package com.ibm.ws.webcontainer.security.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.kernel.provisioning.ExtensionConstants;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.webcontainer.security.AuthResult;
import com.ibm.ws.webcontainer.security.AuthenticationResult;
import com.ibm.ws.webcontainer.security.PostParameterHelper;
import com.ibm.ws.webcontainer.security.ReferrerURLCookieHandler;
import com.ibm.ws.webcontainer.security.WebAppSecurityConfig;
import com.ibm.ws.webcontainer.security.WebAuthenticator;
import com.ibm.ws.webcontainer.security.WebProviderAuthenticatorProxy;
import com.ibm.ws.webcontainer.security.WebRequest;
import com.ibm.ws.webcontainer.security.metadata.FormLoginConfiguration;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:lib/com.ibm.ws.webcontainer.security_1.0.11.cl50820160904-1913.jar:com/ibm/ws/webcontainer/security/internal/FormLoginAuthenticator.class */
public class FormLoginAuthenticator implements WebAuthenticator {
    private static final TraceComponent tc = Tr.register(FormLoginAuthenticator.class);
    static final String REFERRER_URL_OIDC_COOKIENAME = "WASReqURLOidc";
    private final WebAuthenticator ssoAuthenticator;
    private final WebAppSecurityConfig webAppSecurityConfig;
    private final PostParameterHelper postParameterHelper;
    private final WebProviderAuthenticatorProxy providerAuthenticatorProxy;
    static final long serialVersionUID = 8347578361567425150L;

    public FormLoginAuthenticator(WebAuthenticator webAuthenticator, WebAppSecurityConfig webAppSecurityConfig, WebProviderAuthenticatorProxy webProviderAuthenticatorProxy) {
        this.webAppSecurityConfig = webAppSecurityConfig;
        this.ssoAuthenticator = webAuthenticator;
        this.providerAuthenticatorProxy = webProviderAuthenticatorProxy;
        this.postParameterHelper = new PostParameterHelper(webAppSecurityConfig);
    }

    @Override // com.ibm.ws.webcontainer.security.WebAuthenticator
    public AuthenticationResult authenticate(WebRequest webRequest) {
        return authenticate(webRequest, this.webAppSecurityConfig);
    }

    public AuthenticationResult authenticate(WebRequest webRequest, WebAppSecurityConfig webAppSecurityConfig) {
        return handleFormLogin(webRequest.getHttpServletRequest(), webRequest.getHttpServletResponse(), webRequest);
    }

    private AuthenticationResult handleFormLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, WebRequest webRequest) {
        AuthenticationResult authenticate = this.ssoAuthenticator.authenticate(webRequest);
        if (authenticate != null && authenticate.getStatus() != AuthResult.FAILURE) {
            this.postParameterHelper.restore(httpServletRequest, httpServletResponse);
            return authenticate;
        }
        try {
            AuthenticationResult authenticate2 = this.providerAuthenticatorProxy.authenticate(httpServletRequest, httpServletResponse, null);
            if (authenticate2.getStatus() == AuthResult.CONTINUE) {
                authenticate2 = null;
                if (webRequest.isFormLoginRedirectEnabled()) {
                    authenticate2 = handleRedirect(httpServletRequest, httpServletResponse, webRequest);
                }
            }
            return authenticate2;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.internal.FormLoginAuthenticator", "95", this, new Object[]{httpServletRequest, httpServletResponse, webRequest});
            return new AuthenticationResult(AuthResult.FAILURE, e.getLocalizedMessage());
        }
    }

    private AuthenticationResult handleRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, WebRequest webRequest) {
        String formLoginURL = getFormLoginURL(httpServletRequest, webRequest, this.webAppSecurityConfig);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "form login URL: " + formLoginURL, new Object[0]);
        }
        AuthenticationResult authenticationResult = new AuthenticationResult(AuthResult.REDIRECT, formLoginURL);
        if (allowToAddCookieToResponse(this.webAppSecurityConfig, httpServletRequest)) {
            this.postParameterHelper.save(httpServletRequest, httpServletResponse, authenticationResult);
            authenticationResult.setCookie(new ReferrerURLCookieHandler(this.webAppSecurityConfig).createReferrerURLCookie(ReferrerURLCookieHandler.REFERRER_URL_COOKIENAME, getReqURL(httpServletRequest), httpServletRequest));
        }
        return authenticationResult;
    }

    @Sensitive
    private String getReqURL(HttpServletRequest httpServletRequest) {
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        if (httpServletRequest.getQueryString() != null) {
            requestURL.append("?");
            requestURL.append(httpServletRequest.getQueryString());
        }
        return requestURL.toString();
    }

    private String normalizeURL(String str, String str2) {
        if (!str.startsWith("/")) {
            str = "/" + str;
        }
        if (str2 == null) {
            return str;
        }
        if (str2.equals("/")) {
            str2 = ExtensionConstants.CORE_EXTENSION;
        }
        return str2 + str;
    }

    private String getFormLoginURL(HttpServletRequest httpServletRequest, WebRequest webRequest, WebAppSecurityConfig webAppSecurityConfig) {
        FormLoginConfiguration formLoginConfiguration = webRequest.getFormLoginConfiguration();
        String str = null;
        String str2 = null;
        if (formLoginConfiguration != null) {
            str = formLoginConfiguration.getLoginPage();
            if (str != null) {
                str2 = httpServletRequest.getContextPath();
            } else {
                str = webAppSecurityConfig.getLoginFormURL();
            }
        }
        return buildFormLoginURL(httpServletRequest, str, str2);
    }

    private String buildFormLoginURL(HttpServletRequest httpServletRequest, String str, String str2) {
        if (str == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder(httpServletRequest.getRequestURL());
        sb.replace(sb.indexOf("/", sb.indexOf("//") + 2), sb.length(), normalizeURL(str, str2));
        return sb.toString();
    }

    private boolean allowToAddCookieToResponse(WebAppSecurityConfig webAppSecurityConfig, HttpServletRequest httpServletRequest) {
        boolean isSecure = httpServletRequest.isSecure();
        if (!webAppSecurityConfig.getSSORequiresSSL() || isSecure) {
            return true;
        }
        if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
            return false;
        }
        Tr.debug(tc, "SSO requires SSL. The cookie will not be sent back because the request is not over https.", new Object[0]);
        return false;
    }

    @Override // com.ibm.ws.webcontainer.security.WebAuthenticator
    public AuthenticationResult authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HashMap hashMap) throws Exception {
        return null;
    }
}
