package com.worklight.core.auth.ext;

import com.ibm.json.java.JSONObject;
import com.worklight.common.util.FileTemplate;
import com.worklight.core.auth.impl.WLResponseWrapper;
import com.worklight.server.auth.api.AuthenticationResult;
import com.worklight.server.auth.api.BadConfigurationOptionException;
import com.worklight.server.auth.api.MissingConfigurationOptionException;
import com.worklight.server.auth.api.SavedRequest;
import com.worklight.server.auth.api.UserIdentity;
import com.worklight.server.auth.api.UsernamePasswordAuthenticator;
import com.worklight.server.bundle.api.WorklightBundles;
import java.io.IOException;
import java.io.InputStream;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.apache.log4j.spi.LocationInfo;

/* loaded from: input_file:lib/worklight-extension-api.jar:com/worklight/core/auth/ext/FormBasedAuthenticator.class */
public class FormBasedAuthenticator extends UsernamePasswordAuthenticator {
    public static final String LOGIN_HTML_TEMPLATE = "login.html.template";
    public static final String LOGIN_PAGE_PATH = "login-page";
    public static final String AUTH_REDIRECT_URL = "auth-redirect";
    private static final String ERROR_PLACEHOLDER = "${errorMessage}";
    private static final String J_SECURITY_CHECK = "j_security_check";
    private static final String J_USERNAME = "j_username";
    private static final String J_PASSWORD = "j_password";
    private String redirectUrl = null;
    InputStream customLoginPage = null;
    private Status status = Status.NOT_STARTED;
    private SavedRequest savedRequest;
    protected boolean isJSON;

    /* loaded from: input_file:lib/worklight-extension-api.jar:com/worklight/core/auth/ext/FormBasedAuthenticator$Status.class */
    private enum Status {
        NOT_STARTED,
        FORWARDED_TO_LOGIN,
        RESPONSE_RECEIVED
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public void init(Map<String, String> map) throws MissingConfigurationOptionException {
        this.redirectUrl = getOption(AUTH_REDIRECT_URL, map, false);
        String option = getOption("login-page", map, false);
        if (option != null && this.redirectUrl != null) {
            throw new BadConfigurationOptionException("login-page", " conflicts with property 'auth-redirect'. Remove one of them.");
        }
        if (option != null) {
            this.customLoginPage = WorklightBundles.getInstance().getProjectClassLoader().getResourceAsStream("conf/" + option);
            if (this.customLoginPage == null) {
                throw new BadConfigurationOptionException("login-page", " has a problem. " + option + " can't be found under server/conf/ directory.");
            }
        }
    }

    protected String getOption(String str, Map<String, String> map, boolean z) throws MissingConfigurationOptionException {
        String remove = map.remove(str);
        if (remove != null) {
            remove = remove.trim();
        }
        if (z && (remove == null || remove.isEmpty())) {
            throw new MissingConfigurationOptionException(str);
        }
        return remove;
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public AuthenticationResult processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServletException {
        switch (this.status) {
            case NOT_STARTED:
                this.isJSON = "XMLHttpRequest".equalsIgnoreCase(httpServletRequest.getHeader("x-requested-with"));
                if (!this.isJSON) {
                    this.savedRequest = new SavedRequest(httpServletRequest);
                }
                sendLoginPage(httpServletResponse, "");
                this.status = Status.FORWARDED_TO_LOGIN;
                return AuthenticationResult.CLIENT_INTERACTION_REQUIRED;
            case FORWARDED_TO_LOGIN:
                if (httpServletRequest.getRequestURI().indexOf(J_SECURITY_CHECK) == -1) {
                    return AuthenticationResult.REQUEST_NOT_RECOGNIZED;
                }
                this.status = Status.RESPONSE_RECEIVED;
                this.userName = httpServletRequest.getParameter(J_USERNAME);
                this.password = httpServletRequest.getParameter(J_PASSWORD);
                return AuthenticationResult.SUCCESS;
            default:
                throw new IllegalStateException("The form authenticator doesn't expect any requests in state " + this.status);
        }
    }

    private void sendLoginPage(HttpServletResponse httpServletResponse, String str) throws IOException {
        if (this.redirectUrl != null) {
            httpServletResponse.sendRedirect(this.redirectUrl);
        } else {
            httpServletResponse.setHeader("Expires", "-1");
            httpServletResponse.getWriter().print(FileTemplate.replaceToken(ERROR_PLACEHOLDER, str, IOUtils.toString(this.customLoginPage != null ? this.customLoginPage : getClass().getResourceAsStream(LOGIN_HTML_TEMPLATE))));
        }
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public AuthenticationResult processRequestAlreadyAuthenticated(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        return AuthenticationResult.REQUEST_NOT_RECOGNIZED;
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public AuthenticationResult processAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException, ServletException {
        httpServletResponse.setHeader("Expires", "-1");
        if (str == null) {
            str = "Wrong user name or password.";
        }
        sendLoginPage(httpServletResponse, str);
        this.status = Status.FORWARDED_TO_LOGIN;
        return AuthenticationResult.CLIENT_INTERACTION_REQUIRED;
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public HttpServletRequest getRequestToProceed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UserIdentity userIdentity) throws IOException {
        if (!this.isJSON) {
            StringBuffer requestURL = this.savedRequest.getRequestURL();
            String queryString = this.savedRequest.getQueryString();
            if (queryString != null) {
                requestURL.append(LocationInfo.NA).append(queryString);
            }
            httpServletResponse.setHeader("Expires", "-1");
            httpServletResponse.sendRedirect(requestURL.toString());
            return null;
        }
        httpServletResponse.setContentType("application/json; charset=UTF-8");
        httpServletResponse.setHeader("Cache-Control", "no-cache, must-revalidate");
        httpServletResponse.setDateHeader("Expires", 0L);
        httpServletResponse.setCharacterEncoding("UTF-8");
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("loginSuccess", true);
        ((WLResponseWrapper) httpServletResponse).setResponseJSON(jSONObject);
        return null;
    }
}
