package org.ovirt.engine.core.sso.servlets;

import java.io.IOException;
import java.util.Arrays;
import java.util.Locale;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.ovirt.engine.core.sso.utils.AuthenticationException;
import org.ovirt.engine.core.sso.utils.AuthenticationUtils;
import org.ovirt.engine.core.sso.utils.Credentials;
import org.ovirt.engine.core.sso.utils.SsoConstants;
import org.ovirt.engine.core.sso.utils.SsoContext;
import org.ovirt.engine.core.sso.utils.SsoSession;
import org.ovirt.engine.core.sso.utils.SsoUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ovirt/engine/core/sso/servlets/InteractiveAuthServlet.class */
public class InteractiveAuthServlet extends HttpServlet {
    private static final long serialVersionUID = -88168919566901736L;
    private static final String USERNAME = "username";
    private static final String PASSWORD = "password";
    private static final String PROFILE = "profile";
    private static Logger log = LoggerFactory.getLogger(InteractiveAuthServlet.class);
    private SsoContext ssoContext;

    public void init(ServletConfig servletConfig) throws ServletException {
        this.ssoContext = SsoUtils.getSsoContext(servletConfig.getServletContext());
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String str;
        log.debug("Entered InteractiveAuthServlet");
        try {
            SsoSession ssoSession = SsoUtils.getSsoSession(httpServletRequest);
            this.ssoContext.removeSsoSessionById(ssoSession);
            if (StringUtils.isEmpty(ssoSession.getClientId())) {
                str = this.ssoContext.getEngineUrl();
            } else {
                Credentials userCredentials = getUserCredentials(httpServletRequest);
                try {
                    if (SsoUtils.isUserAuthenticated(httpServletRequest)) {
                        log.debug("User is authenticated redirecting to {}", SsoConstants.INTERACTIVE_REDIRECT_TO_MODULE_URI);
                        str = httpServletRequest.getContextPath() + SsoConstants.INTERACTIVE_REDIRECT_TO_MODULE_URI;
                    } else {
                        str = authenticateUser(httpServletRequest, httpServletResponse, userCredentials);
                    }
                } catch (AuthenticationException e) {
                    if (userCredentials != null) {
                        log.error("Cannot authenticate user '{}@{}' connecting from '{}': {}", new Object[]{userCredentials.getUsername(), userCredentials.getProfile() == null ? "N/A" : userCredentials.getProfile(), ssoSession.getSourceAddr(), e.getMessage()});
                        log.debug("Exception", e);
                        SsoUtils.getSsoSession(httpServletRequest).setLoginMessage(e.getMessage());
                    }
                    log.debug("Redirecting to LoginPage");
                    ssoSession.setReauthenticate(false);
                    this.ssoContext.registerSsoSessionById(SsoUtils.generateIdToken(), ssoSession);
                    if (StringUtils.isNotEmpty(this.ssoContext.getSsoDefaultProfile()) && Arrays.stream(httpServletRequest.getCookies()).noneMatch(cookie -> {
                        return cookie.getName().equals(PROFILE);
                    })) {
                        Cookie cookie2 = new Cookie(PROFILE, this.ssoContext.getSsoDefaultProfile());
                        cookie2.setSecure("https".equalsIgnoreCase(httpServletRequest.getScheme()));
                        httpServletResponse.addCookie(cookie2);
                    }
                    str = httpServletRequest.getContextPath() + SsoConstants.INTERACTIVE_LOGIN_FORM_URI;
                }
            }
            if (str != null) {
                httpServletResponse.sendRedirect(str);
            }
        } catch (Exception e2) {
            SsoUtils.redirectToErrorPage(httpServletRequest, httpServletResponse, e2);
        }
    }

    private String authenticateUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Credentials credentials) throws ServletException, IOException, AuthenticationException {
        if (credentials == null || !SsoUtils.areCredentialsValid(httpServletRequest, credentials, true)) {
            throw new AuthenticationException(this.ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_INVALID_CREDENTIALS, (Locale) httpServletRequest.getAttribute(SsoConstants.LOCALE)));
        }
        try {
            log.debug("Authenticating user using credentials");
            Cookie cookie = new Cookie(PROFILE, credentials.getProfile());
            cookie.setSecure("https".equalsIgnoreCase(httpServletRequest.getScheme()));
            httpServletResponse.addCookie(cookie);
            AuthenticationUtils.handleCredentials(this.ssoContext, httpServletRequest, credentials);
            return httpServletRequest.getContextPath() + SsoConstants.INTERACTIVE_REDIRECT_TO_MODULE_URI;
        } catch (AuthenticationException e) {
            throw e;
        } catch (Exception e2) {
            log.error("Internal Server Error: {}", e2.getMessage());
            log.debug("Exception", e2);
            throw new RuntimeException(e2.getMessage(), e2);
        }
    }

    private Credentials getUserCredentials(HttpServletRequest httpServletRequest) throws Exception {
        String formParameter = SsoUtils.getFormParameter(httpServletRequest, USERNAME);
        String formParameter2 = SsoUtils.getFormParameter(httpServletRequest, PASSWORD);
        String formParameter3 = SsoUtils.getFormParameter(httpServletRequest, PROFILE);
        return (formParameter == null || formParameter2 == null || formParameter3 == null) ? SsoUtils.getSsoSession(httpServletRequest).getTempCredentials() : new Credentials(formParameter, formParameter2, formParameter3, this.ssoContext.getSsoProfiles().contains(formParameter3));
    }
}
