package io.undertow.servlet.handlers.security;

import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.AuthenticationMechanismFactory;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.impl.FormAuthenticationMechanism;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.form.FormParserFactory;
import io.undertow.server.session.Session;
import io.undertow.server.session.SessionListener;
import io.undertow.server.session.SessionManager;
import io.undertow.servlet.handlers.ServletRequestContext;
import io.undertow.servlet.spec.HttpSessionImpl;
import io.undertow.servlet.util.SavedRequest;
import io.undertow.util.Headers;
import io.undertow.util.RedirectBuilder;
import java.io.IOException;
import java.security.AccessController;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;

/* loaded from: input_file:wildfly.zip:modules/system/layers/base/io/undertow/servlet/main/undertow-servlet-2.2.5.Final.jar:io/undertow/servlet/handlers/security/ServletFormAuthenticationMechanism.class */
public class ServletFormAuthenticationMechanism extends FormAuthenticationMechanism {
    private static final String SESSION_KEY = "io.undertow.servlet.form.auth.redirect.location";
    public static final String SAVE_ORIGINAL_REQUEST = "save-original-request";
    private final boolean saveOriginalRequest;
    private final Set<SessionManager> seenSessionManagers;
    private final String defaultPage;
    private final boolean overrideInitial;
    public static final AuthenticationMechanismFactory FACTORY = new Factory();
    private static final SessionListener LISTENER = new SessionListener() { // from class: io.undertow.servlet.handlers.security.ServletFormAuthenticationMechanism.1
        @Override // io.undertow.server.session.SessionListener
        public void sessionCreated(Session session, HttpServerExchange httpServerExchange) {
        }

        @Override // io.undertow.server.session.SessionListener
        public void sessionDestroyed(Session session, HttpServerExchange httpServerExchange, SessionListener.SessionDestroyedReason sessionDestroyedReason) {
        }

        @Override // io.undertow.server.session.SessionListener
        public void attributeAdded(Session session, String str, Object obj) {
        }

        @Override // io.undertow.server.session.SessionListener
        public void attributeUpdated(Session session, String str, Object obj, Object obj2) {
        }

        @Override // io.undertow.server.session.SessionListener
        public void attributeRemoved(Session session, String str, Object obj) {
        }

        @Override // io.undertow.server.session.SessionListener
        public void sessionIdChanged(Session session, String str) {
            String str2 = (String) session.getAttribute(ServletFormAuthenticationMechanism.SESSION_KEY);
            if (str2 != null) {
                String str3 = ";jsessionid=" + str;
                if (str2.contains(str3)) {
                    session.setAttribute(ServletFormAuthenticationMechanism.SESSION_KEY, str2.replace(str3, ";jsessionid=" + session.getId()));
                }
            }
        }
    };

    /* loaded from: input_file:wildfly.zip:modules/system/layers/base/io/undertow/servlet/main/undertow-servlet-2.2.5.Final.jar:io/undertow/servlet/handlers/security/ServletFormAuthenticationMechanism$Factory.class */
    public static class Factory implements AuthenticationMechanismFactory {
        @Deprecated
        public Factory(IdentityManager identityManager) {
        }

        public Factory() {
        }

        @Override // io.undertow.security.api.AuthenticationMechanismFactory
        public AuthenticationMechanism create(String str, IdentityManager identityManager, FormParserFactory formParserFactory, Map<String, String> map) {
            String str2 = map.get(AuthenticationMechanismFactory.LOGIN_PAGE);
            String str3 = map.get(AuthenticationMechanismFactory.ERROR_PAGE);
            String str4 = map.get(AuthenticationMechanismFactory.DEFAULT_PAGE);
            boolean parseBoolean = map.containsKey(AuthenticationMechanismFactory.OVERRIDE_INITIAL) ? Boolean.parseBoolean(map.get(AuthenticationMechanismFactory.OVERRIDE_INITIAL)) : false;
            boolean z = true;
            if (map.containsKey(ServletFormAuthenticationMechanism.SAVE_ORIGINAL_REQUEST)) {
                z = Boolean.parseBoolean(map.get(ServletFormAuthenticationMechanism.SAVE_ORIGINAL_REQUEST));
            }
            return new ServletFormAuthenticationMechanism(formParserFactory, str, str2, str3, str4, parseBoolean, identityManager, z);
        }
    }

    /* loaded from: input_file:wildfly.zip:modules/system/layers/base/io/undertow/servlet/main/undertow-servlet-2.2.5.Final.jar:io/undertow/servlet/handlers/security/ServletFormAuthenticationMechanism$FormResponseWrapper.class */
    private static class FormResponseWrapper extends HttpServletResponseWrapper {
        private int status;

        private FormResponseWrapper(HttpServletResponse httpServletResponse) {
            super(httpServletResponse);
            this.status = 200;
        }

        @Override // javax.servlet.http.HttpServletResponseWrapper, javax.servlet.http.HttpServletResponse
        public void setStatus(int i, String str) {
            this.status = i;
        }

        @Override // javax.servlet.http.HttpServletResponseWrapper, javax.servlet.http.HttpServletResponse
        public void setStatus(int i) {
            this.status = i;
        }

        @Override // javax.servlet.http.HttpServletResponseWrapper, javax.servlet.http.HttpServletResponse
        public int getStatus() {
            return this.status;
        }
    }

    @Deprecated
    public ServletFormAuthenticationMechanism(String str, String str2, String str3) {
        super(str, str2, str3);
        this.seenSessionManagers = Collections.synchronizedSet(Collections.newSetFromMap(new WeakHashMap()));
        this.saveOriginalRequest = true;
        this.defaultPage = null;
        this.overrideInitial = false;
    }

    @Deprecated
    public ServletFormAuthenticationMechanism(String str, String str2, String str3, String str4) {
        super(str, str2, str3, str4);
        this.seenSessionManagers = Collections.synchronizedSet(Collections.newSetFromMap(new WeakHashMap()));
        this.saveOriginalRequest = true;
        this.defaultPage = null;
        this.overrideInitial = false;
    }

    public ServletFormAuthenticationMechanism(FormParserFactory formParserFactory, String str, String str2, String str3, String str4) {
        super(formParserFactory, str, str2, str3, str4);
        this.seenSessionManagers = Collections.synchronizedSet(Collections.newSetFromMap(new WeakHashMap()));
        this.saveOriginalRequest = true;
        this.defaultPage = null;
        this.overrideInitial = false;
    }

    public ServletFormAuthenticationMechanism(FormParserFactory formParserFactory, String str, String str2, String str3) {
        super(formParserFactory, str, str2, str3);
        this.seenSessionManagers = Collections.synchronizedSet(Collections.newSetFromMap(new WeakHashMap()));
        this.saveOriginalRequest = true;
        this.defaultPage = null;
        this.overrideInitial = false;
    }

    public ServletFormAuthenticationMechanism(FormParserFactory formParserFactory, String str, String str2, String str3, IdentityManager identityManager) {
        super(formParserFactory, str, str2, str3, identityManager);
        this.seenSessionManagers = Collections.synchronizedSet(Collections.newSetFromMap(new WeakHashMap()));
        this.saveOriginalRequest = true;
        this.defaultPage = null;
        this.overrideInitial = false;
    }

    public ServletFormAuthenticationMechanism(FormParserFactory formParserFactory, String str, String str2, String str3, IdentityManager identityManager, boolean z) {
        super(formParserFactory, str, str2, str3, identityManager);
        this.seenSessionManagers = Collections.synchronizedSet(Collections.newSetFromMap(new WeakHashMap()));
        this.saveOriginalRequest = true;
        this.defaultPage = null;
        this.overrideInitial = false;
    }

    public ServletFormAuthenticationMechanism(FormParserFactory formParserFactory, String str, String str2, String str3, String str4, boolean z, IdentityManager identityManager, boolean z2) {
        super(formParserFactory, str, str2, str3, identityManager);
        this.seenSessionManagers = Collections.synchronizedSet(Collections.newSetFromMap(new WeakHashMap()));
        this.saveOriginalRequest = z2;
        this.defaultPage = str4;
        this.overrideInitial = z;
    }

    @Override // io.undertow.security.impl.FormAuthenticationMechanism
    protected Integer servePage(HttpServerExchange httpServerExchange, String str) {
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        ServletRequest servletRequest = servletRequestContext.getServletRequest();
        ServletResponse servletResponse = servletRequestContext.getServletResponse();
        RequestDispatcher requestDispatcher = servletRequest.getRequestDispatcher(str);
        httpServerExchange.getResponseHeaders().add(Headers.CACHE_CONTROL, "no-cache, no-store, must-revalidate");
        httpServerExchange.getResponseHeaders().add(Headers.PRAGMA, "no-cache");
        httpServerExchange.getResponseHeaders().add(Headers.EXPIRES, "0");
        FormResponseWrapper formResponseWrapper = (httpServerExchange.getStatusCode() == 200 || !(servletResponse instanceof HttpServletResponse)) ? null : new FormResponseWrapper((HttpServletResponse) servletResponse);
        try {
            requestDispatcher.forward(servletRequest, formResponseWrapper != null ? formResponseWrapper : servletResponse);
            if (formResponseWrapper != null) {
                return Integer.valueOf(formResponseWrapper.getStatus());
            }
            return null;
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (ServletException e2) {
            throw new RuntimeException(e2);
        }
    }

    @Override // io.undertow.security.impl.FormAuthenticationMechanism
    protected void storeInitialLocation(HttpServerExchange httpServerExchange) {
        storeInitialLocation(httpServerExchange, null, 0);
    }

    protected void storeInitialLocation(HttpServerExchange httpServerExchange, byte[] bArr, int i) {
        if (this.saveOriginalRequest) {
            HttpSessionImpl session = ((ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY)).getCurrentServletContext().getSession(httpServerExchange, true);
            Session session2 = System.getSecurityManager() == null ? session.getSession() : (Session) AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session));
            SessionManager sessionManager = session2.getSessionManager();
            if (this.seenSessionManagers.add(sessionManager)) {
                sessionManager.registerSessionListener(LISTENER);
            }
            session2.setAttribute(SESSION_KEY, RedirectBuilder.redirect(httpServerExchange, httpServerExchange.getRelativePath()));
            if (bArr == null) {
                SavedRequest.trySaveRequest(httpServerExchange);
            } else {
                SavedRequest.trySaveRequest(httpServerExchange, bArr, i);
            }
        }
    }

    @Override // io.undertow.security.impl.FormAuthenticationMechanism
    protected void handleRedirectBack(HttpServerExchange httpServerExchange) {
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletRequestContext.getServletResponse();
        HttpSessionImpl session = servletRequestContext.getCurrentServletContext().getSession(httpServerExchange, false);
        if (session != null) {
            String str = (String) (System.getSecurityManager() == null ? session.getSession() : (Session) AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session))).getAttribute(SESSION_KEY);
            if ((str == null || this.overrideInitial) && this.defaultPage != null) {
                str = this.defaultPage;
            }
            if (str != null) {
                try {
                    httpServletResponse.sendRedirect(str);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
        }
    }
}
