package edu.yale.its.tp.cas.client.taglib;

import edu.yale.its.tp.cas.client.ProxyTicketValidator;
import edu.yale.its.tp.cas.client.Util;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.JspTagException;
import javax.servlet.jsp.tagext.TagSupport;
import javax.xml.parsers.ParserConfigurationException;
import org.xml.sax.SAXException;

/* loaded from: input_file:edu/yale/its/tp/cas/client/taglib/AuthTag.class */
public class AuthTag extends TagSupport {
    private String var;
    private int scope;
    private String casLogin;
    private String casValidate;
    private String service;
    private List acceptedProxies;
    private HttpServletRequest request;
    private HttpServletResponse response;

    public int doStartTag() throws JspException {
        this.request = this.pageContext.getRequest();
        this.response = this.pageContext.getResponse();
        this.casLogin = null;
        this.casValidate = null;
        try {
            this.service = Util.getService(this.request, this.pageContext.getServletContext().getInitParameter("edu.yale.its.tp.cas.serverName"));
            this.acceptedProxies = new ArrayList();
            return 1;
        } catch (ServletException e) {
            throw new JspException(e);
        }
    }

    public int doEndTag() throws JspTagException {
        try {
            if (this.pageContext.getAttribute(this.var, this.scope) != null) {
                return 6;
            }
            String parameter = this.request.getParameter("ticket");
            if (parameter == null || parameter.equals("")) {
                if (this.casLogin == null) {
                    throw new JspTagException("for pages that expect to be called without 'ticket' parameter, cas:auth must have a cas:loginUrl subtag");
                }
                this.response.sendRedirect(new StringBuffer().append(this.casLogin).append("?service=").append(this.service).toString());
                return 5;
            }
            String authenticatedNetid = getAuthenticatedNetid(parameter);
            if (authenticatedNetid == null) {
                throw new JspTagException("Unexpected CAS authentication error");
            }
            this.pageContext.setAttribute(this.var, authenticatedNetid, this.scope);
            return 6;
        } catch (IOException e) {
            throw new JspTagException(e.getMessage());
        } catch (ParserConfigurationException e2) {
            throw new JspTagException(e2.getMessage());
        } catch (SAXException e3) {
            throw new JspTagException(e3.getMessage());
        }
    }

    public void setVar(String str) {
        this.var = str;
    }

    public void setScope(String str) {
        if (str.equals("page")) {
            this.scope = 1;
            return;
        }
        if (str.equals("request")) {
            this.scope = 2;
        } else if (str.equals("session")) {
            this.scope = 3;
        } else {
            if (!str.equals("application")) {
                throw new IllegalArgumentException("invalid scope");
            }
            this.scope = 4;
        }
    }

    public void setCasLogin(String str) {
        this.casLogin = str;
    }

    public void setCasValidate(String str) {
        this.casValidate = str;
    }

    public void addAuthorizedProxy(String str) {
        this.acceptedProxies.add(str);
    }

    public void setService(String str) {
        this.service = str;
    }

    public AuthTag() {
        init();
    }

    public void release() {
        super.release();
        init();
    }

    private void init() {
        this.var = null;
        this.scope = 1;
        this.casLogin = null;
        this.casValidate = null;
        this.acceptedProxies = null;
    }

    private String getAuthenticatedNetid(String str) throws ParserConfigurationException, SAXException, IOException, JspTagException {
        ProxyTicketValidator proxyTicketValidator = new ProxyTicketValidator();
        proxyTicketValidator.setCasValidateUrl(this.casValidate);
        proxyTicketValidator.setServiceTicket(str);
        proxyTicketValidator.setService(this.service);
        proxyTicketValidator.validate();
        if (!proxyTicketValidator.isAuthenticationSuccesful()) {
            throw new JspTagException(new StringBuffer().append("CAS authentication error: ").append(proxyTicketValidator.getErrorCode()).toString());
        }
        if (proxyTicketValidator.getProxyList().size() != 0) {
            if (this.acceptedProxies.size() == 0) {
                throw new JspTagException("this page does not accept proxied tickets");
            }
            if (!this.acceptedProxies.contains(proxyTicketValidator.getProxyList().get(0))) {
                throw new JspTagException(new StringBuffer().append("unauthorized top-level proxy: '").append(proxyTicketValidator.getProxyList().get(0)).append("'").toString());
            }
        }
        return proxyTicketValidator.getUser();
    }
}
