package org.wildfly.security.http.impl;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URI;
import java.util.Arrays;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.jboss.as.naming.JndiViewManagedReferenceFactory;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.callback.CachedIdentityAuthorizeCallback;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.cache.CachedIdentity;
import org.wildfly.security.cache.IdentityCache;
import org.wildfly.security.http.HttpAuthenticationException;
import org.wildfly.security.http.HttpConstants;
import org.wildfly.security.http.HttpScope;
import org.wildfly.security.http.HttpServerMechanismsResponder;
import org.wildfly.security.http.HttpServerRequest;
import org.wildfly.security.http.HttpServerResponse;
import org.wildfly.security.http.Scope;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/security/http/impl/FormAuthenticationMechanism.class */
public final class FormAuthenticationMechanism extends UsernamePasswordAuthenticationMechanism {
    private static final String USERNAME = "j_username";
    private static final String PASSWORD = "j_password";
    private static final String LOCATION_KEY = FormAuthenticationMechanism.class.getName() + ".Location";
    private static final String CACHED_IDENTITY_KEY = FormAuthenticationMechanism.class.getName() + ".elytron-identity";
    private static final String DEFAULT_POST_LOCATION = "j_security_check";
    private final String contextPath;
    private final String loginPage;
    private final String errorPage;
    private final String postLocation;

    /* JADX INFO: Access modifiers changed from: package-private */
    public FormAuthenticationMechanism(CallbackHandler callbackHandler, Map<String, ?> map) {
        super((CallbackHandler) Assert.checkNotNullParam("callbackHandler", callbackHandler));
        Assert.checkNotNullParam("properties", map);
        String str = (String) map.get(HttpConstants.CONFIG_POST_LOCATION);
        this.postLocation = str != null ? str : DEFAULT_POST_LOCATION;
        this.contextPath = map.containsKey(HttpConstants.CONFIG_CONTEXT_PATH) ? (String) map.get(HttpConstants.CONFIG_CONTEXT_PATH) : "";
        this.loginPage = (String) map.get(HttpConstants.CONFIG_LOGIN_PAGE);
        this.errorPage = (String) map.get(HttpConstants.CONFIG_ERROR_PAGE);
    }

    @Override // org.wildfly.security.http.HttpServerAuthenticationMechanism
    public String getMechanismName() {
        return "FORM";
    }

    @Override // org.wildfly.security.http.HttpServerAuthenticationMechanism
    public void evaluateRequest(HttpServerRequest httpServerRequest) throws HttpAuthenticationException {
        if (attemptReAuthentication(httpServerRequest)) {
            return;
        }
        if ("POST".equals(httpServerRequest.getRequestMethod()) && httpServerRequest.getRequestURI().getPath().endsWith(this.postLocation)) {
            attemptAuthentication(httpServerRequest);
        } else if (this.loginPage != null) {
            httpServerRequest.noAuthenticationInProgress(httpServerResponse -> {
                sendLogin(httpServerRequest, httpServerResponse);
            });
        }
    }

    private IdentityCache createIdentityCache(final HttpServerRequest httpServerRequest) {
        return new IdentityCache() { // from class: org.wildfly.security.http.impl.FormAuthenticationMechanism.1
            @Override // org.wildfly.security.cache.IdentityCache
            public void put(SecurityIdentity securityIdentity) {
                HttpScope sessionScope = FormAuthenticationMechanism.this.getSessionScope(httpServerRequest, true);
                if (sessionScope == null || !sessionScope.exists()) {
                    return;
                }
                sessionScope.setAttachment(FormAuthenticationMechanism.CACHED_IDENTITY_KEY, new CachedIdentity(FormAuthenticationMechanism.this.getMechanismName(), securityIdentity));
            }

            @Override // org.wildfly.security.cache.IdentityCache
            public CachedIdentity get() {
                HttpScope sessionScope = FormAuthenticationMechanism.this.getSessionScope(httpServerRequest, false);
                if (sessionScope == null || !sessionScope.exists()) {
                    return null;
                }
                return (CachedIdentity) sessionScope.getAttachment(FormAuthenticationMechanism.CACHED_IDENTITY_KEY);
            }

            @Override // org.wildfly.security.cache.IdentityCache
            public CachedIdentity remove() {
                HttpScope sessionScope = FormAuthenticationMechanism.this.getSessionScope(httpServerRequest, false);
                if (sessionScope == null || !sessionScope.exists()) {
                    return null;
                }
                CachedIdentity cachedIdentity = get();
                sessionScope.setAttachment(FormAuthenticationMechanism.CACHED_IDENTITY_KEY, null);
                return cachedIdentity;
            }
        };
    }

    private void error(String str, HttpServerRequest httpServerRequest) {
        httpServerRequest.authenticationFailed(str, httpServerResponse -> {
            sendPage(this.errorPage, httpServerRequest, httpServerResponse);
        });
    }

    private void attemptAuthentication(HttpServerRequest httpServerRequest) throws HttpAuthenticationException {
        String sb;
        String firstParameterValue = httpServerRequest.getFirstParameterValue(USERNAME);
        String firstParameterValue2 = httpServerRequest.getFirstParameterValue(PASSWORD);
        if (firstParameterValue == null || firstParameterValue.length() == 0 || firstParameterValue2 == null) {
            error(ElytronMessages.httpForm.usernameOrPasswordMissing(), httpServerRequest);
            return;
        }
        char[] charArray = firstParameterValue2.toCharArray();
        try {
            try {
                if (!authenticate(null, firstParameterValue, charArray)) {
                    ElytronMessages.httpForm.debugf("User [%s] authentication failed", firstParameterValue);
                    failAndRedirectToErrorPage(httpServerRequest, firstParameterValue);
                    Arrays.fill(charArray, (char) 0);
                    return;
                }
                IdentityCache createIdentityCache = createIdentityCache(httpServerRequest);
                if (!authorize(firstParameterValue, httpServerRequest, createIdentityCache)) {
                    ElytronMessages.httpForm.debugf("User [%s] authorization failed", firstParameterValue);
                    failAndRedirectToErrorPage(httpServerRequest, firstParameterValue);
                    Arrays.fill(charArray, (char) 0);
                    return;
                }
                ElytronMessages.httpForm.debugf("User [%s] authenticated successfully", firstParameterValue);
                succeed();
                HttpScope sessionScope = getSessionScope(httpServerRequest, true);
                HttpServerMechanismsResponder httpServerMechanismsResponder = null;
                if (sessionScope != null && sessionScope.exists()) {
                    String str = (String) sessionScope.getAttachment(LOCATION_KEY, String.class);
                    if (str != null) {
                        sb = str;
                        ElytronMessages.httpForm.tracef("User redirected to original path [%s]", sb);
                    } else {
                        URI requestURI = httpServerRequest.getRequestURI();
                        String path = requestURI.getPath();
                        StringBuilder sb2 = new StringBuilder();
                        String scheme = requestURI.getScheme();
                        sb2.append(scheme);
                        sb2.append("://");
                        sb2.append(requestURI.getHost());
                        int port = requestURI.getPort();
                        if (appendPort(scheme, port)) {
                            sb2.append(':').append(port);
                        }
                        sb2.append(path.substring(0, path.indexOf(DEFAULT_POST_LOCATION)));
                        sb = sb2.toString();
                        ElytronMessages.httpForm.tracef("User redirected to default path [%s]", sb);
                    }
                    sessionScope.setAttachment(LOCATION_KEY, null);
                    String str2 = sb;
                    httpServerMechanismsResponder = httpServerResponse -> {
                        sendRedirect(httpServerResponse, str2);
                    };
                }
                createIdentityCache.getClass();
                httpServerRequest.authenticationComplete(httpServerMechanismsResponder, createIdentityCache::remove);
                Arrays.fill(charArray, (char) 0);
            } catch (IOException | UnsupportedCallbackException e) {
                throw new HttpAuthenticationException(e);
            }
        } catch (Throwable th) {
            Arrays.fill(charArray, (char) 0);
            throw th;
        }
    }

    private boolean authorize(String str, HttpServerRequest httpServerRequest, IdentityCache identityCache) throws HttpAuthenticationException {
        ElytronMessages.httpForm.tracef("Authorizing username: [%s], Request URI: [%s], Context path: [%s]", str, httpServerRequest.getRequestURI(), this.contextPath);
        if (identityCache == null) {
            return super.authorize(str);
        }
        CachedIdentityAuthorizeCallback cachedIdentityAuthorizeCallback = new CachedIdentityAuthorizeCallback(str, identityCache);
        try {
            this.callbackHandler.handle(new Callback[]{cachedIdentityAuthorizeCallback});
            return cachedIdentityAuthorizeCallback.isAuthorized();
        } catch (IOException | UnsupportedCallbackException e) {
            throw new HttpAuthenticationException(e);
        }
    }

    private boolean attemptReAuthentication(HttpServerRequest httpServerRequest) throws HttpAuthenticationException {
        if (ElytronMessages.httpForm.isTraceEnabled()) {
            HttpScope sessionScope = getSessionScope(httpServerRequest, false);
            if (sessionScope == null || !sessionScope.exists()) {
                ElytronMessages.httpForm.tracef("Trying to re-authenticate. There is no session attached to the following request. Request URI: [%s], Context path: [%s]", httpServerRequest.getRequestURI(), this.contextPath);
            } else {
                ElytronMessages.httpForm.tracef("Trying to re-authenticate session %s. Request URI: [%s], Context path: [%s]", sessionScope.getID(), httpServerRequest.getRequestURI(), this.contextPath);
            }
        }
        IdentityCache createIdentityCache = createIdentityCache(httpServerRequest);
        if (createIdentityCache == null) {
            return false;
        }
        CachedIdentityAuthorizeCallback cachedIdentityAuthorizeCallback = new CachedIdentityAuthorizeCallback(createIdentityCache);
        try {
            this.callbackHandler.handle(new Callback[]{cachedIdentityAuthorizeCallback});
            if (!cachedIdentityAuthorizeCallback.isAuthorized()) {
                return false;
            }
            try {
                succeed();
                createIdentityCache.getClass();
                httpServerRequest.authenticationComplete(null, createIdentityCache::remove);
                httpServerRequest.resumeRequest();
                return true;
            } catch (IOException | UnsupportedCallbackException e) {
                throw new HttpAuthenticationException(e);
            }
        } catch (IOException | UnsupportedCallbackException e2) {
            throw new HttpAuthenticationException(e2);
        }
    }

    private void failAndRedirectToErrorPage(HttpServerRequest httpServerRequest, String str) throws IOException, UnsupportedCallbackException {
        IdentityCache createIdentityCache = createIdentityCache(httpServerRequest);
        if (createIdentityCache != null) {
            createIdentityCache.remove();
        }
        fail();
        error(ElytronMessages.httpForm.authorizationFailed(str), httpServerRequest);
    }

    private void sendLogin(HttpServerRequest httpServerRequest, HttpServerResponse httpServerResponse) throws HttpAuthenticationException {
        URI requestURI = httpServerRequest.getRequestURI();
        HttpScope sessionScope = getSessionScope(httpServerRequest, true);
        if (sessionScope != null && sessionScope.supportsAttachments()) {
            StringBuilder sb = new StringBuilder();
            String scheme = requestURI.getScheme();
            sb.append(scheme);
            sb.append("://");
            sb.append(requestURI.getHost());
            int port = requestURI.getPort();
            if (appendPort(scheme, port)) {
                sb.append(':').append(port);
            }
            sb.append(requestURI.getPath());
            if (requestURI.getRawQuery() != null) {
                sb.append(JndiViewManagedReferenceFactory.DEFAULT_JNDI_VIEW_INSTANCE_VALUE);
                sb.append(requestURI.getRawQuery());
            }
            if (requestURI.getRawFragment() != null) {
                sb.append("#");
                sb.append(requestURI.getRawFragment());
            }
            sessionScope.setAttachment(LOCATION_KEY, sb.toString());
            httpServerRequest.suspendRequest();
        }
        sendPage(this.loginPage, httpServerRequest, httpServerResponse);
    }

    private void sendPage(String str, HttpServerRequest httpServerRequest, HttpServerResponse httpServerResponse) throws HttpAuthenticationException {
        if (httpServerResponse.forward(str)) {
            return;
        }
        HttpScope scope = httpServerRequest.getScope(Scope.APPLICATION);
        if (scope != null && scope.supportsResources()) {
            try {
                InputStream resource = scope.getResource(str);
                Throwable th = null;
                if (resource != null) {
                    try {
                        try {
                            OutputStream outputStream = httpServerResponse.getOutputStream();
                            if (outputStream != null) {
                                byte[] bArr = new byte[1024];
                                while (true) {
                                    int read = resource.read(bArr);
                                    if (read <= 0) {
                                        break;
                                    } else {
                                        outputStream.write(bArr, 0, read);
                                    }
                                }
                                if (resource != null) {
                                    if (0 == 0) {
                                        resource.close();
                                        return;
                                    }
                                    try {
                                        resource.close();
                                        return;
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                        return;
                                    }
                                }
                                return;
                            }
                        } catch (Throwable th3) {
                            th = th3;
                            throw th3;
                        }
                    } finally {
                    }
                }
                if (resource != null) {
                    if (0 != 0) {
                        try {
                            resource.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        resource.close();
                    }
                }
            } catch (IOException e) {
                throw new HttpAuthenticationException(e);
            }
        }
        URI requestURI = httpServerRequest.getRequestURI();
        StringBuilder sb = new StringBuilder();
        String scheme = requestURI.getScheme();
        sb.append(scheme);
        sb.append("://");
        sb.append(requestURI.getHost());
        int port = requestURI.getPort();
        if (appendPort(scheme, port)) {
            sb.append(':').append(port);
        }
        sb.append(this.contextPath);
        sb.append(str);
        sendRedirect(httpServerResponse, sb.toString());
    }

    private void sendRedirect(HttpServerResponse httpServerResponse, String str) {
        httpServerResponse.addResponseHeader("Location", str);
        httpServerResponse.setStatusCode(302);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public HttpScope getSessionScope(HttpServerRequest httpServerRequest, boolean z) {
        HttpScope scope = httpServerRequest.getScope(Scope.SESSION);
        if (scope != null && !scope.exists() && z) {
            scope.create();
        }
        return scope;
    }

    private static boolean appendPort(String str, int i) {
        return i > -1 && (("http".equalsIgnoreCase(str) && i != 80) || ("https".equalsIgnoreCase(str) && i != 443));
    }
}
