package com.ibm.ws.webcontainer.security.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.security.authentication.AuthenticationService;
import com.ibm.ws.security.context.SubjectManager;
import com.ibm.ws.security.registry.UserRegistry;
import com.ibm.ws.webcontainer.security.SSOCookieHelper;
import com.ibm.ws.webcontainer.security.SSOCookieHelperImpl;
import com.ibm.ws.webcontainer.security.TraceConstants;
import com.ibm.ws.webcontainer.security.WebAppSecurityConfig;
import com.ibm.ws.webcontainer.security.metadata.FormLoginConfiguration;
import com.ibm.ws.webcontainer.security.metadata.LoginConfiguration;
import com.ibm.ws.webcontainer.security.metadata.SecurityMetadata;
import com.ibm.wsspi.webcontainer.metadata.WebModuleMetaData;
import com.ibm.wsspi.webcontainer.osgi.extension.WebExtensionProcessor;
import com.ibm.wsspi.webcontainer.servlet.IServletContext;
import com.ibm.wsspi.webcontainer.webapp.WebAppConfig;
import java.io.IOException;
import javax.security.auth.Subject;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.myfaces.shared_impl.util.CommentUtils;

@TraceOptions(traceGroups = {TraceConstants.TRACE_GROUP}, traceGroup = "", messageBundle = TraceConstants.MESSAGE_BUNDLE, traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.webcontainer.security_1.0.4.jar:com/ibm/ws/webcontainer/security/internal/FormLoginExtensionProcessor.class */
public class FormLoginExtensionProcessor extends WebExtensionProcessor {
    private static final TraceComponent tc = Tr.register(FormLoginExtensionProcessor.class);
    private final SubjectManager subjectManager;
    private final AuthenticationService authenticationService;
    private final UserRegistry userRegistry;
    private final SecurityMetadata securityMetadata;
    private final WebAppSecurityConfig webAppSecConfig;
    private final SSOCookieHelper ssoCookieHelper;
    private String loginErrorPage;
    private String appName;
    static final long serialVersionUID = 6832446988064813169L;

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public FormLoginExtensionProcessor(IServletContext iServletContext, WebAppSecurityConfig webAppSecurityConfig, AuthenticationService authenticationService, UserRegistry userRegistry) {
        super(iServletContext);
        this.loginErrorPage = null;
        this.appName = null;
        this.subjectManager = new SubjectManager();
        this.authenticationService = authenticationService;
        this.userRegistry = userRegistry;
        this.webAppSecConfig = webAppSecurityConfig;
        this.ssoCookieHelper = new SSOCookieHelperImpl(webAppSecurityConfig);
        WebAppConfig webAppConfig = iServletContext.getWebAppConfig();
        WebModuleMetaData metaData = webAppConfig.getMetaData();
        this.appName = webAppConfig.getApplicationName();
        this.securityMetadata = (SecurityMetadata) metaData.getSecurityMetaData();
        LoginConfiguration loginConfiguration = this.securityMetadata.getLoginConfiguration();
        FormLoginConfiguration formLoginConfiguration = loginConfiguration != null ? loginConfiguration.getFormLoginConfiguration() : null;
        if (formLoginConfiguration != null) {
            this.loginErrorPage = formLoginConfiguration.getErrorPage();
        }
        if (this.loginErrorPage == null || this.loginErrorPage.startsWith("/")) {
            return;
        }
        this.loginErrorPage = "/" + this.loginErrorPage;
    }

    @Override // com.ibm.wsspi.webcontainer.RequestProcessor
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void handleRequest(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if ((servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse)) {
            formLogin((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, new ReferrerURLCookieHandler(this.webAppSecConfig));
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void formLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ReferrerURLCookieHandler referrerURLCookieHandler) throws ServletException, IOException {
        if (this.webAppSecConfig.getLogoutOnHttpSessionExpire() && httpServletRequest.getRequestedSessionId() != null && !httpServletRequest.isRequestedSessionIdValid()) {
            httpServletRequest.getSession(true);
        }
        String upAFullUrl = setUpAFullUrl(httpServletRequest, this.loginErrorPage);
        if (!this.webAppSecConfig.isSingleSignonEnabled()) {
            Tr.error(tc, "SEC_FORM_LOGIN_BAD_CONFIG", this.appName);
            httpServletResponse.setStatus(401);
            httpServletResponse.sendRedirect(httpServletResponse.encodeURL(upAFullUrl));
            return;
        }
        String parameter = httpServletRequest.getParameter("j_username");
        String parameter2 = httpServletRequest.getParameter("j_password");
        if (parameter == null || parameter2 == null || parameter2.length() == 0) {
            httpServletResponse.setStatus(401);
            httpServletResponse.sendRedirect(httpServletResponse.encodeURL(upAFullUrl));
            return;
        }
        AuthenticationResult basicAuthenticate = new BasicAuthAuthenticator(this.authenticationService, this.userRegistry, this.ssoCookieHelper, this.webAppSecConfig).basicAuthenticate(null, parameter, parameter2, httpServletRequest, httpServletResponse);
        if (basicAuthenticate.getStatus() != AuthResult.SUCCESS) {
            httpServletResponse.setStatus(401);
            httpServletResponse.sendRedirect(httpServletResponse.encodeURL(upAFullUrl));
            return;
        }
        Subject subject = basicAuthenticate.getSubject();
        this.subjectManager.setCallerSubject(subject);
        this.subjectManager.setInvocationSubject(subject);
        this.ssoCookieHelper.addSSOCookiesToResponse(subject, httpServletRequest, httpServletResponse);
        referrerURLCookieHandler.clearReferrerURLCookie(httpServletRequest, httpServletResponse);
        httpServletResponse.sendRedirect(httpServletResponse.encodeURL(getStoredReq(httpServletRequest, referrerURLCookieHandler)));
    }

    @Sensitive
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private String getStoredReq(HttpServletRequest httpServletRequest, ReferrerURLCookieHandler referrerURLCookieHandler) {
        String referrerURLFromCookies = referrerURLCookieHandler.getReferrerURLFromCookies(httpServletRequest);
        if (referrerURLFromCookies == null) {
            referrerURLFromCookies = "";
        } else if (referrerURLFromCookies.equals("/")) {
            referrerURLFromCookies = "";
        } else if (referrerURLFromCookies.startsWith("/")) {
            referrerURLFromCookies = referrerURLFromCookies.substring(1);
        }
        return referrerURLFromCookies;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private String setUpAFullUrl(HttpServletRequest httpServletRequest, String str) {
        String str2 = null;
        if (str != null) {
            StringBuffer requestURL = httpServletRequest.getRequestURL();
            String stringBuffer = requestURL.toString();
            String contextPath = httpServletRequest.getContextPath();
            if (contextPath.equals("/")) {
                contextPath = "";
            }
            requestURL.replace(stringBuffer.indexOf("/", stringBuffer.indexOf(CommentUtils.INLINE_SCRIPT_COMMENT) + 2), stringBuffer.length(), contextPath + str);
            str2 = requestURL.toString();
        }
        return str2;
    }
}
