package org.wso2.carbon.identity.entitlement.filter;

import java.io.IOException;
import java.io.InputStream;
import java.util.NoSuchElementException;
import java.util.Scanner;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletConfig;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.axiom.util.base64.Base64Utils;
import org.apache.axis2.AxisFault;
import org.apache.axis2.client.Options;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.authenticator.stub.AuthenticationAdminStub;
import org.wso2.carbon.authenticator.stub.LoginAuthenticationExceptionException;
import org.wso2.carbon.identity.entitlement.filter.exception.EntitlementCacheUpdateServletException;

/* loaded from: input_file:org/wso2/carbon/identity/entitlement/filter/EntitlementCacheUpdateServlet.class */
public class EntitlementCacheUpdateServlet extends HttpServlet {
    private static final Log log = LogFactory.getLog(EntitlementCacheUpdateServlet.class);
    private String httpsPort;
    private ConfigurationContext configCtx;
    private String remoteServiceUserName;
    private String remoteServicePassword;
    private String remoteServiceUrl;
    private String authCookie;
    private ServletConfig servletConfig;
    private String authentication;
    private String authenticationPage;
    private String authenticationPageURL;

    public void init(ServletConfig servletConfig) throws EntitlementCacheUpdateServletException {
        this.servletConfig = servletConfig;
        try {
            this.configCtx = ConfigurationContextFactory.createConfigurationContextFromFileSystem((String) null, (String) null);
            this.httpsPort = servletConfig.getInitParameter(EntitlementConstants.HTTPS_PORT);
            this.authentication = servletConfig.getInitParameter(EntitlementConstants.AUTHENTICATION);
            this.remoteServiceUrl = servletConfig.getServletContext().getInitParameter(EntitlementConstants.REMOTE_SERVICE_URL);
            this.remoteServiceUserName = servletConfig.getServletContext().getInitParameter(EntitlementConstants.USERNAME);
            this.remoteServicePassword = servletConfig.getServletContext().getInitParameter(EntitlementConstants.PASSWORD);
            this.authenticationPage = servletConfig.getInitParameter(EntitlementConstants.AUTHENTICATION_PAGE);
            this.authenticationPageURL = servletConfig.getInitParameter(EntitlementConstants.AUTHENTICATION_PAGE_URL);
        } catch (AxisFault e) {
            log.error("Error while initializing Configuration Context", e);
            throw new EntitlementCacheUpdateServletException("Error while initializing Configuration Context", e);
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws EntitlementCacheUpdateServletException {
        doPost(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws EntitlementCacheUpdateServletException {
        if (!httpServletRequest.isSecure()) {
            redirectToHTTPS(httpServletRequest, httpServletResponse);
            return;
        }
        if (httpServletRequest.getParameter("username") != null && httpServletRequest.getParameter(EntitlementConstants.PASSWORD) != null && !httpServletRequest.getParameter("username").equals("null") && !httpServletRequest.getParameter(EntitlementConstants.PASSWORD).equals("null")) {
            doAuthentication(httpServletRequest, httpServletResponse);
            return;
        }
        if (httpServletRequest.getParameter("username") == null) {
            log.info("'username' parameter not available in request. Redirecting to " + this.authenticationPageURL);
        }
        if (httpServletRequest.getParameter(EntitlementConstants.PASSWORD) == null) {
            log.info("'password' parameter not available in request. Redirecting to " + this.authenticationPageURL);
        }
        if (httpServletRequest.getParameter("username") != null && httpServletRequest.getParameter("username").equals("null")) {
            log.info("'username' is empty in request. Redirecting to " + this.authenticationPageURL);
        }
        if (httpServletRequest.getParameter(EntitlementConstants.PASSWORD) != null && httpServletRequest.getParameter(EntitlementConstants.PASSWORD).equals("null")) {
            log.info("'password' is empty in request. Redirecting to " + this.authenticationPageURL);
        }
        showAuthPage(httpServletRequest, httpServletResponse);
    }

    private boolean authenticate(String str, String str2, String str3) throws EntitlementCacheUpdateServletException {
        boolean z = false;
        if (this.authentication.equals(EntitlementConstants.WSO2_IS)) {
            try {
                AuthenticationAdminStub authenticationAdminStub = new AuthenticationAdminStub(this.configCtx, this.remoteServiceUrl + "AuthenticationAdmin");
                Options options = authenticationAdminStub._getServiceClient().getOptions();
                options.setManageSession(true);
                options.setProperty("Cookie", this.authCookie);
                z = authenticationAdminStub.login(str, str2, str3);
                this.authCookie = (String) authenticationAdminStub._getServiceClient().getServiceContext().getProperty("Cookie");
            } catch (LoginAuthenticationExceptionException e) {
                log.info(str + " not authenticated to perform entitlement query to perform cache update");
            } catch (Exception e2) {
                throw new EntitlementCacheUpdateServletException("Error while trying to authenticate with AuthenticationAdmin", e2);
            }
        } else {
            if (!this.authentication.equals(EntitlementConstants.WEB_APP)) {
                throw new EntitlementCacheUpdateServletException(this.authentication + " is an invalid configuration for authentication parameter in web.xml. Valid configurations are '" + EntitlementConstants.WEB_APP + "' and '" + EntitlementConstants.WSO2_IS + "'");
            }
            if (str.equals(this.remoteServiceUserName) && str2.equals(this.remoteServicePassword)) {
                z = true;
            }
        }
        return z;
    }

    private String convertStreamToString(InputStream inputStream) {
        try {
            return new Scanner(inputStream).useDelimiter("\\A").next();
        } catch (NoSuchElementException e) {
            return "";
        }
    }

    private void redirectToHTTPS(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws EntitlementCacheUpdateServletException {
        try {
            httpServletResponse.sendRedirect("https://" + httpServletRequest.getServerName() + ":" + this.httpsPort + httpServletRequest.getContextPath() + httpServletRequest.getServletPath());
        } catch (IOException e) {
            log.error("Error while redirecting request to come over HTTPS", e);
            throw new EntitlementCacheUpdateServletException("Error while redirecting request to come over HTTPS", e);
        }
    }

    private void doAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws EntitlementCacheUpdateServletException {
        String parameter = httpServletRequest.getParameter("username");
        String parameter2 = httpServletRequest.getParameter(EntitlementConstants.PASSWORD);
        if (!authenticate(parameter, parameter2, httpServletRequest.getServerName())) {
            showAuthPage(httpServletRequest, httpServletResponse);
            return;
        }
        RequestDispatcher requestDispatcher = httpServletRequest.getRequestDispatcher("/updateCacheAuth.do");
        String initParameter = this.servletConfig.getServletContext().getInitParameter(EntitlementConstants.SUBJECT_SCOPE);
        String initParameter2 = this.servletConfig.getServletContext().getInitParameter(EntitlementConstants.SUBJECT_ATTRIBUTE_NAME);
        if (initParameter.equals(EntitlementConstants.REQUEST_PARAM)) {
            requestDispatcher = httpServletRequest.getRequestDispatcher("/updateCacheAuth.do?" + initParameter2 + "=" + parameter);
        } else if (initParameter.equals(EntitlementConstants.REQUEST_ATTIBUTE)) {
            httpServletRequest.setAttribute(initParameter2, parameter);
        } else if (initParameter.equals(EntitlementConstants.SESSION)) {
            httpServletRequest.getSession().setAttribute(initParameter2, parameter);
        } else {
            httpServletResponse.setHeader("Authorization", Base64Utils.encode((parameter + ":" + parameter2).getBytes()));
        }
        try {
            requestDispatcher.forward(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            log.error("Error occurred while dispatching request to /updateCacheAuth.do", e);
            throw new EntitlementCacheUpdateServletException("Error occurred while dispatching request to /updateCacheAuth.do", e);
        }
    }

    private void showAuthPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws EntitlementCacheUpdateServletException {
        if (this.authenticationPage.equals("default")) {
            try {
                httpServletResponse.getWriter().print(convertStreamToString(getClass().getResourceAsStream("/updateCache.html")));
                return;
            } catch (IOException e) {
                log.error("Error occurred while writing /updateCache.html page to OutputStream");
                throw new EntitlementCacheUpdateServletException("Error occurred while writing /updateCache.html page to OutputStream" + e);
            }
        }
        if (!this.authenticationPage.equals("custom")) {
            throw new EntitlementCacheUpdateServletException(this.authenticationPage + " is an invalid configuration for authenticationPage parameter in web.xml. Valid configurations are 'default' and 'custom'");
        }
        try {
            httpServletRequest.getRequestDispatcher(this.authenticationPageURL).forward(httpServletRequest, httpServletResponse);
        } catch (Exception e2) {
            log.error("Error occurred while dispatching request to " + this.authenticationPageURL, e2);
            throw new EntitlementCacheUpdateServletException("Error occurred while dispatching request to " + this.authenticationPageURL, e2);
        }
    }
}
