package org.jboss.errai.security.server;

import ch.qos.logback.classic.spi.CallerData;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.Map;
import javax.enterprise.context.Dependent;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jboss.errai.marshalling.server.MappingContextSingleton;
import org.picketlink.authentication.web.HTTPAuthenticationScheme;
import org.picketlink.credential.DefaultLoginCredentials;

@Dependent
@Deprecated
/* loaded from: input_file:WEB-INF/lib/errai-security-picketlink-4.6.0.Final.jar:org/jboss/errai/security/server/FormAuthenticationScheme.class */
public class FormAuthenticationScheme implements HTTPAuthenticationScheme {
    public static final String HOST_PAGE_INIT_PARAM = "host-page";
    public static final String LOGIN_PAGE_INIT_PARAM = "form-login-page";
    public static final String LOGIN_ERROR_QUERY_PARAM = "login_failed";
    public static final String HTTP_FORM_SECURITY_CHECK_URI = "/uf_security_check";
    public static final String HTTP_FORM_USERNAME_PARAM = "uf_username";
    public static final String HTTP_FORM_PASSWORD_PARAM = "uf_password";
    private String hostPageUri;
    private String loginPageUri;

    @Override // org.picketlink.authentication.web.HTTPAuthenticationScheme
    public void initialize(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter(HOST_PAGE_INIT_PARAM);
        if (initParameter == null) {
            throw new IllegalStateException("FormAuthenticationScheme requires that you set the filter init parameter \"host-page\" to the context-relative URI of the host page.");
        }
        this.hostPageUri = filterConfig.getServletContext().getContextPath() + initParameter;
        String initParameter2 = filterConfig.getInitParameter("form-login-page");
        if (initParameter2 == null) {
            throw new IllegalStateException("FormAuthenticationScheme requires that you set the filter init parameter \"form-login-page\" to the context-relative URI of the login page.");
        }
        this.loginPageUri = filterConfig.getServletContext().getContextPath() + initParameter2;
        MappingContextSingleton.get();
    }

    @Override // org.picketlink.authentication.web.HTTPAuthenticationScheme
    public void extractCredential(HttpServletRequest httpServletRequest, DefaultLoginCredentials defaultLoginCredentials) {
        if (isLoginAttempt(httpServletRequest)) {
            defaultLoginCredentials.setUserId(httpServletRequest.getParameter(HTTP_FORM_USERNAME_PARAM));
            defaultLoginCredentials.setPassword(httpServletRequest.getParameter(HTTP_FORM_PASSWORD_PARAM));
        }
    }

    @Override // org.picketlink.authentication.web.HTTPAuthenticationScheme
    public void challengeClient(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (httpServletRequest.getRequestURI().equals(this.hostPageUri)) {
            StringBuilder sb = new StringBuilder();
            sb.append(this.loginPageUri);
            String extractParameters = extractParameters(httpServletRequest);
            if (extractParameters.length() > 0) {
                sb.append(CallerData.NA).append(extractParameters);
            }
            httpServletResponse.sendRedirect(sb.toString());
            return;
        }
        if (!isLoginAttempt(httpServletRequest)) {
            httpServletResponse.sendError(403);
            return;
        }
        StringBuilder sb2 = new StringBuilder();
        sb2.append(this.loginPageUri);
        sb2.append(CallerData.NA);
        sb2.append(LOGIN_ERROR_QUERY_PARAM).append("=true");
        String extractParameters2 = extractParameters(httpServletRequest);
        if (extractParameters2.length() > 0) {
            sb2.append("&").append(extractParameters2);
        }
        httpServletResponse.sendRedirect(sb2.toString());
    }

    private boolean isLoginAttempt(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getMethod().equals("POST") && httpServletRequest.getRequestURI().contains(HTTP_FORM_SECURITY_CHECK_URI);
    }

    @Override // org.picketlink.authentication.web.HTTPAuthenticationScheme
    public boolean postAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        StringBuilder sb = new StringBuilder(this.hostPageUri);
        String extractParameters = extractParameters(httpServletRequest);
        if (extractParameters.length() > 0) {
            sb.append(CallerData.NA).append(extractParameters);
        }
        httpServletResponse.sendRedirect(sb.toString());
        return false;
    }

    private static String extractParameters(HttpServletRequest httpServletRequest) {
        try {
            StringBuilder sb = new StringBuilder();
            for (Map.Entry entry : httpServletRequest.getParameterMap().entrySet()) {
                String encode = URLEncoder.encode((String) entry.getKey(), "UTF-8");
                if (!encode.equals(HTTP_FORM_USERNAME_PARAM) && !encode.equals(HTTP_FORM_PASSWORD_PARAM)) {
                    for (String str : (String[]) entry.getValue()) {
                        if (sb.length() != 0) {
                            sb.append("&");
                        }
                        sb.append(encode).append("=").append(URLEncoder.encode(str, "UTF-8"));
                    }
                }
            }
            return sb.toString();
        } catch (UnsupportedEncodingException e) {
            throw new AssertionError("UTF-8 not supported on this JVM?");
        }
    }

    @Override // org.picketlink.authentication.web.HTTPAuthenticationScheme
    public boolean isProtected(HttpServletRequest httpServletRequest) {
        return true;
    }
}
