package org.clazzes.gwt.login.http;

import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.clazzes.util.http.UrlHelper;
import org.clazzes.util.http.sec.HttpLoginService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/clazzes/gwt/login/http/HttpHttpLoginService.class */
public class HttpHttpLoginService implements HttpLoginService {
    private static final Logger log = LoggerFactory.getLogger(HttpHttpLoginService.class);
    private ConfigurationService configurationService;
    public static final String USER_ATTRIBUTE_NAME = "org.clazzes.gwt.login.http::User";
    public static final String DOMAIN_ATTRIBUTE_NAME = "org.clazzes.gwt.login.http::Domain";
    public static final String NRETRIES_ATTRIBUTE_NAME = "org.clazzes.gwt.login.http::NRetries";

    private static int getNRetries(HttpSession httpSession) {
        if (httpSession == null) {
            return 0;
        }
        try {
            return Integer.parseInt(httpSession.getAttribute(NRETRIES_ATTRIBUTE_NAME).toString());
        } catch (Throwable th) {
            return 0;
        }
    }

    public HttpPrincipal tryLogin(HttpServletRequest httpServletRequest, String str, String str2, String str3) {
        HttpSession session = httpServletRequest.getSession(true);
        int nRetries = getNRetries(session);
        if (nRetries > this.configurationService.getMaxRetries()) {
            return null;
        }
        OutputStreamWriter outputStreamWriter = null;
        InputStreamReader inputStreamReader = null;
        try {
            try {
                DomainConfig domainController = this.configurationService.getDomainController(str);
                if (domainController == null) {
                    throw new SecurityException("Invalid domain [" + str + "] specified.");
                }
                URL url = domainController.getController().toURL();
                if (log.isDebugEnabled()) {
                    log.debug("Connecting to HTTP server [{}] for domain [{}]...", url, str);
                }
                HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
                if (domainController.getCredentials() != null) {
                    if (log.isDebugEnabled()) {
                        log.debug("Using basic authentication for HTTP server [{}] for domain [{}].", url, str);
                    }
                    httpURLConnection.setRequestProperty("Authorization", "Basic " + domainController.getCredentials());
                }
                httpURLConnection.setConnectTimeout(this.configurationService.getHttpConnectTimeout() * 1000);
                httpURLConnection.setReadTimeout(this.configurationService.getHttpReadTimeout() * 1000);
                String appendQueryParameter = UrlHelper.appendQueryParameter(UrlHelper.appendQueryParameter((String) null, "user", str2), "passwd", str3);
                httpURLConnection.setDoOutput(true);
                OutputStreamWriter outputStreamWriter2 = new OutputStreamWriter(httpURLConnection.getOutputStream());
                outputStreamWriter2.write(appendQueryParameter);
                outputStreamWriter2.flush();
                char[] cArr = new char[1024];
                InputStreamReader inputStreamReader2 = new InputStreamReader(httpURLConnection.getInputStream(), "UTF-8");
                int read = inputStreamReader2.read(cArr);
                int responseCode = httpURLConnection.getResponseCode();
                String responseMessage = httpURLConnection.getResponseMessage();
                if (log.isDebugEnabled()) {
                    log.debug("HTTP server [{}] for domain [{}] returned [{} {}] with message [{}].", new Object[]{url, str, Integer.valueOf(responseCode), responseMessage, new String(cArr, 0, read)});
                }
                if (responseCode != 200) {
                    throw new SecurityException("server returned [" + responseCode + "] with message [" + new String(cArr, 0, read) + "].");
                }
                int sessionTimeout = this.configurationService.getSessionTimeout() * 60;
                if (sessionTimeout > 0) {
                    session.setMaxInactiveInterval(sessionTimeout);
                }
                session.setAttribute(USER_ATTRIBUTE_NAME, str2);
                session.setAttribute(DOMAIN_ATTRIBUTE_NAME, str);
                log.info("Successful login of user [{}] in domain [{}], session timeout is [{}].", new Object[]{str2, str, Integer.valueOf(session.getMaxInactiveInterval())});
                HttpPrincipal httpPrincipal = new HttpPrincipal(str2, str);
                if (outputStreamWriter2 != null) {
                    try {
                        outputStreamWriter2.close();
                    } catch (IOException e) {
                        log.warn("Error closing HTTP output stream", e);
                    }
                }
                if (inputStreamReader2 != null) {
                    try {
                        inputStreamReader2.close();
                    } catch (IOException e2) {
                        log.warn("Error closing HTTP input stream", e2);
                    }
                }
                return httpPrincipal;
            } catch (Exception e3) {
                if (log.isDebugEnabled()) {
                    log.debug("Caught exception during HTTP authentication", e3);
                }
                int i = nRetries + 1;
                if (i > 0) {
                    log.error("Invalid login of user [{}] to domain [{}] after [{}] retries.", new Object[]{str2, str, Integer.valueOf(i)});
                } else {
                    log.error("Invalid initial login of user [{}] to domain [{}].", str2, str);
                }
                session.setAttribute(NRETRIES_ATTRIBUTE_NAME, String.valueOf(i));
                session.removeAttribute(DOMAIN_ATTRIBUTE_NAME);
                session.removeAttribute(USER_ATTRIBUTE_NAME);
                if (0 != 0) {
                    try {
                        outputStreamWriter.close();
                    } catch (IOException e4) {
                        log.warn("Error closing HTTP output stream", e4);
                    }
                }
                if (0 != 0) {
                    try {
                        inputStreamReader.close();
                    } catch (IOException e5) {
                        log.warn("Error closing HTTP input stream", e5);
                    }
                }
                return null;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    outputStreamWriter.close();
                } catch (IOException e6) {
                    log.warn("Error closing HTTP output stream", e6);
                }
            }
            if (0 != 0) {
                try {
                    inputStreamReader.close();
                } catch (IOException e7) {
                    log.warn("Error closing HTTP input stream", e7);
                }
            }
            throw th;
        }
    }

    public String getDefaultDomain() {
        return this.configurationService.getDefaultDomain();
    }

    public String getLoginUrl() {
        return "/gwt-http-login-service/login";
    }

    public Principal checkLogin(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        Object attribute = session.getAttribute(USER_ATTRIBUTE_NAME);
        Object attribute2 = session.getAttribute(DOMAIN_ATTRIBUTE_NAME);
        if (attribute2 == null || attribute == null) {
            return null;
        }
        return new HttpPrincipal(attribute.toString(), attribute2.toString());
    }

    public boolean checkPermission(HttpServletRequest httpServletRequest, String str) {
        return str.equals("/gwt-http-login-service/login") && getNRetries(httpServletRequest.getSession(false)) <= this.configurationService.getMaxRetries();
    }

    public void logout(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return;
        }
        Object attribute = session.getAttribute(USER_ATTRIBUTE_NAME);
        if (attribute != null) {
            log.info("Logout of user [{}], session timeout was [{}].", attribute, Integer.valueOf(session.getMaxInactiveInterval()));
        }
        session.removeAttribute(DOMAIN_ATTRIBUTE_NAME);
        session.removeAttribute(USER_ATTRIBUTE_NAME);
        session.removeAttribute(NRETRIES_ATTRIBUTE_NAME);
    }

    public ConfigurationService getConfigurationService() {
        return this.configurationService;
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }

    public int getMaxRetries() {
        return this.configurationService.getMaxRetries();
    }
}
