package blackboard.platform.security.authentication.servlet;

import blackboard.data.user.User;
import blackboard.db.CIConstants;
import blackboard.persist.user.UserDbPersister;
import blackboard.persist.user.impl.UserDbLoaderImpl;
import blackboard.platform.BbServiceManager;
import blackboard.platform.context.ContextManager;
import blackboard.platform.extension.service.ExtensionRegistryFactory;
import blackboard.platform.intl.BbResourceBundle;
import blackboard.platform.security.SecurityDbUtil;
import blackboard.platform.security.authentication.HttpAuthManager;
import blackboard.platform.security.authentication.HttpAuthUtil;
import blackboard.platform.security.authentication.OldPasswordException;
import blackboard.platform.servlet.HttpDownloadFileServlet;
import blackboard.platform.session.CookieKiller;
import blackboard.util.FileUtil;
import blackboard.util.StringUtil;
import blackboard.util.UrlUtil;
import java.io.File;
import java.io.IOException;
import java.util.Iterator;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:blackboard/platform/security/authentication/servlet/LoginBrokerServlet.class */
public class LoginBrokerServlet extends HttpServlet {
    private static final String SSL_LICENSE_KEY = "security.ssl";
    private static final String NO_SSL_URI = "/nossl.html";
    public static final String NEW_LOC_PARAM = "new_loc";
    public static final String ACTION_PARAM = "action";
    public static final String CHALLENGE_PARAM = "challenge";
    public static final String USER_MSG_PARAM = "msg";
    public static final String USER_ID_PARAM = "user_id";
    public static final String ENCODED_PASSWORD_PARAM = "encoded_pw";
    public static final String ENCODED_PASSWORD_UNICODE_PARAM = "encoded_pw_unicode";
    public static final String BATCH_UID_PARAM = "batch_uid";
    public static final String LOGIN_ACTION = "login";
    public static final String LOGIN_VIA_DEFAULT_PAGE_ACTION = "default_login";
    public static final String RELOGIN_ACTION = "relogin";
    public static final String LOGOUT_ACTION = "logout";
    public static final String CHECK_PASSWORD_ACTION = "checkpassword";
    public static final String GUEST_LOGIN_ACTION = "guest_login";
    public static final String RECONCILE_EXTERNAL_ACCOUNT_ACTION = "reconcile";
    public static final String PORTAL_DIRECT_ENTRY_ACTION = "portal_direct_entry";
    public static final String CLEAR_PASSPORT_COOKIES_ACTION = "passport";
    public static final String DEFAULT_ACTION = "login";
    public static final String ERROR_MSG = "error";
    public static final String INVALID_MSG = "invalid";
    public static final String JSP_ERROR_PAGE = "error.jsp";
    public static final String BB_LOGIN_PAGE = "login.jsp";
    public static final String BB_RECONCILE_ACCT_PAGE = "reconcile-acct.jsp";
    private boolean _isLicensedForSSL = false;
    private BbResourceBundle _bundle = null;

    public void init() throws ServletException {
        try {
            this._isLicensedForSSL = BbServiceManager.getLicenseManager().isLicensed(SSL_LICENSE_KEY);
        } catch (Exception e) {
            throw new ServletException(this._bundle.getString("login.broker.license.error"), e);
        }
    }

    private BbResourceBundle getBundle() {
        if (null == this._bundle) {
            this._bundle = BbServiceManager.getBundleManager().getBundle("security");
        }
        return this._bundle;
    }

    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if ("https".equals(httpServletRequest.getScheme()) && !this._isLicensedForSSL) {
            httpServletResponse.sendRedirect(NO_SSL_URI);
            return;
        }
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setHeader("Cache-Control", "no-cache");
        ContextManager contextManager = null;
        try {
            try {
                ContextManager contextManager2 = (ContextManager) BbServiceManager.lookupService(ContextManager.class);
                contextManager2.setContext(httpServletRequest);
                String str = null;
                if (httpServletRequest != null) {
                    str = httpServletRequest.getParameter(ACTION_PARAM);
                }
                if (StringUtil.isEmpty(str)) {
                    str = "login";
                }
                if (UrlUtil.isSystemSSL() && "http".equals(httpServletRequest.getScheme())) {
                    httpServletResponse.sendRedirect(UrlUtil.calculateFullUrl(httpServletRequest.getServerName(), UrlUtil.isSystemSSL(), CIConstants.DEF_LOGIN_URL));
                    if (contextManager2 != null) {
                        contextManager2.releaseContext();
                        return;
                    }
                    return;
                }
                if (str.equalsIgnoreCase("login")) {
                    doLogin(httpServletRequest, httpServletResponse);
                } else if (str.equalsIgnoreCase(CHECK_PASSWORD_ACTION)) {
                    doCheckPassword(httpServletRequest, httpServletResponse);
                } else if (str.equalsIgnoreCase(GUEST_LOGIN_ACTION)) {
                    doGuestLogin(httpServletRequest, httpServletResponse);
                } else if (str.equalsIgnoreCase("reconcile")) {
                    doReconcileExternalAccount(httpServletRequest, httpServletResponse);
                } else if (str.equalsIgnoreCase(LOGOUT_ACTION)) {
                    doLogout(httpServletRequest, httpServletResponse);
                } else if (str.equalsIgnoreCase(RELOGIN_ACTION)) {
                    doRelogin(httpServletRequest, httpServletResponse);
                } else if (str.equalsIgnoreCase(PORTAL_DIRECT_ENTRY_ACTION)) {
                    doPortalDirectEntry(httpServletRequest, httpServletResponse);
                } else if (str.equalsIgnoreCase(LOGIN_VIA_DEFAULT_PAGE_ACTION)) {
                    doLoginViaDefaultPage(httpServletRequest, httpServletResponse);
                } else {
                    if (!str.equalsIgnoreCase(CLEAR_PASSPORT_COOKIES_ACTION)) {
                        throw new RuntimeException(getBundle().getString("login.broker.invalid.url") + "'" + str + "'");
                    }
                    doClearPassportCookies(httpServletRequest, httpServletResponse);
                }
                if (contextManager2 != null) {
                    contextManager2.releaseContext();
                }
            } catch (Exception e) {
                BbServiceManager.getLogService().logError("LoginBrokerServlet.service()", e);
                httpServletRequest.setAttribute("exception", e);
                getServletContext().getRequestDispatcher("/error.jsp").forward(httpServletRequest, httpServletResponse);
                if (0 != 0) {
                    contextManager.releaseContext();
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                contextManager.releaseContext();
            }
            throw th;
        }
    }

    private void doLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doLogin(httpServletRequest, httpServletResponse, true);
    }

    private void doLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws ServletException, IOException {
        boolean z2 = BbServiceManager.getSessionManagerService().safeGetSession(httpServletRequest, httpServletResponse) != null;
        HttpAuthManager httpAuthManager = new HttpAuthManager(httpServletRequest, httpServletResponse);
        try {
            z2 = httpAuthManager.validateSession();
        } catch (OldPasswordException e) {
            httpServletRequest.setAttribute(USER_MSG_PARAM, "<b><font color=\"red\">" + getBundle().getString("auth.impl.invalid.credentials") + "</font></b>");
        }
        if (z2) {
            processLocaleAuthenticationUpdate();
            HttpAuthUtil.sendNewLocRedirect(httpServletRequest, httpServletResponse);
            return;
        }
        String errorMessage = httpAuthManager.getErrorMessage();
        if (errorMessage != null && errorMessage.length() > 0) {
            httpServletRequest.setAttribute(USER_MSG_PARAM, errorMessage);
        }
        try {
            if (z) {
                httpAuthManager.requestAuthenticate(httpServletRequest, httpServletResponse);
            } else {
                getServletContext().getRequestDispatcher("/login.jsp").forward(httpServletRequest, httpServletResponse);
            }
        } catch (Exception e2) {
            throw new ServletException(e2);
        }
    }

    private void doCheckPassword(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doLogin(httpServletRequest, httpServletResponse);
    }

    private void doGuestLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doLogin(httpServletRequest, httpServletResponse);
    }

    private void doPortalDirectEntry(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (!SecurityDbUtil.getPortalDirectEntry(httpServletRequest, httpServletResponse)) {
            throw new ServletException(getBundle().getString("login.broker.portal.direct.disabled"));
        }
        doGuestLogin(httpServletRequest, httpServletResponse);
    }

    private void doReconcileExternalAccount(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doLogin(httpServletRequest, httpServletResponse);
    }

    private void doLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HttpAuthManager httpAuthManager = new HttpAuthManager(httpServletRequest, httpServletResponse);
        try {
            if (BbServiceManager.getSessionManagerService().getSession(httpServletRequest).isAuthenticated()) {
                Iterator it = ExtensionRegistryFactory.getInstance().getExtensions(CookieKiller.EXTENSION_POINT).iterator();
                while (it.hasNext()) {
                    ((CookieKiller) it.next()).killCookies(httpServletRequest, httpServletResponse);
                }
                httpAuthManager.invalidateSession();
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        httpAuthManager.logoutRedirect();
    }

    private void doClearPassportCookies(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (!HttpAuthManager.isPassport()) {
            doLogout(httpServletRequest, httpServletResponse);
        }
        int i = 0;
        for (Cookie cookie : httpServletRequest.getCookies()) {
            String name = cookie.getName();
            if (name != null && (name.equals("MSPAuth") || name.equals("MSPProf"))) {
                Cookie cookie2 = new Cookie(name, "");
                String path = cookie.getPath();
                if (path == null || path.length() == 0) {
                    path = "/";
                }
                cookie2.setPath(path);
                String domain = cookie.getDomain();
                if (domain != null && domain.length() > 0) {
                    cookie2.setDomain(domain);
                }
                cookie2.setMaxAge(0);
                httpServletResponse.addCookie(cookie2);
                i++;
            }
        }
        httpServletResponse.setStatus(200);
        httpServletResponse.setContentType(HttpDownloadFileServlet.GIF_MIME_TYPE);
        try {
            FileUtil.writeFileToStream(new File(BbServiceManager.getConfigurationService().getBlackboardDir(), "/docs/images/spacer.gif"), httpServletResponse.getOutputStream());
        } catch (Exception e) {
            throw new ServletException(e.getMessage(), e);
        }
    }

    private void doRelogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            new HttpAuthManager(httpServletRequest, httpServletResponse).invalidateSession();
        } catch (Exception e) {
            BbServiceManager.getLogService().logDebug("An error occurred while attempting to invalidate the current session", e);
        }
        doLogin(httpServletRequest, httpServletResponse);
    }

    private void doLoginViaDefaultPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doLogin(httpServletRequest, httpServletResponse, false);
    }

    private void processLocaleAuthenticationUpdate() {
        User user = BbServiceManager.getContextManager().getContext().getUser();
        if (user == null || !user.getId().isSet() || user.getUserName().equals(UserDbLoaderImpl.GUEST_USERNAME)) {
            return;
        }
        String guestSessionLocale = BbServiceManager.getContextManager().getContext().getGuestSessionLocale();
        String locale = BbServiceManager.getContextManager().getContext().getUser().getLocale();
        if (guestSessionLocale == null || guestSessionLocale.length() == 0) {
            return;
        }
        if (locale == null || !locale.equals(guestSessionLocale)) {
            user.setLocale(guestSessionLocale);
            try {
                UserDbPersister.Default.getInstance().persist(user);
            } catch (Exception e) {
                BbServiceManager.getLogService().logDebug("processLocaleAuthenticationUpdate()", e);
            }
        }
    }
}
