package org.rhq.enterprise.gui.authentication;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.tiles.actions.TilesAction;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.authz.Permission;
import org.rhq.core.domain.configuration.Configuration;
import org.rhq.core.domain.criteria.SubjectCriteria;
import org.rhq.core.domain.util.PageList;
import org.rhq.enterprise.gui.legacy.AttrConstants;
import org.rhq.enterprise.gui.legacy.KeyConstants;
import org.rhq.enterprise.gui.legacy.ParamConstants;
import org.rhq.enterprise.gui.legacy.WebUser;
import org.rhq.enterprise.gui.legacy.util.SessionUtils;
import org.rhq.enterprise.server.RHQConstants;
import org.rhq.enterprise.server.auth.SubjectManagerLocal;
import org.rhq.enterprise.server.util.LookupUtil;

/* loaded from: input_file:rhq-portal.war/WEB-INF/classes/org/rhq/enterprise/gui/authentication/AuthenticateUserAction.class */
public class AuthenticateUserAction extends TilesAction {
    private static final String URL_REGISTER = "/admin/user/UserAdmin.do?mode=register";
    private static final String URL_DASHBOARD = "/";

    @Override // org.apache.struts.tiles.actions.TilesAction, org.apache.struts.action.Action
    public ActionForward execute(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        boolean z;
        ActionForward actionForward;
        Log log = LogFactory.getLog(AuthenticateUserAction.class.getName());
        HttpSession session = httpServletRequest.getSession(true);
        LogonForm logonForm = (LogonForm) actionForm;
        ServletContext servletContext = getServlet().getServletContext();
        HashMap hashMap = new HashMap();
        boolean z2 = false;
        try {
            SubjectManagerLocal subjectManager = LookupUtil.getSubjectManager();
            Subject login = subjectManager.login(logonForm.getJ_username(), logonForm.getJ_password());
            Integer sessionId = login.getSessionId();
            log.debug("Logged in as [" + logonForm.getJ_username() + "] with session id [" + sessionId + "]");
            if (login.getId() == 0) {
                z2 = true;
            }
            if (usingLDAPAuthentication(servletContext)) {
                z = subjectManager.isUserWithPrincipal(logonForm.getJ_username());
                if (!z && z2) {
                    SubjectCriteria subjectCriteria = new SubjectCriteria();
                    subjectCriteria.setCaseSensitive(false);
                    subjectCriteria.setStrict(true);
                    subjectCriteria.addFilterName(logonForm.getJ_username());
                    subjectCriteria.fetchRoles(true);
                    subjectCriteria.fetchConfiguration(true);
                    PageList<Subject> findSubjectsByCriteria = LookupUtil.getSubjectManager().findSubjectsByCriteria(LookupUtil.getSubjectManager().getOverlord(), subjectCriteria);
                    if (!findSubjectsByCriteria.isEmpty()) {
                        Subject subject = findSubjectsByCriteria.get(0);
                        log.info("Located existing ldap account with different case for [" + subject.getName() + "]. Attempting to authenticate with that account instead.");
                        login = subjectManager.login(subject.getName(), logonForm.getJ_password());
                        sessionId = login.getSessionId();
                        log.debug("Logged in as [" + subject.getName() + "] with session id [" + sessionId + "]");
                        z2 = false;
                    }
                }
            } else {
                z = true;
            }
            if (!z2) {
                login = subjectManager.loadUserConfiguration(Integer.valueOf(login.getId()));
                login.setSessionId(sessionId);
                if (login.getUserConfiguration() == null) {
                    login.setUserConfiguration((Configuration) servletContext.getAttribute(AttrConstants.DEF_USER_PREFS));
                    login = subjectManager.updateSubject(login, login);
                    login.setSessionId(sessionId);
                }
                Iterator<Permission> it = LookupUtil.getAuthorizationManager().getExplicitGlobalPermissions(login).iterator();
                while (it.hasNext()) {
                    hashMap.put(it.next().toString(), Boolean.TRUE);
                }
            }
            WebUser webUser = new WebUser(login, z);
            if (z2) {
                log.debug("LDAP registration required for user [" + logonForm.getJ_username() + "]");
                actionForward = new ActionForward(URL_REGISTER);
            } else {
                String bookmarkedUrl = getBookmarkedUrl(session);
                if (bookmarkedUrl == null || bookmarkedUrl.equals("/Logout.do")) {
                    bookmarkedUrl = "/";
                }
                if (bookmarkedUrl.toLowerCase().indexOf("ajax") != -1) {
                    bookmarkedUrl = webUser.getWebPreferences().getLastVisitedURL(2);
                    log.info("Bypassing partial-page with " + bookmarkedUrl);
                }
                actionForward = new ActionForward(bookmarkedUrl);
            }
            actionForward.setRedirect(true);
            session.invalidate();
            HttpSession session2 = httpServletRequest.getSession(true);
            SessionUtils.setWebUser(session2, webUser);
            session2.setAttribute(AttrConstants.USER_OPERATIONS_ATTR, hashMap);
            if (z2) {
                session2.setAttribute("password", logonForm.getJ_password());
            }
            updateMonitoringEnabled(servletContext);
            return actionForward;
        } catch (Exception e) {
            String lowerCase = e.getMessage().toLowerCase();
            if (lowerCase.indexOf("username") >= 0 || lowerCase.indexOf("password") >= 0) {
                httpServletRequest.setAttribute(ParamConstants.LOGON_STATUS, "login.info.bad");
            } else {
                log.error("Could not log into the web application", e);
                httpServletRequest.setAttribute(ParamConstants.LOGON_STATUS, "login.bad.backend");
            }
            return actionMapping.findForward("bad");
        }
    }

    private String getBookmarkedUrl(HttpSession httpSession) {
        String str = (String) httpSession.getAttribute(KeyConstants.LOGON_URL_KEY);
        if (str == null || str.length() == 0) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer(str);
        Map map = (Map) httpSession.getAttribute(ParamConstants.LOGON_URL_PARAMETERS);
        if (map != null && !map.isEmpty()) {
            String str2 = "?";
            for (String str3 : map.keySet()) {
                stringBuffer.append(str2).append(str3).append("=").append((String) map.get(str3));
                if (str2.equals("?")) {
                    str2 = "&";
                }
            }
        }
        return stringBuffer.toString();
    }

    public static boolean usingLDAPAuthentication(ServletContext servletContext) throws Exception {
        String str = (String) servletContext.getAttribute(AttrConstants.JAAS_PROVIDER_CTX_ATTR);
        if (str == null) {
            str = LookupUtil.getSystemManager().getSystemConfiguration().getProperty(RHQConstants.JAASProvider);
            servletContext.setAttribute(AttrConstants.JAAS_PROVIDER_CTX_ATTR, str);
        }
        return str != null && str.equals(RHQConstants.LDAPJAASProvider);
    }

    public static boolean updateMonitoringEnabled(ServletContext servletContext) {
        boolean isMonitoringEnabled = LookupUtil.getSystemManager().isMonitoringEnabled();
        servletContext.setAttribute(AttrConstants.MONITOR_ENABLED, Boolean.valueOf(isMonitoringEnabled));
        return isMonitoringEnabled;
    }
}
