package net.handle.server.servletcontainer.servlets;

import com.google.gson.JsonObject;
import com.google.gson.JsonParseException;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import net.cnri.util.StringUtils;
import net.handle.hdllib.AbstractMessage;
import net.handle.hdllib.GsonUtility;
import net.handle.server.servletcontainer.TlsRenegotiationRequestor;
import net.handle.server.servletcontainer.auth.AuthenticationInfoWithId;
import net.handle.server.servletcontainer.auth.AuthenticationResponse;
import net.handle.server.servletcontainer.auth.HandleAuthenticationStatus;
import net.handle.server.servletcontainer.auth.HandleAuthorizationHeader;
import net.handle.server.servletcontainer.auth.StandardHandleAuthenticator;
import org.apache.commons.codec.binary.Base64;
import org.eclipse.jetty.server.SessionManager;

/* loaded from: input_file:net/handle/server/servletcontainer/servlets/SessionsServlet.class */
public class SessionsServlet extends BaseHandleRequestProcessingServlet {
    private SessionManager sessionManager;

    public SessionsServlet() {
        this.allowString = "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS";
    }

    @Override // net.handle.server.servletcontainer.servlets.BaseHandleRequestProcessingServlet
    public void init() throws ServletException {
        super.init();
        this.sessionManager = (SessionManager) getServletContext().getAttribute(SessionManager.class.getName());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.handle.server.servletcontainer.servlets.BaseHandleRequestProcessingServlet
    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String method = httpServletRequest.getMethod();
        if ("TRACE".equals(method)) {
            super.service(httpServletRequest, httpServletResponse);
            return;
        }
        if (!httpServletRequest.isSecure() && !"OPTIONS".equals(method)) {
            httpServletResponse.setStatus(AbstractMessage.RC_AUTHENTICATION_FAILED);
            return;
        }
        String path = getPath(httpServletRequest);
        if (path.endsWith("/")) {
            path = path.substring(0, path.length() - 1);
        }
        if (path.isEmpty()) {
            if (!"POST".equals(method)) {
                if (!"OPTIONS".equals(method)) {
                    httpServletResponse.setStatus(AbstractMessage.RC_AUTHEN_TIMEOUT);
                }
                httpServletResponse.setHeader("Allow", "POST, TRACE, OPTIONS");
                return;
            }
        } else if ("OPTIONS".equals(method)) {
            httpServletResponse.setHeader("Allow", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS");
            return;
        } else if (!"this".equals(path)) {
            httpServletResponse.setStatus(AbstractMessage.RC_AUTHENTICATION_FAILED);
            return;
        }
        HttpServletRequest httpServletRequest2 = (HttpServletRequest) httpServletRequest.getAttribute(SessionsServlet.class.getName() + ".wrappedReq");
        if (httpServletRequest2 == null) {
            httpServletRequest2 = httpServletRequest;
            if (BaseHandleRequestProcessingServlet.hasJsonEntity(httpServletRequest)) {
                try {
                    httpServletRequest2 = new JsonParameterServletReq(httpServletRequest);
                } catch (JsonParseException e) {
                    httpServletResponse.setStatus(400);
                    return;
                } catch (IOException e2) {
                    httpServletResponse.setStatus(AbstractMessage.RC_SESSION_TIMEOUT);
                    return;
                }
            }
        }
        HandleAuthorizationHeader fromHeaderAndParameters = HandleAuthorizationHeader.fromHeaderAndParameters(httpServletRequest.getHeader("Authorization"), httpServletRequest2);
        if (isAsyncTlsRenegotiate(fromHeaderAndParameters, httpServletRequest, httpServletRequest2, httpServletResponse)) {
            return;
        }
        httpServletRequest.setAttribute(HandleAuthorizationHeader.class.getName(), fromHeaderAndParameters);
        if (path.isEmpty() || !"POST".equals(method)) {
            super.service(httpServletRequest, httpServletResponse);
        } else {
            doPut(httpServletRequest, httpServletResponse);
        }
    }

    @Override // net.handle.server.servletcontainer.servlets.BaseHandleRequestProcessingServlet
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HandleAuthorizationHeader handleAuthorizationHeader = (HandleAuthorizationHeader) httpServletRequest.getAttribute(HandleAuthorizationHeader.class.getName());
        HttpSession session = httpServletRequest.getSession(false);
        if (handleAuthorizationHeader != null && handleAuthorizationHeader.getSessionId() != null && session == null && this.sessionManager != null) {
            session = this.sessionManager.getHttpSession(handleAuthorizationHeader.getSessionId());
        }
        if (session == null && handleAuthorizationHeader != null && handleAuthorizationHeader.requiresSession()) {
            httpServletResponse.setStatus(AbstractMessage.RC_AUTHENTICATION_FAILED);
            return;
        }
        AuthenticationResponse authenticationResponse = getAuthenticationResponse(handleAuthorizationHeader, httpServletRequest, session);
        if (!authenticationResponse.isAuthenticating() || authenticationResponse.isAuthenticated()) {
            httpServletResponse.setStatus(200);
        } else {
            httpServletResponse.setStatus(401);
        }
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setCharacterEncoding("UTF-8");
        GsonUtility.getGson().toJson(getSessionRepresentation(authenticationResponse), httpServletResponse.getWriter());
    }

    @Override // net.handle.server.servletcontainer.servlets.BaseHandleRequestProcessingServlet
    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HandleAuthorizationHeader handleAuthorizationHeader = (HandleAuthorizationHeader) httpServletRequest.getAttribute(HandleAuthorizationHeader.class.getName());
        if (handleAuthorizationHeader != null && handleAuthorizationHeader.getSessionId() != null) {
            httpServletResponse.setStatus(400);
            return;
        }
        AuthenticationResponse authenticationResponse = getAuthenticationResponse(handleAuthorizationHeader, httpServletRequest, httpServletRequest.getSession());
        httpServletResponse.setStatus(201);
        String str = httpServletRequest.getContextPath() + httpServletRequest.getServletPath();
        if (!str.endsWith("/")) {
            str = str + "/";
        }
        httpServletResponse.setHeader("Location", StringUtils.encodeURLPath(str + "this"));
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setCharacterEncoding("UTF-8");
        GsonUtility.getGson().toJson(getSessionRepresentation(authenticationResponse), httpServletResponse.getWriter());
    }

    private boolean isAsyncTlsRenegotiate(HandleAuthorizationHeader handleAuthorizationHeader, HttpServletRequest httpServletRequest, HttpServletRequest httpServletRequest2, HttpServletResponse httpServletResponse) throws IOException {
        if (handleAuthorizationHeader == null || !httpServletRequest.isSecure()) {
            return false;
        }
        Boolean clientCertAsBooleanObject = handleAuthorizationHeader.getClientCertAsBooleanObject();
        if (clientCertAsBooleanObject == null && !handleAuthorizationHeader.isRequestingForceRenegotiate()) {
            return false;
        }
        TlsRenegotiationRequestor tlsRenegotiationRequestor = (TlsRenegotiationRequestor) httpServletRequest.getAttribute(TlsRenegotiationRequestor.class.getName());
        if (!tlsRenegotiationRequestor.isWantingTlsRenegotiation(clientCertAsBooleanObject, handleAuthorizationHeader.isRequestingForceRenegotiate())) {
            return false;
        }
        if (clientCertAsBooleanObject != null && !clientCertAsBooleanObject.booleanValue() && tlsRenegotiationRequestor.isNeedClientAuth()) {
            httpServletResponse.setStatus(AbstractMessage.RC_AUTHENTICATION_FAILED);
            return true;
        }
        httpServletRequest.setAttribute(SessionsServlet.class.getName() + ".wrappedReq", httpServletRequest2);
        tlsRenegotiationRequestor.requestTlsRenegotiation(null, clientCertAsBooleanObject);
        return true;
    }

    @Override // net.handle.server.servletcontainer.servlets.BaseHandleRequestProcessingServlet
    protected void doPut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HandleAuthorizationHeader handleAuthorizationHeader = (HandleAuthorizationHeader) httpServletRequest.getAttribute(HandleAuthorizationHeader.class.getName());
        HttpSession session = httpServletRequest.getSession(false);
        if (handleAuthorizationHeader != null && handleAuthorizationHeader.getSessionId() != null && session == null && this.sessionManager != null) {
            session = this.sessionManager.getHttpSession(handleAuthorizationHeader.getSessionId());
        }
        if (session == null && handleAuthorizationHeader != null && handleAuthorizationHeader.requiresSession()) {
            httpServletResponse.setStatus(AbstractMessage.RC_AUTHENTICATION_FAILED);
            return;
        }
        AuthenticationResponse authenticationResponse = getAuthenticationResponse(handleAuthorizationHeader, httpServletRequest, session);
        if (!authenticationResponse.isAuthenticating() || authenticationResponse.isAuthenticated()) {
            httpServletResponse.setStatus(200);
        } else {
            httpServletResponse.setStatus(401);
        }
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setCharacterEncoding("UTF-8");
        GsonUtility.getGson().toJson(getSessionRepresentation(authenticationResponse), httpServletResponse.getWriter());
    }

    @Override // net.handle.server.servletcontainer.servlets.BaseHandleRequestProcessingServlet
    protected void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HandleAuthorizationHeader handleAuthorizationHeader = (HandleAuthorizationHeader) httpServletRequest.getAttribute(HandleAuthorizationHeader.class.getName());
        HttpSession session = httpServletRequest.getSession(false);
        if (handleAuthorizationHeader != null && handleAuthorizationHeader.getSessionId() != null && session == null && this.sessionManager != null) {
            session = this.sessionManager.getHttpSession(handleAuthorizationHeader.getSessionId());
        }
        if (session == null) {
            httpServletResponse.setStatus(AbstractMessage.RC_AUTHENTICATION_FAILED);
        } else {
            session.invalidate();
            httpServletResponse.setStatus(204);
        }
    }

    private AuthenticationResponse getAuthenticationResponse(HandleAuthorizationHeader handleAuthorizationHeader, HttpServletRequest httpServletRequest, HttpSession httpSession) {
        AuthenticationResponse authenticationResponse = new AuthenticationResponse();
        httpServletRequest.setAttribute(AuthenticationResponse.class.getName(), authenticationResponse);
        HandleAuthenticationStatus handleAuthenticationStatus = null;
        if (httpSession != null) {
            HandleAuthenticationStatus fromSession = HandleAuthenticationStatus.fromSession(httpSession, true);
            authenticationResponse.setSessionId(fromSession.getSessionId());
            authenticationResponse.setNonce(fromSession.getNonce());
            AuthenticationInfoWithId authInfoWithId = fromSession.getAuthInfoWithId();
            if (authInfoWithId != null) {
                authenticationResponse.setId(authInfoWithId.getId());
                authenticationResponse.setAuthenticated(true);
            }
            handleAuthenticationStatus = HandleAuthenticationStatus.processServerSignature(fromSession, this.handleServer, httpSession, handleAuthorizationHeader, authenticationResponse);
        }
        new StandardHandleAuthenticator(httpServletRequest, httpSession, handleAuthenticationStatus, authenticationResponse).authenticate();
        return authenticationResponse;
    }

    private JsonObject getSessionRepresentation(AuthenticationResponse authenticationResponse) {
        JsonObject jsonObject = new JsonObject();
        String sessionId = authenticationResponse.getSessionId();
        if (sessionId != null) {
            jsonObject.addProperty("sessionId", sessionId);
        }
        byte[] nonce = authenticationResponse.getNonce();
        if (nonce != null) {
            jsonObject.addProperty("nonce", Base64.encodeBase64String(nonce));
        }
        byte[] serverSignature = authenticationResponse.getServerSignature();
        if (serverSignature != null) {
            jsonObject.addProperty("serverAlg", authenticationResponse.getServerAlg());
            jsonObject.addProperty("serverSignature", Base64.encodeBase64String(serverSignature));
        }
        if (authenticationResponse.isAuthenticated()) {
            jsonObject.addProperty("authenticated", Boolean.TRUE);
            jsonObject.addProperty("id", authenticationResponse.getId());
        }
        if (!authenticationResponse.getErrors().isEmpty()) {
            StringBuilder sb = new StringBuilder();
            for (String str : authenticationResponse.getErrors()) {
                if (sb.length() > 0) {
                    sb.append("; ");
                }
                sb.append(str);
            }
            jsonObject.addProperty("error", sb.toString());
        }
        if (jsonObject.entrySet().isEmpty()) {
            jsonObject.addProperty("authenticated", Boolean.FALSE);
        }
        return jsonObject;
    }
}
