package org.melati.login;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.melati.Melati;
import org.melati.poem.AccessPoemException;
import org.melati.poem.PoemThread;
import org.melati.poem.User;
import org.melati.util.HttpServletRequestParameters;
import org.melati.util.HttpUtil;
import org.melati.util.MD5Util;
import org.melati.util.ReconstructedHttpServletRequest;
import org.melati.util.ReconstructedHttpServletRequestMismatchException;
import org.melati.util.UTF8URLEncoder;

/* loaded from: input_file:WEB-INF/lib/melati-0.7.8-RC3-SNAPSHOT.jar:org/melati/login/HttpSessionAccessHandler.class */
public class HttpSessionAccessHandler implements AccessHandler {
    public static final String OVERLAY_PARAMETERS = "org.melati.login.HttpSessionAccessHandler.overlayParameters";
    public static final String USER = "org.melati.login.HttpSessionAccessHandler.user";

    protected String loginPageServletClassName() {
        return "org.melati.login.Login";
    }

    public String loginPageURL(Melati melati, HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer();
        HttpUtil.appendRelativeZoneURL(stringBuffer, httpServletRequest);
        stringBuffer.append('/');
        stringBuffer.append(loginPageServletClassName());
        stringBuffer.append('/');
        stringBuffer.append(melati.getPoemContext().getLogicalDatabase());
        stringBuffer.append('/');
        return stringBuffer.toString();
    }

    @Override // org.melati.login.AccessHandler
    public void handleAccessException(Melati melati, AccessPoemException accessPoemException) throws Exception {
        HttpServletRequest request = melati.getRequest();
        HttpServletResponse response = melati.getResponse();
        HttpSession session = request.getSession(true);
        session.setAttribute(Login.TRIGGERING_REQUEST_PARAMETERS, new HttpServletRequestParameters(request));
        session.setAttribute(Login.TRIGGERING_EXCEPTION, accessPoemException);
        melati.getWriter().reset();
        response.sendRedirect(loginPageURL(melati, request));
    }

    @Override // org.melati.login.AccessHandler
    public Melati establishUser(Melati melati) {
        String cookieValue;
        String logicalDatabase = melati.getPoemContext().getLogicalDatabase();
        HttpSession session = melati.getSession();
        synchronized (session) {
            User user = (User) session.getAttribute(USER);
            if (user == null) {
                user = getUserFromCookie(melati, logicalDatabase);
                if (user != null && ((cookieValue = getCookieValue(melati, logicalDatabase + user.getLogin())) == null || !cookieValue.equals(MD5Util.encode(user.getPassword())))) {
                    user = null;
                }
            }
            logUsIn(melati, user);
        }
        return melati;
    }

    protected void logUsIn(Melati melati, User user) {
        PoemThread.setAccessToken(user == null ? melati.getDatabase().guestAccessToken() : user);
    }

    User getUserFromCookie(Melati melati, String str) {
        String cookieValue = getCookieValue(melati, str);
        if (cookieValue == null) {
            return null;
        }
        return (User) melati.getDatabase().getUserTable().getLoginColumn().firstWhereEq(cookieValue);
    }

    String getCookieValue(Melati melati, String str) {
        String encode = UTF8URLEncoder.encode(str);
        Cookie[] cookies = melati.getRequest().getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(encode)) {
                return UTF8URLEncoder.decode(cookie.getValue());
            }
        }
        return null;
    }

    @Override // org.melati.login.AccessHandler
    public void buildRequest(Melati melati) throws ReconstructedHttpServletRequestMismatchException {
        HttpSession session = melati.getSession();
        synchronized (session) {
            HttpServletRequestParameters httpServletRequestParameters = (HttpServletRequestParameters) session.getAttribute(OVERLAY_PARAMETERS);
            if (httpServletRequestParameters != null) {
                session.removeAttribute(OVERLAY_PARAMETERS);
                melati.setRequest(new ReconstructedHttpServletRequest(httpServletRequestParameters, melati.getRequest()));
            }
        }
    }
}
