package com.cloudera.server.web.common;

import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.cmf.service.auth.AuthServiceUtil;
import com.cloudera.cmf.service.scm.ScmHandler;
import com.cloudera.cmf.service.scm.ScmParamTrackerStore;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.server.cmf.components.CmServerState;
import com.cloudera.server.web.cmf.CmfPath;
import com.cloudera.server.web.cmf.LoginForm;
import com.cloudera.server.web.cmf.PreLogin;
import com.cloudera.server.web.cmf.WebController;
import com.google.common.annotations.VisibleForTesting;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.jamon.Renderer;
import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken;
import org.springframework.security.providers.ExpiringUsernameAuthenticationToken;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

@RequestMapping({"/*"})
@Controller
/* loaded from: input_file:com/cloudera/server/web/common/LoginController.class */
public class LoginController extends WebController {

    @Autowired
    CmServerState serverState;

    @Autowired
    ScmParamTrackerStore scmParamTrackerStore;

    private static ModelAndView redirectToSSOUrl(String str) {
        return redirectToExternal(str);
    }

    @RequestMapping(value = {"login"}, method = {RequestMethod.GET})
    public ModelAndView loginForm(HttpSession httpSession, @RequestParam(value = "returnUrl", required = false) String str) {
        if (((ScmParams.ExternalAuthType) this.scmParamTrackerStore.get(ScmParams.EXTERNAL_AUTH_TYPE)) != ScmParams.ExternalAuthType.SAML) {
            return AuthServiceUtil.useAuthService(this.scmParamTrackerStore) ? redirectToSSOUrl(CmfPath.AUTHSERVICE_LOGIN) : localLoginForm(httpSession, str);
        }
        String str2 = (String) this.scmParamTrackerStore.get(ScmParams.SAML_LOGIN_URL);
        return StringUtils.isEmpty(str2) ? redirectToSSOUrl(CmfPath.SAML_LOGIN) : redirectToSSOUrl(str2);
    }

    @RequestMapping(value = {"localLogin"}, method = {RequestMethod.GET})
    public ModelAndView localLoginForm(HttpSession httpSession, @RequestParam(value = "returnUrl", required = false) String str) {
        return JamonModelAndView.of(getRendererForLogin(httpSession, str));
    }

    @RequestMapping(value = {"preLogin"}, method = {RequestMethod.GET, RequestMethod.POST})
    public ModelAndView preLogin(HttpSession httpSession) {
        return JamonModelAndView.of(new PreLogin().makeRenderer());
    }

    @VisibleForTesting
    Renderer getRendererForLogin(HttpSession httpSession, String str) {
        Object attribute = httpSession.getAttribute("SPRING_SECURITY_LAST_EXCEPTION");
        String str2 = null;
        if (attribute != null) {
            if (attribute instanceof AuthenticationException) {
                ((AuthenticationException) attribute).getMessage();
                str2 = I18n.t("error.login.badCredentials");
            } else {
                LOG.error("Unexpected auth exception: " + attribute);
                str2 = I18n.t("error.login.unknownException");
            }
        }
        String iAPolicyHTML = getIAPolicyHTML();
        if (str == null) {
            str = CommandUtils.CONFIG_TOP_LEVEL_DIR;
        }
        LoginForm loginForm = new LoginForm();
        loginForm.setAllowNoLicense(true);
        return loginForm.makeRenderer(str2, iAPolicyHTML, this.serverState.showTrialCountDown(), this.serverState.getTrialDaysLeft(), this.serverState.isAuthConfigurationFailed(), this.serverState.isTLSConfigurationFailed(), str);
    }

    private String getIAPolicyHTML() {
        CmfEntityManager createCmfEntityManager = createCmfEntityManager();
        String str = null;
        try {
            try {
                createCmfEntityManager.beginForRollbackAndReadonly();
                str = (String) ScmHandler.getScmConfigValue(ScmParams.CUSTOM_IA_POLICY_HTML, createCmfEntityManager.getScmConfigProvider());
                createCmfEntityManager.close();
            } catch (RuntimeException e) {
                LOG.error("Unable to read the SCM Configuration value for ScmParams.CUSTOM_IA_POLICY_HTML", e);
                createCmfEntityManager.close();
            }
            return str;
        } catch (Throwable th) {
            createCmfEntityManager.close();
            throw th;
        }
    }

    @RequestMapping(value = {"logout"}, method = {RequestMethod.GET})
    public ModelAndView logout() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof ExpiringUsernameAuthenticationToken) {
            return redirectToSSOUrl(CmfPath.SAML_LOGOUT);
        }
        if (authentication instanceof KeycloakAuthenticationToken) {
            return redirectToSSOUrl(CmfPath.AUTHSERVICE_LOGOUT);
        }
        if (!(authentication instanceof KerberosServiceRequestToken)) {
            return redirectTo("/j_spring_security_logout");
        }
        com.cloudera.server.web.cmf.SimplePage simplePage = JSPageController.getSimplePage("cloudera/cmf/login/KerberosLogoutPage");
        simplePage.setSelectedAppTab(null);
        simplePage.setLoggedIn(false);
        return JamonModelAndView.of(simplePage.makeRenderer());
    }
}
