package org.eclipse.scout.rt.server.commons.authentication;

import java.io.IOException;
import java.util.concurrent.TimeUnit;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.scout.rt.platform.BEANS;
import org.eclipse.scout.rt.platform.security.ICredentialVerifier;
import org.eclipse.scout.rt.platform.security.IPrincipalProducer;
import org.eclipse.scout.rt.platform.security.SimplePrincipalProducer;
import org.eclipse.scout.rt.platform.util.Assertions;
import org.eclipse.scout.rt.platform.util.ImmutablePair;
import org.eclipse.scout.rt.platform.util.Pair;
import org.eclipse.scout.rt.platform.util.SleepUtil;
import org.eclipse.scout.rt.platform.util.StringUtility;
import org.eclipse.scout.rt.server.commons.servlet.cache.HttpCacheControl;

/* loaded from: input_file:org/eclipse/scout/rt/server/commons/authentication/FormBasedAccessController.class */
public class FormBasedAccessController implements IAccessController {
    protected FormBasedAuthConfig m_config;

    /* loaded from: input_file:org/eclipse/scout/rt/server/commons/authentication/FormBasedAccessController$FormBasedAuthConfig.class */
    public static class FormBasedAuthConfig {
        private ICredentialVerifier m_credentialVerifier;
        private boolean m_enabled = true;
        private long m_status403WaitMillis = 500;
        private IPrincipalProducer m_principalProducer = (IPrincipalProducer) BEANS.get(SimplePrincipalProducer.class);

        public boolean isEnabled() {
            return this.m_enabled;
        }

        public FormBasedAuthConfig withEnabled(boolean z) {
            this.m_enabled = z;
            return this;
        }

        public ICredentialVerifier getCredentialVerifier() {
            return this.m_credentialVerifier;
        }

        public FormBasedAuthConfig withCredentialVerifier(ICredentialVerifier iCredentialVerifier) {
            this.m_credentialVerifier = iCredentialVerifier;
            return this;
        }

        public IPrincipalProducer getPrincipalProducer() {
            return this.m_principalProducer;
        }

        public FormBasedAuthConfig withPrincipalProducer(IPrincipalProducer iPrincipalProducer) {
            this.m_principalProducer = iPrincipalProducer;
            return this;
        }

        public long getStatus403WaitMillis() {
            return this.m_status403WaitMillis;
        }

        public FormBasedAuthConfig withStatus403WaitMillis(long j) {
            this.m_status403WaitMillis = j;
            return this;
        }
    }

    public FormBasedAccessController init(FormBasedAuthConfig formBasedAuthConfig) {
        this.m_config = formBasedAuthConfig;
        Assertions.assertNotNull(this.m_config.getCredentialVerifier(), "CredentialVerifier must not be null", new Object[0]);
        Assertions.assertNotNull(this.m_config.getPrincipalProducer(), "PrincipalProducer must not be null", new Object[0]);
        return this;
    }

    @Override // org.eclipse.scout.rt.server.commons.authentication.IAccessController
    public boolean handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.m_config.isEnabled() && "/auth".equals(httpServletRequest.getPathInfo())) {
            return handleAuthRequest(httpServletRequest, httpServletResponse);
        }
        return false;
    }

    @Override // org.eclipse.scout.rt.server.commons.authentication.IAccessController
    public void destroy() {
    }

    protected boolean handleAuthRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        httpServletResponse.setHeader(HttpCacheControl.CACHE_CONTROL, "private, no-store, no-cache, max-age=0");
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setDateHeader("Expires", 0L);
        Pair<String, char[]> readCredentials = readCredentials(httpServletRequest);
        if (readCredentials == null) {
            handleForbidden(8, httpServletResponse);
            return true;
        }
        int verify = this.m_config.getCredentialVerifier().verify((String) readCredentials.getLeft(), (char[]) readCredentials.getRight());
        if (verify != 1) {
            handleForbidden(verify, httpServletResponse);
            return true;
        }
        ServletFilterHelper servletFilterHelper = (ServletFilterHelper) BEANS.get(ServletFilterHelper.class);
        servletFilterHelper.invalidateSessionAfterLogin(httpServletRequest);
        servletFilterHelper.putPrincipalOnSession(httpServletRequest, this.m_config.getPrincipalProducer().produce((String) readCredentials.getLeft()));
        return true;
    }

    protected void handleForbidden(int i, HttpServletResponse httpServletResponse) throws IOException {
        if (this.m_config.getStatus403WaitMillis() > 0) {
            SleepUtil.sleepSafe(this.m_config.getStatus403WaitMillis(), TimeUnit.MILLISECONDS);
        }
        httpServletResponse.sendError(403);
    }

    protected Pair<String, char[]> readCredentials(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("user");
        if (StringUtility.isNullOrEmpty(parameter)) {
            return null;
        }
        String parameter2 = httpServletRequest.getParameter("password");
        if (StringUtility.isNullOrEmpty(parameter2)) {
            return null;
        }
        return new ImmutablePair(parameter, parameter2.toCharArray());
    }
}
