package org.lamsfoundation.lams.integration.security;

import io.undertow.Handlers;
import io.undertow.server.HttpHandler;
import io.undertow.server.session.Session;
import io.undertow.servlet.ServletExtension;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.handlers.ServletRequestContext;
import io.undertow.servlet.spec.HttpSessionImpl;
import java.security.AccessController;
import java.security.PrivilegedAction;
import javax.servlet.ServletContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.lamsfoundation.lams.usermanagement.User;
import org.lamsfoundation.lams.usermanagement.dto.UserDTO;
import org.lamsfoundation.lams.usermanagement.service.IUserManagementService;
import org.lamsfoundation.lams.usermanagement.service.UserManagementService;
import org.lamsfoundation.lams.web.session.SessionManager;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:org/lamsfoundation/lams/integration/security/SsoHandler.class */
public class SsoHandler implements ServletExtension {
    private static IUserManagementService userManagementService = null;
    protected static final String SESSION_KEY = "io.undertow.servlet.form.auth.redirect.location";
    public static final String NO_FLUSH_FLAG = "noFlush";

    public void handleDeployment(DeploymentInfo deploymentInfo, ServletContext servletContext) {
        SessionManager.setServletContext(servletContext);
        deploymentInfo.addOuterHandlerChainWrapper(httpHandler -> {
            HttpHandler httpHandler = httpServerExchange -> {
                User userByLogin;
                ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
                HttpServletRequest servletRequest = servletRequestContext.getServletRequest();
                if (SessionManager.getJvmRoute() == null) {
                    setJvmRoute(servletRequest);
                }
                HttpSession session = servletRequest.getSession();
                String parameter = servletRequest.getParameter("redirectURL");
                if (!StringUtils.isBlank(parameter)) {
                    handleRedirectBack(servletRequestContext, parameter);
                }
                UserDTO userDTO = null;
                String parameter2 = servletRequest.getParameter("j_username");
                if (!StringUtils.isBlank(parameter2) && (userByLogin = getUserManagementService(session.getServletContext()).getUserByLogin(parameter2)) != null) {
                    userDTO = userByLogin.getUserDTO();
                }
                servletRequest.changeSessionId();
                SessionManager.startSession(servletRequest);
                httpHandler.handleRequest(httpServerExchange);
                if (!StringUtils.isBlank(parameter2) && parameter2.equals(servletRequest.getRemoteUser())) {
                    session.setAttribute("user", userDTO);
                    HttpSession sessionForLogin = SessionManager.getSessionForLogin(parameter2);
                    if (sessionForLogin != null) {
                        sessionForLogin.setAttribute(NO_FLUSH_FLAG, true);
                        SessionManager.removeSession(parameter2, true);
                    }
                    SessionManager.addSession(parameter2, session);
                }
                SessionManager.endSession();
            };
            return Handlers.path().addPrefixPath("/", httpHandler).addExactPath("/j_security_check", httpHandler).addExactPath("/r/j_security_check", httpHandler);
        });
    }

    protected static void handleRedirectBack(ServletRequestContext servletRequestContext, String str) {
        if (str.contains("\n") || str.contains("\r")) {
            throw new SecurityException("redirectURL contains forbidden characters: \\n or \\r. Possible HTTP Response Splitting attack.");
        }
        HttpSessionImpl session = servletRequestContext.getCurrentServletContext().getSession(servletRequestContext.getExchange(), true);
        if (session != null) {
            (System.getSecurityManager() == null ? session.getSession() : (Session) AccessController.doPrivileged((PrivilegedAction) new HttpSessionImpl.UnwrapSessionAction(session))).setAttribute(SESSION_KEY, str);
        }
    }

    protected static void setJvmRoute(HttpServletRequest httpServletRequest) {
        int indexOf;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(SessionManager.SYS_SESSION_COOKIE) && (indexOf = cookie.getValue().indexOf(46)) > 0) {
                SessionManager.setJvmRoute(cookie.getValue().substring(indexOf + 1));
                return;
            }
        }
    }

    protected IUserManagementService getUserManagementService(ServletContext servletContext) {
        if (userManagementService == null) {
            userManagementService = (UserManagementService) WebApplicationContextUtils.getWebApplicationContext(servletContext).getBean("userManagementService");
        }
        return userManagementService;
    }
}
