package org.josso.tc55.agent;

import java.io.IOException;
import java.util.HashMap;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.Manager;
import org.apache.catalina.Session;
import org.apache.catalina.SessionEvent;
import org.apache.catalina.SessionListener;
import org.apache.catalina.authenticator.SavedRequest;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.catalina.util.LifecycleSupport;
import org.apache.catalina.valves.ValveBase;
import org.josso.Lookup;
import org.josso.agent.LocalSession;
import org.josso.agent.SSOAgentRequest;
import org.josso.agent.SingleSignOnEntry;

/* loaded from: input_file:org/josso/tc55/agent/SSOAgentValve.class */
public class SSOAgentValve extends ValveBase implements Lifecycle, SessionListener {
    protected static String info = "org.apache.catalina.authenticator.SingleSignOn";
    private CatalinaSSOAgent _agent;
    protected int debug = 0;
    protected LifecycleSupport lifecycle = new LifecycleSupport(this);
    protected boolean started = false;
    HashMap _sessionMap = new HashMap();

    public int getDebug() {
        return this.debug;
    }

    public void setDebug(int i) {
        this.debug = i;
    }

    public void sessionEvent(SessionEvent sessionEvent) {
        LocalSession localSession = (LocalSession) this._sessionMap.get(sessionEvent.getSession());
        if (sessionEvent.getType().equals("destroySession")) {
            localSession.expire();
        }
    }

    public void addLifecycleListener(LifecycleListener lifecycleListener) {
        this.lifecycle.addLifecycleListener(lifecycleListener);
    }

    public LifecycleListener[] findLifecycleListeners() {
        return this.lifecycle.findLifecycleListeners();
    }

    public void removeLifecycleListener(LifecycleListener lifecycleListener) {
        this.lifecycle.removeLifecycleListener(lifecycleListener);
    }

    public void start() throws LifecycleException {
        if (this.started) {
            throw new LifecycleException("Agent already started");
        }
        this.lifecycle.fireLifecycleEvent("start", (Object) null);
        this.started = true;
        try {
            Lookup lookup = Lookup.getInstance();
            lookup.init("josso-agent-config.xml");
            this._agent = lookup.lookupSSOAgent();
            this._agent.setDebug(this.debug);
            this._agent.setCatalinaContainer(this.container);
            this._agent.start();
            if (this.debug >= 1) {
                log("Started");
            }
        } catch (Exception e) {
            e.printStackTrace(System.err);
            throw new LifecycleException("Error starting SSO Agent : " + e.getMessage());
        }
    }

    public void stop() throws LifecycleException {
        if (!this.started) {
            throw new LifecycleException("Agent not started");
        }
        this.lifecycle.fireLifecycleEvent("stop", (Object) null);
        this.started = false;
        this._agent.stop();
        if (this.debug >= 1) {
            log("Stopped");
        }
    }

    public String getInfo() {
        return info;
    }

    public void invoke(Request request, Response response) throws IOException, ServletException {
        SecurityConstraint[] findSecurityConstraints;
        HttpServletRequest request2 = request.getRequest();
        HttpServletResponse response2 = response.getResponse();
        if (this.debug >= 1) {
            log("Processing : " + request2.getContextPath());
        }
        try {
            String contextPath = request2.getContextPath();
            if ("".equals(contextPath)) {
                contextPath = "/";
            }
            if (!this._agent.isPartnerApp(contextPath)) {
                getNext().invoke(request, response);
                if (this.debug >= 1) {
                    log("Context is not a josso partner app : " + request2.getContextPath());
                }
                if (this.debug >= 1) {
                    log("Processed : " + request2.getContextPath());
                    return;
                }
                return;
            }
            if (this.debug >= 1) {
                log("Checking if its a josso_login_request for '" + request2.getRequestURI() + "'");
            }
            if (request2.getRequestURI().endsWith("/josso_login/")) {
                if (this.debug >= 1) {
                    log("josso_login_request received for uri '" + request2.getRequestURI() + "'");
                }
                String gatewayLoginUrl = this._agent.getGatewayLoginUrl();
                String gatewayLoginErrorUrl = this._agent.getGatewayLoginErrorUrl();
                String str = gatewayLoginUrl + "?josso_back_to=" + this._agent.buildBackToURL(request2, "/josso_security_check") + (gatewayLoginErrorUrl != null ? "&josso_on_error=" + gatewayLoginErrorUrl : "");
                if (this.debug >= 1) {
                    log("Redirecting to login url '" + str + "'");
                }
                response2.sendRedirect(response2.encodeRedirectURL(str));
                if (this.debug >= 1) {
                    log("Processed : " + request2.getContextPath());
                    return;
                }
                return;
            }
            if (this.debug >= 1) {
                log("Checking if its a josso_logout request for '" + request2.getRequestURI() + "'");
            }
            if (request2.getRequestURI().endsWith("/josso_logout/")) {
                if (this.debug >= 1) {
                    log("josso_logout request received for uri '" + request2.getRequestURI() + "'");
                }
                String buildBackToURL = this._agent.buildBackToURL(request2, "/");
                String str2 = this._agent.getGatewayLogoutUrl() + (buildBackToURL != null ? "?josso_back_to=" + buildBackToURL : "");
                if (this.debug >= 1) {
                    log("Redirecting to logout url '" + str2 + "'");
                }
                response2.addCookie(this._agent.newJossoCookie(request.getContextPath(), "-"));
                response2.sendRedirect(response2.encodeRedirectURL(str2));
                if (this.debug >= 1) {
                    log("Processed : " + request2.getContextPath());
                    return;
                }
                return;
            }
            if (this.debug >= 1) {
                log("Checking for SSO cookie");
            }
            Cookie cookie = null;
            Cookie[] cookies = request2.getCookies();
            if (cookies == null) {
                cookies = new Cookie[0];
            }
            int i = 0;
            while (true) {
                if (i >= cookies.length) {
                    break;
                }
                if ("JOSSO_SESSIONID".equals(cookies[i].getName())) {
                    cookie = cookies[i];
                    break;
                }
                i++;
            }
            if (cookie == null) {
                if (this.debug >= 1) {
                    log("SSO cookie is not present, checking for outbound relaying");
                }
                if (!request2.getRequestURI().endsWith("/josso_security_check") || request2.getParameter("josso_assertion_id") == null) {
                    log("SSO cookie not present and relaying was not requested, skipping");
                    getNext().invoke(request, response);
                    if (this.debug >= 1) {
                        log("Processed : " + request2.getContextPath());
                        return;
                    }
                    return;
                }
            }
            String[] ignoredWebRources = this._agent.getPartnerAppConfig(contextPath).getIgnoredWebRources();
            if (this.debug >= 1) {
                log("Found [" + (ignoredWebRources != null ? ignoredWebRources.length + "" : "no") + "] ignored web resources ");
            }
            if (ignoredWebRources != null && ignoredWebRources.length > 0 && (findSecurityConstraints = request.getContext().getRealm().findSecurityConstraints(request, request.getContext())) != null) {
                for (String str3 : ignoredWebRources) {
                    for (SecurityConstraint securityConstraint : findSecurityConstraints) {
                        if (securityConstraint.findCollection(str3) != null) {
                            if (this.debug >= 1) {
                                log("Not subject to SSO protection :  web-resource-name:" + str3);
                            }
                            getNext().invoke(request, response);
                            if (this.debug >= 1) {
                                log("Processed : " + request2.getContextPath());
                                return;
                            }
                            return;
                        }
                    }
                }
            }
            String value = cookie == null ? null : cookie.getValue();
            Session session = getSession(request, true);
            if (this.debug >= 1) {
                log("Session is: " + session);
            }
            CatalinaLocalSession catalinaLocalSession = new CatalinaLocalSession(session);
            if (this.debug >= 1) {
                log("Executing agent...");
            }
            this._agent.setCatalinaContainer(request.getContext());
            if (this.debug >= 1) {
                log("Checking if its a josso_security_check for '" + request2.getRequestURI() + "'");
            }
            if (!request2.getRequestURI().endsWith("/josso_security_check") || request2.getParameter("josso_assertion_id") == null) {
                log("Creating Security Context for Session [" + session + "]");
                SSOAgentRequest catalinaSSOAgentRequest = new CatalinaSSOAgentRequest(1, value, catalinaLocalSession);
                catalinaSSOAgentRequest.setContext(request.getContext());
                SingleSignOnEntry processRequest = this._agent.processRequest(catalinaSSOAgentRequest);
                if (this.debug >= 1) {
                    log("Executed agent.");
                }
                if (this._sessionMap.get(catalinaLocalSession.getWrapped()) == null) {
                    session.addSessionListener(this);
                    this._sessionMap.put(session, catalinaLocalSession);
                }
                if (this.debug >= 1) {
                    log("Process request for '" + request2.getRequestURI() + "'");
                }
                if (processRequest != null) {
                    if (this.debug >= 1) {
                        log("Principal '" + processRequest.principal + "' has already been authenticated");
                    }
                    request.setAuthType(processRequest.authType);
                    request.setUserPrincipal(processRequest.principal);
                }
                request2.setAttribute("org.josso.agent.gateway-login-url", this._agent.getGatewayLoginUrl());
                request2.setAttribute("org.josso.agent.gateway-logout-url", this._agent.getGatewayLogoutUrl());
                request2.setAttribute("org.josso.agent.ssoSessionid", value);
                getNext().invoke(request, response);
                if (this.debug >= 1) {
                    log("Processed : " + request2.getContextPath());
                    return;
                }
                return;
            }
            if (this.debug >= 1) {
                log("josso_security_check received for uri '" + request2.getRequestURI() + "' assertion id '" + request2.getParameter("josso_assertion_id"));
            }
            String parameter = request2.getParameter("josso_assertion_id");
            if (this.debug >= 1) {
                log("Outbound relaying requested for assertion id [" + parameter + "]");
            }
            SSOAgentRequest catalinaSSOAgentRequest2 = new CatalinaSSOAgentRequest(2, null, catalinaLocalSession, parameter);
            catalinaSSOAgentRequest2.setContext(request.getContext());
            SingleSignOnEntry processRequest2 = this._agent.processRequest(catalinaSSOAgentRequest2);
            if (this.debug >= 1) {
                log("Outbound relaying succesfull for assertion id [" + parameter + "]");
            }
            if (this.debug >= 1) {
                log("Assertion id [" + parameter + "] mapped to SSO session id [" + processRequest2.ssoId + "]");
            }
            response2.addCookie(this._agent.newJossoCookie(request.getContextPath(), processRequest2.ssoId));
            String savedRequestURL = savedRequestURL(session);
            if (savedRequestURL == null) {
                savedRequestURL = request2.getRequestURI().substring(0, request2.getRequestURI().length() - "/josso_security_check".length());
                String singlePointOfAccess = this._agent.getSinglePointOfAccess();
                if (singlePointOfAccess != null) {
                    savedRequestURL = singlePointOfAccess + savedRequestURL;
                } else {
                    String header = request2.getHeader("Josso-ReversE-Proxy");
                    if (header != null) {
                        savedRequestURL = header + savedRequestURL;
                    }
                }
                if (this.debug >= 1) {
                    log("No saved request found, using : '" + savedRequestURL + "'");
                }
            }
            if (this.debug >= 1) {
                log("Redirecting to original '" + savedRequestURL + "'");
            }
            response2.sendRedirect(response2.encodeRedirectURL(savedRequestURL));
            if (this.debug >= 1) {
                log("Processed : " + request2.getContextPath());
            }
        } catch (Throwable th) {
            if (this.debug >= 1) {
                log("Processed : " + request2.getContextPath());
            }
            throw th;
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer("SingleSignOn[");
        stringBuffer.append(this.container != null ? this.container.getName() : "");
        stringBuffer.append("]");
        return stringBuffer.toString();
    }

    protected Session getSession(Request request) {
        return getSession(request, false);
    }

    protected Session getSession(Request request, boolean z) {
        HttpSession session = request.getRequest().getSession(z);
        if (this.debug >= 1) {
            log("getCurrentSession() : hses " + session);
        }
        if (session == null) {
            return null;
        }
        Manager manager = request.getContext().getManager();
        if (this.debug >= 1) {
            log("getCurrentSession() : manager is " + manager);
        }
        if (manager == null) {
            return null;
        }
        try {
            return manager.findSession(session.getId());
        } catch (IOException e) {
            return null;
        }
    }

    protected void log(String str) {
        if (this.container == null) {
            System.out.println(toString() + ": " + str);
        } else if (this.container.getLogger().isDebugEnabled()) {
            this.container.getLogger().debug(toString() + ": " + str);
        }
    }

    protected void log(String str, Throwable th) {
        if (this.container == null) {
            System.out.println(toString() + ": " + str);
            th.printStackTrace(System.out);
        } else if (this.container.getLogger().isDebugEnabled()) {
            this.container.getLogger().debug(toString() + ": " + str, th);
        }
    }

    private String savedRequestURL(Session session) {
        SavedRequest savedRequest = (SavedRequest) session.getNote("org.apache.catalina.authenticator.REQUEST");
        if (savedRequest == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer(savedRequest.getRequestURI());
        if (savedRequest.getQueryString() != null) {
            stringBuffer.append('?');
            stringBuffer.append(savedRequest.getQueryString());
        }
        return stringBuffer.toString();
    }
}
