package com.openexchange.ajax;

import com.openexchange.ajax.container.Response;
import com.openexchange.ajax.fields.FolderFields;
import com.openexchange.ajax.fields.Header;
import com.openexchange.ajax.fields.LoginFields;
import com.openexchange.ajax.helper.Send;
import com.openexchange.ajax.login.AutoLogin;
import com.openexchange.ajax.login.FormLogin;
import com.openexchange.ajax.login.HashCalculator;
import com.openexchange.ajax.login.Login;
import com.openexchange.ajax.login.LoginConfiguration;
import com.openexchange.ajax.login.LoginRequestHandler;
import com.openexchange.ajax.login.LoginRequestImpl;
import com.openexchange.ajax.login.LoginTools;
import com.openexchange.ajax.login.OAuthLogin;
import com.openexchange.ajax.login.RedeemToken;
import com.openexchange.ajax.login.TokenLogin;
import com.openexchange.ajax.login.Tokens;
import com.openexchange.ajax.writer.LoginWriter;
import com.openexchange.ajax.writer.ResponseWriter;
import com.openexchange.authentication.LoginExceptionCodes;
import com.openexchange.config.ConfigTools;
import com.openexchange.configuration.ClientWhitelist;
import com.openexchange.configuration.CookieHashSource;
import com.openexchange.configuration.ServerConfig;
import com.openexchange.exception.OXException;
import com.openexchange.folderstorage.outlook.OutlookFolderStorage;
import com.openexchange.groupware.contexts.Context;
import com.openexchange.groupware.contexts.impl.ContextStorage;
import com.openexchange.groupware.ldap.User;
import com.openexchange.groupware.ldap.UserStorage;
import com.openexchange.groupware.settings.Setting;
import com.openexchange.groupware.settings.impl.ConfigTree;
import com.openexchange.groupware.settings.impl.SettingStorage;
import com.openexchange.java.StringAllocator;
import com.openexchange.java.Strings;
import com.openexchange.java.util.UUIDs;
import com.openexchange.log.LogProperties;
import com.openexchange.login.ConfigurationProperty;
import com.openexchange.login.Interface;
import com.openexchange.login.LoginResult;
import com.openexchange.login.internal.LoginPerformer;
import com.openexchange.server.ServiceExceptionCode;
import com.openexchange.server.services.ServerServiceRegistry;
import com.openexchange.session.Session;
import com.openexchange.sessiond.SessionExceptionCodes;
import com.openexchange.sessiond.SessiondService;
import com.openexchange.sessiond.impl.IPRange;
import com.openexchange.tools.io.IOTools;
import com.openexchange.tools.servlet.AjaxExceptionCodes;
import com.openexchange.tools.servlet.http.Authorization;
import com.openexchange.tools.servlet.http.Cookies;
import com.openexchange.tools.servlet.http.Tools;
import com.openexchange.tools.session.ServerSession;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.lang.reflect.UndeclaredThrowableException;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicReference;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/openexchange/ajax/LoginServlet.class */
public class LoginServlet extends AJAXServlet {
    private static final long serialVersionUID = 7680745138705836499L;
    protected static final Logger LOG = LoggerFactory.getLogger(LoginServlet.class);
    protected static final Set<LogProperties.Name> LOG_PROPERTIES;
    public static final String SESSION_PREFIX;
    public static final String SECRET_PREFIX;
    public static final String PUBLIC_SESSION_PREFIX;
    public static final String ACTION_FORMLOGIN = "formlogin";
    public static final String ACTION_TOKENLOGIN = "tokenLogin";
    public static final String ACTION_TOKENS = "tokens";
    public static final String ACTION_REDEEM_TOKEN = "redeemToken";
    public static final String ACTION_CHANGEIP;
    static final AtomicReference<LoginConfiguration> confReference;
    private final Map<String, LoginRequestHandler> handlerMap = new ConcurrentHashMap(16);
    private static final String ERROR_PAGE_TEMPLATE = "<html>\n<script type=\"text/javascript\">\n// Display normal HTML for 5 seconds, then redirect via referrer.\nsetTimeout(redirect,5000);\nfunction redirect(){\n var referrer=document.referrer;\n var redirect_url;\n // If referrer already contains failed parameter, we don't add a 2nd one.\n if(referrer.indexOf(\"login=failed\")>=0){\n  redirect_url=referrer;\n }else{\n  // Check if referrer contains multiple parameter\n  if(referrer.indexOf(\"?\")<0){\n   redirect_url=referrer+\"?login=failed\";\n  }else{\n   redirect_url=referrer+\"&login=failed\";\n  }\n }\n // Redirect to referrer\n window.location.href=redirect_url;\n}\n</script>\n<body>\n<h1>ERROR_MESSAGE</h1>\n</body>\n</html>\n";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/openexchange/ajax/LoginServlet$CookieType.class */
    public enum CookieType {
        SESSION,
        SECRET
    }

    public static LoginConfiguration getLoginConfiguration() {
        return confReference.get();
    }

    public static String getPublicSessionCookieName(HttpServletRequest httpServletRequest) {
        return new StringAllocator(PUBLIC_SESSION_PREFIX).append(HashCalculator.getInstance().getUserAgentHash(httpServletRequest)).toString();
    }

    public LoginServlet() {
        this.handlerMap.put(AJAXServlet.ACTION_STORE, new LoginRequestHandler() { // from class: com.openexchange.ajax.LoginServlet.1
            @Override // com.openexchange.ajax.login.LoginRequestHandler
            public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
                try {
                    LoginServlet.this.doStore(httpServletRequest, httpServletResponse);
                } catch (JSONException e) {
                    LoginServlet.this.log(AJAXServlet.RESPONSE_ERROR, e);
                    AJAXServlet.sendError(httpServletResponse);
                } catch (OXException e2) {
                    LoginServlet.logAndSendException(httpServletResponse, e2);
                }
            }
        });
        this.handlerMap.put(AJAXServlet.ACTION_REFRESH_SECRET, new LoginRequestHandler() { // from class: com.openexchange.ajax.LoginServlet.2
            @Override // com.openexchange.ajax.login.LoginRequestHandler
            public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
                try {
                    LoginServlet.this.doRefreshSecret(httpServletRequest, httpServletResponse);
                } catch (JSONException e) {
                    LoginServlet.this.log(AJAXServlet.RESPONSE_ERROR, e);
                    AJAXServlet.sendError(httpServletResponse);
                } catch (OXException e2) {
                    LoginServlet.logAndSendException(httpServletResponse, e2);
                }
            }
        });
        this.handlerMap.put(AJAXServlet.ACTION_LOGOUT, new LoginRequestHandler() { // from class: com.openexchange.ajax.LoginServlet.3
            @Override // com.openexchange.ajax.login.LoginRequestHandler
            public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
                Tools.disableCaching(httpServletResponse);
                httpServletResponse.setContentType(AJAXServlet.CONTENTTYPE_JAVASCRIPT);
                String parameter = httpServletRequest.getParameter(AJAXServlet.PARAMETER_SESSION);
                if (parameter == null) {
                    httpServletResponse.sendError(com.openexchange.groupware.container.Appointment.LOCATION);
                    return;
                }
                try {
                    Session lookupSession = LoginPerformer.getInstance().lookupSession(parameter);
                    if (lookupSession != null) {
                        LoginConfiguration loginConfiguration = LoginServlet.confReference.get();
                        SessionServlet.checkIP(loginConfiguration.isIpCheck(), loginConfiguration.getRanges(), lookupSession, httpServletRequest.getRemoteAddr(), loginConfiguration.getIpCheckWhitelist());
                        String extractSecret = SessionServlet.extractSecret(loginConfiguration.getHashSource(), httpServletRequest, lookupSession.getHash(), lookupSession.getClient());
                        if (extractSecret == null || !lookupSession.getSecret().equals(extractSecret)) {
                            LoginServlet.LOG.info("Status code 403 (FORBIDDEN): Missing or non-matching secret.");
                            httpServletResponse.sendError(403);
                        } else {
                            LoginPerformer.getInstance().doLogout(parameter);
                            SessionServlet.removeOXCookies(lookupSession.getHash(), httpServletRequest, httpServletResponse);
                            SessionServlet.removeJSESSIONID(httpServletRequest, httpServletResponse);
                        }
                    }
                } catch (OXException e) {
                    LoginServlet.LOG.error("Logout failed", e);
                }
            }
        });
        this.handlerMap.put(AJAXServlet.ACTION_REDIRECT, new LoginRequestHandler() { // from class: com.openexchange.ajax.LoginServlet.4
            @Override // com.openexchange.ajax.login.LoginRequestHandler
            public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
                Session sessionByRandomToken;
                String hash;
                String localIp;
                LoginConfiguration loginConfiguration = LoginServlet.confReference.get();
                Tools.disableCaching(httpServletResponse);
                httpServletResponse.setContentType(AJAXServlet.CONTENTTYPE_JAVASCRIPT);
                String str = null;
                if (loginConfiguration.isRandomTokenEnabled()) {
                    str = httpServletRequest.getParameter(LoginFields.RANDOM_PARAM);
                }
                if (str == null) {
                    httpServletResponse.sendError(com.openexchange.groupware.container.Appointment.LOCATION);
                    return;
                }
                SessiondService sessiondService = (SessiondService) ServerServiceRegistry.getInstance().getService(SessiondService.class);
                if (sessiondService == null) {
                    LoginServlet.LOG.error("", ServiceExceptionCode.SERVICE_UNAVAILABLE.create(new Object[]{SessiondService.class.getName()}));
                    httpServletResponse.sendError(403);
                    return;
                }
                if (!loginConfiguration.isInsecure()) {
                    sessionByRandomToken = sessiondService.getSessionByRandomToken(str);
                } else if (loginConfiguration.isRedirectIPChangeAllowed()) {
                    sessionByRandomToken = sessiondService.getSessionByRandomToken(str, httpServletRequest.getRemoteAddr());
                } else {
                    sessionByRandomToken = sessiondService.getSessionByRandomToken(str);
                    if (null != sessionByRandomToken && (null == (localIp = sessionByRandomToken.getLocalIp()) || SessionServlet.isWhitelistedFromIPCheck(localIp, loginConfiguration.getRanges()))) {
                        String remoteAddr = httpServletRequest.getRemoteAddr();
                        if (!remoteAddr.equals(localIp)) {
                            LoginServlet.LOG.info("Changing IP of session {} with authID: {} from {} to {}.", new Object[]{sessionByRandomToken.getSessionID(), sessionByRandomToken.getAuthId(), localIp, remoteAddr});
                            sessionByRandomToken.setLocalIp(remoteAddr);
                        }
                    }
                }
                if (sessionByRandomToken == null) {
                    if (LoginServlet.LOG.isDebugEnabled()) {
                        LoginServlet.LOG.debug("No session could be found for random token: {}", str, new Throwable());
                    } else {
                        LoginServlet.LOG.info("No session could be found for random token: {}", str);
                    }
                    httpServletResponse.sendError(403);
                    return;
                }
                LogProperties.putSessionProperties(sessionByRandomToken);
                if (loginConfiguration.isInsecure()) {
                    SessionServlet.removeOXCookies(sessionByRandomToken.getHash(), httpServletRequest, httpServletResponse);
                }
                try {
                    Context context = ContextStorage.getInstance().getContext(sessionByRandomToken.getContextId());
                    User user = UserStorage.getInstance().getUser(sessionByRandomToken.getUserId(), context);
                    if (!context.isEnabled() || !user.isMailEnabled()) {
                        LoginServlet.LOG.info("Status code 403 (FORBIDDEN): Either context {} or user {} not enabled", Integer.valueOf(context.getContextId()), Integer.valueOf(user.getId()));
                        httpServletResponse.sendError(403);
                        return;
                    }
                    String parameter = httpServletRequest.getParameter(LoginFields.CLIENT_PARAM);
                    if (loginConfiguration.isInsecure()) {
                        if (null == parameter) {
                            parameter = sessionByRandomToken.getClient();
                        } else {
                            sessionByRandomToken.setClient(parameter);
                        }
                        hash = HashCalculator.getInstance().getHash(httpServletRequest, parameter);
                        sessionByRandomToken.setHash(hash);
                    } else {
                        hash = sessionByRandomToken.getHash();
                    }
                    LoginServlet.writeSecretCookie(httpServletRequest, httpServletResponse, sessionByRandomToken, hash, httpServletRequest.isSecure(), httpServletRequest.getServerName(), loginConfiguration);
                    httpServletResponse.sendRedirect(LoginTools.generateRedirectURL(httpServletRequest.getParameter("uiWebPath"), httpServletRequest.getParameter(AJAXServlet.ACTION_STORE), sessionByRandomToken.getSessionID(), loginConfiguration.getUiWebPath()));
                } catch (UndeclaredThrowableException e) {
                    LoginServlet.LOG.info("Status code 403 (FORBIDDEN): Unexpected error occurred during login: {}", e.getMessage());
                    httpServletResponse.sendError(403);
                } catch (OXException e2) {
                    LoginServlet.LOG.info("Status code 403 (FORBIDDEN): Couldn't resolve context/user by identifier: {}/{}", Integer.valueOf(sessionByRandomToken.getContextId()), Integer.valueOf(sessionByRandomToken.getUserId()));
                    httpServletResponse.sendError(403);
                }
            }
        });
        this.handlerMap.put(ACTION_CHANGEIP, new LoginRequestHandler() { // from class: com.openexchange.ajax.LoginServlet.5
            @Override // com.openexchange.ajax.login.LoginRequestHandler
            public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
                String parameter;
                Response response = new Response();
                Session session = null;
                try {
                    parameter = httpServletRequest.getParameter(AJAXServlet.PARAMETER_SESSION);
                } catch (OXException e) {
                    LoginServlet.LOG.debug("", e);
                    response.setException(e);
                }
                if (null == parameter) {
                    LoginServlet.LOG.info("Parameter \"{}\" not found for action {}", AJAXServlet.PARAMETER_SESSION, LoginServlet.ACTION_CHANGEIP);
                    throw AjaxExceptionCodes.MISSING_PARAMETER.create(AJAXServlet.PARAMETER_SESSION);
                }
                String parameter2 = httpServletRequest.getParameter(LoginFields.CLIENT_IP_PARAM);
                if (null == parameter2) {
                    LoginServlet.LOG.info("Parameter \"{}\" not found for action {}", LoginFields.CLIENT_IP_PARAM, LoginServlet.ACTION_CHANGEIP);
                    throw AjaxExceptionCodes.MISSING_PARAMETER.create(LoginFields.CLIENT_IP_PARAM);
                }
                session = ((SessiondService) ServerServiceRegistry.getInstance().getService(SessiondService.class, true)).getSession(parameter);
                if (session == null) {
                    LoginServlet.LOG.info("There is no session associated with session identifier: {}", parameter);
                    throw SessionExceptionCodes.SESSION_EXPIRED.create(new Object[]{parameter});
                }
                LogProperties.putSessionProperties(session);
                LoginConfiguration loginConfiguration = LoginServlet.confReference.get();
                SessionServlet.checkIP(loginConfiguration.isIpCheck(), loginConfiguration.getRanges(), session, httpServletRequest.getRemoteAddr(), loginConfiguration.getIpCheckWhitelist());
                String extractSecret = SessionServlet.extractSecret(loginConfiguration.getHashSource(), httpServletRequest, session.getHash(), session.getClient());
                if (extractSecret == null || !session.getSecret().equals(extractSecret)) {
                    if (null != extractSecret) {
                        LoginServlet.LOG.info("Session secret is different. Given secret \"{}\" differs from secret in session \"{}\".", extractSecret, session.getSecret());
                    }
                    throw SessionExceptionCodes.WRONG_SESSION_SECRET.create();
                }
                String localIp = session.getLocalIp();
                if (!parameter2.equals(localIp)) {
                    LoginServlet.LOG.info("Changing IP of session {} with authID: {} from {} to {}", new Object[]{session.getSessionID(), session.getAuthId(), localIp, parameter2});
                    session.setLocalIp(parameter2);
                }
                response.setData(OutlookFolderStorage.OUTLOOK_TREE_ID);
                Tools.disableCaching(httpServletResponse);
                httpServletResponse.setContentType(AJAXServlet.CONTENTTYPE_JAVASCRIPT);
                httpServletResponse.setStatus(200);
                try {
                    ResponseWriter.write(response, httpServletResponse.getWriter(), AJAXServlet.localeFrom(session));
                } catch (JSONException e2) {
                    LoginServlet.this.log(AJAXServlet.RESPONSE_ERROR, e2);
                    AJAXServlet.sendError(httpServletResponse);
                }
            }
        });
        this.handlerMap.put(AJAXServlet.ACTION_REDEEM, new LoginRequestHandler() { // from class: com.openexchange.ajax.LoginServlet.6
            @Override // com.openexchange.ajax.login.LoginRequestHandler
            public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
                Session sessionByRandomToken;
                String hash;
                String localIp;
                LoginConfiguration loginConfiguration = LoginServlet.confReference.get();
                Tools.disableCaching(httpServletResponse);
                httpServletResponse.setContentType(AJAXServlet.CONTENTTYPE_JAVASCRIPT);
                String str = null;
                if (loginConfiguration.isRandomTokenEnabled()) {
                    str = httpServletRequest.getParameter(LoginFields.RANDOM_PARAM);
                }
                if (str == null) {
                    httpServletResponse.sendError(com.openexchange.groupware.container.Appointment.LOCATION);
                    return;
                }
                SessiondService sessiondService = (SessiondService) ServerServiceRegistry.getInstance().getService(SessiondService.class);
                if (sessiondService == null) {
                    LoginServlet.LOG.error("", ServiceExceptionCode.SERVICE_UNAVAILABLE.create(new Object[]{SessiondService.class.getName()}));
                    httpServletResponse.sendError(403);
                    return;
                }
                if (!loginConfiguration.isInsecure()) {
                    sessionByRandomToken = sessiondService.getSessionByRandomToken(str);
                } else if (loginConfiguration.isRedirectIPChangeAllowed()) {
                    sessionByRandomToken = sessiondService.getSessionByRandomToken(str, httpServletRequest.getRemoteAddr());
                } else {
                    sessionByRandomToken = sessiondService.getSessionByRandomToken(str);
                    if (null != sessionByRandomToken && (null == (localIp = sessionByRandomToken.getLocalIp()) || SessionServlet.isWhitelistedFromIPCheck(localIp, loginConfiguration.getRanges()))) {
                        String remoteAddr = httpServletRequest.getRemoteAddr();
                        if (!remoteAddr.equals(localIp)) {
                            LoginServlet.LOG.info("Changing IP of session {} with authID: {} from {} to {}.", new Object[]{sessionByRandomToken.getSessionID(), sessionByRandomToken.getAuthId(), localIp, remoteAddr});
                            sessionByRandomToken.setLocalIp(remoteAddr);
                        }
                    }
                }
                if (sessionByRandomToken == null) {
                    if (LoginServlet.LOG.isDebugEnabled()) {
                        LoginServlet.LOG.debug("No session could be found for random token: {}", str, new Throwable());
                    } else {
                        LoginServlet.LOG.info("No session could be found for random token: {}", str);
                    }
                    httpServletResponse.sendError(403);
                    return;
                }
                LogProperties.putSessionProperties(sessionByRandomToken);
                if (loginConfiguration.isInsecure()) {
                    SessionServlet.removeOXCookies(sessionByRandomToken.getHash(), httpServletRequest, httpServletResponse);
                }
                try {
                    Context context = ContextStorage.getInstance().getContext(sessionByRandomToken.getContextId());
                    User user = UserStorage.getInstance().getUser(sessionByRandomToken.getUserId(), context);
                    if (!context.isEnabled() || !user.isMailEnabled()) {
                        LoginServlet.LOG.info("Status code 403 (FORBIDDEN): Either context {} or user {} not enabled", Integer.valueOf(context.getContextId()), Integer.valueOf(user.getId()));
                        httpServletResponse.sendError(403);
                        return;
                    }
                    String parameter = httpServletRequest.getParameter(LoginFields.CLIENT_PARAM);
                    if (loginConfiguration.isInsecure()) {
                        if (null == parameter) {
                            parameter = sessionByRandomToken.getClient();
                        } else {
                            sessionByRandomToken.setClient(parameter);
                        }
                        hash = HashCalculator.getInstance().getHash(httpServletRequest, parameter);
                        sessionByRandomToken.setHash(hash);
                    } else {
                        hash = sessionByRandomToken.getHash();
                    }
                    LoginServlet.writeSecretCookie(httpServletRequest, httpServletResponse, sessionByRandomToken, hash, httpServletRequest.isSecure(), httpServletRequest.getServerName(), loginConfiguration);
                    try {
                        JSONObject jSONObject = new JSONObject();
                        LoginWriter.write(sessionByRandomToken, jSONObject);
                        LoginServlet.appendModules(sessionByRandomToken, jSONObject, httpServletRequest);
                        jSONObject.write(httpServletResponse.getWriter());
                    } catch (JSONException e) {
                        LoginServlet.this.log(AJAXServlet.RESPONSE_ERROR, e);
                        AJAXServlet.sendError(httpServletResponse);
                    }
                } catch (UndeclaredThrowableException e2) {
                    LoginServlet.LOG.info("Status code 403 (FORBIDDEN): Unexpected error occurred during login: {}", e2.getMessage());
                    httpServletResponse.sendError(403);
                } catch (OXException e3) {
                    LoginServlet.LOG.info("Status code 403 (FORBIDDEN): Couldn't resolve context/user by identifier: {}/{}", Integer.valueOf(sessionByRandomToken.getContextId()), Integer.valueOf(sessionByRandomToken.getUserId()));
                    httpServletResponse.sendError(403);
                }
            }
        });
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        String str;
        super.init(servletConfig);
        String initParameter = servletConfig.getInitParameter(ServerConfig.Property.UI_WEB_PATH.getPropertyName());
        boolean parseBoolean = Boolean.parseBoolean(servletConfig.getInitParameter(ConfigurationProperty.SESSIOND_AUTOLOGIN.getPropertyName()));
        CookieHashSource parse = CookieHashSource.parse(servletConfig.getInitParameter(ServerConfig.Property.COOKIE_HASH.getPropertyName()));
        String initParameter2 = servletConfig.getInitParameter(ConfigurationProperty.HTTP_AUTH_AUTOLOGIN.getPropertyName());
        String initParameter3 = servletConfig.getInitParameter(ConfigurationProperty.HTTP_AUTH_CLIENT.getPropertyName());
        String initParameter4 = servletConfig.getInitParameter(ConfigurationProperty.HTTP_AUTH_VERSION.getPropertyName());
        String initParameter5 = servletConfig.getInitParameter(ConfigurationProperty.ERROR_PAGE_TEMPLATE.getPropertyName());
        if (null == initParameter5) {
            str = ERROR_PAGE_TEMPLATE;
        } else {
            try {
                str = IOTools.getFileContents(new File(initParameter5));
                LOG.info("Found an error page template at {}", initParameter5);
            } catch (FileNotFoundException e) {
                LOG.error("Could not find an error page template at {}, using default.", initParameter5);
                str = ERROR_PAGE_TEMPLATE;
            }
        }
        int parseTimespanSecs = ConfigTools.parseTimespanSecs(servletConfig.getInitParameter(ServerConfig.Property.COOKIE_TTL.getPropertyName()));
        boolean z = Boolean.parseBoolean(servletConfig.getInitParameter(ServerConfig.Property.COOKIE_FORCE_HTTPS.getPropertyName())) || Boolean.parseBoolean(servletConfig.getInitParameter(ServerConfig.Property.FORCE_HTTPS.getPropertyName()));
        boolean parseBoolean2 = Boolean.parseBoolean(servletConfig.getInitParameter(ConfigurationProperty.INSECURE.getPropertyName()));
        boolean parseBoolean3 = Boolean.parseBoolean(servletConfig.getInitParameter(ServerConfig.Property.IP_CHECK.getPropertyName()));
        ClientWhitelist add = new ClientWhitelist().add(servletConfig.getInitParameter(ServerConfig.Property.IP_CHECK_WHITELIST.getPropertyName()));
        boolean parseBoolean4 = Boolean.parseBoolean(servletConfig.getInitParameter(ConfigurationProperty.REDIRECT_IP_CHANGE_ALLOWED.getPropertyName()));
        LinkedList linkedList = new LinkedList();
        String initParameter6 = servletConfig.getInitParameter(ConfigurationProperty.NO_IP_CHECK_RANGE.getPropertyName());
        if (initParameter6 != null) {
            for (String str2 : Strings.splitByCRLF(initParameter6)) {
                String replaceAll = str2.replaceAll("\\s", "");
                if (!replaceAll.equals("") && (replaceAll.length() == 0 || replaceAll.charAt(0) != '#')) {
                    linkedList.add(IPRange.parseRange(replaceAll));
                }
            }
        }
        LoginConfiguration loginConfiguration = new LoginConfiguration(initParameter, parseBoolean, parse, initParameter2, initParameter3, initParameter4, str, parseTimespanSecs, z, parseBoolean2, parseBoolean3, add, parseBoolean4, linkedList, Boolean.parseBoolean(servletConfig.getInitParameter(ConfigurationProperty.DISABLE_TRIM_LOGIN.getPropertyName())), Boolean.parseBoolean(servletConfig.getInitParameter(ConfigurationProperty.FORM_LOGIN_WITHOUT_AUTHID.getPropertyName())), Boolean.parseBoolean(servletConfig.getInitParameter(ConfigurationProperty.RANDOM_TOKEN.getPropertyName())));
        confReference.set(loginConfiguration);
        this.handlerMap.put(ACTION_FORMLOGIN, new FormLogin(loginConfiguration));
        this.handlerMap.put(ACTION_TOKENLOGIN, new TokenLogin(loginConfiguration));
        this.handlerMap.put(ACTION_TOKENS, new Tokens(loginConfiguration));
        this.handlerMap.put("redeemToken", new RedeemToken(loginConfiguration));
        this.handlerMap.put("autologin", new AutoLogin(loginConfiguration));
        this.handlerMap.put(AJAXServlet.ACTION_OAUTH, new OAuthLogin(loginConfiguration));
        this.handlerMap.put("login", new Login(loginConfiguration));
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            String parameter = httpServletRequest.getParameter(AJAXServlet.PARAMETER_ACTION);
            String servletSpecificURI = getServletSpecificURI(httpServletRequest);
            if (null != servletSpecificURI && servletSpecificURI.startsWith("/httpAuth")) {
                doHttpAuth(httpServletRequest, httpServletResponse);
            } else if (null == parameter) {
                logAndSendException(httpServletResponse, AjaxExceptionCodes.MISSING_PARAMETER.create(AJAXServlet.PARAMETER_ACTION));
                LogProperties.removeProperties(LOG_PROPERTIES);
                return;
            } else if (parameter.equalsIgnoreCase("hasAutologin")) {
                Tools.disableCaching(httpServletResponse);
                httpServletResponse.setStatus(200);
                httpServletResponse.setContentType(AJAXServlet.CONTENTTYPE_JAVASCRIPT);
                try {
                    JSONObject jSONObject = new JSONObject(2);
                    jSONObject.put("autologin", confReference.get().isSessiondAutoLogin());
                    jSONObject.write(httpServletResponse.getWriter());
                } catch (JSONException e) {
                    LOG.error(AJAXServlet.RESPONSE_ERROR, e);
                    sendError(httpServletResponse);
                }
            } else {
                doJSONAuth(httpServletRequest, httpServletResponse, parameter);
            }
            LogProperties.removeProperties(LOG_PROPERTIES);
        } catch (Throwable th) {
            LogProperties.removeProperties(LOG_PROPERTIES);
            throw th;
        }
    }

    private void doJSONAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        LoginRequestHandler loginRequestHandler = this.handlerMap.get(str);
        if (null == loginRequestHandler) {
            logAndSendException(httpServletResponse, AjaxExceptionCodes.UNKNOWN_ACTION.create(str));
        } else {
            loginRequestHandler.handleRequest(httpServletRequest, httpServletResponse);
        }
    }

    private void doHttpAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (httpServletRequest.getHeader(Header.AUTH_HEADER) == null) {
            httpServletResponse.addHeader("WWW-Authenticate", "NEGOTIATE");
            httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=\"Open-Xchange\"");
            httpServletResponse.sendError(com.openexchange.groupware.container.Appointment.FULL_TIME, "Authorization Required!");
            return;
        }
        try {
            doAuthHeaderLogin(httpServletRequest, httpServletResponse);
        } catch (OXException e) {
            LOG.error("", e);
            httpServletResponse.addHeader("WWW-Authenticate", "NEGOTIATE");
            httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=\"Open-Xchange\"");
            httpServletResponse.sendError(com.openexchange.groupware.container.Appointment.FULL_TIME, e.getMessage());
        }
    }

    private void doCookieReWrite(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, CookieType cookieType) throws OXException, JSONException, IOException {
        LoginConfiguration loginConfiguration = confReference.get();
        if (!loginConfiguration.isSessiondAutoLogin() && CookieType.SESSION == cookieType) {
            throw AjaxExceptionCodes.DISABLED_ACTION.create(AJAXServlet.ACTION_STORE);
        }
        SessiondService sessiondService = (SessiondService) ServerServiceRegistry.getInstance().getService(SessiondService.class);
        if (null == sessiondService) {
            throw ServiceExceptionCode.SERVICE_UNAVAILABLE.create(new Object[]{SessiondService.class.getName()});
        }
        String parameter = httpServletRequest.getParameter(AJAXServlet.PARAMETER_SESSION);
        if (null == parameter) {
            throw AjaxExceptionCodes.MISSING_PARAMETER.create(AJAXServlet.PARAMETER_SESSION);
        }
        ServerSession session = SessionServlet.getSession(loginConfiguration.getHashSource(), httpServletRequest, parameter, sessiondService);
        try {
            SessionServlet.checkIP(loginConfiguration.isIpCheck(), loginConfiguration.getRanges(), session, httpServletRequest.getRemoteAddr(), loginConfiguration.getIpCheckWhitelist());
            if (cookieType == CookieType.SESSION) {
                writeSessionCookie(httpServletResponse, session, session.getHash(), httpServletRequest.isSecure(), httpServletRequest.getServerName());
            } else {
                writeSecretCookie(httpServletRequest, httpServletResponse, session, session.getHash(), httpServletRequest.isSecure(), httpServletRequest.getServerName(), loginConfiguration);
            }
            httpServletRequest.getSession();
            Response response = new Response();
            response.setData(OutlookFolderStorage.OUTLOOK_TREE_ID);
            ResponseWriter.write(response, httpServletResponse.getWriter(), localeFrom((Session) session));
        } finally {
            LogProperties.removeSessionProperties();
        }
    }

    protected void doStore(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OXException, JSONException, IOException {
        Tools.disableCaching(httpServletResponse);
        httpServletResponse.setContentType(AJAXServlet.CONTENTTYPE_JAVASCRIPT);
        doCookieReWrite(httpServletRequest, httpServletResponse, CookieType.SESSION);
    }

    protected void doRefreshSecret(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OXException, JSONException, IOException {
        Tools.disableCaching(httpServletResponse);
        httpServletResponse.setContentType(AJAXServlet.CONTENTTYPE_JAVASCRIPT);
        doCookieReWrite(httpServletRequest, httpServletResponse, CookieType.SECRET);
    }

    public static void logAndSendException(HttpServletResponse httpServletResponse, OXException oXException) throws IOException {
        LOG.debug("", oXException);
        Tools.disableCaching(httpServletResponse);
        httpServletResponse.setContentType(AJAXServlet.CONTENTTYPE_JAVASCRIPT);
        Response response = new Response();
        response.setException(oXException);
        Send.sendResponse(response, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        doGet(httpServletRequest, httpServletResponse);
    }

    protected void writeSessionCookie(HttpServletResponse httpServletResponse, Session session, String str, boolean z, String str2) {
        Cookie cookie = new Cookie(SESSION_PREFIX + str, session.getSessionID());
        configureCookie(cookie, z, str2, confReference.get());
        httpServletResponse.addCookie(cookie);
    }

    public static void addHeadersAndCookies(LoginResult loginResult, HttpServletResponse httpServletResponse) {
        com.openexchange.authentication.Cookie[] cookies = loginResult.getCookies();
        if (null != cookies) {
            for (com.openexchange.authentication.Cookie cookie : cookies) {
                httpServletResponse.addCookie(wrapCookie(cookie));
            }
        }
        com.openexchange.authentication.Header[] headers = loginResult.getHeaders();
        if (null != headers) {
            for (com.openexchange.authentication.Header header : headers) {
                httpServletResponse.addHeader(header.getName(), header.getValue());
            }
        }
    }

    private static Cookie wrapCookie(com.openexchange.authentication.Cookie cookie) {
        return new Cookie(cookie.getName(), cookie.getValue());
    }

    private String parseClient(HttpServletRequest httpServletRequest) {
        try {
            return LoginTools.parseClient(httpServletRequest, false, confReference.get().getDefaultClient());
        } catch (OXException e) {
            return confReference.get().getDefaultClient();
        }
    }

    protected static void appendModules(Session session, JSONObject jSONObject, HttpServletRequest httpServletRequest) {
        if (parseBoolean(httpServletRequest.getParameter("modules"))) {
            try {
                Setting settingByPath = ConfigTree.getInstance().getSettingByPath("modules");
                SettingStorage.getInstance(session).readValues(settingByPath);
                jSONObject.put("modules", ConfigMenu.convert2JS(settingByPath));
            } catch (Exception e) {
                LOG.warn("Modules could not be added to login JSON response", e);
            }
        }
    }

    public static boolean parseBoolean(String str) {
        return "true".equalsIgnoreCase(str) || OutlookFolderStorage.OUTLOOK_TREE_ID.equals(str) || "yes".equalsIgnoreCase(str) || "y".equalsIgnoreCase(str) || "on".equalsIgnoreCase(str);
    }

    private void doAuthHeaderLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OXException, IOException {
        Authorization.Credentials credentials;
        String str;
        String header = httpServletRequest.getHeader(Header.AUTH_HEADER);
        if (!Authorization.checkForAuthorizationHeader(header)) {
            throw LoginExceptionCodes.UNKNOWN_HTTP_AUTHORIZATION.create();
        }
        LoginConfiguration loginConfiguration = confReference.get();
        if (Authorization.checkForBasicAuthorization(header)) {
            credentials = Authorization.decode(header);
            str = loginConfiguration.getClientVersion();
        } else {
            if (!Authorization.checkForKerberosAuthorization(header)) {
                throw LoginExceptionCodes.UNKNOWN_HTTP_AUTHORIZATION.create(new Object[]{""});
            }
            credentials = new Authorization.Credentials("kerberos", "");
            str = "Kerberos";
        }
        String parseClient = parseClient(httpServletRequest);
        String parseClientIP = LoginTools.parseClientIP(httpServletRequest);
        String parseUserAgent = LoginTools.parseUserAgent(httpServletRequest);
        LoginRequestImpl loginRequestImpl = new LoginRequestImpl(credentials.getLogin(), credentials.getPassword(), parseClientIP, parseUserAgent, UUIDs.getUnformattedString(UUID.randomUUID()), parseClient, str, HashCalculator.getInstance().getHash(httpServletRequest, parseUserAgent, parseClient), Interface.HTTP_JSON, Tools.copyHeaders(httpServletRequest), Tools.getCookieFromHeader(httpServletRequest), Tools.considerSecure(httpServletRequest, loginConfiguration.isCookieForceHTTPS()), httpServletRequest.getServerName(), httpServletRequest.getServerPort(), httpServletRequest.getSession(true).getId());
        HashMap hashMap = new HashMap(1);
        String parameter = httpServletRequest.getParameter(FolderFields.CAPABILITIES);
        if (null != parameter) {
            hashMap.put("client.capabilities", parameter);
        }
        LoginResult doLogin = LoginPerformer.getInstance().doLogin(loginRequestImpl, hashMap);
        Session session = doLogin.getSession();
        Tools.disableCaching(httpServletResponse);
        writeSecretCookie(httpServletRequest, httpServletResponse, session, session.getHash(), httpServletRequest.isSecure(), httpServletRequest.getServerName(), loginConfiguration);
        addHeadersAndCookies(doLogin, httpServletResponse);
        httpServletResponse.sendRedirect(LoginTools.generateRedirectURL(null, loginConfiguration.getHttpAuthAutoLogin(), session.getSessionID(), loginConfiguration.getUiWebPath()));
    }

    public static void writeSecretCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Session session, String str, boolean z, String str2, LoginConfiguration loginConfiguration) {
        Cookie cookie = new Cookie(SECRET_PREFIX + str, session.getSecret());
        configureCookie(cookie, z, str2, loginConfiguration);
        httpServletResponse.addCookie(cookie);
        String str3 = (String) session.getParameter(Session.PARAM_ALTERNATIVE_ID);
        if (null != str3) {
            Cookie cookie2 = new Cookie(getPublicSessionCookieName(httpServletRequest), str3);
            configureCookie(cookie2, z, str2, loginConfiguration);
            httpServletResponse.addCookie(cookie2);
        }
    }

    public static void writePublicSessionCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Session session, boolean z, String str, LoginConfiguration loginConfiguration) {
        String str2 = (String) session.getParameter(Session.PARAM_ALTERNATIVE_ID);
        if (null != str2) {
            Cookie cookie = new Cookie(getPublicSessionCookieName(httpServletRequest), str2);
            configureCookie(cookie, z, str, loginConfiguration);
            httpServletResponse.addCookie(cookie);
        }
    }

    public static void configureCookie(Cookie cookie, boolean z, String str, LoginConfiguration loginConfiguration) {
        cookie.setPath("/");
        if (z || (loginConfiguration.isCookieForceHTTPS() && !Cookies.isLocalLan(str))) {
            cookie.setSecure(true);
        }
        if (loginConfiguration.isSessiondAutoLogin() || loginConfiguration.getCookieExpiry() < 0) {
            cookie.setMaxAge(loginConfiguration.getCookieExpiry());
        }
        String domainValue = Cookies.getDomainValue(null == str ? LogProperties.getLogProperty(LogProperties.Name.AJP_SERVER_NAME) : str);
        if (null != domainValue) {
            cookie.setDomain(domainValue);
        }
    }

    static {
        EnumSet noneOf = EnumSet.noneOf(LogProperties.Name.class);
        noneOf.add(LogProperties.Name.LOGIN_AUTH_ID);
        noneOf.add(LogProperties.Name.LOGIN_CLIENT);
        noneOf.add(LogProperties.Name.LOGIN_CLIENT_IP);
        noneOf.add(LogProperties.Name.LOGIN_LOGIN);
        noneOf.add(LogProperties.Name.LOGIN_USER_AGENT);
        noneOf.add(LogProperties.Name.LOGIN_VERSION);
        noneOf.add(LogProperties.Name.SESSION_AUTH_ID);
        noneOf.add(LogProperties.Name.SESSION_SESSION_ID);
        noneOf.add(LogProperties.Name.SESSION_USER_ID);
        noneOf.add(LogProperties.Name.SESSION_USER_NAME);
        noneOf.add(LogProperties.Name.SESSION_CONTEXT_ID);
        noneOf.add(LogProperties.Name.SESSION_CLIENT_ID);
        noneOf.add(LogProperties.Name.SESSION_SESSION);
        LOG_PROPERTIES = Collections.unmodifiableSet(noneOf);
        SESSION_PREFIX = "open-xchange-session-".intern();
        SECRET_PREFIX = "open-xchange-secret-".intern();
        PUBLIC_SESSION_PREFIX = "open-xchange-public-session-".intern();
        ACTION_CHANGEIP = "changeip".intern();
        confReference = new AtomicReference<>();
    }
}
