package org.josso.jaspi.agent;

import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.josso.agent.LocalSession;
import org.josso.agent.Lookup;
import org.josso.agent.SSOAgentRequest;
import org.josso.agent.SSOPartnerAppConfig;
import org.josso.agent.SingleSignOnEntry;
import org.josso.agent.http.HttpSSOAgent;

/* loaded from: input_file:org/josso/jaspi/agent/JASPISSOAuthModule.class */
public class JASPISSOAuthModule extends JOSSOServerAuthModule {
    public static final String KEY_SESSION_MAP = "org.josso.servlet.agent.sessionMap";
    private static final Log log = LogFactory.getLog(JASPISSOAuthModule.class);
    private static HttpSSOAgent _agent;

    public JASPISSOAuthModule() {
        try {
            if (_agent == null) {
                Lookup lookup = Lookup.getInstance();
                lookup.init("josso-agent-config.xml");
                _agent = lookup.lookupSSOAgent();
                if (log.isDebugEnabled()) {
                    _agent.setDebug(1);
                }
                _agent.start();
            }
        } catch (Exception e) {
            log.error("Error starting SSO Agent : " + e.getMessage(), e);
            throw new RuntimeException("Error starting SSO Agent : " + e.getMessage(), e);
        }
    }

    @Override // org.josso.jaspi.agent.JOSSOServerAuthModule
    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        throw new RuntimeException("Not Applicable");
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.josso.jaspi.agent.JOSSOServerAuthModule
    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageInfo.getRequestMessage();
        HttpServletResponse httpServletResponse = (HttpServletResponse) messageInfo.getResponseMessage();
        if (log.isDebugEnabled()) {
            log.debug("Processing : " + httpServletRequest.getContextPath() + " [" + ((Object) httpServletRequest.getRequestURL()) + "]");
        }
        try {
            try {
                String contextPath = httpServletRequest.getContextPath();
                String serverName = httpServletRequest.getServerName();
                if ("".equals(contextPath)) {
                    contextPath = "/";
                }
                if (!_agent.isPartnerApp(serverName, contextPath)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Context is not a josso partner app : " + httpServletRequest.getContextPath());
                    }
                    AuthStatus authStatus = AuthStatus.SUCCESS;
                    if (log.isDebugEnabled()) {
                        log.debug("Processed : " + httpServletRequest.getContextPath() + " [" + ((Object) httpServletRequest.getRequestURL()) + "]");
                    }
                    return authStatus;
                }
                SSOPartnerAppConfig partnerAppConfig = _agent.getPartnerAppConfig(serverName, contextPath);
                if (partnerAppConfig.isSendP3PHeader() && !httpServletResponse.isCommitted()) {
                    httpServletResponse.setHeader("P3P", partnerAppConfig.getP3PHeaderValue());
                }
                HttpSession session = httpServletRequest.getSession(true);
                if (log.isDebugEnabled()) {
                    log.debug("Checking if its a josso_login_request for '" + httpServletRequest.getRequestURI() + "'");
                }
                if (httpServletRequest.getRequestURI().endsWith(_agent.getJossoLoginUri()) || httpServletRequest.getRequestURI().endsWith(_agent.getJossoUserLoginUri())) {
                    if (log.isDebugEnabled()) {
                        log.debug("josso_login_request received for uri '" + httpServletRequest.getRequestURI() + "'");
                    }
                    if (httpServletRequest.getRequestURI().endsWith(_agent.getJossoUserLoginUri())) {
                        saveLoginBackToURL(httpServletRequest, httpServletResponse, session, true);
                    } else {
                        saveLoginBackToURL(httpServletRequest, httpServletResponse, session, false);
                    }
                    String buildLoginUrl = _agent.buildLoginUrl(httpServletRequest);
                    if (log.isDebugEnabled()) {
                        log.debug("Redirecting to login url '" + buildLoginUrl + "'");
                    }
                    _agent.prepareNonCacheResponse(httpServletResponse);
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(buildLoginUrl));
                    AuthStatus authStatus2 = AuthStatus.SEND_CONTINUE;
                    if (log.isDebugEnabled()) {
                        log.debug("Processed : " + httpServletRequest.getContextPath() + " [" + ((Object) httpServletRequest.getRequestURL()) + "]");
                    }
                    return authStatus2;
                }
                if (log.isDebugEnabled()) {
                    log.debug("Checking if its a josso_logout request for '" + httpServletRequest.getRequestURI() + "'");
                }
                if (httpServletRequest.getRequestURI().endsWith(_agent.getJossoLogoutUri())) {
                    if (log.isDebugEnabled()) {
                        log.debug("josso_logout request received for uri '" + httpServletRequest.getRequestURI() + "'");
                    }
                    String buildLogoutUrl = _agent.buildLogoutUrl(httpServletRequest, partnerAppConfig);
                    if (log.isDebugEnabled()) {
                        log.debug("Redirecting to logout url '" + buildLogoutUrl + "'");
                    }
                    httpServletResponse.addCookie(_agent.newJossoCookie(httpServletRequest.getContextPath(), "-", httpServletRequest.isSecure()));
                    session.invalidate();
                    _agent.prepareNonCacheResponse(httpServletResponse);
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(buildLogoutUrl));
                    AuthStatus authStatus3 = AuthStatus.SEND_CONTINUE;
                    if (log.isDebugEnabled()) {
                        log.debug("Processed : " + httpServletRequest.getContextPath() + " [" + ((Object) httpServletRequest.getRequestURL()) + "]");
                    }
                    return authStatus3;
                }
                if (log.isDebugEnabled()) {
                    log.debug("Checking for SSO cookie");
                }
                Cookie cookie = null;
                Cookie[] cookies = httpServletRequest.getCookies();
                if (cookies == null) {
                    cookies = new Cookie[0];
                }
                int i = 0;
                while (true) {
                    if (i >= cookies.length) {
                        break;
                    }
                    if ("JOSSO_SESSIONID".equals(cookies[i].getName())) {
                        cookie = cookies[i];
                        break;
                    }
                    i++;
                }
                String value = cookie == null ? null : cookie.getValue();
                if (log.isDebugEnabled()) {
                    log.debug("Session is: " + session);
                }
                Map map = (Map) httpServletRequest.getSession().getServletContext().getAttribute(KEY_SESSION_MAP);
                if (map == null) {
                    synchronized (this) {
                        map = (Map) httpServletRequest.getSession().getServletContext().getAttribute(KEY_SESSION_MAP);
                        if (map == null) {
                            map = Collections.synchronizedMap(new HashMap());
                            httpServletRequest.getSession().getServletContext().setAttribute(KEY_SESSION_MAP, map);
                        }
                    }
                }
                LocalSession localSession = (LocalSession) map.get(session.getId());
                if (localSession == null) {
                    localSession = new JASPILocalSession(session);
                    map.put(session.getId(), localSession);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Checking if its a josso_authentication for '" + httpServletRequest.getRequestURI() + "'");
                }
                if (httpServletRequest.getRequestURI().endsWith(_agent.getJossoAuthenticationUri())) {
                    if (log.isDebugEnabled()) {
                        log.debug("josso_authentication received for uri '" + httpServletRequest.getRequestURI() + "'");
                    }
                    _agent.processRequest(doMakeSSOAgentRequest(partnerAppConfig.getId(), 4, value, localSession, null, httpServletRequest, httpServletResponse));
                    AuthStatus authStatus4 = AuthStatus.SEND_CONTINUE;
                    if (log.isDebugEnabled()) {
                        log.debug("Processed : " + httpServletRequest.getContextPath() + " [" + ((Object) httpServletRequest.getRequestURL()) + "]");
                    }
                    return authStatus4;
                }
                if (cookie == null || cookie.getValue().equals("-")) {
                    if (log.isDebugEnabled()) {
                        log.debug("SSO cookie is not present, verifying optional login process ");
                    }
                    if (httpServletRequest.getRequestURI().endsWith(_agent.getJossoSecurityCheckUri()) && httpServletRequest.getParameter("josso_assertion_id") == null) {
                        if (log.isDebugEnabled()) {
                            log.debug(_agent.getJossoSecurityCheckUri() + " received without assertion.  Login Optional Process failed");
                        }
                        String savedRequestURL = getSavedRequestURL(httpServletRequest);
                        _agent.prepareNonCacheResponse(httpServletResponse);
                        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(savedRequestURL));
                        AuthStatus authStatus5 = AuthStatus.SEND_CONTINUE;
                        if (log.isDebugEnabled()) {
                            log.debug("Processed : " + httpServletRequest.getContextPath() + " [" + ((Object) httpServletRequest.getRequestURL()) + "]");
                        }
                        return authStatus5;
                    }
                    if (!httpServletRequest.getRequestURI().endsWith(_agent.getJossoSecurityCheckUri())) {
                        if (!_agent.isResourceIgnored(partnerAppConfig, httpServletRequest) && _agent.isAutomaticLoginRequired(httpServletRequest, httpServletResponse)) {
                            if (log.isDebugEnabled()) {
                                log.debug("SSO cookie is not present, attempting automatic login");
                            }
                            saveRequestURL(httpServletRequest, httpServletResponse);
                            String buildLoginOptionalUrl = _agent.buildLoginOptionalUrl(httpServletRequest);
                            if (log.isDebugEnabled()) {
                                log.debug("Redirecting to login url '" + buildLoginOptionalUrl + "'");
                            }
                            _agent.prepareNonCacheResponse(httpServletResponse);
                            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(buildLoginOptionalUrl));
                            AuthStatus authStatus6 = AuthStatus.SEND_CONTINUE;
                            if (log.isDebugEnabled()) {
                                log.debug("Processed : " + httpServletRequest.getContextPath() + " [" + ((Object) httpServletRequest.getRequestURL()) + "]");
                            }
                            return authStatus6;
                        }
                        if (log.isDebugEnabled()) {
                            log.debug("SSO cookie is not present, but login optional process is not required");
                        }
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("SSO cookie is not present, checking for outbound relaying");
                    }
                    if (!httpServletRequest.getRequestURI().endsWith(_agent.getJossoSecurityCheckUri()) || httpServletRequest.getParameter("josso_assertion_id") == null) {
                        log.debug("SSO cookie not present and relaying was not requested, skipping");
                        AuthStatus authStatus7 = AuthStatus.SUCCESS;
                        if (log.isDebugEnabled()) {
                            log.debug("Processed : " + httpServletRequest.getContextPath() + " [" + ((Object) httpServletRequest.getRequestURL()) + "]");
                        }
                        return authStatus7;
                    }
                }
                if (_agent.isResourceIgnored(partnerAppConfig, httpServletRequest)) {
                    AuthStatus authStatus8 = AuthStatus.SUCCESS;
                    if (log.isDebugEnabled()) {
                        log.debug("Processed : " + httpServletRequest.getContextPath() + " [" + ((Object) httpServletRequest.getRequestURL()) + "]");
                    }
                    return authStatus8;
                }
                if (log.isDebugEnabled()) {
                    log.debug("Session is: " + session);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Executing agent...");
                }
                if (log.isDebugEnabled()) {
                    log.debug("Checking if its a josso_security_check for '" + httpServletRequest.getRequestURI() + "'");
                }
                if (!httpServletRequest.getRequestURI().endsWith(_agent.getJossoSecurityCheckUri()) || httpServletRequest.getParameter("josso_assertion_id") == null) {
                    if (log.isDebugEnabled()) {
                        log.debug("Creating Security Context for Session [" + session + "]");
                    }
                    SSOAgentRequest doMakeSSOAgentRequest = doMakeSSOAgentRequest(partnerAppConfig.getId(), 1, value, localSession, null, httpServletRequest, httpServletResponse);
                    SingleSignOnEntry processRequest = _agent.processRequest(doMakeSSOAgentRequest);
                    if (log.isDebugEnabled()) {
                        log.debug("Executed agent.");
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Process request for '" + httpServletRequest.getRequestURI() + "'");
                    }
                    if (processRequest != null) {
                        if (log.isDebugEnabled()) {
                            log.debug("Principal '" + processRequest.principal + "' has already been authenticated");
                        }
                        if (!subject.getPrincipals().contains(processRequest.principal)) {
                            subject.getPrincipals().add(processRequest.principal);
                        }
                        Principal[] roleSets = _agent.getRoleSets(partnerAppConfig.getId(), processRequest.ssoId, doMakeSSOAgentRequest.getNodeId());
                        for (int i2 = 0; i2 < roleSets.length; i2++) {
                            if (!subject.getPrincipals().contains(roleSets[i2])) {
                                subject.getPrincipals().add(roleSets[i2]);
                                log.debug("Added SSORole Principal to the Subject : " + roleSets[i2]);
                            }
                        }
                        registerWithCallbackHandler(processRequest.principal, processRequest.principal.getName(), processRequest.ssoId);
                    } else {
                        log.debug("No Valid SSO Session, attempt an optional login?");
                        if (cookie != null) {
                            cookie = _agent.newJossoCookie(httpServletRequest.getContextPath(), "-", httpServletRequest.isSecure());
                            httpServletResponse.addCookie(cookie);
                        }
                        if (cookie != null || (getSavedRequestURL(httpServletRequest) == null && _agent.isAutomaticLoginRequired(httpServletRequest, httpServletResponse))) {
                            if (log.isDebugEnabled()) {
                                log.debug("SSO Session is not valid, attempting automatic login");
                            }
                            saveRequestURL(httpServletRequest, httpServletResponse);
                            String buildLoginOptionalUrl2 = _agent.buildLoginOptionalUrl(httpServletRequest);
                            if (log.isDebugEnabled()) {
                                log.debug("Redirecting to login url '" + buildLoginOptionalUrl2 + "'");
                            }
                            _agent.prepareNonCacheResponse(httpServletResponse);
                            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(buildLoginOptionalUrl2));
                            AuthStatus authStatus9 = AuthStatus.SEND_CONTINUE;
                            if (log.isDebugEnabled()) {
                                log.debug("Processed : " + httpServletRequest.getContextPath() + " [" + ((Object) httpServletRequest.getRequestURL()) + "]");
                            }
                            return authStatus9;
                        }
                        if (log.isDebugEnabled()) {
                            log.debug("SSO cookie is not present, but login optional process is not required");
                        }
                    }
                    httpServletRequest.setAttribute("org.josso.agent.gateway-login-url", _agent.getGatewayLoginUrl());
                    httpServletRequest.setAttribute("org.josso.agent.gateway-logout-url", _agent.getGatewayLogoutUrl());
                    httpServletRequest.setAttribute("org.josso.agent.ssoSessionid", value);
                    clearSavedRequestURLs(httpServletRequest, httpServletResponse);
                    AuthStatus authStatus10 = AuthStatus.SUCCESS;
                    if (log.isDebugEnabled()) {
                        log.debug("Processed : " + httpServletRequest.getContextPath() + " [" + ((Object) httpServletRequest.getRequestURL()) + "]");
                    }
                    return authStatus10;
                }
                if (log.isDebugEnabled()) {
                    log.debug("josso_security_check received for uri '" + httpServletRequest.getRequestURI() + "' assertion id '" + httpServletRequest.getParameter("josso_assertion_id"));
                }
                String parameter = httpServletRequest.getParameter("josso_assertion_id");
                if (log.isDebugEnabled()) {
                    log.debug("Outbound relaying requested for assertion id [" + parameter + "]");
                }
                JASPISSOAgentRequest doMakeSSOAgentRequest2 = doMakeSSOAgentRequest(partnerAppConfig.getId(), 2, null, localSession, parameter, httpServletRequest, httpServletResponse);
                SingleSignOnEntry processRequest2 = _agent.processRequest(doMakeSSOAgentRequest2);
                if (processRequest2 == null) {
                    if (log.isDebugEnabled()) {
                        log.debug("Outbound relaying failed for assertion id [" + parameter + "], no Principal found.");
                    }
                    throw new RuntimeException("Outbound relaying failed. No Principal found. Verify your SSO Agent Configuration!");
                }
                if (!subject.getPrincipals().contains(processRequest2.principal)) {
                    subject.getPrincipals().add(processRequest2.principal);
                }
                Principal[] roleSets2 = _agent.getRoleSets(partnerAppConfig.getId(), processRequest2.ssoId, doMakeSSOAgentRequest2.getNodeId());
                for (int i3 = 0; i3 < roleSets2.length; i3++) {
                    if (!subject.getPrincipals().contains(roleSets2[i3])) {
                        subject.getPrincipals().add(roleSets2[i3]);
                        log.debug("Added SSORole Principal to the Subject : " + roleSets2[i3]);
                    }
                }
                registerWithCallbackHandler(processRequest2.principal, processRequest2.principal.getName(), processRequest2.ssoId);
                if (log.isDebugEnabled()) {
                    log.debug("Outbound relaying succesfull for assertion id [" + parameter + "]");
                }
                if (log.isDebugEnabled()) {
                    log.debug("Assertion id [" + parameter + "] mapped to SSO session id [" + processRequest2.ssoId + "]");
                }
                httpServletResponse.addCookie(_agent.newJossoCookie(httpServletRequest.getContextPath(), processRequest2.ssoId, httpServletRequest.isSecure()));
                String savedSplashResource = getSavedSplashResource(httpServletRequest);
                if (savedSplashResource == null) {
                    savedSplashResource = getSavedRequestURL(httpServletRequest);
                    if (savedSplashResource == null) {
                        savedSplashResource = partnerAppConfig.getDefaultResource() != null ? partnerAppConfig.getDefaultResource() : httpServletRequest.getRequestURI().substring(0, httpServletRequest.getRequestURI().length() - _agent.getJossoSecurityCheckUri().length());
                        String singlePointOfAccess = _agent.getSinglePointOfAccess();
                        if (singlePointOfAccess != null) {
                            savedSplashResource = singlePointOfAccess + savedSplashResource;
                        } else {
                            String header = httpServletRequest.getHeader("Josso-ReversE-Proxy");
                            if (header != null) {
                                savedSplashResource = header + savedSplashResource;
                            }
                        }
                        if (log.isDebugEnabled()) {
                            log.debug("No saved request found, using : '" + savedSplashResource + "'");
                        }
                    }
                }
                _agent.clearAutomaticLoginReferer(httpServletRequest, httpServletResponse);
                _agent.prepareNonCacheResponse(httpServletResponse);
                String postAuthenticationResource = partnerAppConfig.getPostAuthenticationResource();
                if (postAuthenticationResource != null) {
                    String buildPostAuthUrl = _agent.buildPostAuthUrl(httpServletResponse, savedSplashResource, postAuthenticationResource);
                    if (log.isDebugEnabled()) {
                        log.debug("Redirecting to post-auth-resource '" + buildPostAuthUrl + "'");
                    }
                    httpServletResponse.sendRedirect(buildPostAuthUrl);
                } else {
                    if (log.isDebugEnabled()) {
                        log.debug("Redirecting to original '" + savedSplashResource + "'");
                    }
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(savedSplashResource));
                }
                AuthStatus authStatus11 = AuthStatus.SEND_SUCCESS;
                if (log.isDebugEnabled()) {
                    log.debug("Processed : " + httpServletRequest.getContextPath() + " [" + ((Object) httpServletRequest.getRequestURL()) + "]");
                }
                return authStatus11;
            } catch (Throwable th) {
                throw new AuthException(th.getMessage());
            }
        } catch (Throwable th2) {
            if (log.isDebugEnabled()) {
                log.debug("Processed : " + httpServletRequest.getContextPath() + " [" + ((Object) httpServletRequest.getRequestURL()) + "]");
            }
            throw th2;
        }
    }

    protected SSOAgentRequest doMakeSSOAgentRequest(String str, int i, String str2, LocalSession localSession, String str3, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        JASPISSOAgentRequest jASPISSOAgentRequest = new JASPISSOAgentRequest(str, i, str2, localSession, str3);
        jASPISSOAgentRequest.setRequest(httpServletRequest);
        jASPISSOAgentRequest.setResponse(httpServletResponse);
        return jASPISSOAgentRequest;
    }

    private String getSavedRequestURL(HttpServletRequest httpServletRequest) {
        return _agent.getAttribute(httpServletRequest, "JOSSO_SAVED_REQUEST");
    }

    private String getSavedSplashResource(HttpServletRequest httpServletRequest) {
        return _agent.getAttribute(httpServletRequest, "josso_splash_resource");
    }

    private void saveRequestURL(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        StringBuffer stringBuffer = new StringBuffer(httpServletRequest.getRequestURI());
        if (httpServletRequest.getQueryString() != null) {
            String queryString = httpServletRequest.getQueryString();
            if (!queryString.startsWith("?")) {
                stringBuffer.append('?');
            }
            stringBuffer.append(queryString);
        }
        _agent.setAttribute(httpServletRequest, httpServletResponse, "JOSSO_SAVED_REQUEST", stringBuffer.toString());
    }

    protected void saveLoginBackToURL(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession, boolean z) {
        String header = httpServletRequest.getHeader("referer");
        if ((getSavedRequestURL(httpServletRequest) != null && !z) || header == null || header.equals("")) {
            return;
        }
        _agent.setAttribute(httpServletRequest, httpServletResponse, "JOSSO_SAVED_REQUEST", header);
    }

    protected void clearSavedRequestURLs(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        _agent.removeAttribute(httpServletRequest, httpServletResponse, "JOSSO_SAVED_REQUEST");
        _agent.removeAttribute(httpServletRequest, httpServletResponse, "josso_splash_resource");
    }
}
