package org.n52.security.service.authentication.servlet;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.n52.security.authentication.AuthenticationContext;
import org.n52.security.authentication.AuthenticationException;
import org.n52.security.authentication.AuthenticationFailedException;
import org.n52.security.authentication.AuthenticationService;
import org.n52.security.authentication.UsernamePasswordCredential;
import org.n52.security.authentication.callbacks.CredentialsCallbackHandler;

/* loaded from: input_file:org/n52/security/service/authentication/servlet/UsernamePasswordParamAuthenticationProcessorFactory.class */
public class UsernamePasswordParamAuthenticationProcessorFactory implements AuthenticationProcessorFactory {
    private String m_usernameParameterName = "user";
    private String m_passwordParameterName = "pw";
    private boolean m_disableHttpGet = false;

    public String getUsernameParameterName() {
        return this.m_usernameParameterName;
    }

    public void setUsernameParameterName(String str) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("<usernameParameterName> must not null or empty");
        }
        this.m_usernameParameterName = str;
    }

    public String getPasswordParameterName() {
        return this.m_passwordParameterName;
    }

    public void setPasswordParameterName(String str) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("<passwordParameterName> must not null or empty");
        }
        this.m_passwordParameterName = str;
    }

    public void setDisableHttpGet(boolean z) {
        this.m_disableHttpGet = z;
    }

    public boolean isDisableHttpGet() {
        return this.m_disableHttpGet;
    }

    @Override // org.n52.security.service.authentication.servlet.AuthenticationProcessorFactory
    public AuthenticationProcessor getProcessor() {
        return new AuthenticationProcessor(this) { // from class: org.n52.security.service.authentication.servlet.UsernamePasswordParamAuthenticationProcessorFactory.1
            private final UsernamePasswordParamAuthenticationProcessorFactory this$0;

            {
                this.this$0 = this;
            }

            @Override // org.n52.security.service.authentication.servlet.AuthenticationProcessor
            public AuthenticationContext authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationService authenticationService) throws AuthenticationException {
                String str = null;
                String str2 = null;
                String contentType = httpServletRequest.getContentType();
                String method = httpServletRequest.getMethod();
                if ("GET".equals(method) && this.this$0.isDisableHttpGet()) {
                    throw new AuthenticationFailedException("Username and password via HTTP GET not supported.");
                }
                if ("GET".equals(method) || (contentType != null && contentType.contains("x-www-form"))) {
                    str = httpServletRequest.getParameter(this.this$0.getUsernameParameterName());
                    str2 = httpServletRequest.getParameter(this.this$0.getPasswordParameterName());
                }
                return str == null ? authenticationService.createAuthenticationContext() : authenticationService.login(new CredentialsCallbackHandler().add(new UsernamePasswordCredential(str, str2)));
            }
        };
    }
}
