package edu.internet2.middleware.shibboleth.wayf.plugins.provider;

import edu.internet2.middleware.shibboleth.wayf.DiscoveryServiceHandler;
import edu.internet2.middleware.shibboleth.wayf.IdPSite;
import edu.internet2.middleware.shibboleth.wayf.WayfException;
import edu.internet2.middleware.shibboleth.wayf.plugins.Plugin;
import edu.internet2.middleware.shibboleth.wayf.plugins.PluginContext;
import edu.internet2.middleware.shibboleth.wayf.plugins.PluginMetadataParameter;
import edu.internet2.middleware.shibboleth.wayf.plugins.WayfRequestHandled;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.xml.util.Base64;
import org.w3c.dom.Element;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/wayf/plugins/provider/SamlCookiePlugin.class */
public class SamlCookiePlugin implements Plugin {
    private static final String PARAMETER_NAME = "cache";
    private static final String PARAMETER_PERM = "perm";
    private static final String PARAMETER_SESSION = "session";
    private static Logger log = Logger.getLogger(SamlCookiePlugin.class.getName());
    private static final String COOKIE_NAME = "_saml_idp";
    private static final int DEFAULT_CACHE_EXPIRATION = 6048000;
    private boolean alwaysFollow;
    private boolean deleteCookie;
    private final String cacheDomain;
    private int cacheExpiration;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:edu/internet2/middleware/shibboleth/wayf/plugins/provider/SamlCookiePlugin$Context.class */
    public static class Context implements PluginContext {
        private Context() {
        }
    }

    /* loaded from: input_file:edu/internet2/middleware/shibboleth/wayf/plugins/provider/SamlCookiePlugin$SamlIdPCookie.class */
    public final class SamlIdPCookie {
        private final HttpServletRequest req;
        private final HttpServletResponse res;
        private final String domain;
        private final List<String> idPList;

        private SamlIdPCookie(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str2) {
            this.idPList = new ArrayList();
            String str3 = str;
            this.req = httpServletRequest;
            this.res = httpServletResponse;
            this.domain = str2;
            if (str3 == null || str3.isEmpty()) {
                SamlCookiePlugin.log.info("Empty cookie");
                return;
            }
            if (str3.charAt(0) == '\"' && str3.charAt(str3.length() - 1) == '\"') {
                str3 = str3.substring(1, str3.length() - 1);
            }
            try {
                String decode = URLDecoder.decode(str3, "UTF-8");
                int i = 0;
                int indexOf = decode.indexOf(32, 0);
                while (indexOf > 0) {
                    String substring = decode.substring(i, indexOf);
                    i = indexOf + 1;
                    indexOf = decode.indexOf(32, i);
                    if (!substring.isEmpty()) {
                        this.idPList.add(new String(Base64.decode(substring)));
                    }
                }
                if (i < decode.length()) {
                    String substring2 = decode.substring(i);
                    if (substring2.isEmpty()) {
                        return;
                    }
                    this.idPList.add(new String(Base64.decode(substring2)));
                }
            } catch (UnsupportedEncodingException e) {
                SamlCookiePlugin.log.error("could not decode cookie");
            }
        }

        private SamlIdPCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
            this.idPList = new ArrayList();
            this.req = httpServletRequest;
            this.res = httpServletResponse;
            this.domain = str;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addIdPName(String str, int i) {
            this.idPList.remove(str);
            this.idPList.add(0, str);
            writeCookie(i);
        }

        public void deleteIdPName(String str, int i) {
            this.idPList.remove(str);
            writeCookie(i);
        }

        private void writeCookie(int i) {
            Cookie cookie = SamlCookiePlugin.getCookie(this.req);
            if (this.idPList.size() == 0) {
                cookie.setPath("/");
                cookie.setMaxAge(0);
                this.res.addCookie(cookie);
                return;
            }
            StringBuffer stringBuffer = new StringBuffer();
            Iterator<String> it = this.idPList.iterator();
            while (it.hasNext()) {
                stringBuffer.append(new String(Base64.encodeBytes(it.next().getBytes()))).append(' ');
            }
            try {
                String encode = URLEncoder.encode(stringBuffer.toString(), "UTF-8");
                if (cookie == null) {
                    cookie = new Cookie(SamlCookiePlugin.COOKIE_NAME, encode);
                } else {
                    cookie.setValue(encode);
                }
                cookie.setComment("Used to cache selection of a user's Shibboleth IdP");
                cookie.setPath("/");
                cookie.setSecure(this.req.isSecure());
                cookie.setMaxAge(i);
                if (this.domain != null && !this.domain.isEmpty()) {
                    cookie.setDomain(this.domain);
                }
                this.res.addCookie(cookie);
            } catch (UnsupportedEncodingException e) {
                SamlCookiePlugin.log.error("Could not encode cookie");
            }
        }

        public List<String> getIdPList() {
            return this.idPList;
        }
    }

    public SamlCookiePlugin(Element element) {
        log.info("New plugin");
        String attribute = element.getAttribute("alwaysFollow");
        if (attribute == null || attribute.isEmpty()) {
            this.alwaysFollow = true;
        } else {
            this.alwaysFollow = Boolean.valueOf(attribute).booleanValue();
        }
        String attribute2 = element.getAttribute("deleteCookie");
        if (attribute2 == null || attribute2.isEmpty()) {
            this.deleteCookie = false;
        } else {
            this.deleteCookie = Boolean.valueOf(attribute2).booleanValue();
        }
        String attribute3 = element.getAttribute("cacheDomain");
        if (attribute3 == null || attribute3.isEmpty()) {
            this.cacheDomain = "";
        } else if ('.' != attribute3.charAt(0)) {
            log.warn("Cookie CacheDomain \"" + attribute3 + "\" does not start with a leading '.' as per RFC 2965.  Ignoring.");
            this.cacheDomain = "";
        } else if (".local".equalsIgnoreCase(attribute3)) {
            this.cacheDomain = attribute3;
        } else {
            int indexOf = attribute3.indexOf(46, 1);
            if (indexOf < 0 || indexOf == attribute3.length() - 1) {
                log.info("Cookie CacheDomain \"" + attribute3 + "\" is not \".local\" and has no embedded dots. Clients may ignore this setting.");
            }
            this.cacheDomain = attribute3;
        }
        String attribute4 = element.getAttribute("cacheExpiration");
        if (attribute4 == null || attribute4.isEmpty()) {
            this.cacheExpiration = DEFAULT_CACHE_EXPIRATION;
            return;
        }
        try {
            this.cacheExpiration = Integer.parseInt(attribute4);
        } catch (NumberFormatException e) {
            log.error("Invalid CacheExpiration value - " + attribute4);
            this.cacheExpiration = DEFAULT_CACHE_EXPIRATION;
        }
    }

    private SamlCookiePlugin() {
        this.alwaysFollow = false;
        this.cacheDomain = "";
        this.deleteCookie = false;
        this.cacheExpiration = DEFAULT_CACHE_EXPIRATION;
    }

    @Override // edu.internet2.middleware.shibboleth.wayf.plugins.Plugin
    public PluginContext lookup(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PluginMetadataParameter pluginMetadataParameter, Map<String, IdPSite> map, PluginContext pluginContext, List<IdPSite> list) throws WayfRequestHandled {
        if (pluginContext != null) {
            return pluginContext;
        }
        if (this.deleteCookie) {
            deleteCookie(httpServletRequest, httpServletResponse);
            return new Context();
        }
        Iterator<String> it = getIdPCookie(httpServletRequest, httpServletResponse, this.cacheDomain).getIdPList().iterator();
        while (it.hasNext()) {
            IdPSite idPSite = map.get(it.next());
            if (idPSite != null) {
                if (this.alwaysFollow) {
                    try {
                        DiscoveryServiceHandler.forwardRequest(httpServletRequest, httpServletResponse, idPSite);
                    } catch (WayfException e) {
                    }
                    throw new WayfRequestHandled();
                }
                list.add(idPSite);
            }
        }
        return null;
    }

    @Override // edu.internet2.middleware.shibboleth.wayf.plugins.Plugin
    public PluginMetadataParameter refreshMetadata(MetadataProvider metadataProvider) {
        return null;
    }

    @Override // edu.internet2.middleware.shibboleth.wayf.plugins.Plugin
    public PluginContext search(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PluginMetadataParameter pluginMetadataParameter, String str, Map<String, IdPSite> map, PluginContext pluginContext, Collection<IdPSite> collection, List<IdPSite> list) throws WayfRequestHandled {
        return lookup(httpServletRequest, httpServletResponse, pluginMetadataParameter, map, pluginContext, list);
    }

    @Override // edu.internet2.middleware.shibboleth.wayf.plugins.Plugin
    public void selected(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PluginMetadataParameter pluginMetadataParameter, String str) {
        SamlIdPCookie idPCookie = getIdPCookie(httpServletRequest, httpServletResponse, this.cacheDomain);
        String parameter = httpServletRequest.getParameter(PARAMETER_NAME);
        if (null == parameter || parameter.isEmpty()) {
            return;
        }
        if (parameter.equalsIgnoreCase(PARAMETER_SESSION)) {
            idPCookie.addIdPName(str, -1);
        } else if (parameter.equalsIgnoreCase(PARAMETER_PERM)) {
            idPCookie.addIdPName(str, this.cacheExpiration);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Cookie getCookie(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (int i = 0; i < cookies.length; i++) {
            if (cookies[i].getName().equals(COOKIE_NAME)) {
                return cookies[i];
            }
        }
        return null;
    }

    private static void deleteCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie cookie = getCookie(httpServletRequest);
        if (cookie == null) {
            return;
        }
        cookie.setPath("/");
        cookie.setMaxAge(0);
        httpServletResponse.addCookie(cookie);
    }

    private SamlIdPCookie getIdPCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        Cookie cookie = getCookie(httpServletRequest);
        return cookie == null ? new SamlIdPCookie(httpServletRequest, httpServletResponse, str) : new SamlIdPCookie(cookie.getValue(), httpServletRequest, httpServletResponse, str);
    }
}
