package org.jboss.portal.identity.sso.opensso;

import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import java.io.IOException;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.jacc.PolicyContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
import org.jboss.logging.Logger;
import org.jboss.portal.identity.helper.IdentityTools;

/* loaded from: input_file:org/jboss/portal/identity/sso/opensso/OpenSSOAuthenticationValve.class */
public class OpenSSOAuthenticationValve extends ValveBase {
    private static final Logger log = Logger.getLogger(OpenSSOAuthenticationValve.class);
    public static final String WEB_REQUEST_KEY = "javax.servlet.http.HttpServletRequest";
    private Set urlPatterns;
    private String loginURL;
    private String logoutURL;
    private String loginParameters;
    private String logoutParameters;
    private boolean appendLoginGoto = true;
    private boolean appendLogoutGoto = true;
    private String authType = "FORM";

    public void invoke(Request request, Response response) throws IOException, ServletException {
        SSOToken token = getToken();
        if (isSecuredURI(request.getRequestURI()) && token == null) {
            redirectToOpenSSOLogin(request, response);
            return;
        }
        if (token != null && isTokenValid(token)) {
            try {
                String property = token.getProperty("UserId");
                request.setAttribute("ssoSuccess", new Boolean(true));
                Principal authenticate = this.container.getRealm().authenticate(property, (String) null);
                if (authenticate != null) {
                    register(request, response, authenticate, getAuthType(), property, (String) null);
                }
            } catch (Exception e) {
                log.error("Failed to perform JAAS login: ", e);
            }
        }
        getNext().invoke(request, response);
        if (token != null && (!isTokenValid(token) || request.getAttribute("org.jboss.portal.logout") != null)) {
            destroyToken(token);
            redirectToOpenSSOLogout(request, response);
        } else {
            if (token != null || request.getUserPrincipal() == null) {
                return;
            }
            request.getSession().invalidate();
        }
    }

    private void redirectToOpenSSOLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(getLoginURL());
        if (isAppendLoginGoto()) {
            stringBuffer.append("?goto=").append(httpServletRequest.getRequestURL());
        }
        if (getLoginParameters() != null && getLoginParameters().length() > 0) {
            if (isAppendLoginGoto()) {
                stringBuffer.append("&");
            } else {
                stringBuffer.append("?");
            }
            stringBuffer.append(getLoginParameters());
        }
        if (log.isDebugEnabled()) {
            log.debug("Redirect to OpenSSO login URL: " + stringBuffer.toString());
        }
        httpServletResponse.sendRedirect(stringBuffer.toString());
    }

    private void redirectToOpenSSOLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(getLogoutURL());
        if (isAppendLogoutGoto()) {
            StringBuffer stringBuffer2 = new StringBuffer();
            if (httpServletRequest.isSecure()) {
                stringBuffer2.append("https://");
            } else {
                stringBuffer2.append("http://");
            }
            stringBuffer2.append(httpServletRequest.getServerName()).append(":").append(httpServletRequest.getServerPort()).append(httpServletRequest.getContextPath());
            stringBuffer.append("?goto=").append(stringBuffer2);
        }
        if (getLogoutParameters() != null && getLogoutParameters().length() > 0) {
            if (isAppendLogoutGoto()) {
                stringBuffer.append("&");
            } else {
                stringBuffer.append("?");
            }
            stringBuffer.append(getLogoutParameters());
        }
        if (log.isDebugEnabled()) {
            log.debug("Redirect to OpenSSO logout URL: " + stringBuffer.toString());
        }
        httpServletResponse.sendRedirect(stringBuffer.toString());
    }

    private SSOToken getToken() {
        try {
            return SSOTokenManager.getInstance().createSSOToken((HttpServletRequest) PolicyContext.getContext(WEB_REQUEST_KEY));
        } catch (Exception e) {
            log.debug("Failed to obtain SSO Token: " + e);
            return null;
        }
    }

    private boolean isTokenValid(SSOToken sSOToken) {
        if (sSOToken == null) {
            throw new IllegalArgumentException("Token cannot be null");
        }
        try {
            return SSOTokenManager.getInstance().isValidToken(sSOToken);
        } catch (Exception e) {
            log.debug("Failed to validate SSO Token: " + e);
            return false;
        }
    }

    private void destroyToken(SSOToken sSOToken) {
        if (sSOToken == null) {
            throw new IllegalArgumentException("Token cannot be null");
        }
        try {
            SSOTokenManager.getInstance().destroyToken(sSOToken);
        } catch (Exception e) {
            log.debug("Failed to destroy SSO Token: " + e);
        }
    }

    private boolean isSecuredURI(String str) {
        Set securedUrlPatterns = getSecuredUrlPatterns();
        if (log.isDebugEnabled()) {
            log.debug("Checking if requested uri '" + str + "' matches secured url patterns: " + securedUrlPatterns);
        }
        Iterator it = securedUrlPatterns.iterator();
        while (it.hasNext()) {
            if (str.indexOf((String) it.next()) != -1) {
                return true;
            }
        }
        return false;
    }

    public Set getSecuredUrlPatterns() {
        if (this.urlPatterns == null) {
            this.urlPatterns = IdentityTools.findSecuredURLs(this.container);
            HashSet hashSet = new HashSet();
            Iterator it = this.urlPatterns.iterator();
            while (it.hasNext()) {
                hashSet.add(((String) it.next()).replaceAll("\\*", ""));
            }
            this.urlPatterns = hashSet;
        }
        return this.urlPatterns;
    }

    private void register(Request request, Response response, Principal principal, String str, String str2, String str3) {
        request.setAuthType(str);
        request.setUserPrincipal(principal);
        Session sessionInternal = request.getSessionInternal(false);
        if (sessionInternal != null) {
            sessionInternal.setAuthType(str);
            sessionInternal.setPrincipal(principal);
            if (str2 != null) {
                sessionInternal.setNote("org.apache.catalina.session.USERNAME", str2);
            } else {
                sessionInternal.removeNote("org.apache.catalina.session.USERNAME");
            }
            if (str3 != null) {
                sessionInternal.setNote("org.apache.catalina.session.PASSWORD", str3);
            } else {
                sessionInternal.removeNote("org.apache.catalina.session.PASSWORD");
            }
        }
    }

    public String getLoginURL() {
        return this.loginURL;
    }

    public void setLoginURL(String str) {
        this.loginURL = str;
    }

    public String getLogoutURL() {
        return this.logoutURL;
    }

    public void setLogoutURL(String str) {
        this.logoutURL = str;
    }

    public boolean isAppendLoginGoto() {
        return this.appendLoginGoto;
    }

    public void setAppendLoginGoto(boolean z) {
        this.appendLoginGoto = z;
    }

    public boolean isAppendLogoutGoto() {
        return this.appendLogoutGoto;
    }

    public void setAppendLogoutGoto(boolean z) {
        this.appendLogoutGoto = z;
    }

    public String getLoginParameters() {
        return this.loginParameters;
    }

    public void setLoginParameters(String str) {
        this.loginParameters = str;
    }

    public String getLogoutParameters() {
        return this.logoutParameters;
    }

    public void setLogoutParameters(String str) {
        this.logoutParameters = str;
    }

    public String getAuthType() {
        return this.authType;
    }

    public void setAuthType(String str) {
        this.authType = str;
    }
}
