package com.ibm.ws.security.web;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ras.RASFormatter;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.audit.AuditHandlerImpl;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.SecurityConfig;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.webcontainer.session.IHttpSession;
import com.ibm.wsspi.security.audit.AuditOutcome;
import com.ibm.wsspi.security.audit.AuditService;
import com.ibm.wsspi.security.audit.J2EEAuditEventFactory;
import com.ibm.wsspi.security.auth.callback.Constants;
import com.ibm.wsspi.webcontainer.extension.WebExtensionProcessor;
import com.ibm.wsspi.webcontainer.servlet.IServletContext;
import java.io.IOException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.ListIterator;
import javax.security.auth.Subject;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpUtils;

/* loaded from: input_file:lib/securityimpl.jar:com/ibm/ws/security/web/FormLoginExtensionProcessor.class */
public class FormLoginExtensionProcessor extends WebExtensionProcessor {
    private String loginPage;
    private String loginErrorPage;
    private static TraceComponent tc;
    private WebAttributes webAttrs;
    private static AuditHandlerImpl auditHandler;
    private static J2EEAuditEventFactory auditFactory;
    private static final String providerName = "WebSphere";
    private static final boolean providerSuccess = true;
    private static AuditService auditService;
    static Class class$com$ibm$ws$security$web$FormLoginExtensionProcessor;

    public FormLoginExtensionProcessor(IServletContext iServletContext) throws Exception {
        super(iServletContext);
        this.loginPage = null;
        this.loginErrorPage = null;
        this.webAttrs = null;
        try {
            SecurityMetaData securityMetaData = (SecurityMetaData) iServletContext.getWebAppConfig().getMetaData().getSecurityMetaData();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Create WebAttributes for this webApp.");
            }
            if (securityMetaData != null) {
                this.webAttrs = securityMetaData.getWebAttributes();
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "In FormLoginExtensionProcessor(), security MetaData is null.");
            }
            this.loginPage = this.webAttrs.getLoginURL();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("login page is: ").append(this.loginPage).toString());
            }
            this.loginErrorPage = this.webAttrs.getReloginURL();
            if (this.loginErrorPage != null && !this.loginErrorPage.startsWith("/")) {
                this.loginErrorPage = new StringBuffer().append("/").append(this.loginErrorPage).toString();
            }
            if (auditService == null) {
                auditService = ContextManagerFactory.getInstance().getAuditService();
                if (auditService != null) {
                    auditHandler = (AuditHandlerImpl) auditService.newAuditHandler("WAS.security", "WAS.security");
                    auditFactory = (J2EEAuditEventFactory) auditHandler.getAuditEventFactory(CommonConstants.AUDIT_J2EE_FACTORY_NAME);
                    if (auditFactory != null && !Class.forName("com.ibm.wsspi.security.audit.J2EEAuditEventFactory").isInstance(auditFactory)) {
                        auditFactory = null;
                    }
                }
            }
            if (auditService == null && tc.isDebugEnabled()) {
                Tr.debug(tc, "AuditService was not initialized");
            }
            if (auditHandler == null && tc.isDebugEnabled()) {
                Tr.debug(tc, "AuditHandler was not initialized");
            }
            if (auditFactory == null && tc.isDebugEnabled()) {
                Tr.debug(tc, "J2EEAuditEventFactory was not initialized");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("login error page is: ").append(this.loginErrorPage).toString());
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.web.FormLoginServlet.init", "124", this);
            Tr.error(tc, "security.web.form.noWebAppInfo", new Object[]{e});
        }
    }

    public void handleRequest(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if ((servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse)) {
            formLogin((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse);
        }
    }

    private void formLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String str;
        WSCredential wSCredential = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("formLogin, WebAttributes: \n").append(this.webAttrs.toString()).toString());
        }
        String str2 = null;
        if (this.loginErrorPage != null) {
            StringBuffer requestURL = HttpUtils.getRequestURL(httpServletRequest);
            String stringBuffer = requestURL.toString();
            String contextPath = httpServletRequest.getContextPath();
            if (contextPath.equals("/")) {
                contextPath = "";
            }
            requestURL.replace(stringBuffer.indexOf("/", stringBuffer.indexOf("//") + 2), stringBuffer.length(), new StringBuffer().append(contextPath).append(this.loginErrorPage).toString());
            str2 = requestURL.toString();
        }
        String str3 = (String) SecurityConfig.getConfig().getValue("security.activeAuthMechanism");
        String str4 = (String) SecurityConfig.getConfig().getValue("com.ibm.ws.security.webInboundLoginConfig");
        Boolean bool = (Boolean) SecurityConfig.getConfig().getValue("security.authMechForwardCred");
        if (auditHandler != null) {
            auditHandler.setAppName(this.webAttrs.getWebAppName());
        }
        if (bool.booleanValue() && !((Boolean) SecurityConfig.getConfig().getValue("security.ltpa.sso.enabled")).booleanValue()) {
            Tr.error(tc, "security.formlogin.badconfig", new Object[]{this.webAttrs.getWebAppName()});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Configuration error.  SSO Not enabled when using FormLogin. Redirecting to error page: ").append(str2).toString());
            }
            httpServletResponse.setStatus(401);
            httpServletResponse.sendRedirect(httpServletResponse.encodeURL(str2));
            if (auditFactory == null || httpServletRequest == null || !auditFactory.isActive(0, 5)) {
                return;
            }
            auditFactory.sendAuthnAuditEvent(auditHandler, AuditOutcome.REDIRECT, AuditOutcome.INVALID_CONFIG, httpServletRequest.getSession().getId(), null, this.loginPage, "WEB", httpServletRequest.getMethod(), ContextManagerFactory.getInstance().getDefaultRealm(), str3, "FORM", null, providerName, true, null, httpServletRequest.getRemoteAddr(), httpServletRequest.getRemoteHost(), httpServletRequest.getRemotePort(), "security.formlogin.badconfig.audit", new Object[]{this.webAttrs.getWebAppName()});
            return;
        }
        String parameter = httpServletRequest.getParameter("j_username");
        String parameter2 = httpServletRequest.getParameter("j_password");
        if (parameter == null || parameter2 == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "username and/or password are not present");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Redirecting to error page: ").append(str2).toString());
            }
            httpServletResponse.setStatus(401);
            httpServletResponse.sendRedirect(httpServletResponse.encodeURL(str2));
            if (auditFactory == null || httpServletRequest == null || !auditFactory.isActive(0, 5)) {
                return;
            }
            auditFactory.sendAuthnAuditEvent(auditHandler, AuditOutcome.REDIRECT, AuditOutcome.MISSING_UIDPSWD, httpServletRequest.getSession().getId(), null, this.loginPage, "WEB", httpServletRequest.getMethod(), ContextManagerFactory.getInstance().getDefaultRealm(), str3, "FORM", parameter, providerName, true, null, httpServletRequest.getRemoteAddr(), httpServletRequest.getRemoteHost(), httpServletRequest.getRemotePort(), "security.audit.form.login.failed.audit", new Object[]{str2});
            return;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Form based login: userid/password present in the form. User is: ").append(parameter).toString());
        }
        HashMap hashMap = new HashMap(2);
        try {
            hashMap.put(Constants.WEB_APP_NAME, this.webAttrs.getWebAppName());
            hashMap.put(Constants.REDIRECT_URL, str2);
            PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction(this, ContextManagerFactory.getInstance().getDefaultRealm(), parameter, parameter2, str4, httpServletRequest, httpServletResponse, hashMap) { // from class: com.ibm.ws.security.web.FormLoginExtensionProcessor.1
                private final String val$_realm;
                private final String val$_username;
                private final String val$_password;
                private final String val$_custom_jaas_config;
                private final HttpServletRequest val$_req;
                private final HttpServletResponse val$_res;
                private final HashMap val$_appcontext;
                private final FormLoginExtensionProcessor this$0;

                {
                    this.this$0 = this;
                    this.val$_realm = r5;
                    this.val$_username = parameter;
                    this.val$_password = parameter2;
                    this.val$_custom_jaas_config = str4;
                    this.val$_req = httpServletRequest;
                    this.val$_res = httpServletResponse;
                    this.val$_appcontext = hashMap;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    return ContextManagerFactory.getInstance().login(this.val$_realm, this.val$_username, this.val$_password, this.val$_custom_jaas_config, this.val$_req, this.val$_res, this.val$_appcontext);
                }
            };
            try {
                str = (String) hashMap.get(Constants.REDIRECT_URL);
            } catch (Throwable th) {
                str = null;
                Tr.error(tc, "incorrect customized error page: ", new Object[]{th});
            }
            if (str != null && str.length() > 0) {
                str2 = str;
            }
            try {
                Subject subject = (Subject) AccessController.doPrivileged(privilegedExceptionAction);
                if (subject != null) {
                    wSCredential = (WSCredential) subject.getPublicCredentials(Class.forName("com.ibm.websphere.security.cred.WSCredential")).iterator().next();
                }
                if (subject == null || wSCredential == null) {
                    Tr.audit(tc, "security.authn.failed.foruser", new Object[]{parameter});
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Redirecting to error page: ").append(str2).toString());
                    }
                    httpServletResponse.setStatus(401);
                    httpServletResponse.sendRedirect(httpServletResponse.encodeURL(str2));
                    if (auditFactory == null || httpServletRequest == null || !auditFactory.isActive(0, 5)) {
                        return;
                    }
                    auditFactory.sendAuthnAuditEvent(auditHandler, AuditOutcome.REDIRECT, "DENIED", httpServletRequest.getSession().getId(), null, this.loginPage, "WEB", httpServletRequest.getMethod(), ContextManagerFactory.getInstance().getDefaultRealm(), str3, "FORM", parameter, providerName, true, null, httpServletRequest.getRemoteAddr(), httpServletRequest.getRemoteHost(), httpServletRequest.getRemotePort(), "security.audit.form.login.failed.audit", new Object[]{str2});
                    return;
                }
                ContextManagerFactory.getInstance().setInvocationSubject(subject);
                ContextManagerFactory.getInstance().setCallerSubject(subject);
                if (auditFactory != null && httpServletRequest != null && auditFactory.isActive(0, 0)) {
                    auditFactory.sendAuthnAuditEvent(auditHandler, AuditOutcome.SUCCESS, "SUCCESS", httpServletRequest.getSession().getId(), null, this.loginPage, "WEB", httpServletRequest.getMethod(), ContextManagerFactory.getInstance().getDefaultRealm(), str3, "FORM", parameter, providerName, true, subject, httpServletRequest.getRemoteAddr(), httpServletRequest.getRemoteHost(), httpServletRequest.getRemotePort(), "security.audit.form.login.success.audit", null);
                }
                WebCollaborator.setPrivateAttributes(httpServletRequest, "AUTH_TYPE", "FORM");
                FormLoginInfo formLoginInfo = null;
                if (str3.equals(SecurityConfig.AUTH_MECHANISM_SWAM)) {
                    HttpSession session = httpServletRequest.getSession(true);
                    if (session != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Form based login: Store auth data in the HTTP Session");
                        }
                        formLoginInfo = (FormLoginInfo) ((IHttpSession) session).getSecurityInfo();
                        if (formLoginInfo == null) {
                            formLoginInfo = new FormLoginInfo(parameter, parameter2);
                        } else {
                            formLoginInfo.setUsername(parameter);
                            formLoginInfo.setPassword(parameter2);
                        }
                        ((IHttpSession) session).putSecurityInfo(formLoginInfo);
                    }
                } else {
                    boolean z = false;
                    if (this.webAttrs.isSSOEnabled()) {
                        z = this.webAttrs.isSecureSSO() ? httpServletRequest.getScheme().equalsIgnoreCase("https") : true;
                    }
                    if (z) {
                        try {
                            WebAttributes webAttributes = this.webAttrs;
                            ArrayList createCookies = WebAttributes.createCookies(httpServletRequest, subject);
                            clearCookie(httpServletRequest, httpServletResponse);
                            if (createCookies != null) {
                                ListIterator listIterator = createCookies.listIterator();
                                while (listIterator.hasNext()) {
                                    httpServletResponse.addCookie((Cookie) listIterator.next());
                                }
                            }
                        } catch (Exception e) {
                            FFDCFilter.processException(e, "com.ibm.ws.security.web.FormLoginServlet.formLogin", "309", this);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, new StringBuffer().append("Redirecting to error page: ").append(str2).toString());
                            }
                            httpServletResponse.setStatus(401);
                            httpServletResponse.sendRedirect(httpServletResponse.encodeURL(str2));
                            return;
                        }
                    }
                }
                String refererURL = str3.equals(SecurityConfig.AUTH_MECHANISM_SWAM) ? formLoginInfo.getRefererURL() : WebAuthenticator.getCookieValue(httpServletRequest.getCookies(), com.ibm.ws.security.util.Constants.REFERER_URL_COOKIENAME);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Successful auth - redirecting to the original URL").append(refererURL).toString());
                }
                if (refererURL != null) {
                    if (refererURL.equals("/")) {
                        refererURL = "";
                    } else if (refererURL.startsWith("/")) {
                        refererURL = refererURL.substring(1);
                    }
                }
                if (refererURL == null) {
                    refererURL = "";
                }
                httpServletResponse.sendRedirect(httpServletResponse.encodeURL(refererURL));
            } catch (PrivilegedActionException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.web.FormLoginServlet.formLogin", "244", this);
                Tr.error(tc, "security.authn.error.foruser", new Object[]{parameter});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Redirecting to error page: ").append(str2).toString());
                }
                httpServletResponse.setStatus(401);
                httpServletResponse.sendRedirect(httpServletResponse.encodeURL(str2));
                if (auditFactory == null || httpServletRequest == null || !auditFactory.isActive(0, 5)) {
                    return;
                }
                auditFactory.sendAuthnAuditEvent(auditHandler, AuditOutcome.REDIRECT, "DENIED", httpServletRequest.getSession().getId(), e2, this.loginPage, "WEB", httpServletRequest.getMethod(), ContextManagerFactory.getInstance().getDefaultRealm(), str3, "FORM", parameter, providerName, true, null, httpServletRequest.getRemoteAddr(), httpServletRequest.getRemoteHost(), httpServletRequest.getRemotePort(), "security.audit.form.login.failed.audit", new Object[]{str2});
            }
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.web.FormLoginServlet.formLogin", "218", this);
            Tr.error(tc, "security.authn.error.foruser", new Object[]{parameter});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Redirecting to error page: ").append(str2).toString());
            }
            httpServletResponse.setStatus(401);
            httpServletResponse.sendRedirect(httpServletResponse.encodeURL(str2));
            if (auditFactory == null || httpServletRequest == null || !auditFactory.isActive(0, 5)) {
                return;
            }
            auditFactory.sendAuthnAuditEvent(auditHandler, AuditOutcome.REDIRECT, "DENIED", httpServletRequest.getSession().getId(), e3, this.loginPage, "WEB", httpServletRequest.getMethod(), ContextManagerFactory.getInstance().getDefaultRealm(), str3, "FORM", parameter, providerName, true, null, httpServletRequest.getRemoteAddr(), httpServletRequest.getRemoteHost(), httpServletRequest.getRemotePort(), "security.audit.form.login.failed.audit", new Object[]{str2});
        }
    }

    private Cookie createCookie(String str, String str2, boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("createCookie ").append(str).append(RASFormatter.DEFAULT_SEPARATOR).append(str2).toString());
        }
        Cookie cookie = new Cookie(str, str2);
        cookie.setPath("/");
        cookie.setMaxAge(-1);
        cookie.setSecure(z);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createCookie");
        }
        return cookie;
    }

    private void clearCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clearCookie");
        }
        String cookieValue = WebAuthenticator.getCookieValue(httpServletRequest.getCookies(), com.ibm.ws.security.util.Constants.REFERER_URL_COOKIENAME);
        if (cookieValue != null && cookieValue.length() > 0) {
            Cookie cookie = new Cookie(com.ibm.ws.security.util.Constants.REFERER_URL_COOKIENAME, "");
            cookie.setPath("/");
            cookie.setMaxAge(0);
            httpServletResponse.addCookie(cookie);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("cleared REFERER_URL cookie. Original value was ").append(cookieValue).toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "clearCookie");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$web$FormLoginExtensionProcessor == null) {
            cls = class$("com.ibm.ws.security.web.FormLoginExtensionProcessor");
            class$com$ibm$ws$security$web$FormLoginExtensionProcessor = cls;
        } else {
            cls = class$com$ibm$ws$security$web$FormLoginExtensionProcessor;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
        auditHandler = null;
        auditFactory = null;
        auditService = null;
    }
}
