package edu.yale.its.tp.cas.client.filter;

import edu.yale.its.tp.cas.client.CASAuthenticationException;
import edu.yale.its.tp.cas.client.CASReceipt;
import edu.yale.its.tp.cas.client.IContextInit;
import edu.yale.its.tp.cas.client.ProxyTicketValidator;
import edu.yale.its.tp.cas.client.Util;
import edu.yale.its.tp.cas.util.CommonUtils;
import edu.yale.its.tp.cas.util.XmlUtils;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:edu/yale/its/tp/cas/client/filter/CASFilter.class */
public class CASFilter implements Filter {
    private static Log log;
    public static final String LOGIN_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.loginUrl";
    public static final String VALIDATE_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.validateUrl";
    public static final String SERVICE_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.serviceUrl";
    public static final String SERVERNAME_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.serverName";
    public static final String RENEW_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.renew";
    public static final String AUTHORIZED_PROXY_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.authorizedProxy";
    public static final String PROXY_CALLBACK_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.proxyCallbackUrl";
    public static final String WRAP_REQUESTS_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.wrapRequest";
    public static final String GATEWAY_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.gateway";
    public static final String CAS_FILTER_USER = "edu.yale.its.tp.cas.client.filter.user";
    public static final String CAS_FILTER_RECEIPT = "edu.yale.its.tp.cas.client.filter.receipt";
    private static final String CAS_FILTER_GATEWAYED = "edu.yale.its.tp.cas.client.filter.didGateway";
    private static final String CAS_FILTER_INITCONTEXTCLASS = "edu.yale.its.tp.cas.client.filter.initContextClass";
    private static final String CAS_FILTER_USERLOGINMARK = "edu.yale.its.tp.cas.client.filter.userLoginMark";
    private static final String CAS_FILTER_EXCLUSION = "edu.yale.its.tp.cas.client.filter.filterExclusion";
    private String casLogin;
    private String casValidate;
    private String casServiceUrl;
    private String casServerName;
    private String casProxyCallbackUrl;
    private String casInitContextClass;
    private boolean casRenew;
    private boolean wrapRequest;
    private boolean casGateway = false;
    private String userLoginMark = null;
    private List authorizedProxies = new ArrayList();
    private static SessionMappingStorage SESSION_MAPPING_STORAGE;
    private static Set exclusions;
    static Class class$edu$yale$its$tp$cas$client$filter$CASFilter;
    static Class class$java$lang$String;
    static Class class$javax$servlet$ServletRequest;
    static Class class$javax$servlet$ServletResponse;
    static Class class$javax$servlet$FilterChain;

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(CAS_FILTER_EXCLUSION);
        if (CommonUtils.isNotBlank(initParameter)) {
            exclusions = new HashSet();
            for (String str : initParameter.replaceAll("\t", "").replaceAll(" ", "").replaceAll("\n", "").split(",")) {
                exclusions.add(str);
            }
        }
        this.userLoginMark = filterConfig.getInitParameter(CAS_FILTER_USERLOGINMARK);
        this.casLogin = filterConfig.getInitParameter(LOGIN_INIT_PARAM);
        this.casValidate = filterConfig.getInitParameter("edu.yale.its.tp.cas.client.filter.validateUrl");
        this.casServiceUrl = filterConfig.getInitParameter("edu.yale.its.tp.cas.client.filter.serviceUrl");
        String initParameter2 = filterConfig.getInitParameter(AUTHORIZED_PROXY_INIT_PARAM);
        this.casRenew = Boolean.valueOf(filterConfig.getInitParameter("edu.yale.its.tp.cas.client.filter.renew")).booleanValue();
        this.casServerName = filterConfig.getInitParameter("edu.yale.its.tp.cas.client.filter.serverName");
        this.casProxyCallbackUrl = filterConfig.getInitParameter("edu.yale.its.tp.cas.client.filter.proxyCallbackUrl");
        this.wrapRequest = Boolean.valueOf(filterConfig.getInitParameter("edu.yale.its.tp.cas.client.filter.wrapRequest")).booleanValue();
        this.casGateway = Boolean.valueOf(filterConfig.getInitParameter(GATEWAY_INIT_PARAM)).booleanValue();
        this.casInitContextClass = filterConfig.getInitParameter(CAS_FILTER_INITCONTEXTCLASS);
        if (this.casGateway && Boolean.valueOf(this.casRenew).booleanValue()) {
            throw new ServletException("gateway and renew cannot both be true in filter configuration");
        }
        if (this.casServerName != null && this.casServiceUrl != null) {
            throw new ServletException("serverName and serviceUrl cannot both be set: choose one.");
        }
        if (this.casServerName == null && this.casServiceUrl == null) {
            throw new ServletException("one of serverName or serviceUrl must be set.");
        }
        if (this.casValidate == null) {
            throw new ServletException("validateUrl parameter must be set.");
        }
        if (initParameter2 != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(initParameter2);
            while (stringTokenizer.hasMoreTokens()) {
                this.authorizedProxies.add(stringTokenizer.nextToken());
            }
        }
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("CASFilter initialized as: [").append(toString()).append("]").toString());
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        Class<?> cls;
        Class<?> cls2;
        Class<?> cls3;
        Class<?> cls4;
        Class<?> cls5;
        if (servletRequest.getCharacterEncoding() == null) {
            servletRequest.setCharacterEncoding("UTF-8");
        }
        if (log.isTraceEnabled()) {
            log.trace("entering doFilter()");
        }
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            log.error("doFilter() called on a request or response that was not an HttpServletRequest or HttpServletResponse.");
            throw new ServletException("CASFilter protects only HTTP resources");
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String parameter = httpServletRequest.getParameter("pt");
        if (parameter != null && parameter != "" && httpServletRequest.getSession().getAttribute(parameter) != null) {
            filterChain.doFilter(httpServletRequest, servletResponse);
            return;
        }
        if ("POST".equals(httpServletRequest.getMethod())) {
            String safeGetParameter = CommonUtils.safeGetParameter(httpServletRequest, "logoutRequest");
            if (CommonUtils.isNotBlank(safeGetParameter)) {
                if (log.isTraceEnabled()) {
                    log.trace(new StringBuffer().append("Logout request=[").append(safeGetParameter).append("]").toString());
                }
                String textForElement = XmlUtils.getTextForElement(safeGetParameter, "SessionIndex");
                if (CommonUtils.isNotBlank(textForElement)) {
                    HttpSession removeSessionByMappingId = SESSION_MAPPING_STORAGE.removeSessionByMappingId(textForElement);
                    if (removeSessionByMappingId != null) {
                        String id = removeSessionByMappingId.getId();
                        if (log.isDebugEnabled()) {
                            log.debug(new StringBuffer().append("Invalidating session [").append(id).append("] for ST [").append(textForElement).append("]").toString());
                        }
                        try {
                            removeSessionByMappingId.invalidate();
                            return;
                        } catch (IllegalStateException e) {
                            log.debug(e, e);
                            return;
                        }
                    }
                    return;
                }
            }
        } else {
            String safeGetParameter2 = CommonUtils.safeGetParameter(httpServletRequest, "ticket");
            HttpSession session = httpServletRequest.getSession();
            if (log.isDebugEnabled() && session != null) {
                log.debug(new StringBuffer().append("Storing session identifier for ").append(session.getId()).toString());
            }
            if (CommonUtils.isNotBlank(safeGetParameter2)) {
                try {
                    SESSION_MAPPING_STORAGE.removeBySessionById(session.getId());
                } catch (Exception e2) {
                }
                SESSION_MAPPING_STORAGE.addSessionById(safeGetParameter2, session);
            }
        }
        if (this.casProxyCallbackUrl != null && this.casProxyCallbackUrl.endsWith(httpServletRequest.getRequestURI()) && httpServletRequest.getParameter("pgtId") != null && httpServletRequest.getParameter("pgtIou") != null) {
            log.trace("passing through what we hope is CAS's request for proxy ticket receptor.");
            filterChain.doFilter(httpServletRequest, servletResponse);
            return;
        }
        if (this.wrapRequest) {
            log.trace("Wrapping request with CASFilterRequestWrapper.");
            httpServletRequest = new CASFilterRequestWrapper(httpServletRequest);
        }
        HttpSession session2 = httpServletRequest.getSession();
        if (this.userLoginMark != null && session2.getAttribute(this.userLoginMark) != null) {
            filterChain.doFilter(httpServletRequest, servletResponse);
            return;
        }
        CASReceipt cASReceipt = (CASReceipt) session2.getAttribute("edu.yale.its.tp.cas.client.filter.receipt");
        if (cASReceipt != null && isReceiptAcceptable(cASReceipt)) {
            log.trace("CAS_FILTER_RECEIPT attribute was present and acceptable - passing  request through filter..");
            filterChain.doFilter(httpServletRequest, servletResponse);
            return;
        }
        if (isExclusion(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, servletResponse);
            return;
        }
        String parameter2 = httpServletRequest.getParameter("ticket");
        if (parameter2 == null || parameter2.equals("")) {
            log.trace("CAS ticket was not present on request.");
            boolean booleanValue = Boolean.valueOf((String) session2.getAttribute(CAS_FILTER_GATEWAYED)).booleanValue();
            if (this.casLogin == null) {
                log.fatal("casLogin was not set, so filter cannot redirect request for authentication.");
                throw new ServletException("When CASFilter protects pages that do not receive a 'ticket' parameter, it needs a edu.yale.its.tp.cas.client.filter.loginUrl filter parameter");
            }
            if (!booleanValue) {
                log.trace("Did not previously gateway.  Setting session attribute to true.");
                httpServletRequest.setAttribute("sessionId", session2.getId());
                session2.setAttribute(CAS_FILTER_GATEWAYED, "true");
                redirectToCAS(httpServletRequest, (HttpServletResponse) servletResponse);
                return;
            }
            log.trace("Previously gatewayed.");
            if (this.casGateway || session2.getAttribute("edu.yale.its.tp.cas.client.filter.user") != null) {
                log.trace("casGateway was true and CAS_FILTER_USER set: passing request along filter chain.");
                filterChain.doFilter(httpServletRequest, servletResponse);
                return;
            } else {
                if (session2.getAttribute("initFailure") != null) {
                    redirectToInitFailure(httpServletRequest, (HttpServletResponse) servletResponse, (String) session2.getAttribute("initFailure"));
                    return;
                }
                httpServletRequest.setAttribute("sessionId", session2.getId());
                session2.setAttribute(CAS_FILTER_GATEWAYED, "true");
                redirectToCAS(httpServletRequest, (HttpServletResponse) servletResponse);
                return;
            }
        }
        try {
            CASReceipt authenticatedUser = getAuthenticatedUser(httpServletRequest);
            if (!isReceiptAcceptable(authenticatedUser)) {
                throw new ServletException(new StringBuffer().append("Authentication was technically successful but rejected as a matter of policy. [").append(authenticatedUser).append("]").toString());
            }
            if (parameter != null && parameter != "") {
                session2.setAttribute(parameter, authenticatedUser);
            }
            if (session2 != null) {
                String userName = authenticatedUser.getUserName();
                if (this.casInitContextClass != null && !"".equals(this.casInitContextClass)) {
                    try {
                        Class<?> cls6 = Class.forName(this.casInitContextClass);
                        Object newInstance = cls6.newInstance();
                        if (newInstance instanceof IContextInit) {
                            Class<?>[] clsArr = new Class[1];
                            if (class$java$lang$String == null) {
                                cls = class$("java.lang.String");
                                class$java$lang$String = cls;
                            } else {
                                cls = class$java$lang$String;
                            }
                            clsArr[0] = cls;
                            userName = (String) cls6.getMethod("getTranslatorUser", clsArr).invoke(newInstance, userName);
                            Class<?>[] clsArr2 = new Class[4];
                            if (class$javax$servlet$ServletRequest == null) {
                                cls2 = class$("javax.servlet.ServletRequest");
                                class$javax$servlet$ServletRequest = cls2;
                            } else {
                                cls2 = class$javax$servlet$ServletRequest;
                            }
                            clsArr2[0] = cls2;
                            if (class$javax$servlet$ServletResponse == null) {
                                cls3 = class$("javax.servlet.ServletResponse");
                                class$javax$servlet$ServletResponse = cls3;
                            } else {
                                cls3 = class$javax$servlet$ServletResponse;
                            }
                            clsArr2[1] = cls3;
                            if (class$javax$servlet$FilterChain == null) {
                                cls4 = class$("javax.servlet.FilterChain");
                                class$javax$servlet$FilterChain = cls4;
                            } else {
                                cls4 = class$javax$servlet$FilterChain;
                            }
                            clsArr2[2] = cls4;
                            if (class$java$lang$String == null) {
                                cls5 = class$("java.lang.String");
                                class$java$lang$String = cls5;
                            } else {
                                cls5 = class$java$lang$String;
                            }
                            clsArr2[3] = cls5;
                            cls6.getMethod("initContext", clsArr2).invoke(newInstance, httpServletRequest, servletResponse, filterChain, userName);
                        }
                    } catch (ClassNotFoundException e3) {
                        e3.printStackTrace();
                    } catch (IllegalAccessException e4) {
                        e4.printStackTrace();
                    } catch (IllegalArgumentException e5) {
                        e5.printStackTrace();
                    } catch (InstantiationException e6) {
                        e6.printStackTrace();
                    } catch (NoSuchMethodException e7) {
                        e7.printStackTrace();
                    } catch (SecurityException e8) {
                        e8.printStackTrace();
                    } catch (InvocationTargetException e9) {
                        String message = e9.getCause().getMessage();
                        session2.setAttribute("initFailure", message);
                        redirectToInitFailure(httpServletRequest, (HttpServletResponse) servletResponse, message);
                        e9.printStackTrace();
                        return;
                    }
                }
                session2.setAttribute("edu.yale.its.tp.cas.client.filter.user", userName);
                session2.setAttribute("edu.yale.its.tp.cas.client.filter.receipt", authenticatedUser);
                session2.removeAttribute(CAS_FILTER_GATEWAYED);
            }
            if (log.isTraceEnabled()) {
                log.trace(new StringBuffer().append("validated ticket to get authenticated receipt [").append(authenticatedUser).append("], now passing request along filter chain.").toString());
            }
            filterChain.doFilter(httpServletRequest, servletResponse);
            log.trace("returning from doFilter()");
        } catch (CASAuthenticationException e10) {
            httpServletRequest.setAttribute("sessionId", session2.getId());
            redirectToCAS(httpServletRequest, (HttpServletResponse) servletResponse);
        }
    }

    private boolean isReceiptAcceptable(CASReceipt cASReceipt) {
        if (cASReceipt == null) {
            throw new IllegalArgumentException("Cannot evaluate a null receipt.");
        }
        if (!this.casRenew || cASReceipt.isPrimaryAuthentication()) {
            return !cASReceipt.isProxied() || this.authorizedProxies.contains(cASReceipt.getProxyingService());
        }
        return false;
    }

    private CASReceipt getAuthenticatedUser(HttpServletRequest httpServletRequest) throws ServletException, CASAuthenticationException {
        log.trace("entering getAuthenticatedUser()");
        ProxyTicketValidator proxyTicketValidator = new ProxyTicketValidator();
        proxyTicketValidator.setCasValidateUrl(this.casValidate);
        proxyTicketValidator.setServiceTicket(httpServletRequest.getParameter("ticket"));
        proxyTicketValidator.setService(getService(httpServletRequest));
        proxyTicketValidator.setRenew(Boolean.valueOf(this.casRenew).booleanValue());
        if (this.casProxyCallbackUrl != null) {
            proxyTicketValidator.setProxyCallbackUrl(this.casProxyCallbackUrl);
        }
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("about to validate ProxyTicketValidator: [").append(proxyTicketValidator).append("]").toString());
        }
        return CASReceipt.getReceipt(proxyTicketValidator);
    }

    private String getService(HttpServletRequest httpServletRequest) throws ServletException {
        log.trace("entering getService()");
        if (this.casServerName == null && this.casServiceUrl == null) {
            throw new ServletException("need one of the following configuration parameters: edu.yale.its.tp.cas.client.filter.serviceUrl or edu.yale.its.tp.cas.client.filter.serverName");
        }
        String encode = this.casServiceUrl != null ? URLEncoder.encode(this.casServiceUrl) : Util.getService(httpServletRequest, this.casServerName);
        if (log.isTraceEnabled()) {
            log.trace(new StringBuffer().append("returning from getService() with service [").append(encode).append("]").toString());
        }
        return encode;
    }

    private void redirectToCAS(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        if (log.isTraceEnabled()) {
            log.trace("entering redirectToCAS()");
        }
        String stringBuffer = new StringBuffer().append(this.casLogin).append("?service=").append(getService(httpServletRequest)).append(this.casRenew ? "&renew=true" : "").append(this.casGateway ? "&gateway=true" : "").toString();
        if (httpServletRequest.getAttribute("sessionId") != null) {
            stringBuffer = new StringBuffer().append(stringBuffer).append("&appId=").append(new StringBuffer().append(this.casServerName).append(httpServletRequest.getContextPath()).toString()).append("&sessionId=").append(httpServletRequest.getAttribute("sessionId")).toString();
        }
        String header = httpServletRequest.getHeader("Cookie");
        String str = null;
        if (header != null) {
            String[] split = header.split(";");
            for (int i = 0; i < split.length; i++) {
                if (split[i].indexOf("JSESSIONID=") != -1) {
                    str = split[i].split("JSESSIONID=")[1];
                }
            }
        }
        if (str != null && !str.equals("null") && !str.equals(httpServletRequest.getSession().getId())) {
            stringBuffer = new StringBuffer().append(stringBuffer).append("&timeOut=").append(str).toString();
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("Session is timeout. The timeout session is ").append(str).toString());
            }
        }
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("Redirecting browser to [").append(stringBuffer).append(")").toString());
        }
        httpServletResponse.sendRedirect(stringBuffer);
        if (log.isTraceEnabled()) {
            log.trace("returning from redirectToCAS()");
        }
    }

    private void redirectToInitFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException, ServletException {
        if (log.isTraceEnabled()) {
            log.trace("entering redirectToInitFailure()");
        }
        String stringBuffer = new StringBuffer().append(this.casLogin).append("?action=initFailure").toString();
        if (str != null && str.equals("Illegal user")) {
            stringBuffer = new StringBuffer().append(stringBuffer).append("&userIllegal=true").toString();
        }
        String parameter = httpServletRequest.getParameter("locale");
        if (parameter != null) {
            stringBuffer = new StringBuffer().append(stringBuffer).append("&locale=").append(parameter).toString();
        }
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("Redirecting browser to [").append(stringBuffer).append(")").toString());
        }
        httpServletResponse.sendRedirect(stringBuffer);
        if (log.isTraceEnabled()) {
            log.trace("returning from redirectToInitFailure()");
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("[CASFilter:");
        stringBuffer.append(" casGateway=");
        stringBuffer.append(this.casGateway);
        stringBuffer.append(" wrapRequest=");
        stringBuffer.append(this.wrapRequest);
        stringBuffer.append(" casAuthorizedProxies=[");
        stringBuffer.append(this.authorizedProxies);
        stringBuffer.append("]");
        if (this.casLogin != null) {
            stringBuffer.append(" casLogin=[");
            stringBuffer.append(this.casLogin);
            stringBuffer.append("]");
        } else {
            stringBuffer.append(" casLogin=NULL!!!");
        }
        if (this.casProxyCallbackUrl != null) {
            stringBuffer.append(" casProxyCallbackUrl=[");
            stringBuffer.append(this.casProxyCallbackUrl);
            stringBuffer.append("]");
        }
        if (this.casRenew) {
            stringBuffer.append(" casRenew=true");
        }
        if (this.casServerName != null) {
            stringBuffer.append(" casServerName=[");
            stringBuffer.append(this.casServerName);
            stringBuffer.append("]");
        }
        if (this.casServiceUrl != null) {
            stringBuffer.append(" casServiceUrl=[");
            stringBuffer.append(this.casServiceUrl);
            stringBuffer.append("]");
        }
        if (this.casValidate != null) {
            stringBuffer.append(" casValidate=[");
            stringBuffer.append(this.casValidate);
            stringBuffer.append("]");
        } else {
            stringBuffer.append(" casValidate=NULL!!!");
        }
        return stringBuffer.toString();
    }

    public void destroy() {
    }

    public static SessionMappingStorage getSessionMappingStorage() {
        return SESSION_MAPPING_STORAGE;
    }

    private boolean isExclusion(HttpServletRequest httpServletRequest) {
        if (exclusions == null) {
            return false;
        }
        return exclusions.contains(httpServletRequest.getRequestURI());
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$edu$yale$its$tp$cas$client$filter$CASFilter == null) {
            cls = class$("edu.yale.its.tp.cas.client.filter.CASFilter");
            class$edu$yale$its$tp$cas$client$filter$CASFilter = cls;
        } else {
            cls = class$edu$yale$its$tp$cas$client$filter$CASFilter;
        }
        log = LogFactory.getLog(cls);
        SESSION_MAPPING_STORAGE = new HashMapBackedSessionMappingStorage();
        exclusions = null;
    }
}
