package org.lamsfoundation.lams.integration.security;

import io.undertow.Handlers;
import io.undertow.security.idm.Account;
import io.undertow.server.HandlerWrapper;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.session.Session;
import io.undertow.servlet.ServletExtension;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.handlers.ServletRequestContext;
import io.undertow.servlet.spec.HttpSessionImpl;
import io.undertow.util.Methods;
import java.security.AccessController;
import java.security.PrivilegedAction;
import javax.servlet.ServletContext;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.lamsfoundation.lams.web.session.SessionManager;

/* loaded from: input_file:org/lamsfoundation/lams/integration/security/SsoProducer.class */
public class SsoProducer implements ServletExtension {
    protected static final String SSO_ATTRIBUTE_NAME = "ssoAccount";
    protected static final String SESSION_KEY = "io.undertow.servlet.form.auth.redirect.location";

    public void handleDeployment(DeploymentInfo deploymentInfo, ServletContext servletContext) {
        deploymentInfo.addOuterHandlerChainWrapper(new HandlerWrapper() { // from class: org.lamsfoundation.lams.integration.security.SsoProducer.1
            public HttpHandler wrap(final HttpHandler httpHandler) {
                return Handlers.path().addPrefixPath("/", httpHandler).addExactPath("/j_security_check", new HttpHandler() { // from class: org.lamsfoundation.lams.integration.security.SsoProducer.1.1
                    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
                        HttpSession session;
                        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
                        HttpServletRequest servletRequest = servletRequestContext.getServletRequest();
                        ServletResponse servletResponse = servletRequestContext.getServletResponse();
                        String parameter = servletRequest.getParameter("redirectURL");
                        if (parameter != null) {
                            SsoProducer.handleRedirectBack(servletRequestContext, parameter);
                        }
                        SessionManager.startSession(servletRequest, servletResponse);
                        httpServerExchange.setRequestMethod(Methods.POST);
                        httpHandler.handleRequest(httpServerExchange);
                        HttpSession session2 = SessionManager.getSession();
                        Account authenticatedAccount = httpServerExchange.getSecurityContext().getAuthenticatedAccount();
                        if (authenticatedAccount == null) {
                            session2.removeAttribute(SsoProducer.SSO_ATTRIBUTE_NAME);
                        } else {
                            session2.setAttribute(SsoProducer.SSO_ATTRIBUTE_NAME, authenticatedAccount);
                            if (parameter != null && (session = servletRequest.getSession(false)) != null) {
                                session.removeAttribute("extUser");
                            }
                        }
                        SessionManager.endSession();
                    }
                });
            }
        });
    }

    protected static void handleRedirectBack(ServletRequestContext servletRequestContext, String str) {
        HttpSessionImpl session = servletRequestContext.getCurrentServletContext().getSession(servletRequestContext.getExchange(), false);
        if (session != null) {
            (System.getSecurityManager() == null ? session.getSession() : (Session) AccessController.doPrivileged((PrivilegedAction) new HttpSessionImpl.UnwrapSessionAction(session))).setAttribute(SESSION_KEY, str);
        }
    }
}
