package com.iplanet.xslui.auth;

import com.iplanet.xslui.tools.PropertyReader;
import com.iplanet.xslui.ui.Logging;
import com.iplanet.xslui.ui.SessionConstants;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:118950-15/SUNWpssso/reloc/SUNWps/web-src/WEB-INF/lib/xslui.jar:com/iplanet/xslui/auth/SimpleAuthFilter.class */
public class SimpleAuthFilter extends XSLAuthFilter {
    public static final String CONFIG_FILENAME = "xslauth.properties";
    public static final String CONFIG_USERSESSION_PREFIX = "usersession";
    public static final String CONFIG_DEFAULTDOMAIN = "defaultdomain";
    private UserSessionFactory _userFactory = null;
    private String _defaultDomain = null;

    @Override // com.iplanet.xslui.auth.XSLAuthFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        this._config_filename = "xslauth.properties";
        super.init(filterConfig);
        PropertyReader propertyReader = super.getPropertyReader();
        this._defaultDomain = propertyReader.getStringProperty("defaultdomain", "iplanet.com");
        try {
            this._userFactory = (UserSessionFactory) propertyReader.getObjectProperty("usersession", true);
        } catch (Exception e) {
            throw new ServletException(new StringBuffer().append("Cant initialize UserSessionFactory:").append(e.getMessage()).toString());
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpSession session = httpServletRequest.getSession(true);
        if (((UserSession) session.getAttribute(SessionConstants.USERSESSION)) != null) {
            filterChain.doFilter(servletRequest, servletResponse);
            if (XSLAuthFilter.invalidateSession(httpServletRequest)) {
                session.invalidate();
                return;
            }
            return;
        }
        String str = (String) session.getAttribute("uid");
        String str2 = (String) session.getAttribute(SessionConstants.DOMAIN);
        if (str2 == null || str2.length() <= 0) {
            session.setAttribute(SessionConstants.DOMAIN, this._defaultDomain);
        }
        boolean z = true;
        if (str == null || str.length() <= 0 || str2 == null || str2.length() <= 0) {
            String userFromRequest = XSLAuthFilter.getUserFromRequest(httpServletRequest);
            if (userFromRequest == null) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            int lastIndexOf = userFromRequest.lastIndexOf("@");
            if (lastIndexOf != -1) {
                str = userFromRequest.substring(0, lastIndexOf);
                str2 = userFromRequest.substring(lastIndexOf + 1);
            } else {
                str = userFromRequest;
                str2 = this._defaultDomain;
            }
        } else {
            z = false;
        }
        UserSession newUserSession = this._userFactory.newUserSession(str, str2);
        if (newUserSession == null) {
            Logging.trace(8, new StringBuffer().append("couldnt create user ").append(str).append("(domain ").append(str2).append(")").toString());
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!z || !str.equals("anonymous")) {
            String passwordFromRequest = XSLAuthFilter.getPasswordFromRequest(httpServletRequest);
            String userAttrib = newUserSession.getUserAttrib("password");
            if ((userAttrib != null && !userAttrib.equals(passwordFromRequest)) || (userAttrib == null && passwordFromRequest != null)) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            } else {
                session.setAttribute("uid", str);
                session.setAttribute(SessionConstants.DOMAIN, str2);
                Logging.trace(64, new StringBuffer().append("SimpleAuthFilter: user ").append(str).append("@").append(str2).append(" authenticated").toString());
            }
        }
        session.setAttribute(SessionConstants.CLIENTIP, httpServletRequest.getRemoteAddr());
        session.setAttribute("userlang", newUserSession.getPreferredLanguage());
        session.setAttribute(SessionConstants.USERSESSION, newUserSession);
        Logging.trace(64, new StringBuffer().append("SimpleAuthFilter: user ").append(str).append("@").append(str2).append(" session created").toString());
        filterChain.doFilter(servletRequest, servletResponse);
        if (XSLAuthFilter.invalidateSession(httpServletRequest)) {
            session.invalidate();
        }
    }

    public void destroy() {
    }
}
