package org.apache.sling.auth.core.spi;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.auth.core.AuthUtil;
import org.apache.sling.auth.core.AuthenticationSupport;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/resources/install/0/org.apache.sling.auth.core-1.4.2.jar:org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.class */
public class DefaultAuthenticationFeedbackHandler implements AuthenticationFeedbackHandler {
    public static boolean handleRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String validatedRedirectTarget = getValidatedRedirectTarget(httpServletRequest);
        if (validatedRedirectTarget == null) {
            return false;
        }
        try {
            httpServletResponse.sendRedirect(validatedRedirectTarget);
            return true;
        } catch (Exception e) {
            LoggerFactory.getLogger((Class<?>) DefaultAuthenticationFeedbackHandler.class).error("handleRedirect: Failed to send redirect to " + validatedRedirectTarget + ", aborting request without redirect", (Throwable) e);
            return true;
        }
    }

    private static String getValidatedRedirectTarget(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(AuthenticationSupport.REDIRECT_PARAMETER);
        if (parameter == null) {
            return null;
        }
        if ("true".equalsIgnoreCase(parameter) || parameter.length() == 0) {
            return httpServletRequest.getRequestURI();
        }
        if (!parameter.startsWith("/") && !parameter.contains("://")) {
            String substring = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
            int lastIndexOf = substring.lastIndexOf(47);
            parameter = ResourceUtil.normalize((lastIndexOf > 0 ? substring.substring(0, lastIndexOf + 1) : substring).concat(parameter));
        }
        if (parameter.startsWith("/") && !parameter.startsWith(httpServletRequest.getContextPath())) {
            parameter = httpServletRequest.getContextPath().concat(parameter);
        }
        if (!AuthUtil.isRedirectValid(httpServletRequest, parameter)) {
            LoggerFactory.getLogger((Class<?>) DefaultAuthenticationFeedbackHandler.class).error("handleRedirect: Redirect target '{}' is invalid, redirecting to '/'", parameter);
            parameter = "/";
        }
        return parameter;
    }

    @Override // org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler
    public void authenticationFailed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationInfo authenticationInfo) {
    }

    @Override // org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler
    public boolean authenticationSucceeded(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationInfo authenticationInfo) {
        return handleRedirect(httpServletRequest, httpServletResponse);
    }
}
