package com.worklight.core.auth.ext;

import com.ibm.json.java.JSONObject;
import com.ibm.websphere.security.auth.WSSubject;
import com.worklight.core.auth.impl.WLResponseWrapper;
import com.worklight.server.auth.api.AuthenticationResult;
import com.worklight.server.auth.api.ForwardUtils;
import com.worklight.server.auth.api.MissingConfigurationOptionException;
import com.worklight.server.auth.api.SavedRequest;
import com.worklight.server.auth.api.UserIdentity;
import com.worklight.server.auth.api.UsernamePasswordAuthenticator;
import com.worklight.server.auth.api.WorkLightAuthenticator;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.net.URLEncoder;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.spi.LocationInfo;

/* loaded from: input_file:lib/worklight-extension-api.jar:com/worklight/core/auth/ext/LibertyFormBasedAuthenticator.class */
public class LibertyFormBasedAuthenticator extends UsernamePasswordAuthenticator {
    private static final String className = LibertyFormBasedAuthenticator.class.getName();
    private static final Logger logger = Logger.getLogger(className);
    public static final String LOGIN_PAGE = "login-page";
    public static final String ERROR_PAGE = "error-page";
    public static final String USE_REDIRECT = "use-redirect";
    private static final String J_SECURITY_CHECK = "j_security_check";
    private static final String J_USERNAME = "j_username";
    private static final String J_PASSWORD = "j_password";
    private String loginURL;
    private String errorURL;
    private boolean useRedirect;
    private Status status = Status.NOT_STARTED;
    private SavedRequest savedRequest;
    public static final String RESPONSE = "response";
    public static final String REQUEST = "request";
    private HttpServletResponse servletResponse;
    private HttpServletRequest servletRequest;
    protected boolean isJSON;

    /* loaded from: input_file:lib/worklight-extension-api.jar:com/worklight/core/auth/ext/LibertyFormBasedAuthenticator$Status.class */
    private enum Status {
        NOT_STARTED,
        FORWARDED_TO_LOGIN,
        RESPONSE_RECEIVED,
        ALREADY_AUTHENTICATED
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public void init(Map<String, String> map) throws MissingConfigurationOptionException {
        logger.entering(className, "init");
        this.loginURL = getOption("login-page", map, true);
        this.errorURL = getOption("error-page", map, false);
        if (this.errorURL == null) {
            this.errorURL = this.loginURL;
        }
        String option = getOption(WorkLightAuthenticator.DEFAULT_USER_NAME_OPTION, map, false);
        if (option != null) {
            this.loginURL += "?username=" + option;
        }
        this.useRedirect = getOption("use-redirect", map, false) != null;
        logger.exiting(className, "init");
    }

    @Override // com.worklight.server.auth.api.UsernamePasswordAuthenticator, com.worklight.server.auth.api.WorkLightAuthenticator
    public Map<String, Object> getAuthenticationData() {
        Map<String, Object> authenticationData = super.getAuthenticationData();
        authenticationData.put("response", this.servletResponse);
        authenticationData.put("request", this.servletRequest);
        return authenticationData;
    }

    protected String getOption(String str, Map<String, String> map, boolean z) throws MissingConfigurationOptionException {
        logger.entering(className, "getOption");
        String remove = map.remove(str);
        if (remove != null) {
            remove = remove.trim();
        }
        if (z && (remove == null || remove.isEmpty())) {
            logger.exiting(className, "getOption");
            throw new MissingConfigurationOptionException(str);
        }
        logger.exiting(className, "getOption");
        return remove;
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public AuthenticationResult processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServletException {
        logger.entering(className, "processRequest");
        if (WSSubject.getCallerPrincipal() != null) {
            this.status = Status.ALREADY_AUTHENTICATED;
            logger.fine("User is authenticated through global security");
        }
        switch (this.status) {
            case NOT_STARTED:
                logger.fine("Processing not started");
                this.isJSON = "XMLHttpRequest".equalsIgnoreCase(httpServletRequest.getHeader("x-requested-with"));
                if (!this.isJSON) {
                    this.savedRequest = new SavedRequest(httpServletRequest);
                }
                if (this.useRedirect) {
                    httpServletResponse.sendRedirect(this.loginURL);
                } else {
                    httpServletResponse.setHeader("Expires", "-1");
                    ForwardUtils.forwardToUrl(this.loginURL, httpServletRequest, httpServletResponse);
                }
                this.status = Status.FORWARDED_TO_LOGIN;
                logger.exiting(className, "processRequest");
                return AuthenticationResult.CLIENT_INTERACTION_REQUIRED;
            case FORWARDED_TO_LOGIN:
                logger.fine("Processing forwarded to login");
                if (httpServletRequest.getRequestURI().indexOf(J_SECURITY_CHECK) == -1) {
                    logger.log(Level.INFO, "Not recognized");
                    logger.fine("Processing request not recognized");
                    logger.exiting(className, "processRequest");
                    return AuthenticationResult.REQUEST_NOT_RECOGNIZED;
                }
                logger.fine("Processing extracting for security check");
                this.status = Status.RESPONSE_RECEIVED;
                this.userName = httpServletRequest.getParameter(J_USERNAME);
                this.password = httpServletRequest.getParameter(J_PASSWORD);
                this.servletResponse = httpServletResponse;
                this.servletRequest = httpServletRequest;
                logger.exiting(className, "processRequest");
                return AuthenticationResult.SUCCESS;
            case ALREADY_AUTHENTICATED:
                this.servletResponse = httpServletResponse;
                this.servletRequest = httpServletRequest;
                this.userName = WSSubject.getCallerPrincipal();
                return AuthenticationResult.SUCCESS;
            default:
                logger.exiting(className, "processRequest");
                throw new IllegalStateException("The form authenticator doesn't expect any requests in state " + this.status);
        }
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public AuthenticationResult processRequestAlreadyAuthenticated(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        logger.entering(className, "processRequestAlreadyAuthenticated");
        logger.exiting(className, "processRequestAlreadyAuthenticated");
        return AuthenticationResult.REQUEST_NOT_RECOGNIZED;
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public AuthenticationResult processAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException, ServletException {
        logger.entering(className, "processAuthenticationFailure");
        httpServletResponse.setHeader("Expires", "-1");
        String str2 = (this.errorURL.indexOf(LocationInfo.NA) == -1 ? LocationInfo.NA : "&") + "errorMessage=" + (str == null ? "Wrong user name or password." : URLEncoder.encode(str, "UTF-8"));
        if (this.useRedirect) {
            httpServletResponse.sendRedirect(this.errorURL + str2);
        } else {
            ForwardUtils.forwardToUrl(this.errorURL + str2, httpServletRequest, httpServletResponse);
        }
        this.status = Status.FORWARDED_TO_LOGIN;
        logger.exiting(className, "processAuthenticationFailure");
        return AuthenticationResult.CLIENT_INTERACTION_REQUIRED;
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public HttpServletRequest getRequestToProceed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UserIdentity userIdentity) throws IOException {
        logger.log(Level.INFO, "Request to proceed");
        logger.entering(className, "getRequestToProceed");
        if (this.isJSON) {
            httpServletResponse.setContentType("application/json; charset=UTF-8");
            httpServletResponse.setHeader("Cache-Control", "no-cache, must-revalidate");
            httpServletResponse.setHeader("Expires", "Sat, 26 Jul 1997 05:00:00 GMT");
            new PrintWriter(new OutputStreamWriter(httpServletResponse.getOutputStream(), "UTF-8"));
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("loginSuccess", true);
            ((WLResponseWrapper) httpServletResponse).setResponseJSON(jSONObject);
        } else {
            StringBuffer requestURL = this.savedRequest.getRequestURL();
            String queryString = this.savedRequest.getQueryString();
            if (queryString != null) {
                requestURL.append(LocationInfo.NA).append(queryString);
            }
            httpServletResponse.setHeader("Expires", "-1");
            httpServletResponse.sendRedirect(requestURL.toString());
        }
        logger.exiting(className, "getRequestToProceed");
        return null;
    }
}
