package info.magnolia.cms.security.auth.login;

import com.google.common.collect.ImmutableSet;
import info.magnolia.cms.security.SecuritySupportBase;
import info.magnolia.cms.security.auth.callback.PlainTextCallbackHandler;
import java.nio.charset.StandardCharsets;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URLEncodedUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:info/magnolia/cms/security/auth/login/FormLogin.class */
public class FormLogin extends LoginHandlerBase implements LoginHandler {
    public static final String PARAMETER_RETURN_TO = "mgnlReturnTo";
    private String jaasChain = SecuritySupportBase.DEFAULT_JAAS_LOGIN_CHAIN;
    private static final Logger log = LoggerFactory.getLogger(FormLogin.class);
    public static final String PARAMETER_USER_ID = "mgnlUserId";
    public static final String PARAMETER_REALM = "mgnlRealm";
    public static final String PARAMETER_PSWD = "mgnlUserPSWD";
    public static final Set<String> AUTHENTICATION_ATTRIBUTES = ImmutableSet.of(PARAMETER_USER_ID, PARAMETER_REALM, PARAMETER_PSWD);

    @Override // info.magnolia.cms.security.auth.login.LoginHandler
    public LoginResult handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter(PARAMETER_USER_ID);
        log.debug("handle login for {}", parameter);
        if (!StringUtils.isNotEmpty(parameter)) {
            return LoginResult.NOT_HANDLED;
        }
        LoginResult authenticate = authenticate(new PlainTextCallbackHandler(parameter, StringUtils.defaultString(httpServletRequest.getParameter(PARAMETER_PSWD)).toCharArray(), StringUtils.defaultString(httpServletRequest.getParameter(PARAMETER_REALM))), getJaasChain());
        return (authenticate.getStatus() == 1 && requiresRedirect(httpServletRequest)) ? new LoginResult(5, authenticate.getSubject()) : authenticate;
    }

    protected boolean requiresRedirect(HttpServletRequest httpServletRequest) {
        if (!httpServletRequest.getMethod().equalsIgnoreCase("POST")) {
            return false;
        }
        Iterator it = URLEncodedUtils.parse(httpServletRequest.getQueryString(), StandardCharsets.UTF_8).iterator();
        while (it.hasNext()) {
            if (AUTHENTICATION_ATTRIBUTES.contains(((NameValuePair) it.next()).getName())) {
                return false;
            }
        }
        return true;
    }

    public String getJaasChain() {
        return this.jaasChain;
    }

    public void setJaasChain(String str) {
        this.jaasChain = str;
    }
}
