package org.clazzes.login.adapter.http;

import java.io.IOException;
import java.io.InterruptedIOException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.util.Locale;
import java.util.ResourceBundle;
import java.util.TimeZone;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import org.clazzes.login.adapter.http.MFAState;
import org.clazzes.login.adapter.http.i18n.Messages;
import org.clazzes.util.http.LocaleHelper;
import org.clazzes.util.http.RequestHelper;
import org.clazzes.util.http.UrlHelper;
import org.clazzes.util.http.sec.PageTokenService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/clazzes/login/adapter/http/DomainLoginServlet.class */
public class DomainLoginServlet extends HttpServlet {
    private static final long serialVersionUID = 6376913713678650071L;
    private static final String XHTML_NS_URI = "http://www.w3.org/1999/xhtml";
    private static final int SC_EXPECT_TOKEN_OTP = 491;
    private static final int SC_EXPECT_EPHEMERAL_OTP = 492;
    private DomainHttpLoginService loginService;
    private PageTokenService pageTokenService;
    private String i18nPrefix;
    private static final Logger log = LoggerFactory.getLogger(DomainLoginServlet.class);
    private static final XMLOutputFactory xmlOutputFactory = XMLOutputFactory.newFactory();

    private final String getStringWithPfx(ResourceBundle resourceBundle, String str) {
        if (this.i18nPrefix != null) {
            String str2 = this.i18nPrefix + "." + str;
            if (resourceBundle.containsKey(str2)) {
                return resourceBundle.getString(str2);
            }
        }
        return resourceBundle.getString(str);
    }

    protected void writeLoginForm(Locale locale, String str, HttpServletResponse httpServletResponse, String str2, boolean z, String str3, String str4, int i, String str5, boolean z2) throws IOException, ServletException {
        ResourceBundle localizedVersion = Messages.getLocalizedVersion(locale);
        try {
            String xsLanguage = LocaleHelper.toXsLanguage(localizedVersion.getLocale());
            httpServletResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
            httpServletResponse.setHeader("Content-Language", xsLanguage);
            httpServletResponse.setHeader("Cache-Control", "no-cache");
            httpServletResponse.setHeader("Pragma", "no-cache");
            httpServletResponse.setHeader("Expires", "0");
            httpServletResponse.setContentType("text/html; charset=utf-8");
            httpServletResponse.getOutputStream().write("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n".getBytes("UTF-8"));
            XMLStreamWriter createXMLStreamWriter = xmlOutputFactory.createXMLStreamWriter(httpServletResponse.getOutputStream(), "UTF-8");
            createXMLStreamWriter.setDefaultNamespace(XHTML_NS_URI);
            boolean z3 = i == SC_EXPECT_TOKEN_OTP || i == SC_EXPECT_EPHEMERAL_OTP;
            createXMLStreamWriter.writeStartElement("html");
            createXMLStreamWriter.writeDefaultNamespace(XHTML_NS_URI);
            createXMLStreamWriter.writeAttribute("lang", xsLanguage);
            createXMLStreamWriter.writeAttribute("xml:lang", xsLanguage);
            createXMLStreamWriter.writeStartElement("head");
            createXMLStreamWriter.writeEmptyElement("meta");
            createXMLStreamWriter.writeAttribute("http-equiv", "Content-Type");
            createXMLStreamWriter.writeAttribute("content", "text/html; charset=utf-8");
            createXMLStreamWriter.writeEmptyElement("link");
            createXMLStreamWriter.writeAttribute("type", "text/css");
            createXMLStreamWriter.writeAttribute("rel", "stylesheet");
            createXMLStreamWriter.writeAttribute("href", str2 == null ? "../http-login.css" : str2);
            if (z && i != 200) {
                createXMLStreamWriter.writeStartElement("script");
                createXMLStreamWriter.writeAttribute("type", "text/javascript");
                createXMLStreamWriter.writeAttribute("charset", "utf-8");
                createXMLStreamWriter.writeAttribute("src", "../jstz.js");
                createXMLStreamWriter.writeEndElement();
                createXMLStreamWriter.writeStartElement("script");
                createXMLStreamWriter.writeCharacters("\nfunction doTimeZoneDetection() {\n");
                createXMLStreamWriter.writeCharacters("  if (location.search.match(/tz=(GMT[+\\-][0-9][0-9]:[0-9][0-9]|[\\w\\/]+)/)) {\n");
                createXMLStreamWriter.writeCharacters("     document.forms.httpLoginForm.timeZone.value=RegExp.$1;\n");
                createXMLStreamWriter.writeCharacters("  } else {\n");
                createXMLStreamWriter.writeCharacters("    var tz = jstz.determine();\n");
                createXMLStreamWriter.writeCharacters("    document.forms.httpLoginForm.timeZone.value=tz.name();\n");
                createXMLStreamWriter.writeCharacters("  }\n");
                createXMLStreamWriter.writeCharacters("}\n");
                createXMLStreamWriter.writeEndElement();
            }
            createXMLStreamWriter.writeStartElement("title");
            createXMLStreamWriter.writeCharacters("HTTP Single-Sign-On");
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeStartElement("body");
            if (z && i != 200) {
                createXMLStreamWriter.writeAttribute("onload", "doTimeZoneDetection()");
            }
            createXMLStreamWriter.writeStartElement("form");
            createXMLStreamWriter.writeAttribute("id", "loginResultForm");
            createXMLStreamWriter.writeEmptyElement("input");
            createXMLStreamWriter.writeAttribute("type", "hidden");
            createXMLStreamWriter.writeAttribute("name", "status");
            createXMLStreamWriter.writeAttribute("value", String.valueOf(i));
            createXMLStreamWriter.writeEmptyElement("input");
            createXMLStreamWriter.writeAttribute("type", "hidden");
            createXMLStreamWriter.writeAttribute("name", "principal");
            createXMLStreamWriter.writeAttribute("value", str3);
            createXMLStreamWriter.writeEmptyElement("input");
            createXMLStreamWriter.writeAttribute("type", "hidden");
            createXMLStreamWriter.writeAttribute("name", "pageToken");
            createXMLStreamWriter.writeAttribute("value", str4);
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeStartElement("form");
            createXMLStreamWriter.writeAttribute("name", "httpLoginForm");
            createXMLStreamWriter.writeAttribute("action", str);
            createXMLStreamWriter.writeAttribute("method", "post");
            createXMLStreamWriter.writeEmptyElement("input");
            createXMLStreamWriter.writeAttribute("type", "hidden");
            createXMLStreamWriter.writeAttribute("name", "pageToken");
            createXMLStreamWriter.writeAttribute("value", str4);
            if (z3 || i == 200) {
                createXMLStreamWriter.writeEmptyElement("input");
                createXMLStreamWriter.writeAttribute("type", "hidden");
                createXMLStreamWriter.writeAttribute("name", "logout");
                createXMLStreamWriter.writeAttribute("value", i == 200 ? "true" : "false");
            }
            if (z && i != 200) {
                createXMLStreamWriter.writeEmptyElement("input");
                createXMLStreamWriter.writeAttribute("type", "hidden");
                createXMLStreamWriter.writeAttribute("name", "timeZone");
                createXMLStreamWriter.writeAttribute("value", "");
            }
            if (z2) {
                createXMLStreamWriter.writeEmptyElement("input");
                createXMLStreamWriter.writeAttribute("type", "hidden");
                createXMLStreamWriter.writeAttribute("name", "generateSmsOtp");
                createXMLStreamWriter.writeAttribute("value", "false");
            }
            createXMLStreamWriter.writeStartElement("table");
            createXMLStreamWriter.writeAttribute("class", "http-LoginForm");
            createXMLStreamWriter.writeStartElement("tr");
            createXMLStreamWriter.writeStartElement("td");
            createXMLStreamWriter.writeAttribute("colspan", "2");
            createXMLStreamWriter.writeAttribute("id", "messageTd");
            if (i == 403) {
                if (str5 == null) {
                    createXMLStreamWriter.writeCharacters(getStringWithPfx(localizedVersion, "user-or-password-invalid"));
                } else {
                    createXMLStreamWriter.writeCharacters(getStringWithPfx(localizedVersion, str5));
                }
            } else if (i == 406) {
                createXMLStreamWriter.writeCharacters(getStringWithPfx(localizedVersion, "too-many-retries"));
            } else if (i == 200) {
                createXMLStreamWriter.writeCharacters(getStringWithPfx(localizedVersion, "login-ok"));
            } else if (i == SC_EXPECT_TOKEN_OTP) {
                createXMLStreamWriter.writeCharacters(getStringWithPfx(localizedVersion, "enter-token-otp"));
            } else if (i == SC_EXPECT_EPHEMERAL_OTP) {
                createXMLStreamWriter.writeCharacters(getStringWithPfx(localizedVersion, "enter-ephemeral-otp"));
            } else {
                createXMLStreamWriter.writeCharacters(getStringWithPfx(localizedVersion, "enter-user-and-password"));
            }
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            if (i != 200) {
                if (i == SC_EXPECT_TOKEN_OTP) {
                    createXMLStreamWriter.writeStartElement("tr");
                    createXMLStreamWriter.writeStartElement("td");
                    createXMLStreamWriter.writeCharacters(getStringWithPfx(localizedVersion, "token-otp"));
                    createXMLStreamWriter.writeEndElement();
                    createXMLStreamWriter.writeStartElement("td");
                    createXMLStreamWriter.writeEmptyElement("input");
                    createXMLStreamWriter.writeAttribute("class", "http-login-TokenOtpTextBox");
                    createXMLStreamWriter.writeAttribute("title", getStringWithPfx(localizedVersion, "enter-token-otp"));
                    createXMLStreamWriter.writeAttribute("type", "text");
                    createXMLStreamWriter.writeAttribute("name", "tokenOtp");
                    createXMLStreamWriter.writeAttribute("autocomplete", "off");
                    createXMLStreamWriter.writeEndElement();
                    createXMLStreamWriter.writeEndElement();
                } else if (i == SC_EXPECT_EPHEMERAL_OTP) {
                    createXMLStreamWriter.writeStartElement("tr");
                    createXMLStreamWriter.writeStartElement("td");
                    createXMLStreamWriter.writeCharacters(getStringWithPfx(localizedVersion, "ephemeral-otp"));
                    createXMLStreamWriter.writeEndElement();
                    createXMLStreamWriter.writeStartElement("td");
                    createXMLStreamWriter.writeEmptyElement("input");
                    createXMLStreamWriter.writeAttribute("class", "http-login-TextBox");
                    createXMLStreamWriter.writeAttribute("title", getStringWithPfx(localizedVersion, "enter-ephemeral-otp"));
                    createXMLStreamWriter.writeAttribute("type", "text");
                    createXMLStreamWriter.writeAttribute("name", "ephemeralOtp");
                    createXMLStreamWriter.writeAttribute("autocomplete", "off");
                    createXMLStreamWriter.writeEndElement();
                    createXMLStreamWriter.writeEndElement();
                } else {
                    createXMLStreamWriter.writeStartElement("tr");
                    createXMLStreamWriter.writeStartElement("td");
                    createXMLStreamWriter.writeCharacters(getStringWithPfx(localizedVersion, "user"));
                    createXMLStreamWriter.writeEndElement();
                    createXMLStreamWriter.writeStartElement("td");
                    createXMLStreamWriter.writeEmptyElement("input");
                    createXMLStreamWriter.writeAttribute("class", "http-login-TextBox");
                    createXMLStreamWriter.writeAttribute("title", String.format(locale, getStringWithPfx(localizedVersion, "domainUserTitle"), this.loginService.getDefaultDomain()));
                    createXMLStreamWriter.writeAttribute("placeholder", getStringWithPfx(localizedVersion, "domainUserPlaceholder"));
                    createXMLStreamWriter.writeAttribute("type", "text");
                    createXMLStreamWriter.writeAttribute("name", "user");
                    createXMLStreamWriter.writeEndElement();
                    createXMLStreamWriter.writeEndElement();
                    createXMLStreamWriter.writeStartElement("tr");
                    createXMLStreamWriter.writeStartElement("td");
                    createXMLStreamWriter.writeCharacters(getStringWithPfx(localizedVersion, "password"));
                    createXMLStreamWriter.writeEndElement();
                    createXMLStreamWriter.writeStartElement("td");
                    createXMLStreamWriter.writeEmptyElement("input");
                    createXMLStreamWriter.writeAttribute("class", "http-login-PasswordTextBox");
                    createXMLStreamWriter.writeAttribute("placeholder", getStringWithPfx(localizedVersion, "password"));
                    createXMLStreamWriter.writeAttribute("type", "password");
                    createXMLStreamWriter.writeAttribute("name", "password");
                    createXMLStreamWriter.writeEndElement();
                    createXMLStreamWriter.writeEndElement();
                }
            }
            createXMLStreamWriter.writeStartElement("tr");
            createXMLStreamWriter.writeStartElement("td");
            createXMLStreamWriter.writeAttribute("colspan", "2");
            createXMLStreamWriter.writeStartElement("fieldset");
            createXMLStreamWriter.writeAttribute("id", "httpLoginFields");
            createXMLStreamWriter.writeEmptyElement("input");
            createXMLStreamWriter.writeAttribute("class", "http-login-Button");
            createXMLStreamWriter.writeAttribute("type", "submit");
            createXMLStreamWriter.writeAttribute("onClick", "document.getElementById(\"httpLoginFields\").disabled = true; document.getElementById(\"messageTd\").innerHTML=\"" + (i == 200 ? getStringWithPfx(localizedVersion, "loggingOut") : getStringWithPfx(localizedVersion, "checkingCredentials")) + "\"; document.forms.httpLoginForm.submit(); return false;");
            createXMLStreamWriter.writeAttribute("value", i == 200 ? getStringWithPfx(localizedVersion, "do-logout") : getStringWithPfx(localizedVersion, "do-login"));
            if (z2) {
                createXMLStreamWriter.writeCharacters(" ");
                createXMLStreamWriter.writeEmptyElement("input");
                createXMLStreamWriter.writeAttribute("class", "http-login-Button");
                createXMLStreamWriter.writeAttribute("type", "button");
                createXMLStreamWriter.writeAttribute("onClick", "document.getElementById(\"httpLoginFields\").disabled = true;  document.forms.httpLoginForm.generateSmsOtp.value='true'; document.getElementById(\"messageTd\").innerHTML=\"" + getStringWithPfx(localizedVersion, "generatingEphemeralOtp") + "\"; document.forms.httpLoginForm.submit(); return false;");
                createXMLStreamWriter.writeAttribute("value", getStringWithPfx(localizedVersion, "do-generate-otp"));
            }
            if (z3) {
                createXMLStreamWriter.writeCharacters(" ");
                createXMLStreamWriter.writeStartElement("input");
                createXMLStreamWriter.writeAttribute("class", "http-login-Button");
                createXMLStreamWriter.writeAttribute("type", "button");
                createXMLStreamWriter.writeAttribute("onClick", "document.getElementById(\"httpLoginFields\").disabled = true;  document.forms.httpLoginForm.logout.value='true'; document.getElementById(\"messageTd\").innerHTML=\"" + getStringWithPfx(localizedVersion, "loggingOut") + "\"; document.forms.httpLoginForm.submit(); return false;");
                createXMLStreamWriter.writeAttribute("value", getStringWithPfx(localizedVersion, "do-logout"));
                createXMLStreamWriter.writeEndElement();
            }
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndDocument();
            createXMLStreamWriter.close();
            httpServletResponse.flushBuffer();
        } catch (XMLStreamException e) {
            throw new ServletException("Error setting XML stream writer", e);
        }
    }

    protected static Locale getRequestLocale(HttpServletRequest httpServletRequest) {
        Locale locale = httpServletRequest.getLocale();
        String parameter = httpServletRequest.getParameter("locale");
        if (parameter != null) {
            locale = LocaleHelper.localeFromXsLanguage(parameter);
        }
        return locale;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        writeResponse(httpServletRequest, httpServletResponse, this.loginService.checkMFALogin(httpServletRequest), false, getRequestLocale(httpServletRequest), null);
    }

    protected void writeResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, MFAState mFAState, boolean z, Locale locale, String str) throws ServletException, IOException {
        String name;
        int i;
        String parameter = httpServletRequest.getParameter("css");
        String str2 = null;
        boolean z2 = false;
        if (mFAState == null) {
            i = !this.loginService.checkPermission(httpServletRequest, this.loginService.getLoginUrl()) ? 406 : z ? 403 : 401;
            name = "";
        } else {
            name = mFAState.getPrincipal().getName();
            if (mFAState.getState() == MFAState.State.AUTHENTICATED) {
                i = 200;
            } else if (mFAState.getState() == MFAState.State.TOKEN_PENDING) {
                i = SC_EXPECT_TOKEN_OTP;
                z2 = this.loginService.mayReveiceEphemeralOtp(mFAState);
            } else {
                i = mFAState.getState() == MFAState.State.EPHEMERAL_PENDING ? SC_EXPECT_EPHEMERAL_OTP : 403;
            }
            if (z) {
                str2 = httpServletRequest.getParameter("pageToken");
            }
        }
        if (str2 == null) {
            str2 = this.pageTokenService.getPageToken(httpServletRequest);
        }
        String requestURI = httpServletRequest.getRequestURI();
        String parameter2 = httpServletRequest.getParameter("locale");
        if (parameter2 != null) {
            requestURI = UrlHelper.appendQueryParameterToUrl(requestURI, "locale", parameter2);
        }
        if (parameter != null) {
            requestURI = UrlHelper.appendQueryParameterToUrl(requestURI, "css", parameter);
        }
        writeLoginForm(locale, requestURI, httpServletResponse, parameter, this.loginService.isDoTimeZoneDetection(), name, str2, i, str, z2);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String substring;
        MFAState mFAState = null;
        String str = null;
        boolean equals = "true".equals(httpServletRequest.getParameter("logout"));
        Locale requestLocale = getRequestLocale(httpServletRequest);
        if (equals) {
            this.loginService.logout(httpServletRequest);
        } else {
            try {
                if (this.pageTokenService.checkPageToken(httpServletRequest, httpServletRequest.getParameter("pageToken"))) {
                    String parameter = httpServletRequest.getParameter("generateSmsOtp");
                    String parameter2 = httpServletRequest.getParameter("tokenOtp");
                    String parameter3 = httpServletRequest.getParameter("ephemeralOtp");
                    if ("true".equals(parameter)) {
                        mFAState = this.loginService.generateSmsToken(httpServletRequest, requestLocale);
                    } else if (parameter2 != null) {
                        mFAState = this.loginService.checkTokenOtp(httpServletRequest, httpServletResponse, parameter2, requestLocale);
                    } else if (parameter3 != null) {
                        mFAState = this.loginService.checkEphemeralOtp(httpServletRequest, httpServletResponse, parameter3, requestLocale);
                    } else {
                        String parameter4 = httpServletRequest.getParameter("user");
                        String parameter5 = httpServletRequest.getParameter("password");
                        int max = Math.max(parameter4.indexOf(47), parameter4.indexOf(92));
                        if (max < 0) {
                            int indexOf = parameter4.indexOf(64);
                            if (indexOf < 0) {
                                substring = this.loginService.getDefaultDomain();
                            } else {
                                substring = parameter4.substring(indexOf + 1);
                                parameter4 = parameter4.substring(0, indexOf);
                            }
                        } else {
                            substring = parameter4.substring(0, max);
                            parameter4 = parameter4.substring(max + 1);
                        }
                        String parameter6 = httpServletRequest.getParameter("timeZone");
                        mFAState = this.loginService.tryLogin(httpServletRequest, httpServletResponse, substring, parameter4, parameter5, requestLocale, (parameter6 == null || parameter6.isEmpty()) ? null : TimeZone.getTimeZone(parameter6));
                    }
                }
            } catch (RuntimeException e) {
                log.error("Caught exception during login", e);
                this.loginService.logout(httpServletRequest);
                mFAState = null;
                Throwable cause = e.getCause();
                if (cause != null) {
                    if (cause instanceof CertificateExpiredException) {
                        str = "valid-certificate-expired";
                    } else if (cause instanceof CertificateNotYetValidException) {
                        str = "no-valid-certificate";
                    }
                }
            } catch (Throwable th) {
                log.error("Caught exception during login", th);
                this.loginService.logout(httpServletRequest);
                mFAState = null;
            }
            if (mFAState == null) {
                log.error("Bad login from [{}].", RequestHelper.getRealRemoteIP(httpServletRequest));
                long failureTimeout = this.loginService.getFailureTimeout();
                if (failureTimeout > 0) {
                    try {
                        Thread.sleep(failureTimeout);
                    } catch (InterruptedException e2) {
                        throw new InterruptedIOException("Wait after HTTP login failure has been interupted.");
                    }
                }
            }
        }
        writeResponse(httpServletRequest, httpServletResponse, mFAState, !equals, requestLocale, str);
    }

    public void setLoginService(DomainHttpLoginService domainHttpLoginService) {
        this.loginService = domainHttpLoginService;
    }

    public void setPageTokenService(PageTokenService pageTokenService) {
        this.pageTokenService = pageTokenService;
    }

    public void setI18nPrefix(String str) {
        this.i18nPrefix = str;
    }

    public String getServletInfo() {
        return DomainLoginServlet.class.getSimpleName();
    }

    static {
        xmlOutputFactory.setProperty("javax.xml.stream.isRepairingNamespaces", true);
    }
}
