package com.zimbra.cs.service;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.AuthToken;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.auth.AuthContext;
import com.zimbra.cs.service.authenticator.SSOAuthenticator;
import java.io.IOException;
import java.security.Principal;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/zimbra/cs/service/SpnegoAuthServlet.class */
public class SpnegoAuthServlet extends SSOServlet {
    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        ZimbraLog.clearContext();
        addRemoteIpToLoggingContext(httpServletRequest);
        addUAToLoggingContext(httpServletRequest);
        try {
            boolean isOnAdminPort = isOnAdminPort(httpServletRequest);
            boolean isFromZCO = isFromZCO(httpServletRequest);
            Principal userPrincipal = httpServletRequest.getUserPrincipal();
            if (userPrincipal == null) {
                throw AccountServiceException.AuthFailedServiceException.AUTH_FAILED("no principal");
            }
            if (!(userPrincipal instanceof SSOAuthenticator.ZimbraPrincipal)) {
                throw AccountServiceException.AuthFailedServiceException.AUTH_FAILED(userPrincipal.getName(), "not ZimbraPrincipal", (Throwable) null);
            }
            SSOAuthenticator.ZimbraPrincipal zimbraPrincipal = (SSOAuthenticator.ZimbraPrincipal) userPrincipal;
            AuthToken authorize = authorize(httpServletRequest, AuthContext.Protocol.spnego, zimbraPrincipal, isOnAdminPort);
            if (isFromZCO) {
                setAuthTokenCookieAndReturn(httpServletRequest, httpServletResponse, authorize);
            } else {
                setAuthTokenCookieAndRedirect(httpServletRequest, httpServletResponse, zimbraPrincipal.getAccount(), authorize);
            }
        } catch (ServiceException e) {
            if (e instanceof AccountServiceException.AuthFailedServiceException) {
                AccountServiceException.AuthFailedServiceException authFailedServiceException = (AccountServiceException.AuthFailedServiceException) e;
                ZimbraLog.account.info("spnego auth failed: " + authFailedServiceException.getMessage() + authFailedServiceException.getReason(", %s"));
            } else {
                ZimbraLog.account.info("spnego auth failed: " + e.getMessage());
            }
            ZimbraLog.account.debug("spnego auth failed", e);
            if (0 != 0) {
                httpServletResponse.sendError(403, e.getMessage());
                return;
            }
            try {
                redirectToErrorPage(httpServletRequest, httpServletResponse, false, Provisioning.getInstance().getConfig().getSpnegoAuthErrorURL());
            } catch (ServiceException e2) {
                ZimbraLog.account.info("failed to redirect to error page: " + e2.getMessage());
                httpServletResponse.sendError(403, e.getMessage());
            }
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGet(httpServletRequest, httpServletResponse);
    }

    @Override // com.zimbra.cs.service.SSOServlet
    protected boolean redirectToRelativeURL() {
        return true;
    }
}
