package org.mycore.user2.login;

import java.io.IOException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.StringTokenizer;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.transform.TransformerException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.jdom2.Document;
import org.jdom2.Element;
import org.mycore.common.MCRSessionMgr;
import org.mycore.common.MCRSystemUserInformation;
import org.mycore.common.MCRUserInformation;
import org.mycore.common.config.MCRConfiguration;
import org.mycore.common.content.MCRJAXBContent;
import org.mycore.common.content.MCRJDOMContent;
import org.mycore.frontend.MCRFrontendUtil;
import org.mycore.frontend.servlets.MCRServlet;
import org.mycore.frontend.servlets.MCRServletJob;
import org.mycore.frontend.support.MCRLogin;
import org.mycore.services.i18n.MCRTranslation;
import org.mycore.user2.MCRRealm;
import org.mycore.user2.MCRRealmFactory;
import org.mycore.user2.MCRUser;
import org.mycore.user2.MCRUserManager;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/mycore/user2/login/MCRLoginServlet.class */
public class MCRLoginServlet extends MCRServlet {
    protected static final String REALM_URL_PARAMETER = "realm";
    private static final long serialVersionUID = 1;
    private static final String LOGIN_REDIRECT_URL_PARAMETER = "url";
    private static final String LOGIN_REDIRECT_URL_KEY = "loginRedirectURL";
    static final String HTTPS_ONLY_PROPERTY = "MCR.user2.LoginHttpsOnly";
    protected static final boolean LOCAL_LOGIN_SECURE_ONLY = MCRConfiguration.instance().getBoolean(HTTPS_ONLY_PROPERTY);
    private static Logger LOGGER = LogManager.getLogger();

    public void init() throws ServletException {
        if (!LOCAL_LOGIN_SECURE_ONLY) {
            LOGGER.warn("Login over unsecure connection is permitted. Set 'MCR.user2.LoginHttpsOnly=true' to prevent cleartext transmissions of passwords.");
        }
        super.init();
    }

    public void doGetPost(MCRServletJob mCRServletJob) throws Exception {
        HttpServletRequest request = mCRServletJob.getRequest();
        HttpServletResponse response = mCRServletJob.getResponse();
        String parameter = request.getParameter("action");
        String parameter2 = request.getParameter(REALM_URL_PARAMETER);
        mCRServletJob.getResponse().setHeader("Cache-Control", "no-cache");
        mCRServletJob.getResponse().setHeader("Pragma", "no-cache");
        mCRServletJob.getResponse().setHeader("Expires", "0");
        if ("login".equals(parameter)) {
            presentLoginForm(mCRServletJob);
            return;
        }
        if ("cancel".equals(parameter)) {
            redirect(response);
        } else if (parameter2 != null) {
            loginToRealm(request, response, request.getParameter(REALM_URL_PARAMETER));
        } else {
            chooseLoginMethod(request, response);
        }
    }

    private void chooseLoginMethod(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        storeURL(getReturnURL(httpServletRequest));
        if (getNumLoginOptions() == 1 && currentUserIsGuest()) {
            redirectToUniqueRealm(httpServletRequest, httpServletResponse);
        } else {
            listRealms(httpServletRequest, httpServletResponse);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getReturnURL(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(LOGIN_REDIRECT_URL_PARAMETER);
        if (parameter == null) {
            String header = httpServletRequest.getHeader("Referer");
            parameter = header != null ? header : httpServletRequest.getContextPath() + "/";
        }
        return parameter;
    }

    private void redirectToUniqueRealm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        loginToRealm(httpServletRequest, httpServletResponse, MCRRealmFactory.listRealms().iterator().next().getID());
    }

    protected void presentLoginForm(MCRServletJob mCRServletJob) throws IOException, TransformerException, SAXException, JAXBException {
        HttpServletRequest request = mCRServletJob.getRequest();
        HttpServletResponse response = mCRServletJob.getResponse();
        if (LOCAL_LOGIN_SECURE_ONLY && !request.isSecure()) {
            response.sendError(403, getErrorI18N("component.user2.login", "httpsOnly", new Object[0]));
            return;
        }
        MCRLogin mCRLogin = new MCRLogin(MCRSessionMgr.getCurrentSession().getUserInformation(), getReturnURL(request), request.getRequestURI());
        String property = getProperty(request, "uid");
        String property2 = getProperty(request, "pwd");
        if (property != null) {
            if (MCRUserManager.login(property, property2) != null) {
                request.changeSessionId();
                LOGGER.info("user {} logged in successfully.", property);
                response.sendRedirect(response.encodeRedirectURL(getReturnURL(request)));
                return;
            }
            response.setStatus(400);
            mCRLogin.setLoginFailed(true);
        }
        addFormFields(mCRLogin, mCRServletJob.getRequest().getParameter(REALM_URL_PARAMETER));
        getLayoutService().doLayout(request, response, new MCRJAXBContent(JAXBContext.newInstance(new Class[]{MCRLogin.class}), mCRLogin));
    }

    private void listRealms(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, TransformerException, SAXException {
        String returnURL = getReturnURL(httpServletRequest);
        Document realmsDocument = MCRRealmFactory.getRealmsDocument();
        Element rootElement = realmsDocument.getRootElement();
        addCurrentUserInfo(rootElement);
        for (Element element : rootElement.getChildren(REALM_URL_PARAMETER)) {
            String attributeValue = element.getAttributeValue("id");
            Element child = element.getChild("login");
            if (child != null) {
                child.setAttribute(LOGIN_REDIRECT_URL_PARAMETER, MCRRealmFactory.getRealm(attributeValue).getLoginURL(returnURL));
            }
        }
        getLayoutService().doLayout(httpServletRequest, httpServletResponse, new MCRJDOMContent(realmsDocument));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void addFormFields(MCRLogin mCRLogin, String str) {
        ArrayList arrayList = new ArrayList();
        if (str != null) {
            arrayList.add(new MCRLogin.InputField(MCRRealmFactory.getRealm(str).getRealmParameter(), str, (String) null, (String) null, false, true));
        }
        arrayList.add(new MCRLogin.InputField("action", "login", (String) null, (String) null, false, true));
        arrayList.add(new MCRLogin.InputField(LOGIN_REDIRECT_URL_PARAMETER, mCRLogin.getReturnURL(), (String) null, (String) null, false, true));
        String translate = MCRTranslation.translate("component.user2.login.form.userName");
        arrayList.add(new MCRLogin.InputField("uid", (String) null, translate, translate, false, false));
        String translate2 = MCRTranslation.translate("component.user2.login.form.password");
        arrayList.add(new MCRLogin.InputField("pwd", (String) null, translate2, translate2, true, false));
        mCRLogin.getForm().getInput().addAll(arrayList);
    }

    static void addCurrentUserInfo(Element element) {
        MCRUserInformation userInformation = MCRSessionMgr.getCurrentSession().getUserInformation();
        element.setAttribute("user", userInformation.getUserID());
        String label = userInformation instanceof MCRUser ? ((MCRUser) userInformation).getRealm().getLabel() : userInformation.getUserAttribute(MCRRealm.USER_INFORMATION_ATTR);
        if (label == null) {
            label = MCRRealmFactory.getLocalRealm().getLabel();
        }
        element.setAttribute(REALM_URL_PARAMETER, label);
        element.setAttribute("guest", String.valueOf(currentUserIsGuest()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addCurrentUserInfo(MCRLogin mCRLogin) {
        MCRUserInformation userInformation = MCRSessionMgr.getCurrentSession().getUserInformation();
        String label = userInformation instanceof MCRUser ? ((MCRUser) userInformation).getRealm().getLabel() : userInformation.getUserAttribute(MCRRealm.USER_INFORMATION_ATTR);
        if (label == null) {
            label = MCRRealmFactory.getLocalRealm().getLabel();
        }
        mCRLogin.setRealm(label);
    }

    private static boolean currentUserIsGuest() {
        return MCRSessionMgr.getCurrentSession().getUserInformation().equals(MCRSystemUserInformation.getGuestInstance());
    }

    private int getNumLoginOptions() {
        int i = 0;
        Iterator<MCRRealm> it = MCRRealmFactory.listRealms().iterator();
        while (it.hasNext()) {
            i++;
            if (it.next().getCreateURL() != null) {
                i++;
            }
        }
        return i;
    }

    private void loginToRealm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws Exception {
        String returnURL = getReturnURL(httpServletRequest);
        storeURL(returnURL);
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(MCRRealmFactory.getRealm(str).getLoginURL(returnURL)));
    }

    private void storeURL(String str) throws Exception {
        if (str == null || str.trim().length() == 0) {
            str = MCRFrontendUtil.getBaseURL();
        } else if (str.startsWith(MCRFrontendUtil.getBaseURL()) && !str.equals(MCRFrontendUtil.getBaseURL())) {
            str = MCRFrontendUtil.getBaseURL() + encodePath(str.substring(MCRFrontendUtil.getBaseURL().length()));
        }
        LOGGER.info("Storing redirect URL to session: {}", str);
        MCRSessionMgr.getCurrentSession().put(LOGIN_REDIRECT_URL_KEY, str);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:5:0x0036. Please report as an issue. */
    private String encodePath(String str) throws Exception {
        String replace = str.replace('\\', '/');
        StringBuilder sb = new StringBuilder();
        StringTokenizer stringTokenizer = new StringTokenizer(replace, " /?&=", true);
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            boolean z = -1;
            switch (nextToken.hashCode()) {
                case 32:
                    if (nextToken.equals(" ")) {
                        z = false;
                        break;
                    }
                    break;
                case 38:
                    if (nextToken.equals("&")) {
                        z = 3;
                        break;
                    }
                    break;
                case 47:
                    if (nextToken.equals("/")) {
                        z = true;
                        break;
                    }
                    break;
                case 61:
                    if (nextToken.equals("=")) {
                        z = 4;
                        break;
                    }
                    break;
                case 63:
                    if (nextToken.equals("?")) {
                        z = 2;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    sb.append("%20");
                    break;
                case true:
                case true:
                case true:
                case true:
                    sb.append(nextToken);
                    break;
                default:
                    sb.append(URLEncoder.encode(nextToken, "UTF-8"));
                    break;
            }
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void redirect(HttpServletResponse httpServletResponse) throws Exception {
        String str = (String) MCRSessionMgr.getCurrentSession().get(LOGIN_REDIRECT_URL_KEY);
        if (str == null) {
            LOGGER.warn("Could not get redirect URL from session.");
            str = MCRFrontendUtil.getBaseURL();
        }
        LOGGER.info("Redirecting to url: {}", str);
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(str));
    }
}
