WebdavStatus.SC_INTERNAL_SERVER_ERROR, string2);
                request.getCoyoteRequest().method().setString(method);
            }
        } finally {
            request.getCoyoteRequest().method().setString(method);
        }
    }

    protected void forwardToErrorPage(Request request, HttpServletResponse httpServletResponse) throws IOException {
        String errorPage = this.loginConfig.getErrorPage();
        if (errorPage == null || errorPage.length() == 0) {
            String string = sm.getString("formAuthenticator.noErrorPage", new Object[]{this.context.getName()});
            log.warn(string);
            httpServletResponse.sendError(WebdavStatus.SC_INTERNAL_SERVER_ERROR, string);
            return;
        }
        RequestDispatcher requestDispatcher = this.context.getServletContext().getRequestDispatcher(this.loginConfig.getErrorPage());
        try {
            if (this.context.fireRequestInitEvent(request)) {
                requestDispatcher.forward(request.getRequest(), httpServletResponse);
                this.context.fireRequestDestroyEvent(request);
            }
        } catch (Throwable th) {
            ExceptionUtils.handleThrowable(th);
            String string2 = sm.getString("formAuthenticator.forwardErrorFail");
            log.warn(string2, th);
            request.setAttribute("javax.servlet.error.exception", th);
            httpServletResponse.sendError(WebdavStatus.SC_INTERNAL_SERVER_ERROR, string2);
        }
    }

    protected boolean isMatchingSavedRequest(Request request) {
        SavedRequest savedRequest;
        String decodedRequestURI;
        Session sessionInternal = request.getSessionInternal(false);
        if (sessionInternal == null || (savedRequest = (SavedRequest) sessionInternal.getNote(Constants.FORM_REQUEST_NOTE)) == null || sessionInternal.getNote(Constants.FORM_PRINCIPAL_NOTE) == null || (decodedRequestURI = request.getDecodedRequestURI()) == null) {
            return false;
        }
        return decodedRequestURI.equals(savedRequest.getDecodedRequestURI());
    }

    protected boolean restoreRequest(Request request, Session session) throws IOException {
        SavedRequest savedRequest = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
        session.removeNote(Constants.FORM_REQUEST_NOTE);
        session.removeNote(Constants.FORM_PRINCIPAL_NOTE);
        if (savedRequest == null) {
            return false;
        }
        do {
        } while (request.createInputStream().read(new byte[4096]) >= 0);
        request.clearCookies();
        Iterator<Cookie> cookies = savedRequest.getCookies();
        while (cookies.hasNext()) {
            request.addCookie(cookies.next());
        }
        String method = savedRequest.getMethod();
        MimeHeaders mimeHeaders = request.getCoyoteRequest().getMimeHeaders();
        mimeHeaders.recycle();
        boolean z = org.apache.catalina.filters.Constants.METHOD_GET.equalsIgnoreCase(method) || "HEAD".equalsIgnoreCase(method);
        Iterator<String> headerNames = savedRequest.getHeaderNames();
        while (headerNames.hasNext()) {
            String next = headerNames.next();
            if (!"If-Modified-Since".equalsIgnoreCase(next) && (!z || !"If-None-Match".equalsIgnoreCase(next))) {
                Iterator<String> headerValues = savedRequest.getHeaderValues(next);
                while (headerValues.hasNext()) {
                    mimeHeaders.addValue(next).setString(headerValues.next());
                }
            }
        }
        request.clearLocales();
        Iterator<Locale> locales = savedRequest.getLocales();
        while (locales.hasNext()) {
            request.addLocale(locales.next());
        }
        request.getCoyoteRequest().getParameters().recycle();
        request.getCoyoteRequest().getParameters().setQueryStringEncoding(request.getConnector().getURIEncoding());
        ByteChunk body = savedRequest.getBody();
        if (body != null) {
            request.getCoyoteRequest().action(ActionCode.REQ_SET_BODY_REPLAY, body);
            MessageBytes newInstance = MessageBytes.newInstance();
            String contentType = savedRequest.getContentType();
            if (contentType == null && "POST".equalsIgnoreCase(method)) {
                contentType = "application/x-www-form-urlencoded";
            }
            newInstance.setString(contentType);
            request.getCoyoteRequest().setContentType(newInstance);
        }
        request.getCoyoteRequest().method().setString(method);
        return true;
    }

    protected void saveRequest(Request request, Session session) throws IOException {
        SavedRequest savedRequest = new SavedRequest();
        Cookie[] cookies = request.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                savedRequest.addCookie(cookie);
            }
        }
        Enumeration<String> headerNames = request.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String nextElement = headerNames.nextElement();
            Enumeration<String> headers = request.getHeaders(nextElement);
            while (headers.hasMoreElements()) {
                savedRequest.addHeader(nextElement, headers.nextElement());
            }
        }
        Enumeration<Locale> locales = request.getLocales();
        while (locales.hasMoreElements()) {
            savedRequest.addLocale(locales.nextElement());
        }
        request.getResponse().sendAcknowledgement();
        ByteChunk byteChunk = new ByteChunk();
        byteChunk.setLimit(request.getConnector().getMaxSavePostSize());
        byte[] bArr = new byte[4096];
        ServletInputStream inputStream = request.getInputStream();
        while (true) {
            int read = inputStream.read(bArr);
            if (read < 0) {
                break;
            } else {
                byteChunk.append(bArr, 0, read);
            }
        }
        if (byteChunk.getLength() > 0) {
            savedRequest.setContentType(request.getContentType());
            savedRequest.setBody(byteChunk);
        }
        savedRequest.setMethod(request.getMethod());
        savedRequest.setQueryString(request.getQueryString());
        savedRequest.setRequestURI(request.getRequestURI());
        savedRequest.setDecodedRequestURI(request.getDecodedRequestURI());
        session.setNote(Constants.FORM_REQUEST_NOTE, savedRequest);
    }

    protected String savedRequestURL(Session session) {
        SavedRequest savedRequest = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
        if (savedRequest == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder(savedRequest.getRequestURI());
        if (savedRequest.getQueryString() != null) {
            sb.append('?');
            sb.append(savedRequest.getQueryString());
        }
        return sb.toString();
    }

    private boolean isLoginActionRequest(Request request) {
        String contextPath = request.getContextPath();
        String decodedRequestURI = request.getDecodedRequestURI();
        return decodedRequestURI.startsWith(contextPath) && decodedRequestURI.endsWith("/j_security_check");
    }
}
