package org.jboss.cas.client;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.StringTokenizer;
import java.util.Timer;
import java.util.TimerTask;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.jasig.cas.client.authentication.GatewayResolver;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.TicketValidationException;

/* loaded from: input_file:org/jboss/cas/client/ExtendedAuthenticationFilter.class */
public class ExtendedAuthenticationFilter extends AbstractCasFilter {
    protected String casServerLoginUrl;
    protected String ticketValidationErrorRedirectUrl;
    protected boolean renew = false;
    protected boolean gateway = false;
    protected boolean ignoreAjaxCalls = true;
    protected boolean ignoreAuthenticatedRequest = false;
    protected boolean ignoreIfAuthorizationHeader = false;
    protected GatewayResolver gatewayStorage = new TimedGatewayResolverImpl();
    protected List<String> excludeIfPathStartsBy = null;
    protected List<String> excludeIfQueryStringContains = null;
    protected String referrerUrlParam = null;
    protected String referrerRequestAttribute = null;
    protected List<String> excludeIfHeaderUserAgentContains = new ArrayList();
    protected static final long HEARTBEAT_TIME = 15000;
    protected static Timer heartbeatTimer = null;
    protected static boolean casServerIsLive = true;

    public ExtendedAuthenticationFilter() {
        this.excludeIfHeaderUserAgentContains.add("bot");
        this.excludeIfHeaderUserAgentContains.add("spider");
        this.excludeIfHeaderUserAgentContains.add("google");
        this.excludeIfHeaderUserAgentContains.add("bing");
        this.excludeIfHeaderUserAgentContains.add("yahoo");
        this.excludeIfHeaderUserAgentContains.add("search");
        this.excludeIfHeaderUserAgentContains.add("crawl");
        this.excludeIfHeaderUserAgentContains.add("slurp");
        this.excludeIfHeaderUserAgentContains.add("msn");
        this.excludeIfHeaderUserAgentContains.add("check");
        this.excludeIfHeaderUserAgentContains.add("nagios");
    }

    protected void performCasServerHeartbet() {
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                HttpURLConnection httpURLConnection2 = (HttpURLConnection) new URL(this.casServerLoginUrl).openConnection();
                httpURLConnection2.connect();
                int responseCode = httpURLConnection2.getResponseCode();
                if (responseCode == 200 || responseCode == 301 || responseCode == 302) {
                    if (!casServerIsLive) {
                        this.log.info("CAS SSO server is back online.");
                        casServerIsLive = true;
                    }
                    if (httpURLConnection2 != null) {
                        httpURLConnection2.disconnect();
                        return;
                    }
                    return;
                }
                if (casServerIsLive) {
                    casServerIsLive = false;
                    this.log.error("CAS SSO server seems to be out of order due HTTP response code: " + responseCode);
                }
                if (httpURLConnection2 != null) {
                    httpURLConnection2.disconnect();
                }
            } catch (Exception e) {
                if (casServerIsLive) {
                    casServerIsLive = false;
                    this.log.error("CAS SSO server seems to be out of order due exception: " + e.getMessage());
                }
                if (0 != 0) {
                    httpURLConnection.disconnect();
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    protected void initInternal(FilterConfig filterConfig) throws ServletException {
        if (isIgnoreInitConfiguration()) {
            return;
        }
        super.initInternal(filterConfig);
        setCasServerLoginUrl(getPropertyFromInitParams(filterConfig, "casServerLoginUrl", null));
        this.log.trace("Loaded CasServerLoginUrl parameter: " + this.casServerLoginUrl);
        setRenew(parseBoolean(getPropertyFromInitParams(filterConfig, "renew", "false")));
        this.log.trace("Loaded renew parameter: " + this.renew);
        setGateway(parseBoolean(getPropertyFromInitParams(filterConfig, "gateway", "false")));
        this.log.trace("Loaded gateway parameter: " + this.gateway);
        setIgnoreAjaxCalls(parseBoolean(getPropertyFromInitParams(filterConfig, "ignoreAjaxCalls", "true")));
        this.log.trace("Loaded ignoreAjaxCalls parameter: " + this.ignoreAjaxCalls);
        setIgnoreAuthenticatedRequest(parseBoolean(getPropertyFromInitParams(filterConfig, "ignoreAuthenticatedRequest", "false")));
        this.log.trace("Loaded ignoreAuthenticatedRequest parameter: " + this.ignoreAuthenticatedRequest);
        setIgnoreIfAuthorizationHeader(parseBoolean(getPropertyFromInitParams(filterConfig, "ignoreIfAuthorizationHeader", "false")));
        this.log.trace("Loaded ignoreIfAuthorizationHeader parameter: " + this.ignoreIfAuthorizationHeader);
        setTicketValidationErrorRedirectUrl(getPropertyFromInitParams(filterConfig, "ticketValidationErrorRedirectUrl", null));
        String propertyFromInitParams = getPropertyFromInitParams(filterConfig, "gatewayStorageClass", null);
        if (propertyFromInitParams != null) {
            try {
                this.gatewayStorage = (GatewayResolver) Class.forName(propertyFromInitParams).newInstance();
            } catch (Exception e) {
                this.log.error(e, e);
                throw new ServletException(e);
            }
        }
        this.excludeIfPathStartsBy = parseListFromString(getPropertyFromInitParams(filterConfig, "excludeIfPathStartsBy", null));
        this.excludeIfQueryStringContains = parseListFromString(getPropertyFromInitParams(filterConfig, "excludeIfQueryStringContains", null));
        this.referrerUrlParam = getPropertyFromInitParams(filterConfig, "referrerUrlParam", null);
        this.referrerRequestAttribute = getPropertyFromInitParams(filterConfig, "referrerRequestAttribute", null);
    }

    protected List<String> parseListFromString(String str) {
        if (str == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        while (stringTokenizer.hasMoreTokens()) {
            String trim = stringTokenizer.nextToken().trim();
            if (trim.length() > 0) {
                arrayList.add(trim);
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return arrayList;
    }

    public void init() {
        super.init();
        CommonUtils.assertNotNull(this.casServerLoginUrl, "casServerLoginUrl cannot be null.");
        if (this.gateway && heartbeatTimer == null) {
            heartbeatTimer = new Timer("CAS server heartbeat", true);
            heartbeatTimer.schedule(new TimerTask() { // from class: org.jboss.cas.client.ExtendedAuthenticationFilter.1
                @Override // java.util.TimerTask, java.lang.Runnable
                public void run() {
                    ExtendedAuthenticationFilter.this.performCasServerHeartbet();
                }
            }, 15000L, 15000L);
            this.log.info("CAS SSO server heartbeat timer started for URL: " + this.casServerLoginUrl);
        }
    }

    public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String str;
        String header;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession(false);
        try {
            if ((session != null ? (Assertion) session.getAttribute("_const_cas_assertion_") : null) != null) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            boolean resolveGatewayModeForRequest = resolveGatewayModeForRequest(httpServletRequest);
            if (this.ignoreAuthenticatedRequest && httpServletRequest.getUserPrincipal() != null) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            if (this.ignoreIfAuthorizationHeader && httpServletRequest.getHeader("Authorization") != null) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            if (resolveGatewayModeForRequest && !casServerIsLive) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            if (resolveGatewayModeForRequest) {
                if (this.ignoreAjaxCalls && (header = httpServletRequest.getHeader("X-Requested-With")) != null && header.contains("XMLHttpRequest")) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
                String header2 = httpServletRequest.getHeader("User-Agent");
                if (header2 != null && stringContainsToken(header2.toLowerCase(), this.excludeIfHeaderUserAgentContains)) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
            }
            if (this.excludeIfPathStartsBy != null) {
                String servletPath = httpServletRequest.getServletPath();
                if (httpServletRequest.getPathInfo() != null) {
                    servletPath = servletPath + httpServletRequest.getPathInfo();
                }
                Iterator<String> it = this.excludeIfPathStartsBy.iterator();
                while (it.hasNext()) {
                    if (servletPath.startsWith(it.next())) {
                        filterChain.doFilter(httpServletRequest, httpServletResponse);
                        return;
                    }
                }
            }
            if (this.excludeIfQueryStringContains != null && httpServletRequest.getQueryString() != null && stringContainsToken(httpServletRequest.getQueryString(), this.excludeIfQueryStringContains)) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            String constructServiceUrl = constructServiceUrl(httpServletRequest, httpServletResponse);
            if (CommonUtils.isNotBlank(CommonUtils.safeGetParameter(httpServletRequest, getArtifactParameterName()))) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            if (resolveGatewayModeForRequest && this.gatewayStorage.hasGatewayedAlready(httpServletRequest, constructServiceUrl)) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            this.log.debug("no ticket and no assertion found");
            if (resolveGatewayModeForRequest) {
                this.log.debug("setting gateway attribute in session");
                str = this.gatewayStorage.storeGatewayInformation(httpServletRequest, constructServiceUrl);
            } else {
                str = constructServiceUrl;
            }
            String handleReferrerParam = handleReferrerParam(httpServletRequest, str);
            if (this.log.isDebugEnabled()) {
                this.log.debug("Constructed service url: " + handleReferrerParam);
            }
            String constructRedirectUrl = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), handleReferrerParam, this.renew, resolveGatewayModeForRequest);
            if (this.log.isDebugEnabled()) {
                this.log.debug("redirecting to \"" + constructRedirectUrl + "\"");
            }
            httpServletResponse.sendRedirect(constructRedirectUrl);
        } catch (ServletException e) {
            if (e.getCause() == null || !(e.getCause() instanceof TicketValidationException)) {
                throw e;
            }
            String constructServiceUrl2 = this.ticketValidationErrorRedirectUrl != null ? this.ticketValidationErrorRedirectUrl : constructServiceUrl(httpServletRequest, httpServletResponse);
            this.log.debug("TicketValidationException handled by redirect to " + constructServiceUrl2 + ". Cause: " + e.getMessage(), e);
            httpServletResponse.sendRedirect(constructServiceUrl2);
        }
    }

    protected boolean resolveGatewayModeForRequest(HttpServletRequest httpServletRequest) {
        boolean z = this.gateway;
        Object attribute = httpServletRequest.getAttribute("cas-gateway-only");
        if (attribute != null) {
            z = attribute instanceof Boolean ? ((Boolean) attribute).booleanValue() : Boolean.valueOf(attribute.toString()).booleanValue();
            this.log.debug("Gateway mode is '" + z + "' as value from 'cas-gateway-only' request attribute is: " + attribute);
        }
        return z;
    }

    protected String handleReferrerParam(HttpServletRequest httpServletRequest, String str) throws UnsupportedEncodingException {
        Object attribute;
        if (str == null) {
            return null;
        }
        if ("".equals(str.trim())) {
            return str;
        }
        if (this.referrerUrlParam != null && this.referrerRequestAttribute != null && !str.contains("?" + this.referrerUrlParam + "=") && !str.contains("&" + this.referrerUrlParam + "=") && (attribute = httpServletRequest.getAttribute(this.referrerRequestAttribute)) != null) {
            String obj = attribute.toString();
            if (CommonUtils.isNotBlank(obj)) {
                str = str + (str.indexOf("?") > -1 ? "&" : "?") + (this.referrerUrlParam + "=" + URLEncoder.encode(obj.trim(), "UTF-8"));
            }
        }
        return str;
    }

    protected boolean stringContainsToken(String str, List<String> list) {
        if (str == null || list == null) {
            return false;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (str.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    public final void setRenew(boolean z) {
        this.renew = z;
    }

    public final void setGateway(boolean z) {
        this.gateway = z;
    }

    public final void setCasServerLoginUrl(String str) {
        this.casServerLoginUrl = str;
    }

    public final void setGatewayStorage(GatewayResolver gatewayResolver) {
        this.gatewayStorage = gatewayResolver;
    }

    public String getTicketValidationErrorRedirectUrl() {
        return this.ticketValidationErrorRedirectUrl;
    }

    public void setTicketValidationErrorRedirectUrl(String str) {
        this.ticketValidationErrorRedirectUrl = str;
    }

    public boolean isIgnoreAjaxCalls() {
        return this.ignoreAjaxCalls;
    }

    public void setIgnoreAjaxCalls(boolean z) {
        this.ignoreAjaxCalls = z;
    }

    public void setExcludeIfPathStartsBy(List<String> list) {
        this.excludeIfPathStartsBy = list;
    }

    public void setExcludeIfQueryStringContains(List<String> list) {
        this.excludeIfQueryStringContains = list;
    }

    public void setReferrerUrlParam(String str) {
        this.referrerUrlParam = str;
    }

    public void setReferrerRequestAttribute(String str) {
        this.referrerRequestAttribute = str;
    }

    public void setExcludeIfHeaderUserAgentContains(List<String> list) {
        this.excludeIfHeaderUserAgentContains = list;
    }

    public void setIgnoreAuthenticatedRequest(boolean z) {
        this.ignoreAuthenticatedRequest = z;
    }

    public void setIgnoreIfAuthorizationHeader(boolean z) {
        this.ignoreIfAuthorizationHeader = z;
    }
}
