package info.magnolia.cms.security.auth.login;

import info.magnolia.audit.AuditLoggingUtil;
import info.magnolia.cms.filters.AbstractMgnlFilter;
import info.magnolia.cms.util.RequestDispatchUtil;
import info.magnolia.context.MgnlContext;
import info.magnolia.monitoring.AccessRestrictedException;
import info.magnolia.monitoring.SystemMonitor;
import info.magnolia.objectfactory.Components;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialException;
import javax.security.auth.login.LoginException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:info/magnolia/cms/security/auth/login/LoginFilter.class */
public class LoginFilter extends AbstractMgnlFilter {
    private static final Logger log = LoggerFactory.getLogger(LoginFilter.class);
    private Collection<LoginHandler> loginHandlers = new ArrayList();

    @Override // info.magnolia.cms.filters.AbstractMgnlFilter
    public void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        for (LoginHandler loginHandler : getLoginHandlers()) {
            LoginResult handle = loginHandler.handle(httpServletRequest, httpServletResponse);
            LoginResult.setCurrentLoginResult(handle);
            if (handle.getStatus() == 4) {
                AuditLoggingUtil.log(handle, httpServletRequest);
                return;
            }
            if (handle.getStatus() == 1 || handle.getStatus() == 5) {
                if (((SystemMonitor) Components.getComponent(SystemMonitor.class)).isMemoryLimitReached()) {
                    log.error(String.format(SystemMonitor.MEMORY_LIMIT_IS_REACHED_STRING_FORMAT, "That is why further logins have to be blocked for now."));
                    LoginResult loginResult = new LoginResult(2, new AccessRestrictedException());
                    LoginResult.setCurrentLoginResult(loginResult);
                    AuditLoggingUtil.log(loginResult, httpServletRequest);
                } else {
                    Subject subject = handle.getSubject();
                    if (subject == null) {
                        String str = "Invalid login result from handler [" + loginHandler.getClass().getName() + "] returned STATUS_SUCCEEDED but no subject";
                        log.error(str);
                        LoginResult loginResult2 = new LoginResult(2, (LoginException) new CredentialException(str));
                        LoginResult.setCurrentLoginResult(loginResult2);
                        AuditLoggingUtil.log(loginResult2, httpServletRequest);
                        throw new ServletException("Invalid login result");
                    }
                    if (httpServletRequest.getSession(false) != null) {
                        httpServletRequest.getSession().invalidate();
                    }
                    MgnlContext.login(subject);
                    AuditLoggingUtil.log(handle, httpServletRequest);
                    if (handle.getStatus() == 5) {
                        String parameter = httpServletRequest.getParameter(FormLogin.PARAMETER_RETURN_TO);
                        if (parameter == null) {
                            parameter = httpServletRequest.getRequestURL().toString();
                        }
                        RequestDispatchUtil.dispatch(RequestDispatchUtil.REDIRECT_PREFIX + parameter, httpServletRequest, httpServletResponse);
                        return;
                    }
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
            AuditLoggingUtil.log(handle, httpServletRequest);
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public Collection<LoginHandler> getLoginHandlers() {
        return this.loginHandlers;
    }

    public void setLoginHandlers(Collection<LoginHandler> collection) {
        this.loginHandlers = collection;
    }

    public void addLoginHandlers(LoginHandler loginHandler) {
        this.loginHandlers.add(loginHandler);
    }
}
