package org.apache.catalina.authenticator;

import java.io.IOException;
import java.security.Principal;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Locale;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletInputStream;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.coyote.ActionCode;
import org.apache.http.client.methods.HttpHead;
import org.apache.http.client.methods.HttpPost;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.ExceptionUtils;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.http.MimeHeaders;

/* loaded from: input_file:org/apache/catalina/authenticator/FormAuthenticator.class */
public class FormAuthenticator extends AuthenticatorBase {
    private final Log log = LogFactory.getLog((Class<?>) FormAuthenticator.class);
    protected String characterEncoding = null;
    protected String landingPage = null;

    public String getCharacterEncoding() {
        return this.characterEncoding;
    }

    public void setCharacterEncoding(String str) {
        this.characterEncoding = str;
    }

    public String getLandingPage() {
        return this.landingPage;
    }

    public void setLandingPage(String str) {
        this.landingPage = str;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    protected boolean doAuthenticate(Request request, HttpServletResponse httpServletResponse) throws IOException {
        if (checkForCachedAuthentication(request, httpServletResponse, true)) {
            return true;
        }
        Session session = null;
        if (!this.cache) {
            session = request.getSessionInternal(true);
            if (this.log.isDebugEnabled()) {
                this.log.debug("Checking for reauthenticate in session " + session);
            }
            String str = (String) session.getNote(Constants.SESS_USERNAME_NOTE);
            String str2 = (String) session.getNote(Constants.SESS_PASSWORD_NOTE);
            if (str != null && str2 != null) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Reauthenticating username '" + str + "'");
                }
                Principal authenticate = this.context.getRealm().authenticate(str, str2);
                if (authenticate != null) {
                    session.setNote(Constants.FORM_PRINCIPAL_NOTE, authenticate);
                    if (!matchRequest(request)) {
                        register(request, httpServletResponse, authenticate, "FORM", str, str2);
                        return true;
                    }
                }
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Reauthentication failed, proceed normally");
                }
            }
        }
        if (matchRequest(request)) {
            Session sessionInternal = request.getSessionInternal(true);
            if (this.log.isDebugEnabled()) {
                this.log.debug("Restore request from session '" + sessionInternal.getIdInternal() + "'");
            }
            register(request, httpServletResponse, (Principal) sessionInternal.getNote(Constants.FORM_PRINCIPAL_NOTE), "FORM", (String) sessionInternal.getNote(Constants.SESS_USERNAME_NOTE), (String) sessionInternal.getNote(Constants.SESS_PASSWORD_NOTE));
            if (this.cache) {
                sessionInternal.removeNote(Constants.SESS_USERNAME_NOTE);
                sessionInternal.removeNote(Constants.SESS_PASSWORD_NOTE);
            }
            if (restoreRequest(request, sessionInternal)) {
                if (!this.log.isDebugEnabled()) {
                    return true;
                }
                this.log.debug("Proceed to restored request");
                return true;
            }
            if (this.log.isDebugEnabled()) {
                this.log.debug("Restore of original request failed");
            }
            httpServletResponse.sendError(400);
            return false;
        }
        String contextPath = request.getContextPath();
        String decodedRequestURI = request.getDecodedRequestURI();
        boolean z = decodedRequestURI.startsWith(contextPath) && decodedRequestURI.endsWith("/j_security_check");
        LoginConfig loginConfig = this.context.getLoginConfig();
        if (!z) {
            if (request.getServletPath().length() == 0 && request.getPathInfo() == null) {
                StringBuilder sb = new StringBuilder(decodedRequestURI);
                sb.append('/');
                if (request.getQueryString() != null) {
                    sb.append('?');
                    sb.append(request.getQueryString());
                }
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(sb.toString()));
                return false;
            }
            Session sessionInternal2 = request.getSessionInternal(true);
            if (this.log.isDebugEnabled()) {
                this.log.debug("Save request in session '" + sessionInternal2.getIdInternal() + "'");
            }
            try {
                saveRequest(request, sessionInternal2);
                forwardToLoginPage(request, httpServletResponse, loginConfig);
                return false;
            } catch (IOException e) {
                this.log.debug("Request body too big to save during authentication");
                httpServletResponse.sendError(403, sm.getString("authenticator.requestBodyTooBig"));
                return false;
            }
        }
        request.getResponse().sendAcknowledgement();
        Realm realm = this.context.getRealm();
        if (this.characterEncoding != null) {
            request.setCharacterEncoding(this.characterEncoding);
        }
        String parameter = request.getParameter(Constants.FORM_USERNAME);
        String parameter2 = request.getParameter(Constants.FORM_PASSWORD);
        if (this.log.isDebugEnabled()) {
            this.log.debug("Authenticating username '" + parameter + "'");
        }
        Principal authenticate2 = realm.authenticate(parameter, parameter2);
        if (authenticate2 == null) {
            forwardToErrorPage(request, httpServletResponse, loginConfig);
            return false;
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("Authentication of '" + parameter + "' was successful");
        }
        if (session == null) {
            session = request.getSessionInternal(false);
        }
        if (session == null) {
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug("User took so long to log on the session expired");
            }
            if (this.landingPage == null) {
                httpServletResponse.sendError(408, sm.getString("authenticator.sessionExpired"));
                return false;
            }
            String str3 = request.getContextPath() + this.landingPage;
            SavedRequest savedRequest = new SavedRequest();
            savedRequest.setMethod("GET");
            savedRequest.setRequestURI(str3);
            savedRequest.setDecodedRequestURI(str3);
            request.getSessionInternal(true).setNote(Constants.FORM_REQUEST_NOTE, savedRequest);
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(str3));
            return false;
        }
        session.setNote(Constants.FORM_PRINCIPAL_NOTE, authenticate2);
        session.setNote(Constants.SESS_USERNAME_NOTE, parameter);
        session.setNote(Constants.SESS_PASSWORD_NOTE, parameter2);
        String savedRequestURL = savedRequestURL(session);
        if (this.log.isDebugEnabled()) {
            this.log.debug("Redirecting to original '" + savedRequestURL + "'");
        }
        if (savedRequestURL != null) {
            Response response = request.getResponse();
            String encodeRedirectURL = httpServletResponse.encodeRedirectURL(savedRequestURL);
            if (org.apache.coyote.http11.Constants.HTTP_11.equals(request.getProtocol())) {
                response.sendRedirect(encodeRedirectURL, 303);
                return false;
            }
            response.sendRedirect(encodeRedirectURL, 302);
            return false;
        }
        if (this.landingPage == null) {
            httpServletResponse.sendError(400, sm.getString("authenticator.formlogin"));
            return false;
        }
        String str4 = request.getContextPath() + this.landingPage;
        SavedRequest savedRequest2 = new SavedRequest();
        savedRequest2.setMethod("GET");
        savedRequest2.setRequestURI(str4);
        savedRequest2.setDecodedRequestURI(str4);
        session.setNote(Constants.FORM_REQUEST_NOTE, savedRequest2);
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(str4));
        return false;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    protected boolean isContinuationRequired(Request request) {
        SavedRequest savedRequest;
        String path = this.context.getPath();
        String decodedRequestURI = request.getDecodedRequestURI();
        if (decodedRequestURI.startsWith(path) && decodedRequestURI.endsWith("/j_security_check")) {
            return true;
        }
        Session sessionInternal = request.getSessionInternal(false);
        return (sessionInternal == null || (savedRequest = (SavedRequest) sessionInternal.getNote(Constants.FORM_REQUEST_NOTE)) == null || !decodedRequestURI.equals(savedRequest.getDecodedRequestURI())) ? false : true;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    protected String getAuthMethod() {
        return "FORM";
    }

    protected void forwardToLoginPage(Request request, HttpServletResponse httpServletResponse, LoginConfig loginConfig) throws IOException {
        Session sessionInternal;
        if (this.log.isDebugEnabled()) {
            this.log.debug(sm.getString("formAuthenticator.forwardLogin", request.getRequestURI(), request.getMethod(), loginConfig.getLoginPage(), this.context.getName()));
        }
        String loginPage = loginConfig.getLoginPage();
        if (loginPage == null || loginPage.length() == 0) {
            String string = sm.getString("formAuthenticator.noLoginPage", this.context.getName());
            this.log.warn(string);
            httpServletResponse.sendError(500, string);
            return;
        }
        if (getChangeSessionIdOnAuthentication() && (sessionInternal = request.getSessionInternal(false)) != null) {
            request.getContext().getManager().changeSessionId(sessionInternal);
            request.changeSessionId(sessionInternal.getId());
        }
        String method = request.getMethod();
        request.getCoyoteRequest().method().setString("GET");
        RequestDispatcher requestDispatcher = this.context.getServletContext().getRequestDispatcher(loginPage);
        try {
            try {
                if (this.context.fireRequestInitEvent(request.getRequest())) {
                    requestDispatcher.forward(request.getRequest(), httpServletResponse);
                    this.context.fireRequestDestroyEvent(request.getRequest());
                }
                request.getCoyoteRequest().method().setString(method);
            } catch (Throwable th) {
                ExceptionUtils.handleThrowable(th);
                String string2 = sm.getString("formAuthenticator.forwardLoginFail");
                this.log.warn(string2, th);
                request.setAttribute(RequestDispatcher.ERROR_EXCEPTION, th);
                httpServletResponse.sendError(500, string2);
                request.getCoyoteRequest().method().setString(method);
            }
        } catch (Throwable th2) {
            request.getCoyoteRequest().method().setString(method);
            throw th2;
        }
    }

    protected void forwardToErrorPage(Request request, HttpServletResponse httpServletResponse, LoginConfig loginConfig) throws IOException {
        String errorPage = loginConfig.getErrorPage();
        if (errorPage == null || errorPage.length() == 0) {
            String string = sm.getString("formAuthenticator.noErrorPage", this.context.getName());
            this.log.warn(string);
            httpServletResponse.sendError(500, string);
            return;
        }
        RequestDispatcher requestDispatcher = this.context.getServletContext().getRequestDispatcher(loginConfig.getErrorPage());
        try {
            if (this.context.fireRequestInitEvent(request.getRequest())) {
                requestDispatcher.forward(request.getRequest(), httpServletResponse);
                this.context.fireRequestDestroyEvent(request.getRequest());
            }
        } catch (Throwable th) {
            ExceptionUtils.handleThrowable(th);
            String string2 = sm.getString("formAuthenticator.forwardErrorFail");
            this.log.warn(string2, th);
            request.setAttribute(RequestDispatcher.ERROR_EXCEPTION, th);
            httpServletResponse.sendError(500, string2);
        }
    }

    protected boolean matchRequest(Request request) {
        SavedRequest savedRequest;
        String decodedRequestURI;
        Session sessionInternal = request.getSessionInternal(false);
        if (sessionInternal == null || (savedRequest = (SavedRequest) sessionInternal.getNote(Constants.FORM_REQUEST_NOTE)) == null || sessionInternal.getNote(Constants.FORM_PRINCIPAL_NOTE) == null || (decodedRequestURI = request.getDecodedRequestURI()) == null) {
            return false;
        }
        return decodedRequestURI.equals(savedRequest.getDecodedRequestURI());
    }

    protected boolean restoreRequest(Request request, Session session) throws IOException {
        SavedRequest savedRequest = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
        session.removeNote(Constants.FORM_REQUEST_NOTE);
        session.removeNote(Constants.FORM_PRINCIPAL_NOTE);
        if (savedRequest == null) {
            return false;
        }
        do {
        } while (request.createInputStream().read(new byte[4096]) >= 0);
        request.clearCookies();
        Iterator<Cookie> cookies = savedRequest.getCookies();
        while (cookies.hasNext()) {
            request.addCookie(cookies.next());
        }
        String method = savedRequest.getMethod();
        MimeHeaders mimeHeaders = request.getCoyoteRequest().getMimeHeaders();
        mimeHeaders.recycle();
        boolean z = "GET".equalsIgnoreCase(method) || HttpHead.METHOD_NAME.equalsIgnoreCase(method);
        Iterator<String> headerNames = savedRequest.getHeaderNames();
        while (headerNames.hasNext()) {
            String next = headerNames.next();
            if (!"If-Modified-Since".equalsIgnoreCase(next) && (!z || !"If-None-Match".equalsIgnoreCase(next))) {
                Iterator<String> headerValues = savedRequest.getHeaderValues(next);
                while (headerValues.hasNext()) {
                    mimeHeaders.addValue(next).setString(headerValues.next());
                }
            }
        }
        request.clearLocales();
        Iterator<Locale> locales = savedRequest.getLocales();
        while (locales.hasNext()) {
            request.addLocale(locales.next());
        }
        request.getCoyoteRequest().getParameters().recycle();
        ByteChunk body = savedRequest.getBody();
        if (body != null) {
            request.getCoyoteRequest().action(ActionCode.REQ_SET_BODY_REPLAY, body);
            MessageBytes newInstance = MessageBytes.newInstance();
            String contentType = savedRequest.getContentType();
            if (contentType == null && HttpPost.METHOD_NAME.equalsIgnoreCase(method)) {
                contentType = "application/x-www-form-urlencoded";
            }
            newInstance.setString(contentType);
            request.getCoyoteRequest().setContentType(newInstance);
        }
        request.getCoyoteRequest().method().setString(method);
        request.getRequestURI();
        request.getQueryString();
        request.getProtocol();
        return true;
    }

    protected void saveRequest(Request request, Session session) throws IOException {
        SavedRequest savedRequest = new SavedRequest();
        Cookie[] cookies = request.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                savedRequest.addCookie(cookie);
            }
        }
        Enumeration<String> headerNames = request.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String nextElement = headerNames.nextElement();
            Enumeration<String> headers = request.getHeaders(nextElement);
            while (headers.hasMoreElements()) {
                savedRequest.addHeader(nextElement, headers.nextElement());
            }
        }
        Enumeration<Locale> locales = request.getLocales();
        while (locales.hasMoreElements()) {
            savedRequest.addLocale(locales.nextElement());
        }
        request.getResponse().sendAcknowledgement();
        int maxSavePostSize = request.getConnector().getMaxSavePostSize();
        if (maxSavePostSize != 0) {
            ByteChunk byteChunk = new ByteChunk();
            byteChunk.setLimit(maxSavePostSize);
            byte[] bArr = new byte[4096];
            ServletInputStream inputStream = request.getInputStream();
            while (true) {
                int read = inputStream.read(bArr);
                if (read < 0) {
                    break;
                } else {
                    byteChunk.append(bArr, 0, read);
                }
            }
            if (byteChunk.getLength() > 0) {
                savedRequest.setContentType(request.getContentType());
                savedRequest.setBody(byteChunk);
            }
        }
        savedRequest.setMethod(request.getMethod());
        savedRequest.setQueryString(request.getQueryString());
        savedRequest.setRequestURI(request.getRequestURI());
        savedRequest.setDecodedRequestURI(request.getDecodedRequestURI());
        session.setNote(Constants.FORM_REQUEST_NOTE, savedRequest);
    }

    protected String savedRequestURL(Session session) {
        SavedRequest savedRequest = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
        if (savedRequest == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder(savedRequest.getRequestURI());
        if (savedRequest.getQueryString() != null) {
            sb.append('?');
            sb.append(savedRequest.getQueryString());
        }
        return sb.toString();
    }
}
