package com.sun.web.security;

import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpUtils;

/* loaded from: input_file:com/sun/web/security/FormAuthentication.class */
class FormAuthentication extends HttpAuthenticator {
    static final String SECURITY_CHECK = "/j_security_check";
    static final String USERNAME_VAR = "j_username";
    static final String PASSWORD_VAR = "j_password";
    private static final boolean debug = false;
    private static final String ORIGINATING_URL = "OriginatingURL";
    private static final String LOGIN_URL = "LoginURL";
    public static final String AUTH_REALM = "AuthenticationRealm";
    private String loginPage;
    private String errorPage;
    private String originalURL;
    private String currentURL;
    private String loginURL;
    private String requestMethod;
    private boolean authenticate;

    public FormAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        super(httpServletRequest, httpServletResponse);
        this.loginPage = "login.jsp";
        this.errorPage = "loginError.html";
        this.authenticate = false;
        String stringBuffer = HttpUtils.getRequestURL(httpServletRequest).toString();
        if (stringBuffer.endsWith(SECURITY_CHECK)) {
            this.authenticate = true;
        }
        stringBuffer.lastIndexOf("/");
    }

    @Override // com.sun.web.security.HttpAuthenticator
    public boolean authenticate() throws IOException {
        if (!shouldAuthenticate()) {
            return true;
        }
        HttpServletRequest request = getRequest();
        String parameter = request.getParameter(USERNAME_VAR);
        String parameter2 = request.getParameter(PASSWORD_VAR);
        if (parameter != null && parameter2 != null) {
            try {
                if (authenticate(parameter, parameter2)) {
                    HttpServletResponse response = getResponse();
                    String queryString = request.getQueryString();
                    response.sendRedirect(response.encodeURL(new StringBuffer(String.valueOf(this.originalURL)).append(queryString == null ? "" : new StringBuffer("?").append(queryString).toString()).toString()));
                    return true;
                }
            } finally {
                reset();
            }
        }
        return false;
    }

    public String getErrorPage() {
        return this.errorPage;
    }

    public String getLoginPage() {
        return this.loginPage;
    }

    @Override // com.sun.web.security.HttpAuthenticator
    public void init() throws IOException {
        HttpServletRequest request = getRequest();
        HttpServletResponse response = getResponse();
        HttpSession session = request.getSession(true);
        this.currentURL = HttpUtils.getRequestURL(request).toString();
        this.loginURL = response.encodeURL(this.loginPage);
        this.requestMethod = request.getMethod();
        if (this.currentURL.endsWith(SECURITY_CHECK) && this.requestMethod.equals("POST")) {
            this.authenticate = true;
        }
        if (session.getAttribute(ORIGINATING_URL) == null) {
            session.setAttribute(AUTH_REALM, this);
            this.originalURL = this.currentURL;
            session.setAttribute(ORIGINATING_URL, this.originalURL);
            String queryString = request.getQueryString();
            response.sendRedirect(response.encodeURL(new StringBuffer(String.valueOf(this.loginURL)).append(queryString == null ? "" : new StringBuffer("?").append(queryString).toString()).toString()));
            throw new IOException("");
        }
        this.originalURL = (String) session.getAttribute(ORIGINATING_URL);
        if (this.currentURL.endsWith(this.loginURL) || this.authenticate) {
            return;
        }
        if (!this.currentURL.equals(this.originalURL)) {
            this.originalURL = this.currentURL;
            session.setAttribute(ORIGINATING_URL, this.originalURL);
        }
        String queryString2 = request.getQueryString();
        response.sendRedirect(response.encodeURL(new StringBuffer(String.valueOf(this.loginURL)).append(queryString2 == null ? "" : new StringBuffer("?").append(queryString2).toString()).toString()));
        throw new IOException("");
    }

    @Override // com.sun.web.security.HttpAuthenticator
    public void reset() {
        HttpSession session = getRequest().getSession(true);
        if (session.getAttribute(AUTH_REALM) != null) {
            session.removeAttribute(AUTH_REALM);
        }
        if (session.getAttribute(ORIGINATING_URL) != null) {
            session.removeAttribute(ORIGINATING_URL);
        }
    }

    @Override // com.sun.web.security.HttpAuthenticator
    public void sendError() throws IOException {
        String queryString = getRequest().getQueryString();
        String stringBuffer = queryString == null ? "" : new StringBuffer("?").append(queryString).toString();
        HttpServletResponse response = getResponse();
        response.sendRedirect(response.encodeURL(new StringBuffer(String.valueOf(this.errorPage)).append(stringBuffer).toString()));
    }

    public void setErrorPage(String str) {
        this.errorPage = str;
    }

    public void setLoginPage(String str) {
        this.loginPage = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean shouldAuthenticate() {
        return this.authenticate;
    }
}
