package org.gcube.application.framework.http.login;

import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.gcube.application.framework.core.security.LDAPAuthenticationModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import sun.misc.BASE64Decoder;

/* loaded from: input_file:WEB-INF/classes/org/gcube/application/framework/http/login/Login.class */
public class Login extends HttpServlet {
    private static final Logger logger = LoggerFactory.getLogger(Login.class);
    private static final long serialVersionUID = 1;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String header = httpServletRequest.getHeader("Authorization");
        HttpSession session = httpServletRequest.getSession(true);
        if (session.getAttribute("logon.isDone") != null) {
            logger.debug("No authentication needed");
            return;
        }
        String allowUserGet = allowUserGet(header);
        if (allowUserGet == null) {
            httpServletResponse.setHeader("WWW-Authenticate", "BASIC realm=\"D4ScienceUsers\"");
            httpServletResponse.sendError(401);
            return;
        }
        logger.debug("The session id is: " + session.getId());
        session.setAttribute("logon.isDone", allowUserGet);
        String str = (String) session.getAttribute("target");
        try {
            httpServletResponse.setStatus(200);
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(httpServletRequest.getRequestURI()));
        } catch (Exception e) {
            logger.debug("Redirect failed");
            logger.debug(str);
        }
    }

    protected String allowUserGet(String str) throws IOException {
        if (str == null || !str.toUpperCase().startsWith("BASIC ")) {
            return null;
        }
        String[] split = new String(new BASE64Decoder().decodeBuffer(str.substring(6))).split(":");
        if (split.length < 2) {
            return null;
        }
        String str2 = split[0];
        boolean z = false;
        try {
            z = new LDAPAuthenticationModule().checkAuthentication(str2, split[1]);
        } catch (Throwable th) {
            logger.error("Exception:", th);
        }
        if (z) {
            logger.debug("The user exists");
            return str2;
        }
        logger.debug("The user doesn't exist!");
        return null;
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("password");
        String parameter2 = httpServletRequest.getParameter("username");
        if (parameter2 == null || parameter == null) {
            httpServletResponse.sendError(404);
            return;
        }
        HttpSession session = httpServletRequest.getSession(true);
        if (session.getAttribute("logon.isDone") != null) {
            logger.debug("No authentication needed");
            return;
        }
        if (!allowUserPost(parameter, parameter2)) {
            httpServletResponse.sendError(401);
            return;
        }
        logger.debug("The session id is: " + session.getId());
        session.setAttribute("logon.isDone", parameter2);
        PrintWriter writer = httpServletResponse.getWriter();
        httpServletResponse.setContentType("text/xml");
        DocumentBuilder documentBuilder = null;
        try {
            documentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
        } catch (ParserConfigurationException e) {
            logger.error("Exception:", e);
        }
        Document newDocument = documentBuilder.newDocument();
        Element createElement = newDocument.createElement("SessionID");
        newDocument.appendChild(createElement);
        Element createElement2 = newDocument.createElement("jsessionid");
        createElement2.setTextContent(session.getId());
        createElement.appendChild(createElement2);
        StringWriter stringWriter = new StringWriter();
        try {
            TransformerFactory.newInstance().newTransformer().transform(new DOMSource(newDocument), new StreamResult(stringWriter));
        } catch (Exception e2) {
            logger.error("Exception:", e2);
        }
        String stringWriter2 = stringWriter.toString();
        logger.debug(stringWriter2);
        writer.write(stringWriter2);
        writer.close();
    }

    protected boolean allowUserPost(String str, String str2) throws IOException {
        logger.debug("username is: " + str2);
        if (str == null) {
            return false;
        }
        boolean z = false;
        try {
            z = new LDAPAuthenticationModule().checkAuthentication(str2, str);
        } catch (Throwable th) {
            logger.error("Exception:", th);
        }
        if (z) {
            logger.debug("The user exists");
            return true;
        }
        logger.debug("The user doesn't exist!");
        return false;
    }
}
