package com.ai.servlets;

import com.ai.application.interfaces.ICreator;
import com.ai.application.interfaces.RequestExecutionException;
import com.ai.application.utils.AppObjects;
import com.ai.aspire.authentication.AuthorizationException;
import com.ai.common.Tokenizer;
import com.ai.servlets.compatibility.ServletCompatibility;
import com.ai.servletutils.ServletUtils;
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import sun.misc.BASE64Decoder;

/* loaded from: input_file:com/ai/servlets/DefaultSessionSupport1.class */
public class DefaultSessionSupport1 implements ISessionSupport, ICreator {
    private Vector m_loginPageURLs;

    public DefaultSessionSupport1() {
        this.m_loginPageURLs = null;
        AppObjects.log("Info:ssup: DefaultSessionSupport is beging constructed");
        String value = AppObjects.getIConfig().getValue(AspireConstants.LOGIN_PAGE_URLS, null);
        if (value != null) {
            this.m_loginPageURLs = Tokenizer.tokenize(value, ",");
        }
    }

    @Override // com.ai.application.interfaces.ICreator
    public Object executeRequest(String str, Object obj) throws RequestExecutionException {
        return this;
    }

    public HttpSession getPublicSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return httpServletRequest.getSession(true);
    }

    @Override // com.ai.servlets.ISessionSupport
    public HttpSession getSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AspireServletException {
        try {
            return internalGetSession(httpServletRequest, httpServletResponse);
        } catch (RequestExecutionException e) {
            throw new AspireServletException("Error:" + e.getRootCause(), e);
        }
    }

    public HttpSession internalGetSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws RequestExecutionException, AspireServletException {
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null && ((String) ServletCompatibility.getSessionValue(session, AspireConstants.ASPIRE_LOGGEDIN_STATUS_KEY)) != null) {
            return session;
        }
        try {
            if (ServletUtils.isAPublicURL(httpServletRequest, httpServletResponse)) {
                return getPublicSession(httpServletRequest, httpServletResponse);
            }
        } catch (AuthorizationException e) {
            AppObjects.log("Error:" + e.getRootCause(), e);
        }
        if (AppObjects.getIConfig().getValue(AspireConstants.APPLY_SESSION_MANAGEMENT, "no").equals("no")) {
            String userIfValid = getUserIfValid(httpServletRequest, httpServletResponse);
            if (userIfValid == null) {
                return null;
            }
            HttpSession session2 = httpServletRequest.getSession(true);
            joinUserToTheSession(session2, userIfValid, httpServletRequest, httpServletResponse);
            return session2;
        }
        AppObjects.log("Info:ssup: Session management requested");
        if (!isLoginPage(httpServletRequest)) {
            redirectUserToMainPage(httpServletResponse);
            return null;
        }
        AppObjects.log("Info:ssup: UserAuthorization requested");
        String userIfValid2 = getUserIfValid(httpServletRequest, httpServletResponse);
        if (userIfValid2 == null) {
            AppObjects.log("Info:ssup: null Invalid user");
            httpServletResponse.setStatus(401);
            httpServletResponse.setHeader("WWW-authenticate", "Basic realm=\"" + getRealm() + "\"");
            return null;
        }
        if (AppObjects.getIConfig().getValue(AspireConstants.SESSION_CREATE_AUTHORITY, "yes").equals("no")) {
            redirectUserToMainPage(httpServletResponse);
            return null;
        }
        HttpSession session3 = httpServletRequest.getSession(true);
        joinUserToTheSession(session3, userIfValid2, httpServletRequest, httpServletResponse);
        return session3;
    }

    private void joinUserToTheSession(HttpSession httpSession, String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws RequestExecutionException, AspireServletException {
        AppObjects.log("Info:ssup:joining user to the session");
        ServletCompatibility.putSessionValue(httpSession, AspireConstants.ASPIRE_USER_NAME_KEY, str);
        ServletCompatibility.putSessionValue(httpSession, AspireConstants.ASPIRE_LOGGEDIN_STATUS_KEY, "true");
        SWIHttpEvents.userLogin(str, httpSession, httpServletRequest, httpServletResponse);
    }

    private String getRealm() {
        return AppObjects.getIConfig().getValue(AspireConstants.REALM, "AI");
    }

    private boolean isLoginPage(HttpServletRequest httpServletRequest) {
        Object object;
        try {
            object = AppObjects.getIFactory().getObject(AspireConstants.LOGIN_PAGE_VALIDATION_REQUEST, httpServletRequest);
        } catch (RequestExecutionException e) {
            AppObjects.log("Info:ssup: No login page validation object specified");
        }
        if (object instanceof Boolean) {
            return ((Boolean) object).booleanValue();
        }
        AppObjects.log("Error:ssup: Login page validation object returned other than a boolean");
        if (this.m_loginPageURLs == null) {
            AppObjects.log("Error:ssup: No loginPageURLs specified");
            return false;
        }
        AppObjects.log("Info:ssup: Validating through the specified urls");
        Enumeration elements = this.m_loginPageURLs.elements();
        while (elements.hasMoreElements()) {
            String str = (String) elements.nextElement();
            if (doesThisMatchALoginPage(httpServletRequest, str)) {
                AppObjects.log("Info:ssup: Login page match for: " + str);
                return true;
            }
        }
        AppObjects.log("Info:ssup: This is not a login page");
        return false;
    }

    private String getUserIfValid(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AppObjects.log("Info:ssup: Inside get user");
        if (AppObjects.getIConfig().getValue(AspireConstants.USER_AUTHORIZATION, "no").equals("no")) {
            String parameter = httpServletRequest.getParameter(AspireConstants.ASPIRE_USER_NAME_KEY);
            return parameter == null ? AspireConstants.ANNONYMOUS_USER : parameter;
        }
        AppObjects.log("Info:ssup: Http authentication active");
        String header = httpServletRequest.getHeader("Authorization");
        AppObjects.log("Authorization :" + header);
        if (header == null) {
            httpServletResponse.setStatus(401);
            httpServletResponse.setHeader("WWW-authenticate", "Basic realm=\"" + getRealm() + "\"");
            return null;
        }
        String str = null;
        boolean z = false;
        try {
            try {
                String str2 = new String(new BASE64Decoder().decodeBuffer(header.substring(6)));
                AppObjects.log("Userid + password :" + str2);
                StringTokenizer stringTokenizer = new StringTokenizer(str2, ":");
                if (stringTokenizer.hasMoreTokens()) {
                    str = stringTokenizer.nextToken();
                    z = ServletUtils.verifyPassword(str, stringTokenizer.nextToken());
                }
            } catch (AuthorizationException e) {
                AppObjects.log("Info:ssup: Could not authorize user");
                AppObjects.log(e);
            } catch (IOException e2) {
                AppObjects.log(e2);
            } catch (IndexOutOfBoundsException e3) {
                AppObjects.log(e3);
            }
        } catch (Throwable unused) {
        }
        if (z) {
            return str;
        }
        AppObjects.log("auth: Invalid user");
        httpServletResponse.setStatus(401);
        httpServletResponse.setHeader("WWW-authenticate", "Basic realm=\"" + getRealm() + "\"");
        return null;
    }

    private void redirectUserToMainPage(HttpServletResponse httpServletResponse) {
        String value = AppObjects.getIConfig().getValue(AspireConstants.SESSION_SUPPORT_MAIN_PAGE, null);
        if (value == null) {
            AppObjects.log("Error:ssup: You need to specify a starting main page for the application");
            return;
        }
        try {
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(value));
        } catch (IOException e) {
            AppObjects.log("error.session: Could not redirect the user to the main page");
            AppObjects.log(e);
        }
    }

    private boolean doesThisMatchALoginPage(HttpServletRequest httpServletRequest, String str) {
        AppObjects.log("Info:ssup: Matching " + ServletCompatibility.getRequestURL(httpServletRequest) + " with " + str);
        if (str == null) {
            return false;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, "?");
        if (!httpServletRequest.getRequestURI().equals(stringTokenizer.nextToken())) {
            return false;
        }
        if (!stringTokenizer.hasMoreTokens()) {
            return true;
        }
        AppObjects.log("Info:ssup: Parameters available for login page check");
        Hashtable parseQueryString = ServletUtils.parseQueryString(stringTokenizer.nextToken());
        AppObjects.log("Info:ssup: The params are " + parseQueryString.toString());
        Enumeration keys = parseQueryString.keys();
        while (keys.hasMoreElements()) {
            String str2 = (String) keys.nextElement();
            AppObjects.log("Info:ssup: Parame key=" + str2);
            String parameter = httpServletRequest.getParameter(str2);
            if (parameter == null) {
                AppObjects.log("Info:ssup: Could not find value for " + str2);
                return false;
            }
            AppObjects.log("Info:ssup: httpValue=" + parameter + ";paramValueInfile=" + ((String) parseQueryString.get(str2)));
            if (!parameter.equals(parseQueryString.get(str2))) {
                return false;
            }
        }
        return true;
    }
}
