package org.gatein.sso.agent.filter;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.gatein.common.logging.Logger;
import org.gatein.common.logging.LoggerFactory;
import org.gatein.sso.agent.cas.CASAgent;
import org.gatein.sso.agent.filter.api.AbstractSSOInterceptor;
import org.gatein.sso.agent.josso.JOSSOAgent;
import org.gatein.sso.agent.opensso.OpenSSOAgent;

/* loaded from: input_file:org/gatein/sso/agent/filter/InitiateLoginFilter.class */
public class InitiateLoginFilter extends AbstractSSOInterceptor {
    private static Logger log = LoggerFactory.getLogger(InitiateLoginFilter.class);
    private static final int DEFAULT_MAX_NUMBER_OF_LOGIN_ERRORS = 3;
    private String ssoServerUrl;
    private String ssoCookieName;
    private boolean casRenewTicket;
    private String casServiceUrl;
    private String loginUrl;
    private int maxNumberOfLoginErrors;
    private boolean attachUsernamePasswordToLoginURL;
    private CASAgent casAgent;
    private JOSSOAgent jossoAgent;
    private OpenSSOAgent openSSOAgent;

    @Override // org.gatein.sso.agent.filter.api.AbstractSSOInterceptor
    protected void initImpl() {
        this.ssoServerUrl = getInitParameter("ssoServerUrl");
        this.ssoCookieName = getInitParameter("ssoCookieName");
        this.loginUrl = getInitParameter("loginUrl");
        String initParameter = getInitParameter("casRenewTicket");
        if (initParameter != null) {
            this.casRenewTicket = Boolean.parseBoolean(initParameter);
        }
        String initParameter2 = getInitParameter("casServiceUrl");
        if (initParameter2 != null && initParameter2.trim().length() > 0) {
            this.casServiceUrl = initParameter2;
        }
        String initParameter3 = getInitParameter("maxNumberOfLoginErrors");
        this.maxNumberOfLoginErrors = initParameter3 == null ? DEFAULT_MAX_NUMBER_OF_LOGIN_ERRORS : Integer.parseInt(initParameter3);
        String initParameter4 = getInitParameter("attachUsernamePasswordToLoginURL");
        this.attachUsernamePasswordToLoginURL = initParameter4 == null ? true : Boolean.parseBoolean(initParameter4);
        log.info("InitiateLoginFilter configuration: ssoServerUrl=" + this.ssoServerUrl + ", ssoCookieName=" + this.ssoCookieName + ", loginUrl=" + this.loginUrl + ", casRenewTicket=" + this.casRenewTicket + ", casServiceUrl=" + this.casServiceUrl + ", maxNumberOfLoginErrors=" + this.maxNumberOfLoginErrors + ", attachUsernamePasswordToLoginURL=" + this.attachUsernamePasswordToLoginURL);
    }

    protected CASAgent getCasAgent() {
        if (this.casAgent == null) {
            CASAgent cASAgent = (CASAgent) getExoContainer().getComponentInstanceOfType(CASAgent.class);
            if (cASAgent == null) {
                throw new IllegalStateException("CASAgent component not provided in PortalContainer");
            }
            cASAgent.setCasServerUrl(this.ssoServerUrl);
            cASAgent.setCasServiceUrl(this.casServiceUrl);
            cASAgent.setRenewTicket(this.casRenewTicket);
            this.casAgent = cASAgent;
        }
        return this.casAgent;
    }

    protected JOSSOAgent getJOSSOAgent() {
        if (this.jossoAgent == null) {
            JOSSOAgent jOSSOAgent = (JOSSOAgent) getExoContainer().getComponentInstanceOfType(JOSSOAgent.class);
            if (jOSSOAgent == null) {
                throw new IllegalStateException("JOSSOAgent component not provided in PortalContainer");
            }
            this.jossoAgent = jOSSOAgent;
        }
        return this.jossoAgent;
    }

    protected OpenSSOAgent getOpenSSOAgent() {
        if (this.openSSOAgent == null) {
            OpenSSOAgent openSSOAgent = (OpenSSOAgent) getExoContainer().getComponentInstanceOfType(OpenSSOAgent.class);
            if (openSSOAgent == null) {
                throw new IllegalStateException("OpenSSOAgent component not provided in PortalContainer");
            }
            openSSOAgent.setServerUrl(this.ssoServerUrl);
            openSSOAgent.setCookieName(this.ssoCookieName);
            this.openSSOAgent = openSSOAgent;
        }
        return this.openSSOAgent;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            processSSOToken(httpServletRequest, httpServletResponse);
            if (httpServletResponse.isCommitted()) {
                return;
            }
            String contextPath = httpServletRequest.getContextPath();
            if (httpServletRequest.getAttribute("abort") != null) {
                httpServletResponse.sendRedirect(contextPath + "/sso");
            } else {
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(getLoginRedirectUrl(httpServletRequest)));
            }
        } catch (Exception e) {
            throw new ServletException(e);
        }
    }

    public void destroy() {
    }

    private void processSSOToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String parameter = httpServletRequest.getParameter("ticket");
        String parameter2 = httpServletRequest.getParameter("josso_assertion_id");
        if (parameter != null && parameter.trim().length() > 0) {
            getCasAgent().validateTicket(httpServletRequest, parameter);
            return;
        }
        if (parameter2 != null && parameter2.trim().length() > 0) {
            getJOSSOAgent().validateTicket(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            getOpenSSOAgent().validateTicket(httpServletRequest, httpServletResponse);
        } catch (IllegalStateException e) {
            int countOfUnsuccessfulAttempts = getCountOfUnsuccessfulAttempts(httpServletRequest);
            log.warn("Count of login errors: " + countOfUnsuccessfulAttempts);
            if (countOfUnsuccessfulAttempts >= this.maxNumberOfLoginErrors) {
                log.warn("Max. number of login errors reached. Rethrowing exception");
                throw e;
            }
            httpServletRequest.setAttribute("abort", Boolean.TRUE);
        }
    }

    private int getCountOfUnsuccessfulAttempts(HttpServletRequest httpServletRequest) {
        Integer num = (Integer) httpServletRequest.getSession().getAttribute("InitiateLoginFilter.currentNumberOfErrors");
        if (num == null) {
            num = 0;
        }
        Integer valueOf = Integer.valueOf(num.intValue() + 1);
        httpServletRequest.getSession().setAttribute("InitiateLoginFilter.currentNumberOfErrors", valueOf);
        return valueOf.intValue();
    }

    protected String getLoginRedirectUrl(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder(this.loginUrl);
        if (this.attachUsernamePasswordToLoginURL) {
            String str = httpServletRequest.getSession().getId() + "_" + String.valueOf(System.currentTimeMillis());
            sb.append("?username=").append(str).append("&password=").append(str);
        }
        return sb.toString();
    }
}
