package org.mycore.user2.login;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.transform.TransformerException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.mycore.common.MCRSession;
import org.mycore.common.MCRSessionMgr;
import org.mycore.common.content.MCRJAXBContent;
import org.mycore.frontend.servlets.MCRContainerLoginServlet;
import org.mycore.frontend.servlets.MCRServletJob;
import org.mycore.user2.MCRRealm;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/mycore/user2/login/MCRServlet3LoginServlet.class */
public class MCRServlet3LoginServlet extends MCRContainerLoginServlet {
    private static final long serialVersionUID = 1;
    private static Logger LOGGER = LogManager.getLogger();

    /* loaded from: input_file:org/mycore/user2/login/MCRServlet3LoginServlet$Servlet3ContainerUserInformation.class */
    private static class Servlet3ContainerUserInformation extends MCRContainerLoginServlet.ContainerUserInformation {
        private String realm;

        Servlet3ContainerUserInformation(MCRSession mCRSession, String str) {
            super(mCRSession);
            this.realm = str;
        }

        public String getUserAttribute(String str) {
            return str.equals(MCRRealm.USER_INFORMATION_ATTR) ? this.realm : super.getUserAttribute(str);
        }
    }

    public void init() throws ServletException {
        if (!MCRLoginServlet.LOCAL_LOGIN_SECURE_ONLY) {
            LOGGER.warn("Login over unsecure connection is permitted. Set 'MCR.user2.LoginHttpsOnly=true' to prevent cleartext transmissions of passwords.");
        }
        super.init();
    }

    protected void think(MCRServletJob mCRServletJob) throws Exception {
        HttpServletRequest request = mCRServletJob.getRequest();
        HttpServletResponse response = mCRServletJob.getResponse();
        if (MCRLoginServlet.LOCAL_LOGIN_SECURE_ONLY && !request.isSecure()) {
            response.sendError(403, getErrorI18N("component.user2.login", "httpsOnly", new Object[0]));
            return;
        }
        String property = getProperty(request, "uid");
        String property2 = getProperty(request, "pwd");
        String property3 = getProperty(request, "realm");
        if (property == null || property2 == null) {
            return;
        }
        MCRSession currentSession = MCRSessionMgr.getCurrentSession();
        request.login(property, property2);
        currentSession.setUserInformation(new Servlet3ContainerUserInformation(currentSession, property3));
        request.getSession().setAttribute("mcr.authenticateRequest", Boolean.TRUE);
        LOGGER.info("Logged in: {}", currentSession.getUserInformation().getUserID());
    }

    protected void render(MCRServletJob mCRServletJob, Exception exc) throws Exception {
        HttpServletRequest request = mCRServletJob.getRequest();
        HttpServletResponse response = mCRServletJob.getResponse();
        if (exc != null) {
            if (!(exc instanceof ServletException)) {
                throw exc;
            }
            presentLoginForm(request, response, (ServletException) exc);
        }
        if (response.isCommitted()) {
            return;
        }
        if (getProperty(request, "uid") == null) {
            presentLoginForm(request, response, null);
        }
        if (mCRServletJob.getResponse().isCommitted()) {
            return;
        }
        super.render(mCRServletJob, exc);
    }

    private void presentLoginForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ServletException servletException) throws IOException, TransformerException, SAXException, JAXBException {
        MCRLogin mCRLogin = new MCRLogin(MCRSessionMgr.getCurrentSession().getUserInformation(), MCRLoginServlet.getReturnURL(httpServletRequest), httpServletRequest.getRequestURI());
        MCRLoginServlet.addCurrentUserInfo(mCRLogin);
        String property = getProperty(httpServletRequest, "realm");
        if (property != null) {
            httpServletRequest.setAttribute("XSL.Realm", property);
        }
        MCRLoginServlet.addFormFields(mCRLogin, property);
        if (servletException != null) {
            httpServletResponse.setStatus(400);
            mCRLogin.setLoginFailed(true);
            mCRLogin.setErrorMessage(servletException.getMessage());
        }
        getLayoutService().doLayout(httpServletRequest, httpServletResponse, new MCRJAXBContent(JAXBContext.newInstance(new Class[]{MCRLogin.class}), mCRLogin));
    }
}
