package org.josso.gateway.signon;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.axis.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.josso.auth.exceptions.SSOAuthenticationException;
import org.josso.gateway.SSOContext;
import org.josso.gateway.SSOException;
import org.josso.gateway.SSOWebConfiguration;
import org.josso.gateway.protocol.handler.NtlmProtocolHandler;
import org.springframework.beans.PropertyAccessor;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;

/* loaded from: input_file:WEB-INF/lib/josso-protocol-1.8.9-SNAPSHOT.jar:org/josso/gateway/signon/LoginSelectorAction.class */
public class LoginSelectorAction extends SignonBaseAction {
    private static final Log logger = LogFactory.getLog(LoginSelectorAction.class);

    @Override // org.apache.struts.action.Action
    public ActionForward execute(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (logger.isDebugEnabled()) {
            logger.debug("JOSSO Command : [cmd=" + getSSOCmd(httpServletRequest) + PropertyAccessor.PROPERTY_KEY_SUFFIX);
        }
        try {
            prepareContext(httpServletRequest);
        } catch (SSOAuthenticationException e) {
            logger.error(e.getMessage(), e);
        } catch (SSOException e2) {
            logger.error(e2.getMessage(), e2);
        }
        SSOWebConfiguration sSOWebConfiguration = SSOContext.getCurrent().getSecurityDomain().getSSOWebConfiguration();
        if (sSOWebConfiguration.isStrongAuthenticationEnabled()) {
            if (httpServletRequest.getAttribute("javax.servlet.request.X509Certificate") != null) {
                String str = "https://" + httpServletRequest.getHeader(HTTPConstants.HEADER_HOST) + httpServletRequest.getContextPath() + actionMapping.findForward("strong-authentication").getPath() + "?josso_cmd=login" + (httpServletRequest.getQueryString() != null ? BeanFactory.FACTORY_BEAN_PREFIX + httpServletRequest.getQueryString() : "");
                try {
                    logger.debug("Triggering 'strong-authentication'.  Redirecting to: " + str);
                    httpServletResponse.sendRedirect(str);
                    return null;
                } catch (Exception e3) {
                    logger.debug(e3.getMessage(), e3);
                }
            }
        } else if (logger.isDebugEnabled()) {
            logger.debug("Strong authentication is NOT enabled for SSO Context: " + SSOContext.getCurrent().getSecurityDomain().getName());
        }
        if (sSOWebConfiguration.isRememberMeEnabled()) {
            String str2 = "JOSSO_REMEMBERME_" + SSOContext.getCurrent().getSecurityDomain().getName();
            if (logger.isDebugEnabled()) {
                logger.debug("Looking for cookie: JOSSO_REMEMBERME_" + SSOContext.getCurrent().getSecurityDomain().getName());
            }
            Cookie cookie = getCookie(httpServletRequest, str2);
            if (cookie != null && !cookie.getValue().equals("-")) {
                if (logger.isDebugEnabled()) {
                    logger.debug("RemembermeCookie found!");
                }
                String sSOCmd = getSSOCmd(httpServletRequest);
                if (sSOCmd == null || !(sSOCmd == null || sSOCmd.equals("login_optional"))) {
                    logger.debug("Triggering 'rememberme-authentication'");
                    return actionMapping.findForward("rememberme-authentication");
                }
                logger.debug("Not triggering remember me authentication since login is optional");
            }
            if (logger.isDebugEnabled()) {
                logger.debug("RemembermeCookie NOT found!");
            }
        } else if (logger.isDebugEnabled()) {
            logger.debug("RememberMe is NOT enabled for SSO Context: " + SSOContext.getCurrent().getSecurityDomain().getName());
        }
        if (sSOWebConfiguration.isNtlmAuthenticationEnabled()) {
            if (((httpServletRequest.getAttribute(NtlmProtocolHandler.NTLM_ERROR_FLAG) == null) && httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION) != null && httpServletRequest.getHeader(HTTPConstants.HEADER_AUTHORIZATION).startsWith("NTLM")) || httpServletRequest.getSession().getAttribute(NtlmProtocolHandler.NTLM_PASS_AUTHENTICATION) != null) {
                try {
                    logger.debug("Triggering 'ntlm-authentication'");
                    return actionMapping.findForward("ntlm-authentication");
                } catch (Exception e4) {
                    logger.error(e4.getMessage(), e4);
                }
            }
        } else if (logger.isDebugEnabled()) {
            logger.debug("NTLM authentication is NOT enabled for SSO Context: " + SSOContext.getCurrent().getSecurityDomain().getName());
        }
        if (sSOWebConfiguration.isBasicAuthenticationEnabled()) {
            logger.debug("Triggering 'basic-authentication'");
            return actionMapping.findForward("basic-authentication");
        }
        httpServletResponse.setHeader(HTTPConstants.HEADER_CACHE_CONTROL, HTTPConstants.HEADER_CACHE_CONTROL_NOCACHE);
        httpServletResponse.setHeader(HTTPConstants.HEADER_PRAGMA, HTTPConstants.HEADER_CACHE_CONTROL_NOCACHE);
        httpServletResponse.setHeader("Expires", CustomBooleanEditor.VALUE_0);
        httpServletResponse.setStatus(403);
        return null;
    }
}
