package com.worklight.core.auth.ext;

import com.ibm.websphere.security.auth.WSSubject;
import com.worklight.common.log.WorklightLogger;
import com.worklight.common.log.WorklightServerLogger;
import com.worklight.server.auth.api.AuthenticationResult;
import com.worklight.server.auth.api.AuthenticationStatus;
import com.worklight.server.auth.api.ForwardUtils;
import com.worklight.server.auth.api.MissingConfigurationOptionException;
import com.worklight.server.auth.api.UserIdentity;
import com.worklight.server.auth.api.UsernamePasswordAuthenticator;
import com.worklight.server.auth.api.WorkLightAuthenticator;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:lib/worklight-extension-api.jar:com/worklight/core/auth/ext/WebSphereFormBasedAuthenticator.class */
public class WebSphereFormBasedAuthenticator extends UsernamePasswordAuthenticator {
    private static final WorklightServerLogger logger = new WorklightServerLogger(WebSphereFormBasedAuthenticator.class, WorklightLogger.MessagesBundles.CORE);
    public static final String LOGIN_PAGE = "login-page";
    public static final String ERROR_PAGE = "error-page";
    public static final String USE_REDIRECT = "use-redirect";
    public static final String COOKIE_NAME = "cookie-name";
    public static final String COOKIE_DOMAIN = "cookie-domain";
    public static final String HTTPONLY_COOKIE = "httponly-cookie";
    private static final String J_SECURITY_CHECK = "j_security_check";
    private static final String J_USERNAME = "j_username";
    private static final String J_PASSWORD = "j_password";
    private String loginURL;
    private String errorURL;
    private boolean useRedirect;
    private String cookieName;
    private String cookieDomain;
    private String httpOnlyCookie;
    private Status status = Status.NOT_STARTED;
    public static final String RESPONSE = "response";
    public static final String REQUEST = "request";
    private HttpServletResponse servletResponse;
    private HttpServletRequest servletRequest;

    /* loaded from: input_file:lib/worklight-extension-api.jar:com/worklight/core/auth/ext/WebSphereFormBasedAuthenticator$Status.class */
    private enum Status {
        NOT_STARTED,
        FORWARDED_TO_LOGIN,
        RESPONSE_RECEIVED,
        ALREADY_AUTHENTICATED
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public void init(Map<String, String> map) throws MissingConfigurationOptionException {
        logger.entering("init");
        this.loginURL = getOption("login-page", map, true);
        this.errorURL = getOption("error-page", map, false);
        if (this.errorURL == null) {
            this.errorURL = this.loginURL;
        }
        String option = getOption(WorkLightAuthenticator.DEFAULT_USER_NAME_OPTION, map, false);
        if (option != null) {
            this.loginURL += "?username=" + option;
        }
        this.useRedirect = getOption("use-redirect", map, false) != null;
        this.cookieName = getOption("cookie-name", map, false);
        this.cookieDomain = getOption(COOKIE_DOMAIN, map, false);
        this.httpOnlyCookie = getOption(HTTPONLY_COOKIE, map, false);
        logger.exiting("init");
    }

    @Override // com.worklight.server.auth.api.UsernamePasswordAuthenticator, com.worklight.server.auth.api.WorkLightAuthenticator
    public Map<String, Object> getAuthenticationData() {
        Map<String, Object> authenticationData = super.getAuthenticationData();
        authenticationData.put("response", this.servletResponse);
        authenticationData.put("request", this.servletRequest);
        authenticationData.put("cookie-name", this.cookieName);
        authenticationData.put(COOKIE_DOMAIN, this.cookieDomain);
        authenticationData.put(HTTPONLY_COOKIE, this.httpOnlyCookie);
        return authenticationData;
    }

    protected String getOption(String str, Map<String, String> map, boolean z) throws MissingConfigurationOptionException {
        logger.entering("getOption");
        String remove = map.remove(str);
        if (remove != null) {
            remove = remove.trim();
        }
        if (z && (remove == null || remove.isEmpty())) {
            logger.exiting("getOption");
            throw new MissingConfigurationOptionException(str);
        }
        logger.exiting("getOption");
        return remove;
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public AuthenticationResult processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServletException {
        logger.entering("processRequest");
        if (WSSubject.getCallerPrincipal() != null) {
            this.status = Status.ALREADY_AUTHENTICATED;
            logger.debug("processRequest", "User is authenticated through global security");
        }
        switch (this.status) {
            case NOT_STARTED:
                logger.debug("processRequest", "Processing not started");
                if (this.useRedirect) {
                    httpServletResponse.sendRedirect(this.loginURL);
                } else {
                    httpServletResponse.setHeader("Expires", "-1");
                    ForwardUtils.forwardToUrl(this.loginURL, httpServletRequest, httpServletResponse);
                }
                this.status = Status.FORWARDED_TO_LOGIN;
                logger.exiting("processRequest");
                return AuthenticationResult.createFrom(AuthenticationStatus.CLIENT_INTERACTION_REQUIRED);
            case FORWARDED_TO_LOGIN:
                logger.debug("processRequest", "Processing forwarded to login");
                if (httpServletRequest.getRequestURI().indexOf(J_SECURITY_CHECK) == -1) {
                    logger.info("processRequest", "logger.notRecognized", new Object[0]);
                    logger.debug("processRequest", "Processing request not recognized");
                    logger.exiting("processRequest");
                    return AuthenticationResult.createFrom(AuthenticationStatus.REQUEST_NOT_RECOGNIZED);
                }
                logger.debug("processRequest", "Processing extracting for security check");
                this.status = Status.RESPONSE_RECEIVED;
                this.userName = httpServletRequest.getParameter(J_USERNAME);
                this.password = httpServletRequest.getParameter(J_PASSWORD);
                this.servletResponse = httpServletResponse;
                this.servletRequest = httpServletRequest;
                logger.exiting("processRequest");
                return AuthenticationResult.createFrom(AuthenticationStatus.SUCCESS);
            case ALREADY_AUTHENTICATED:
                this.servletResponse = httpServletResponse;
                this.servletRequest = httpServletRequest;
                this.userName = WSSubject.getCallerPrincipal();
                return AuthenticationResult.createFrom(AuthenticationStatus.SUCCESS);
            default:
                logger.exiting("processRequest");
                throw new IllegalStateException("The form authenticator doesn't expect any requests in state " + this.status);
        }
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public AuthenticationResult processRequestAlreadyAuthenticated(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        logger.entering("processRequestAlreadyAuthenticated");
        logger.exiting("processRequestAlreadyAuthenticated");
        return AuthenticationResult.createFrom(AuthenticationStatus.REQUEST_NOT_RECOGNIZED);
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public AuthenticationResult processAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException, ServletException {
        logger.entering("processAuthenticationFailure");
        httpServletResponse.setHeader("Expires", "-1");
        String str2 = (this.errorURL.indexOf("?") == -1 ? "?" : "&") + "errorMessage=" + (str == null ? "Wrong user name or password." : URLEncoder.encode(str, "UTF-8"));
        if (this.useRedirect) {
            httpServletResponse.sendRedirect(this.errorURL + str2);
        } else {
            ForwardUtils.forwardToUrl(this.errorURL + str2, httpServletRequest, httpServletResponse);
        }
        this.status = Status.FORWARDED_TO_LOGIN;
        logger.exiting("processAuthenticationFailure");
        return AuthenticationResult.createFrom(AuthenticationStatus.CLIENT_INTERACTION_REQUIRED);
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public HttpServletRequest getRequestToProceed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UserIdentity userIdentity) throws IOException {
        return null;
    }

    @Override // com.worklight.server.auth.api.WorkLightAuthenticator
    public boolean changeResponseOnSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        return false;
    }
}
