package org.josso.gateway.signon;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts.action.ActionError;
import org.apache.struts.action.ActionErrors;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.josso.Lookup;
import org.josso.auth.Credential;
import org.josso.auth.exceptions.AuthenticationFailureException;
import org.josso.gateway.SSOContext;
import org.josso.gateway.SSOGateway;
import org.josso.gateway.SSOWebConfiguration;
import org.josso.gateway.assertion.AuthenticationAssertion;
import org.josso.gateway.identity.SSORole;
import org.josso.gateway.identity.SSOUser;
import org.josso.gateway.session.SSOSession;

/* loaded from: input_file:org/josso/gateway/signon/LoginAction.class */
public abstract class LoginAction extends SignonBaseAction {
    public static final String JOSSO_CMD_LOGIN = "login";
    private static final Log logger = LogFactory.getLog(LoginAction.class);

    public ActionForward execute(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (logger.isDebugEnabled()) {
            logger.debug("JOSSO Command : [cmd=" + getSSOCmd(httpServletRequest) + "]");
        }
        prepareContext(httpServletRequest);
        String sSOCmd = getSSOCmd(httpServletRequest);
        String backTo = getBackTo(httpServletRequest);
        if (backTo != null) {
            String lowerCase = backTo.toLowerCase();
            SSOWebConfiguration sSOWebConfiguration = SSOContext.getCurrent().getSecurityDomain().getSSOWebConfiguration();
            boolean z = false;
            if (sSOWebConfiguration.getTrustedHosts().size() > 0) {
                String str = null;
                if (lowerCase.startsWith("http://") || lowerCase.startsWith("https://")) {
                    try {
                        String host = new URL(lowerCase).getHost();
                        str = host.substring(host.lastIndexOf("@") + 1);
                    } catch (MalformedURLException e) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("BackTo URL is malformed : [backTo=" + lowerCase + "]");
                        }
                    }
                }
                Iterator it = sSOWebConfiguration.getTrustedHosts().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String str2 = (String) it.next();
                    if (StringUtils.isNotBlank(str2) && str2.equals(str)) {
                        z = true;
                        break;
                    }
                }
            }
            if (!z && sSOWebConfiguration.getTrustedHosts().size() > 0) {
                logger.warn("Attempt to use untrusted host in back_to URL " + lowerCase);
                httpServletResponse.setHeader("Cache-Control", "no-cache");
                httpServletResponse.setHeader("Pragma", "no-cache");
                httpServletResponse.setHeader("Expires", "0");
                httpServletResponse.setStatus(403);
                return null;
            }
        }
        return canRelay(httpServletRequest) ? relay(actionMapping, actionForm, httpServletRequest, httpServletResponse) : sSOCmd == null ? askForLogin(actionMapping, actionForm, httpServletRequest, httpServletResponse) : login(actionMapping, actionForm, httpServletRequest, httpServletResponse);
    }

    protected ActionForward askForLogin(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            String customLoginURL = Lookup.getInstance().lookupSSOWebConfiguration().getCustomLoginURL();
            String backTo = getBackTo(httpServletRequest);
            if (customLoginURL == null) {
                return actionMapping.findForward("login-page");
            }
            if (backTo != null) {
                customLoginURL = customLoginURL + (customLoginURL.indexOf("?") >= 0 ? "&" : "?") + "josso_back_to=" + backTo;
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Redirecting to custom login : " + customLoginURL);
            }
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(customLoginURL));
            return null;
        } catch (Exception e) {
            if (onFatalError(e, httpServletRequest, httpServletResponse)) {
                return null;
            }
            return actionMapping.findForward("error");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ActionForward login(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            SSOGateway sSOGateway = getSSOGateway();
            Credential[] credentials = getCredentials(httpServletRequest);
            try {
                AuthenticationAssertion assertIdentity = sSOGateway.assertIdentity(credentials, SSOContext.getCurrent().getScheme());
                String sSOSessionId = assertIdentity.getSSOSessionId();
                SSOSession findSession = sSOGateway.findSession(sSOSessionId);
                storeSSOInformation(httpServletRequest, httpServletResponse, findSession);
                if (logger.isDebugEnabled()) {
                    logger.debug("[login()], authentication successfull.");
                }
                String backTo = getBackTo(httpServletRequest, findSession, assertIdentity);
                if (backTo != null) {
                    clearSSOParameters(httpServletRequest);
                    if (logger.isDebugEnabled()) {
                        logger.debug("[login()], Redirecting user to : " + backTo);
                    }
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(backTo));
                    return null;
                }
                SSOUser findUserInSession = sSOGateway.findUserInSession(sSOSessionId);
                SSORole[] findRolesByUsername = sSOGateway.findRolesByUsername(findUserInSession.getName());
                httpServletRequest.setAttribute("org.josso.gateway.session", findSession);
                httpServletRequest.setAttribute("org.josso.gateway.user", findUserInSession);
                httpServletRequest.setAttribute("org.josso.gateway.userRoles", findRolesByUsername);
                return actionMapping.findForward("login-result");
            } catch (AuthenticationFailureException e) {
                if (logger.isDebugEnabled()) {
                    logger.debug("[AuthenticationFailureException] " + e.getMessage(), e);
                }
                ActionErrors actionErrors = new ActionErrors();
                actionErrors.add("org.apache.struts.action.GLOBAL_ERROR", new ActionError("sso.login.failed"));
                saveErrors(httpServletRequest, actionErrors);
                if (onLoginAuthenticationException(e, httpServletRequest, httpServletResponse, credentials)) {
                    return null;
                }
                if (SSOContext.getCurrent().getSecurityDomain().getSSOWebConfiguration().isBasicAuthenticationEnabled()) {
                    return actionMapping.findForward("login-page");
                }
                httpServletResponse.setHeader("Cache-Control", "no-cache");
                httpServletResponse.setHeader("Pragma", "no-cache");
                httpServletResponse.setHeader("Expires", "0");
                httpServletResponse.setStatus(403);
                return null;
            }
        } catch (Exception e2) {
            if (onFatalError(e2, httpServletRequest, httpServletResponse)) {
                return null;
            }
            return actionMapping.findForward("error");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean onLoginAuthenticationException(AuthenticationFailureException authenticationFailureException, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Credential[] credentialArr) throws IOException {
        String sSOCmd = getSSOCmd(httpServletRequest);
        if (sSOCmd != null && sSOCmd.equals("login_optional")) {
            String backTo = getBackTo(httpServletRequest);
            if (logger.isDebugEnabled()) {
                logger.debug("[login()], Login Optional failed, redirecting user to : " + backTo);
            }
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(backTo));
            return true;
        }
        String str = (String) httpServletRequest.getSession(true).getAttribute("org.josso.gateway.onErrorUrl");
        if (str == null) {
            try {
                SSOWebConfiguration lookupSSOWebConfiguration = Lookup.getInstance().lookupSSOWebConfiguration();
                if (lookupSSOWebConfiguration.isBasicAuthenticationEnabled()) {
                    str = lookupSSOWebConfiguration.getCustomLoginURL();
                }
            } catch (Exception e) {
                logger.error(authenticationFailureException.getMessage(), authenticationFailureException);
            }
        }
        if (str == null) {
            return false;
        }
        SSOGateway sSOGateway = getSSOGateway();
        String str2 = str + (str.indexOf("?") >= 0 ? "&" : "?") + "josso_error_type=" + authenticationFailureException.getErrorType();
        try {
            str2 = str2 + "&josso_username=" + sSOGateway.getPrincipalName(SSOContext.getCurrent().getScheme(), credentialArr);
        } catch (Exception e2) {
            if (logger.isDebugEnabled()) {
                logger.error("  [onLoginAuthenticationException()] cant find PrincipalName");
            }
        }
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(str2));
        if (!logger.isDebugEnabled()) {
            return true;
        }
        logger.debug("[login()], authentication failure. Redirecting user to : " + str2);
        return true;
    }

    protected ActionForward relay(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            SSOGateway sSOGateway = getSSOGateway();
            SSOSession session = SSOContext.getCurrent().getSession();
            AuthenticationAssertion assertIdentity = sSOGateway.assertIdentity(session.getId());
            if (logger.isDebugEnabled()) {
                logger.debug("[relay()], authentication successfull.");
            }
            String backTo = getBackTo(httpServletRequest, session, assertIdentity);
            if (backTo == null) {
                return actionMapping.findForward("login-result");
            }
            clearSSOParameters(httpServletRequest);
            if (logger.isDebugEnabled()) {
                logger.debug("[relay()], Redirecting user to : " + backTo);
            }
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(backTo));
            return null;
        } catch (Exception e) {
            if (onFatalError(e, httpServletRequest, httpServletResponse)) {
                return null;
            }
            return actionMapping.findForward("error");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean onFatalError(Exception exc, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        logger.error(exc.getMessage(), exc);
        ActionErrors actionErrors = new ActionErrors();
        actionErrors.add("org.apache.struts.action.GLOBAL_ERROR", new ActionError("sso.error", exc.getMessage() != null ? exc.getMessage() : exc.toString()));
        saveErrors(httpServletRequest, actionErrors);
        return false;
    }

    protected boolean canRelay(HttpServletRequest httpServletRequest) {
        SSOSession session = SSOContext.getCurrent().getSession();
        return session != null && session.isValid();
    }
}
