package io.hawt.web.auth;

import io.hawt.system.Authenticator;
import io.hawt.system.ConfigManager;
import java.io.IOException;
import java.util.GregorianCalendar;
import javax.security.auth.Subject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:hawtio.war:WEB-INF/lib/hawtio-system-2.0-beta-1.jar:io/hawt/web/auth/LoginServlet.class */
public class LoginServlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    private static final transient Logger LOG = LoggerFactory.getLogger((Class<?>) LoginServlet.class);
    private static final int DEFAULT_SESSION_TIMEOUT = 1800;
    private Integer timeout = Integer.valueOf(DEFAULT_SESSION_TIMEOUT);
    private AuthenticationConfiguration authenticationConfiguration;
    private BrandingService brandingService;

    @Override // javax.servlet.GenericServlet
    public void init() throws ServletException {
        String str;
        ConfigManager configManager = (ConfigManager) getServletContext().getAttribute("ConfigManager");
        if (configManager != null && (str = configManager.get("sessionTimeout", "1800")) != null) {
            try {
                this.timeout = Integer.valueOf(Integer.parseInt(str));
                if (this.timeout.intValue() == 0) {
                    this.timeout = Integer.valueOf(DEFAULT_SESSION_TIMEOUT);
                }
            } catch (Exception e) {
                this.timeout = Integer.valueOf(DEFAULT_SESSION_TIMEOUT);
            }
        }
        this.authenticationConfiguration = ConfigurationManager.getConfiguration(getServletContext());
        this.brandingService = new BrandingService(getServletContext());
        LOG.info("hawtio login is using " + (this.timeout != null ? this.timeout + " sec." : "default") + " HttpSession timeout");
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        forwardToLoginPage(httpServletRequest, httpServletResponse, "", false);
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("username");
        Subject doAuthenticate = Authenticator.doAuthenticate(this.authenticationConfiguration.getRealm(), this.authenticationConfiguration.getRole(), this.authenticationConfiguration.getRolePrincipalClasses(), this.authenticationConfiguration.getConfiguration(), parameter, httpServletRequest.getParameter("password"));
        if (doAuthenticate == null) {
            forwardToLoginPage(httpServletRequest, httpServletResponse, parameter, true);
            return;
        }
        HttpSession session = httpServletRequest.getSession(true);
        session.setAttribute("subject", doAuthenticate);
        session.setAttribute("user", parameter);
        session.setAttribute("org.osgi.service.http.authentication.remote.user", parameter);
        session.setAttribute("org.osgi.service.http.authentication.type", "BASIC");
        session.setAttribute("loginTime", Long.valueOf(GregorianCalendar.getInstance().getTimeInMillis()));
        if (this.timeout != null) {
            session.setMaxInactiveInterval(this.timeout.intValue());
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Http session timeout for user {} is {} sec.", parameter, Integer.valueOf(session.getMaxInactiveInterval()));
        }
        httpServletResponse.sendRedirect(httpServletRequest.getContextPath());
    }

    private void forwardToLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z) throws ServletException, IOException {
        httpServletRequest.setAttribute("appName", this.brandingService.getProperty("appName"));
        httpServletRequest.setAttribute("appType", this.brandingService.getProperty("appType"));
        httpServletRequest.setAttribute("appLogoUrl", this.brandingService.getProperty("appLogoUrl"));
        httpServletRequest.setAttribute("companyLogoUrl", this.brandingService.getProperty("companyLogoUrl"));
        httpServletRequest.setAttribute("username", str);
        httpServletRequest.setAttribute("wrong_password", Boolean.valueOf(z));
        httpServletRequest.getRequestDispatcher("/login.jsp").forward(httpServletRequest, httpServletResponse);
    }
}
