package edu.internet2.middleware.shibboleth.idp.authn.provider;

import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine;
import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationException;
import edu.internet2.middleware.shibboleth.idp.authn.LoginHandler;
import edu.internet2.middleware.shibboleth.idp.authn.UsernamePrincipal;
import java.io.IOException;
import java.security.Principal;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/idp/authn/provider/UsernamePasswordLoginServlet.class */
public class UsernamePasswordLoginServlet extends HttpServlet {
    private static final long serialVersionUID = -572799841125956990L;
    private String authenticationMethod;
    private final Logger log = LoggerFactory.getLogger(UsernamePasswordLoginServlet.class);
    private String jaasConfigName = "ShibUserPassAuth";
    private final String jaasInitParam = "jaasConfigName";
    private String loginPage = "login.jsp";
    private final String loginPageInitParam = "loginPage";
    private final String failureParam = "loginFailed";
    private final String usernameAttribute = "j_username";
    private final String passwordAttribute = "j_password";

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:edu/internet2/middleware/shibboleth/idp/authn/provider/UsernamePasswordLoginServlet$SimpleCallbackHandler.class */
    public class SimpleCallbackHandler implements CallbackHandler {
        private String uname;
        private String pass;

        public SimpleCallbackHandler(String str, String str2) {
            this.uname = str;
            this.pass = str2;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
            if (callbackArr == null || callbackArr.length == 0) {
                return;
            }
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(this.uname);
                } else if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword(this.pass.toCharArray());
                }
            }
        }
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        if (getInitParameter("jaasConfigName") != null) {
            this.jaasConfigName = getInitParameter("jaasConfigName");
        }
        if (getInitParameter("loginPage") != null) {
            this.loginPage = getInitParameter("loginPage");
        }
        if (!this.loginPage.startsWith("/")) {
            this.loginPage = "/" + this.loginPage;
        }
        String safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(servletConfig.getInitParameter("authnMethod"));
        if (safeTrimOrNullString != null) {
            this.authenticationMethod = safeTrimOrNullString;
        } else {
            this.authenticationMethod = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport";
        }
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("j_username");
        String parameter2 = httpServletRequest.getParameter("j_password");
        if (parameter == null || parameter2 == null) {
            redirectToLoginPage(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            authenticateUser(httpServletRequest, parameter, parameter2);
            AuthenticationEngine.returnToAuthenticationEngine(httpServletRequest, httpServletResponse);
        } catch (LoginException e) {
            httpServletRequest.setAttribute("loginFailed", "true");
            httpServletRequest.setAttribute(LoginHandler.AUTHENTICATION_EXCEPTION_KEY, new AuthenticationException(e));
            redirectToLoginPage(httpServletRequest, httpServletResponse);
        }
    }

    protected void redirectToLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        StringBuilder sb = new StringBuilder();
        if (!"".equals(httpServletRequest.getContextPath())) {
            sb.append(httpServletRequest.getContextPath());
        }
        sb.append(httpServletRequest.getServletPath());
        httpServletRequest.setAttribute("actionUrl", sb.toString());
        try {
            httpServletRequest.getRequestDispatcher(this.loginPage).forward(httpServletRequest, httpServletResponse);
            this.log.debug("Redirecting to login page {}", this.loginPage);
        } catch (ServletException e) {
            this.log.error("Unable to redirect to login page.", e);
        } catch (IOException e2) {
            this.log.error("Unable to redirect to login page.", e2);
        }
    }

    protected void authenticateUser(HttpServletRequest httpServletRequest, String str, String str2) throws LoginException {
        try {
            this.log.debug("Attempting to authenticate user {}", str);
            LoginContext loginContext = new LoginContext(this.jaasConfigName, new SimpleCallbackHandler(str, str2));
            loginContext.login();
            this.log.debug("Successfully authenticated user {}", str);
            Subject subject = loginContext.getSubject();
            Set<Principal> principals = subject.getPrincipals();
            principals.add(new UsernamePrincipal(str));
            Set<Object> publicCredentials = subject.getPublicCredentials();
            Set<Object> privateCredentials = subject.getPrivateCredentials();
            privateCredentials.add(new UsernamePasswordCredential(str, str2));
            httpServletRequest.setAttribute(LoginHandler.SUBJECT_KEY, new Subject(false, principals, publicCredentials, privateCredentials));
            httpServletRequest.setAttribute("authnMethod", this.authenticationMethod);
        } catch (LoginException e) {
            this.log.debug("User authentication for " + str + " failed", e);
            throw e;
        } catch (Throwable th) {
            this.log.debug("User authentication for " + str + " failed", th);
            throw new LoginException("unknown authentication error");
        }
    }
}
