package no.kantega.publishing.security.action;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import no.kantega.commons.exception.ConfigurationException;
import no.kantega.commons.log.Log;
import no.kantega.publishing.common.Aksess;
import no.kantega.publishing.common.data.BaseObject;
import no.kantega.publishing.common.data.enums.Event;
import no.kantega.publishing.common.service.impl.EventLog;
import no.kantega.publishing.security.SecuritySession;
import no.kantega.publishing.security.data.LoginRestrictor;
import no.kantega.publishing.spring.RootContext;
import no.kantega.security.api.common.SystemException;
import no.kantega.security.api.identity.DefaultIdentity;
import no.kantega.security.api.identity.DefaultIdentityResolver;
import no.kantega.security.api.identity.IdentityResolver;
import no.kantega.security.api.password.PasswordManager;
import no.kantega.security.api.role.RoleManager;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;
import org.springframework.web.servlet.view.RedirectView;

/* loaded from: input_file:WEB-INF/lib/openaksess-core-6.0.2.jar:no/kantega/publishing/security/action/LoginAction.class */
public class LoginAction implements Controller {
    private LoginRestrictor userLoginRestrictor;
    private LoginRestrictor ipLoginRestrictor;
    private String loginView = null;
    private boolean rolesExists = false;

    @Override // org.springframework.web.servlet.mvc.Controller
    public ModelAndView handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        HttpSession session;
        String parameter = httpServletRequest.getParameter("j_username");
        String parameter2 = httpServletRequest.getParameter("j_domain");
        String parameter3 = httpServletRequest.getParameter("j_password");
        httpServletRequest.getParameter("j_newpassword");
        String parameter4 = httpServletRequest.getParameter("redirect");
        if (parameter4 == null || parameter4.length() == 0) {
            parameter4 = Aksess.getContextPath();
        }
        if (httpServletRequest.isSecure() && parameter4.startsWith("http:")) {
            parameter4 = parameter4.replaceFirst("http:", "https:");
        }
        if (!rolesExists()) {
            return new ModelAndView(new RedirectView(Aksess.getContextPath() + "/CreateInitialUser.action"));
        }
        r15 = null;
        HashMap hashMap = new HashMap();
        Map beansOfType = RootContext.getInstance().getBeansOfType(PasswordManager.class);
        if (beansOfType != null) {
            for (PasswordManager passwordManager : beansOfType.values()) {
                if (passwordManager.getDomain().equalsIgnoreCase(parameter2)) {
                    break;
                }
            }
        }
        if (passwordManager == null) {
            throw new ConfigurationException("PasswordManager == null");
        }
        if (parameter != null && parameter3 != null) {
            DefaultIdentity defaultIdentity = new DefaultIdentity();
            defaultIdentity.setUserId(parameter);
            defaultIdentity.setDomain(parameter2);
            boolean isBlocked = this.userLoginRestrictor.isBlocked(parameter);
            boolean isBlocked2 = this.ipLoginRestrictor.isBlocked(httpServletRequest.getRemoteAddr());
            if (!isBlocked && !isBlocked2) {
                if (passwordManager.verifyPassword(defaultIdentity, parameter3)) {
                    this.userLoginRestrictor.registerLoginAttempt(parameter, true);
                    this.ipLoginRestrictor.registerLoginAttempt(httpServletRequest.getRemoteAddr(), true);
                    HttpSession session2 = httpServletRequest.getSession(true);
                    IdentityResolver identityResolver = SecuritySession.getInstance(httpServletRequest).getRealm().getIdentityResolver();
                    session2.setAttribute(identityResolver.getAuthenticationContext() + DefaultIdentityResolver.SESSION_IDENTITY_NAME, parameter);
                    session2.setAttribute(identityResolver.getAuthenticationContext() + DefaultIdentityResolver.SESSION_IDENTITY_DOMAIN, parameter2);
                    SecuritySession.getInstance(httpServletRequest);
                    return new ModelAndView(new RedirectView(parameter4));
                }
                this.userLoginRestrictor.registerLoginAttempt(parameter, false);
                this.ipLoginRestrictor.registerLoginAttempt(httpServletRequest.getRemoteAddr(), false);
                EventLog.log(parameter, httpServletRequest.getRemoteAddr(), Event.FAILED_LOGIN, parameter, (BaseObject) null);
                hashMap.put("loginfailed", Boolean.TRUE);
            } else if (isBlocked) {
                hashMap.put("blockedUser", Boolean.TRUE);
                Log.info(getClass().getName(), "Too many attempts. User is blocked from login:" + parameter, null, null);
            } else {
                hashMap.put("blockedIP", Boolean.TRUE);
                Log.info(getClass().getName(), "Too many attempts. IP-adress is blocked from login:" + httpServletRequest.getRemoteAddr(), null, null);
            }
        }
        if (Aksess.isInvalidateSessionBeforeLogin() && (session = httpServletRequest.getSession()) != null) {
            try {
                session.invalidate();
            } catch (Exception e) {
            }
        }
        hashMap.put("redirect", parameter4);
        hashMap.put("username", parameter);
        return new ModelAndView(this.loginView, hashMap);
    }

    public void setLoginView(String str) {
        this.loginView = str;
    }

    public void setUserLoginRestrictor(LoginRestrictor loginRestrictor) {
        this.userLoginRestrictor = loginRestrictor;
    }

    public void setIpLoginRestrictor(LoginRestrictor loginRestrictor) {
        this.ipLoginRestrictor = loginRestrictor;
    }

    private boolean rolesExists() throws SystemException {
        if (this.rolesExists) {
            return true;
        }
        Map beansOfType = RootContext.getInstance().getBeansOfType(RoleManager.class);
        if (beansOfType == null) {
            return false;
        }
        Iterator it = beansOfType.values().iterator();
        while (it.hasNext()) {
            if (((RoleManager) it.next()).getAllRoles().hasNext()) {
                this.rolesExists = true;
                return true;
            }
        }
        return false;
    }
}
