package org.mortbay.jetty.servlet;

import java.io.IOException;
import java.io.Serializable;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionBindingEvent;
import javax.servlet.http.HttpSessionBindingListener;
import org.mortbay.http.HttpRequest;
import org.mortbay.http.HttpResponse;
import org.mortbay.http.SSORealm;
import org.mortbay.http.SecurityConstraint;
import org.mortbay.http.UserPrincipal;
import org.mortbay.http.UserRealm;
import org.mortbay.util.Code;
import org.mortbay.util.Credential;
import org.mortbay.util.Password;
import org.mortbay.util.URI;

/* loaded from: input_file:org/mortbay/jetty/servlet/FormAuthenticator.class */
public class FormAuthenticator implements SecurityConstraint.Authenticator {
    public static final String __J_URI = "org.mortbay.jetty.URI";
    public static final String __J_AUTHENTICATED = "org.mortbay.jetty.Auth";
    public static final String __J_SECURITY_CHECK = "j_security_check";
    public static final String __J_USERNAME = "j_username";
    public static final String __J_PASSWORD = "j_password";
    public static final String __SSO_SIGNOFF = "SSO_SIGNOFF";
    private String _formErrorPage;
    private String _formErrorPath;
    private String _formLoginPage;
    private String _formLoginPath;
    private transient SSORealm _ssoRealm;

    /* renamed from: org.mortbay.jetty.servlet.FormAuthenticator$1, reason: invalid class name */
    /* loaded from: input_file:org/mortbay/jetty/servlet/FormAuthenticator$1.class */
    class AnonymousClass1 {
    }

    /* loaded from: input_file:org/mortbay/jetty/servlet/FormAuthenticator$FormCredential.class */
    private static class FormCredential implements Serializable {
        private String _jUserName;
        private String _jPassword;
        private transient UserPrincipal _userPrincipal;

        private FormCredential() {
        }

        public int hashCode() {
            return this._jUserName.hashCode() + this._jPassword.hashCode();
        }

        public boolean equals(Object obj) {
            if (!(obj instanceof FormCredential)) {
                return false;
            }
            FormCredential formCredential = (FormCredential) obj;
            return this._jUserName.equals(formCredential._jUserName) && this._jPassword.equals(formCredential._jPassword);
        }

        public String toString() {
            return new StringBuffer().append("Cred[").append(this._jUserName).append("]").toString();
        }

        FormCredential(AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    /* loaded from: input_file:org/mortbay/jetty/servlet/FormAuthenticator$SSOSignoff.class */
    private class SSOSignoff implements Serializable, HttpSessionBindingListener {
        private String _username;
        private final FormAuthenticator this$0;

        SSOSignoff(FormAuthenticator formAuthenticator, UserPrincipal userPrincipal) {
            this.this$0 = formAuthenticator;
            this._username = userPrincipal.getName();
        }

        public void valueBound(HttpSessionBindingEvent httpSessionBindingEvent) {
        }

        public void valueUnbound(HttpSessionBindingEvent httpSessionBindingEvent) {
            Code.debug("SSO signoff", this._username);
            if (this.this$0._ssoRealm != null) {
                this.this$0._ssoRealm.clearSingleSignOn(this._username);
            }
        }

        public String toString() {
            return this._username;
        }
    }

    @Override // org.mortbay.http.SecurityConstraint.Authenticator
    public String getAuthMethod() {
        return SecurityConstraint.__FORM_AUTH;
    }

    public void setLoginPage(String str) {
        if (!str.startsWith("/")) {
            Code.warning("form-login-page must start with /");
            str = new StringBuffer().append("/").append(str).toString();
        }
        this._formLoginPage = str;
        this._formLoginPath = str;
        if (this._formLoginPath.indexOf(63) > 0) {
            this._formLoginPath = this._formLoginPath.substring(0, this._formLoginPath.indexOf(63));
        }
    }

    public String getLoginPage() {
        return this._formLoginPage;
    }

    public void setErrorPage(String str) {
        if (str == null || str.trim().length() == 0) {
            this._formErrorPath = null;
            this._formErrorPage = null;
            return;
        }
        if (!str.startsWith("/")) {
            Code.warning("form-error-page must start with /");
            str = new StringBuffer().append("/").append(str).toString();
        }
        this._formErrorPage = str;
        this._formErrorPath = str;
        if (this._formErrorPath == null || this._formErrorPath.indexOf(63) <= 0) {
            return;
        }
        this._formErrorPath = this._formErrorPath.substring(0, this._formErrorPath.indexOf(63));
    }

    public String getErrorPage() {
        return this._formErrorPage;
    }

    @Override // org.mortbay.http.SecurityConstraint.Authenticator
    public UserPrincipal authenticated(UserRealm userRealm, String str, HttpRequest httpRequest, HttpResponse httpResponse) throws IOException {
        ServletHttpRequest servletHttpRequest = (ServletHttpRequest) httpRequest.getWrapper();
        HttpServletResponse httpServletResponse = (HttpServletResponse) httpResponse.getWrapper();
        if (userRealm instanceof SSORealm) {
            this._ssoRealm = (SSORealm) userRealm;
        } else if (this._ssoRealm != null) {
            Code.warning("Mixed realms");
            this._ssoRealm = null;
        }
        String str2 = str;
        HttpSession session = servletHttpRequest.getSession(true);
        if (str2.substring(str2.lastIndexOf("/") + 1).startsWith(__J_SECURITY_CHECK)) {
            FormCredential formCredential = new FormCredential(null);
            formCredential._jUserName = servletHttpRequest.getParameter(__J_USERNAME);
            formCredential._jPassword = servletHttpRequest.getParameter(__J_PASSWORD);
            formCredential._userPrincipal = userRealm.authenticate(formCredential._jUserName, formCredential._jPassword, httpRequest);
            String str3 = (String) session.getAttribute(__J_URI);
            if (str3 == null || str3.length() == 0) {
                str3 = "/";
            }
            if (formCredential._userPrincipal == null) {
                Code.debug("Form authentication FAILED for ", formCredential._jUserName);
                if (this._formErrorPage == null) {
                    httpServletResponse.sendError(HttpResponse.__403_Forbidden);
                    return null;
                }
                httpServletResponse.setContentLength(0);
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(URI.addPaths(servletHttpRequest.getContextPath(), this._formErrorPage)));
                return null;
            }
            Code.debug("Form authentication OK for ", formCredential._jUserName);
            session.removeAttribute(__J_URI);
            httpRequest.setAuthType(SecurityConstraint.__FORM_AUTH);
            httpRequest.setAuthUser(formCredential._jUserName);
            httpRequest.setUserPrincipal(formCredential._userPrincipal);
            session.setAttribute(__J_AUTHENTICATED, formCredential);
            if (this._ssoRealm != null) {
                this._ssoRealm.setSingleSignOn(httpRequest, httpResponse, formCredential._userPrincipal, new Password(formCredential._jPassword));
                session.setAttribute(__SSO_SIGNOFF, new SSOSignoff(this, formCredential._userPrincipal));
            }
            httpServletResponse.setContentLength(0);
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(str3));
            return null;
        }
        FormCredential formCredential2 = (FormCredential) session.getAttribute(__J_AUTHENTICATED);
        if (formCredential2 != null) {
            if (formCredential2._userPrincipal == null) {
                formCredential2._userPrincipal = userRealm.authenticate(formCredential2._jUserName, formCredential2._jPassword, httpRequest);
                if (this._ssoRealm != null) {
                    this._ssoRealm.setSingleSignOn(httpRequest, httpResponse, formCredential2._userPrincipal, new Password(formCredential2._jPassword));
                    session.setAttribute(__SSO_SIGNOFF, new SSOSignoff(this, formCredential2._userPrincipal));
                }
            } else if (!formCredential2._userPrincipal.isAuthenticated()) {
                formCredential2._userPrincipal = null;
            }
            if (formCredential2._userPrincipal != null) {
                Code.debug("FORM Authenticated for ", formCredential2._userPrincipal.getName());
                httpRequest.setAuthType(SecurityConstraint.__FORM_AUTH);
                httpRequest.setAuthUser(formCredential2._userPrincipal.getName());
                httpRequest.setUserPrincipal(formCredential2._userPrincipal);
                return formCredential2._userPrincipal;
            }
            session.setAttribute(__J_AUTHENTICATED, (Object) null);
        } else if (this._ssoRealm != null) {
            Credential singleSignOn = this._ssoRealm.getSingleSignOn(httpRequest, httpResponse);
            if (servletHttpRequest.getUserPrincipal() != null) {
                FormCredential formCredential3 = new FormCredential(null);
                formCredential3._userPrincipal = (UserPrincipal) servletHttpRequest.getUserPrincipal();
                formCredential3._jUserName = formCredential3._userPrincipal.toString();
                if (singleSignOn != null) {
                    formCredential3._jPassword = singleSignOn.toString();
                }
                Code.debug("SSO for ", formCredential3._userPrincipal);
                httpRequest.setAuthType(SecurityConstraint.__FORM_AUTH);
                session.setAttribute(__J_AUTHENTICATED, formCredential3);
                session.setAttribute(__SSO_SIGNOFF, new SSOSignoff(this, formCredential3._userPrincipal));
                return formCredential3._userPrincipal;
            }
        }
        if ((str != null && str.equals(this._formErrorPath)) || str.equals(this._formLoginPath)) {
            return SecurityConstraint.__NOBODY;
        }
        if (httpRequest.getQuery() != null) {
            str2 = new StringBuffer().append(str2).append("?").append(httpRequest.getQuery()).toString();
        }
        session.setAttribute(__J_URI, new StringBuffer().append(servletHttpRequest.getScheme()).append("://").append(servletHttpRequest.getServerName()).append(":").append(servletHttpRequest.getServerPort()).append(URI.addPaths(servletHttpRequest.getContextPath(), str2)).toString());
        httpServletResponse.setContentLength(0);
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(URI.addPaths(servletHttpRequest.getContextPath(), this._formLoginPage)));
        return null;
    }
}
