package com.caucho.http.security;

import com.caucho.server.http.Application;
import com.caucho.server.http.Response;
import com.caucho.util.L10N;
import com.caucho.vfs.LogStream;
import com.caucho.vfs.WriteStream;
import java.io.IOException;
import java.security.Principal;
import javax.servlet.GenericServlet;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/caucho/http/security/FormLoginServlet.class */
public class FormLoginServlet extends GenericServlet {
    private WriteStream dbg = LogStream.open("/caucho.com/http/security");
    static L10N L = new L10N("com/caucho/http/security/messages");

    public void service(ServletRequest servletRequest, ServletResponse servletResponse) throws ServletException, IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        ServletContext servletContext = getServletContext();
        FormLogin formLogin = (FormLogin) servletContext.getAttribute("caucho.login");
        Principal login = formLogin.getAuthenticator().login(httpServletRequest, httpServletResponse, servletContext, servletRequest.getParameter("j_username"), servletRequest.getParameter("j_password"));
        if (this.dbg.canWrite()) {
            this.dbg.log(new StringBuffer().append("auth: ").append(login).toString());
        }
        if (login == null) {
            RequestDispatcher requestDispatcher = httpServletRequest.getRequestDispatcher(formLogin.getFormErrorPage());
            if (httpServletResponse instanceof Response) {
                ((Response) httpServletResponse).killCache();
            } else {
                httpServletResponse.setDateHeader("Expires", 0L);
                httpServletResponse.setHeader("Cache-Control", "no-cache");
            }
            requestDispatcher.forward(httpServletRequest, httpServletResponse);
            return;
        }
        HttpSession session = httpServletRequest.getSession();
        String str = (String) session.getValue(FormLogin.LOGIN_SAVED_PATH);
        String str2 = (String) session.getValue(FormLogin.LOGIN_SAVED_QUERY);
        session.removeAttribute(FormLogin.LOGIN_SAVED_PATH);
        session.removeAttribute(FormLogin.LOGIN_SAVED_QUERY);
        if (this.dbg.canWrite()) {
            this.dbg.log(new StringBuffer().append("old path:").append(str).append(" query:").append(str2).append(" j_uri:").append(httpServletRequest.getParameter("j_uri")).toString());
        }
        if (httpServletRequest.getParameter("j_uri") != null) {
            str = httpServletRequest.getParameter("j_uri");
        } else if (str != null && str2 != null) {
            str = new StringBuffer().append(str).append("?").append(str2).toString();
        }
        if (str == null) {
            throw new ServletException(L.l("No forwarding uri for authentication"));
        }
        String requestURI = httpServletRequest.getRequestURI();
        int indexOf = requestURI.indexOf("/j_security_check");
        if (indexOf >= 0) {
            requestURI = requestURI.substring(0, indexOf + 1);
        }
        if (str.length() != 0) {
            if (str.charAt(0) == '/') {
                str = new StringBuffer().append(httpServletRequest.getContextPath()).append(str).toString();
            } else if (str.indexOf(58) < 0 || (str.indexOf(58) >= str.indexOf(47) && str.indexOf(47) >= 0)) {
                str = new StringBuffer().append(requestURI).append(str).toString();
            }
        }
        if (!formLogin.getInternalForward() || !str.startsWith(requestURI) || str.indexOf(47, requestURI.length() + 1) >= 0) {
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(str));
        } else {
            Application application = (Application) servletContext.getContext(str);
            application.getLoginDispatcher(str.substring(application.getContextPath().length())).forward(httpServletRequest, httpServletResponse);
        }
    }
}
