package org.ovirt.engine.core.sso.servlets;

import java.io.IOException;
import java.util.Locale;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.ovirt.engine.core.sso.utils.AuthenticationException;
import org.ovirt.engine.core.sso.utils.AuthenticationUtils;
import org.ovirt.engine.core.sso.utils.Credentials;
import org.ovirt.engine.core.sso.utils.SsoConstants;
import org.ovirt.engine.core.sso.utils.SsoContext;
import org.ovirt.engine.core.sso.utils.SsoUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ovirt/engine/core/sso/servlets/InteractiveChangePasswdServlet.class */
public class InteractiveChangePasswdServlet extends HttpServlet {
    private static final long serialVersionUID = -88168919566901736L;
    private static final String USERNAME = "username";
    private static final String CREDENTIALS = "credentials";
    private static final String CREDENTIALS_NEW1 = "credentialsNew1";
    private static final String CREDENTIALS_NEW2 = "credentialsNew2";
    private static final String PROFILE = "profile";
    private static Logger log = LoggerFactory.getLogger(InteractiveChangePasswdServlet.class);
    private SsoContext ssoContext;

    public void init(ServletConfig servletConfig) throws ServletException {
        this.ssoContext = SsoUtils.getSsoContext(servletConfig.getServletContext());
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String str;
        Credentials userCredentials;
        log.debug("Entered InteractiveChangePasswdServlet");
        Credentials credentials = null;
        try {
            log.debug("User is not authenticated extracting credentials from request.");
            userCredentials = getUserCredentials(httpServletRequest);
        } catch (Exception e) {
            String localize = this.ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_CHANGE_PASSWORD_FAILED, (Locale) httpServletRequest.getAttribute(SsoConstants.LOCALE));
            Object[] objArr = new Object[2];
            objArr[0] = 0 == 0 ? "" : credentials.getUsernameWithProfile();
            objArr[1] = e.getMessage();
            String format = String.format(localize, objArr);
            log.error(format);
            log.debug("Exception", e);
            SsoUtils.getSsoSession(httpServletRequest).setChangePasswdMessage(format);
            str = httpServletRequest.getContextPath() + SsoConstants.INTERACTIVE_CHANGE_PASSWD_FORM_URI;
        }
        if (userCredentials == null) {
            throw new AuthenticationException(this.ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_UNABLE_TO_EXTRACT_CREDENTIALS, (Locale) httpServletRequest.getAttribute(SsoConstants.LOCALE)));
        }
        if (!userCredentials.getNewCredentials().equals(userCredentials.getConfirmedNewCredentials())) {
            throw new AuthenticationException(this.ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_PASSWORDS_DONT_MATCH, (Locale) httpServletRequest.getAttribute(SsoConstants.LOCALE)));
        }
        str = changeUserPasswd(httpServletRequest, userCredentials);
        log.debug("Redirecting to url: {}", str);
        httpServletResponse.sendRedirect(str);
    }

    private String changeUserPasswd(HttpServletRequest httpServletRequest, Credentials credentials) throws AuthenticationException {
        log.debug("Calling Authn to change password for user '{}'.", credentials.getUsernameWithProfile());
        AuthenticationUtils.changePassword(this.ssoContext, httpServletRequest, credentials);
        SsoUtils.getSsoSession(httpServletRequest).setChangePasswdCredentials(null);
        if (SsoUtils.isUserAuthenticated(httpServletRequest)) {
            log.debug("User is authenticated updating password in SsoSession for password-access scope.");
            SsoUtils.persistUserPassword(httpServletRequest, SsoUtils.getSsoSession(httpServletRequest), credentials.getNewCredentials());
        } else {
            log.debug("User password change succeeded, redirecting to login page.");
            SsoUtils.getSsoSession(httpServletRequest).setLoginMessage(this.ssoContext.getLocalizationUtils().localize(SsoConstants.APP_MSG_CHANGE_PASSWORD_SUCCEEDED, (Locale) httpServletRequest.getAttribute(SsoConstants.LOCALE)));
        }
        return httpServletRequest.getContextPath() + SsoConstants.INTERACTIVE_LOGIN_URI;
    }

    private Credentials getUserCredentials(HttpServletRequest httpServletRequest) throws AuthenticationException {
        try {
            String formParameter = SsoUtils.getFormParameter(httpServletRequest, USERNAME);
            String formParameter2 = SsoUtils.getFormParameter(httpServletRequest, CREDENTIALS);
            String formParameter3 = SsoUtils.getFormParameter(httpServletRequest, CREDENTIALS_NEW1);
            String formParameter4 = SsoUtils.getFormParameter(httpServletRequest, CREDENTIALS_NEW2);
            String formParameter5 = SsoUtils.getFormParameter(httpServletRequest, PROFILE);
            if (StringUtils.isNotEmpty(formParameter) && StringUtils.isNotEmpty(formParameter2) && StringUtils.isNotEmpty(formParameter3) && StringUtils.isNotEmpty(formParameter4) && StringUtils.isNotEmpty(formParameter5)) {
                return new Credentials(formParameter, formParameter2, formParameter3, formParameter4, formParameter5);
            }
            return null;
        } catch (Exception e) {
            throw new AuthenticationException(this.ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_UNABLE_TO_EXTRACT_CREDENTIALS, (Locale) httpServletRequest.getAttribute(SsoConstants.LOCALE)), e);
        }
    }
}
