package com.tivoli.xtela.core.ui.web.console;

import com.tivoli.xtela.core.security.Authorization;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:142513449e75f67c81acb6a2b8b6afc5/ijar/default:d51c6217bc70adee0f1e7b7b3efc18f8:com/tivoli/xtela/core/ui/web/console/CrossSite.class */
public class CrossSite extends HttpServlet {
    public static final String USER_KEY = "xsite.user";
    public static final String TARGET_KEY = "xsite.target";
    private static final String CONSOLE_TARGET = "com.tivoli.xtela.core.ui.web.console.Console";
    private static final String USERNAME = "username";
    private static final String PASSWORD = "password";
    private static String baseUrl;
    private String target = CONSOLE_TARGET;
    private static final String CONSOLE;

    public String getServiceName() {
        return "CrossSite";
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (authenticate(httpServletRequest)) {
            httpServletResponse.sendRedirect(this.target);
        } else {
            httpServletResponse.setContentType("text/html");
            httpServletResponse.getWriter().println(getView("Authentication failed"));
        }
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.setContentType("text/html");
        httpServletResponse.getWriter().println(getView());
    }

    public boolean authenticate(HttpServletRequest httpServletRequest) {
        System.out.println("CrossSite.authenticate");
        boolean z = false;
        try {
            String parameter = httpServletRequest.getParameter("username");
            Authorization authorization = new Authorization(parameter, httpServletRequest.getParameter("password"), httpServletRequest);
            if (authorization != null) {
                z = authorization.isAuth("Auth", "createUser");
                if (z) {
                    System.out.println(new StringBuffer(" new session created for ").append(authorization.getPrincipal()).toString());
                    HttpSession session = httpServletRequest.getSession(false);
                    if (session != null) {
                        String str = (String) session.getValue(TARGET_KEY);
                        if (str != null) {
                            System.out.println(new StringBuffer(" redirecting target to ").append(str).toString());
                            this.target = str;
                        }
                        session.invalidate();
                    }
                    httpServletRequest.getSession(true).putValue(USER_KEY, parameter);
                } else {
                    System.out.println(new StringBuffer(" ").append(authorization.getPrincipal()).append(" denied console access").toString());
                }
            } else {
                System.out.println(" unauthorized access attempted");
            }
        } catch (IOException e) {
            System.out.println(" IO error attempting to authenticate user");
            e.printStackTrace();
        }
        return z;
    }

    private String getView() {
        return getView(null);
    }

    private synchronized String getView(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("<html>");
        stringBuffer.append("<title>Tivoli Cross-Site Login 1</title>");
        stringBuffer.append("<body>");
        stringBuffer.append(new StringBuffer("<form action=").append(baseUrl).append("servlet/").append(getClass().getName()).append(" method=post>").toString());
        stringBuffer.append("<input type=hidden name='task' value='Authenticate'>");
        stringBuffer.append("<br>");
        stringBuffer.append("<center>");
        stringBuffer.append("<h2>Tivoli Cross-Site</h2>");
        stringBuffer.append(baseUrl);
        stringBuffer.append("<P>");
        stringBuffer.append("<table>");
        stringBuffer.append("<tr><td>");
        stringBuffer.append("<p align=right><b>Username:</b>");
        stringBuffer.append("</td>");
        stringBuffer.append("<td>");
        stringBuffer.append("<p><input type=text name='username' value='' size=25>");
        stringBuffer.append("</td></tr>");
        stringBuffer.append("<tr><td>");
        stringBuffer.append("<p align=right><b>Password:</b>");
        stringBuffer.append("</td>");
        stringBuffer.append("<td>");
        stringBuffer.append("<p><input type=password name='password' value='' size=25>");
        stringBuffer.append("</td></tr>");
        stringBuffer.append("</table>");
        stringBuffer.append("<p>");
        stringBuffer.append("<p>");
        stringBuffer.append("<input type=submit value=' Login '>");
        if (str != null) {
            stringBuffer.append("<br>");
            stringBuffer.append("<br>");
            stringBuffer.append(new StringBuffer("<span style=\"color:red\">").append(str).append("</span>").toString());
        }
        stringBuffer.append("</center>");
        stringBuffer.append("</body>");
        stringBuffer.append("</HTML>");
        return stringBuffer.toString();
    }

    static {
        baseUrl = null;
        baseUrl = new LocalMgmtServer().getBaseUrlString();
        CONSOLE = new StringBuffer(String.valueOf(baseUrl)).append("servlet/com.tivoli.xtela.core.ui.web.console.Console").toString();
    }
}
