package com.predic8.membrane.core.interceptor.authentication.session;

import com.floreysoft.jmte.Engine;
import com.floreysoft.jmte.ErrorHandler;
import com.floreysoft.jmte.message.ParseException;
import com.floreysoft.jmte.token.Token;
import com.predic8.membrane.core.Constants;
import com.predic8.membrane.core.Router;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.Outcome;
import com.predic8.membrane.core.interceptor.authentication.session.SessionManager;
import com.predic8.membrane.core.interceptor.server.WebServerInterceptor;
import com.predic8.membrane.core.resolver.ResolverMap;
import com.predic8.membrane.core.util.URIFactory;
import com.predic8.membrane.core.util.URLParamUtil;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Map;
import java.util.NoSuchElementException;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.util.AntPathMatcher;
import org.springframework.validation.DataBinder;

/* loaded from: input_file:lib/service-proxy-core-4.1.0.jar:com/predic8/membrane/core/interceptor/authentication/session/LoginDialog.class */
public class LoginDialog {
    private static Log log = LogFactory.getLog(LoginDialog.class.getName());
    private String path;
    private String message;
    private boolean exposeUserCredentialsToSession;
    private URIFactory uriFactory;
    private final UserDataProvider userDataProvider;
    private final TokenProvider tokenProvider;
    private final SessionManager sessionManager;
    private final AccountBlocker accountBlocker;
    private final WebServerInterceptor wsi = new WebServerInterceptor();

    public LoginDialog(UserDataProvider userDataProvider, TokenProvider tokenProvider, SessionManager sessionManager, AccountBlocker accountBlocker, String str, String str2, boolean z, String str3) {
        this.path = str2;
        this.exposeUserCredentialsToSession = z;
        this.userDataProvider = userDataProvider;
        this.tokenProvider = tokenProvider;
        this.sessionManager = sessionManager;
        this.accountBlocker = accountBlocker;
        this.message = str3;
        this.wsi.setDocBase(str);
    }

    public void init(Router router) throws Exception {
        this.uriFactory = router.getUriFactory();
        router.getResolverMap().resolve(ResolverMap.combine(router.getBaseLocation(), this.wsi.getDocBase(), "index.html")).close();
        this.wsi.init(router);
    }

    public boolean isLoginRequest(Exchange exchange) {
        return this.uriFactory.createWithoutException(exchange.getRequest().getUri()).getPath().startsWith(this.path);
    }

    private void showPage(Exchange exchange, int i, Object... objArr) throws Exception {
        String defaultString = StringUtils.defaultString(URLParamUtil.getParams(this.uriFactory, exchange).get(DataBinder.DEFAULT_OBJECT_NAME));
        exchange.getDestinations().set(0, "/index.html");
        this.wsi.handleRequest(exchange);
        Engine engine = new Engine();
        engine.setErrorHandler(new ErrorHandler() { // from class: com.predic8.membrane.core.interceptor.authentication.session.LoginDialog.1
            @Override // com.floreysoft.jmte.ErrorHandler
            public void error(String str, Token token, Map<String, Object> map) throws ParseException {
                LoginDialog.log.error(str);
            }

            @Override // com.floreysoft.jmte.ErrorHandler
            public void error(String str, Token token) throws ParseException {
                LoginDialog.log.error(str);
            }
        });
        HashMap hashMap = new HashMap();
        hashMap.put("action", StringEscapeUtils.escapeXml(this.path));
        hashMap.put(DataBinder.DEFAULT_OBJECT_NAME, StringEscapeUtils.escapeXml(defaultString));
        if (i == 1) {
            hashMap.put("token", true);
        }
        for (int i2 = 0; i2 < objArr.length; i2 += 2) {
            hashMap.put((String) objArr[i2], objArr[i2 + 1]);
        }
        exchange.getResponse().setBodyContent(engine.transform(exchange.getResponse().getBody().toString(), hashMap).getBytes(Constants.UTF_8_CHARSET));
    }

    public void handleLoginRequest(Exchange exchange) throws Exception {
        SessionManager.Session session = this.sessionManager.getSession(exchange.getRequest());
        String substring = exchange.getRequest().getUri().substring(this.path.length() - 1);
        if (substring.indexOf(63) >= 0) {
            substring = substring.substring(0, substring.indexOf(63));
        }
        exchange.getDestinations().set(0, substring);
        if (substring.equals("/logout")) {
            if (session != null) {
                session.clear();
            }
            exchange.setResponse(Response.redirect(this.path, false).body("").build());
            return;
        }
        if (!substring.equals(AntPathMatcher.DEFAULT_PATH_SEPARATOR)) {
            this.wsi.handleRequest(exchange);
            return;
        }
        if (session != null && session.isPreAuthorized()) {
            if (this.accountBlocker != null && this.accountBlocker.isBlocked(session.getUserName())) {
                showPage(exchange, 0, "error", "ACCOUNT_BLOCKED");
                return;
            }
            if (!exchange.getRequest().getMethod().equals("POST")) {
                showPage(exchange, 1, new Object[0]);
                return;
            }
            try {
                this.tokenProvider.verifyToken(session.getUserAttributes(), URLParamUtil.getParams(this.uriFactory, exchange).get("token"));
                if (this.accountBlocker != null) {
                    this.accountBlocker.unblock(session.getUserName());
                }
                String str = URLParamUtil.getParams(this.uriFactory, exchange).get(DataBinder.DEFAULT_OBJECT_NAME);
                if (StringUtils.isEmpty(str)) {
                    str = AntPathMatcher.DEFAULT_PATH_SEPARATOR;
                }
                if (this.message != null) {
                    exchange.setResponse(Response.redirectWithout300(str, this.message).build());
                } else {
                    exchange.setResponse(Response.redirectWithout300(str).build());
                }
                session.authorize();
                return;
            } catch (NoSuchElementException e) {
                if (this.accountBlocker != null) {
                    this.accountBlocker.fail(session.getUserName());
                }
                session.clear();
                showPage(exchange, 0, "error", "INVALID_TOKEN");
                return;
            } catch (Exception e2) {
                log.error(e2);
                session.clear();
                showPage(exchange, 0, "error", "INTERNAL_SERVER_ERROR");
                return;
            }
        }
        if (!exchange.getRequest().getMethod().equals("POST")) {
            showPage(exchange, 0, new Object[0]);
            return;
        }
        Map<String, String> params = URLParamUtil.getParams(this.uriFactory, exchange);
        String str2 = params.get("username");
        if (str2 == null) {
            showPage(exchange, 0, "error", "INVALID_PASSWORD");
            return;
        }
        if (this.accountBlocker != null && this.accountBlocker.isBlocked(str2)) {
            showPage(exchange, 0, "error", "ACCOUNT_BLOCKED");
            return;
        }
        try {
            Map<String, String> verify = this.userDataProvider.verify(params);
            if (this.exposeUserCredentialsToSession) {
                for (Map.Entry<String, String> entry : params.entrySet()) {
                    if (!verify.containsKey(entry.getKey())) {
                        verify.put(entry.getKey(), entry.getValue());
                    }
                }
            }
            showPage(exchange, 1, new Object[0]);
            this.sessionManager.createSession(exchange).preAuthorize(str2, verify);
            this.tokenProvider.requestToken(verify);
        } catch (NoSuchElementException e3) {
            if (this.accountBlocker != null) {
                this.accountBlocker.fail(str2);
            }
            showPage(exchange, 0, "error", "INVALID_PASSWORD");
        } catch (Exception e4) {
            log.error(e4);
            showPage(exchange, 0, "error", "INTERNAL_SERVER_ERROR");
        }
    }

    public Outcome redirectToLogin(Exchange exchange) throws MalformedURLException, UnsupportedEncodingException {
        exchange.setResponse(Response.redirect(this.path + "?target=" + URLEncoder.encode(exchange.getOriginalRequestUri(), "UTF-8"), false).dontCache().body("").build());
        return Outcome.RETURN;
    }
}
