package org.josso.agent.http;

import ch.qos.logback.classic.spi.CallerData;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpUtils;
import org.apache.axis.transport.http.HTTPConstants;
import org.josso.agent.AbstractSSOAgent;
import org.josso.agent.Constants;
import org.josso.agent.SSOAgentRequest;
import org.josso.agent.SSOPartnerAppConfig;
import org.josso.auth.util.CipherUtil;
import org.josso.gateway.SSONameValuePair;
import org.josso.gateway.identity.SSORole;
import org.josso.gateway.identity.service.SSOIdentityManagerService;
import org.springframework.aop.framework.autoproxy.target.QuickTargetSourceCreator;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;

/* loaded from: input_file:WEB-INF/lib/josso-agent-1.8.10-SNAPSHOT.jar:org/josso/agent/http/HttpSSOAgent.class */
public abstract class HttpSSOAgent extends AbstractSSOAgent {
    private static final String DEFAULT_JOSSO_LOGIN_URI = "/josso_login/";
    private static final String DEFAULT_JOSSO_USER_LOGIN_URI = "/josso_user_login/";
    private static final String DEFAULT_JOSSO_SECURITY_CHECK_URI = "/josso_security_check";
    private static final String DEFAULT_JOSSO_LOGOUT_URI = "/josso_logout/";
    private static final String DEFAULT_JOSSO_AUTHENTICATION_URI = "/josso_authentication/";
    private String _uriEncoding;
    private String _jossoLoginUri = DEFAULT_JOSSO_LOGIN_URI;
    private String _jossoUserLoginUri = DEFAULT_JOSSO_USER_LOGIN_URI;
    private String _jossoSecurityCheckUri = DEFAULT_JOSSO_SECURITY_CHECK_URI;
    private String _jossoLogoutUri = DEFAULT_JOSSO_LOGOUT_URI;
    private String _jossoAuthenticationUri = DEFAULT_JOSSO_AUTHENTICATION_URI;
    private List<FrontChannelParametersBuilder> _builders = new ArrayList();
    private List<AutomaticLoginStrategy> _automaticStrategies = new ArrayList();

    @Override // org.josso.agent.AbstractSSOAgent, org.josso.agent.SSOAgent
    public void start() {
        super.start();
        if (this._automaticStrategies.isEmpty()) {
            this._automaticStrategies.add(new DefaultAutomaticLoginStrategy(Constants.JOSSO_AUTH_LOGIN_SUFFICIENT));
        }
        for (AutomaticLoginStrategy automaticLoginStrategy : this._automaticStrategies) {
            if (automaticLoginStrategy instanceof AbstractAutomaticLoginStrategy) {
                ((AbstractAutomaticLoginStrategy) automaticLoginStrategy).setAgent(this);
            }
        }
    }

    @Override // org.josso.agent.AbstractSSOAgent
    protected boolean isAuthenticationAlwaysRequired() {
        return false;
    }

    /* JADX WARN: Removed duplicated region for block: B:23:0x0138  */
    /* JADX WARN: Removed duplicated region for block: B:38:0x0208  */
    @Override // org.josso.agent.AbstractSSOAgent
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void propagateSecurityContext(org.josso.agent.SSOAgentRequest r6, java.security.Principal r7) {
        /*
            Method dump skipped, instructions count: 845
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.josso.agent.http.HttpSSOAgent.propagateSecurityContext(org.josso.agent.SSOAgentRequest, java.security.Principal):void");
    }

    public boolean isAutomaticLoginRequired(HttpServletRequest httpServletRequest) {
        return isAutomaticLoginRequired(httpServletRequest, null);
    }

    public boolean isAutomaticLoginRequired(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Boolean bool = null;
        Boolean bool2 = null;
        Iterator<AutomaticLoginStrategy> it = this._automaticStrategies.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            AutomaticLoginStrategy next = it.next();
            if (next.getMode().equals(Constants.JOSSO_AUTH_LOGIN_SUFFICIENT) && next.isAutomaticLoginRequired(httpServletRequest, httpServletResponse)) {
                bool2 = true;
                break;
            }
            if (next.getMode().equals(Constants.JOSSO_AUTH_LOGIN_REQUIRED)) {
                if (!next.isAutomaticLoginRequired(httpServletRequest, httpServletResponse)) {
                    bool = false;
                } else if (bool == null) {
                    bool = true;
                }
            }
            if (next.getMode().equals(Constants.JOSSO_AUTH_LOGIN_OPTIONAL)) {
                next.isAutomaticLoginRequired(httpServletRequest, httpServletResponse);
            }
        }
        return bool != null ? bool.booleanValue() : bool2 != null && bool2.booleanValue();
    }

    public void clearAutomaticLoginReferer(HttpServletRequest httpServletRequest) {
        clearAutomaticLoginReferer(httpServletRequest, null);
    }

    public void clearAutomaticLoginReferer(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        removeAttribute(httpServletRequest, httpServletResponse, "JOSSO_AUTOMATIC_LOGIN_REFERER");
    }

    public String buildLogoutUrl(HttpServletRequest httpServletRequest) {
        return buildLogoutUrl(httpServletRequest, "/");
    }

    public String buildLogoutUrl(HttpServletRequest httpServletRequest, SSOPartnerAppConfig sSOPartnerAppConfig) {
        return buildLogoutUrl(httpServletRequest, sSOPartnerAppConfig.getDefaultResource() != null ? sSOPartnerAppConfig.getDefaultResource() : "/");
    }

    public String buildLogoutUrl(HttpServletRequest httpServletRequest, String str) {
        SSOPartnerAppConfig partnerAppConfig = getPartnerAppConfig(httpServletRequest.getServerName(), httpServletRequest.getContextPath());
        String gatewayLogoutUrl = (partnerAppConfig == null || partnerAppConfig.getGatewayLoginUrl() == null) ? getGatewayLogoutUrl() : partnerAppConfig.getGatewayLogoutUrl();
        String buildBackToURL = buildBackToURL(httpServletRequest, str);
        return (gatewayLogoutUrl + (gatewayLogoutUrl.indexOf(63) >= 0 ? BeanFactory.FACTORY_BEAN_PREFIX : CallerData.NA) + "josso_back_to=" + (buildBackToURL != null ? buildBackToURL : "NA")) + buildLogoutUrlParams(httpServletRequest);
    }

    public String buildLoginUrl(HttpServletRequest httpServletRequest) {
        SSOPartnerAppConfig partnerAppConfig = getPartnerAppConfig(httpServletRequest.getServerName(), httpServletRequest.getContextPath());
        String gatewayLoginUrl = (partnerAppConfig == null || partnerAppConfig.getGatewayLoginUrl() == null) ? getGatewayLoginUrl() : partnerAppConfig.getGatewayLoginUrl();
        String buildBackToURL = buildBackToURL(httpServletRequest, getJossoSecurityCheckUri());
        return (gatewayLoginUrl + (gatewayLoginUrl.indexOf(63) >= 0 ? BeanFactory.FACTORY_BEAN_PREFIX : CallerData.NA) + "josso_back_to=" + (buildBackToURL != null ? buildBackToURL : "NA")) + buildLoginUrlParams(httpServletRequest);
    }

    public String buildLoginOptionalUrl(HttpServletRequest httpServletRequest) {
        SSOPartnerAppConfig partnerAppConfig = getPartnerAppConfig(httpServletRequest.getServerName(), httpServletRequest.getContextPath());
        String gatewayLoginUrl = (partnerAppConfig == null || partnerAppConfig.getGatewayLoginUrl() == null) ? getGatewayLoginUrl() : partnerAppConfig.getGatewayLoginUrl();
        String buildBackToURL = buildBackToURL(httpServletRequest, getJossoSecurityCheckUri());
        String str = gatewayLoginUrl + (gatewayLoginUrl.indexOf(63) >= 0 ? BeanFactory.FACTORY_BEAN_PREFIX : CallerData.NA) + "josso_cmd=login_optional";
        return (buildBackToURL != null ? str + "&josso_back_to=" + buildBackToURL : str + "&josso_back_to=NA") + buildLoginUrlParams(httpServletRequest);
    }

    public String buildBackToURL(HttpServletRequest httpServletRequest, String str) {
        String str2;
        SSOPartnerAppConfig partnerAppConfig = getPartnerAppConfig(httpServletRequest.getServerName(), httpServletRequest.getContextPath());
        if (partnerAppConfig != null && partnerAppConfig.isDisableBackTo()) {
            return null;
        }
        String contextPath = httpServletRequest.getContextPath();
        if (contextPath == null || "".equals(contextPath)) {
            contextPath = "/";
        }
        String header = httpServletRequest.getHeader(org.josso.gateway.Constants.JOSSO_REVERSE_PROXY_HEADER);
        String singlePointOfAccess = getSinglePointOfAccess();
        if (singlePointOfAccess != null) {
            if (this.debug >= 1) {
                log("josso_back_to option : singlePointOfAccess: " + singlePointOfAccess);
            }
            str2 = singlePointOfAccess + contextPath + str;
        } else if (header != null) {
            if (this.debug >= 1) {
                log("josso_back_to option : reverse-proxy-host: " + header);
            }
            str2 = header + contextPath + str;
        } else {
            try {
                URL url = new URL(HttpUtils.getRequestURL(httpServletRequest).toString());
                str2 = (url.getProtocol() + "://" + url.getHost() + (url.getPort() > 0 ? QuickTargetSourceCreator.PREFIX_COMMONS_POOL + url.getPort() : "")) + (contextPath.endsWith("/") ? contextPath.substring(0, contextPath.length() - 1) : contextPath) + str;
            } catch (MalformedURLException e) {
                throw new RuntimeException(e);
            }
        }
        if (this.debug >= 1) {
            log("Using josso_back_to : " + str2);
        }
        return str2;
    }

    public String buildPostAuthUrl(HttpServletResponse httpServletResponse, String str, String str2) {
        return httpServletResponse.encodeRedirectURL(str2 + "?josso_original_resource=" + httpServletResponse.encodeURL(str.replaceAll(BeanFactory.FACTORY_BEAN_PREFIX, "%26").replaceAll("\\?", "%3F")));
    }

    public Cookie newJossoCookie(String str, String str2, boolean z) {
        if (str == null || "".equals(str)) {
            str = "/";
        }
        Cookie cookie = new Cookie(org.josso.gateway.Constants.JOSSO_SINGLE_SIGN_ON_COOKIE, str2);
        cookie.setMaxAge(-1);
        cookie.setPath(str);
        cookie.setSecure(z);
        return cookie;
    }

    public String buildAutomaticSubmitForm(HttpServletRequest httpServletRequest) {
        return null;
    }

    protected String buildLoginUrlParams(HttpServletRequest httpServletRequest) {
        SSOPartnerAppConfig partnerAppConfig = super.getPartnerAppConfig(httpServletRequest.getServerName(), httpServletRequest.getContextPath());
        String str = "";
        Iterator<FrontChannelParametersBuilder> it = this._builders.iterator();
        while (it.hasNext()) {
            for (SSONameValuePair sSONameValuePair : it.next().buildParamters(partnerAppConfig, httpServletRequest)) {
                str = str + BeanFactory.FACTORY_BEAN_PREFIX + sSONameValuePair.getName() + "=" + sSONameValuePair.getValue();
            }
        }
        return str;
    }

    protected String buildLogoutUrlParams(HttpServletRequest httpServletRequest) {
        SSOPartnerAppConfig partnerAppConfig = super.getPartnerAppConfig(httpServletRequest.getServerName(), httpServletRequest.getContextPath());
        String str = "";
        Iterator<FrontChannelParametersBuilder> it = this._builders.iterator();
        while (it.hasNext()) {
            for (SSONameValuePair sSONameValuePair : it.next().buildParamters(partnerAppConfig, httpServletRequest)) {
                str = str + BeanFactory.FACTORY_BEAN_PREFIX + sSONameValuePair.getName() + "=" + sSONameValuePair.getValue();
            }
        }
        return str;
    }

    @Override // org.josso.agent.AbstractSSOAgent
    protected void sendCustomAuthentication(SSOAgentRequest sSOAgentRequest) throws IOException {
        String stringBuffer;
        HttpServletRequest request = ((HttpSSOAgentRequest) sSOAgentRequest).getRequest();
        HttpServletResponse response = ((HttpSSOAgentRequest) sSOAgentRequest).getResponse();
        prepareNonCacheResponse(response);
        SSOPartnerAppConfig partnerAppConfig = getPartnerAppConfig(request.getServerName(), request.getContextPath());
        if (request.getRequestURI().endsWith(getJossoAuthenticationUri())) {
            stringBuffer = request.getParameter(Constants.JOSSO_SPLASH_RESOURCE_PARAMETER);
            if ((stringBuffer == null || "".equals(stringBuffer)) && partnerAppConfig != null) {
                stringBuffer = partnerAppConfig.getSplashResource();
            }
        } else {
            if (this.debug > 0) {
                log("sendCustomAuthentication executed but URL does not match AUTHENTICATION URI");
            }
            StringBuffer stringBuffer2 = new StringBuffer(request.getRequestURI());
            if (request.getQueryString() != null) {
                stringBuffer2.append('?');
                stringBuffer2.append(request.getQueryString());
            }
            String[] strArr = new String[1];
            stringBuffer = stringBuffer2.toString();
        }
        if (this.debug > 0) {
            log("Storing Splash resource '" + stringBuffer + "'");
        }
        setAttribute(request, response, Constants.JOSSO_SPLASH_RESOURCE_PARAMETER, stringBuffer);
        StringBuilder sb = new StringBuilder();
        sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\"\n\"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\">\n<body onload=\"document.forms[0].submit()\">\n<noscript>\n<p>\n<strong>Note:</strong> Since your browser does not support JavaScript,\nyou must press the Continue button once to proceed.\n</p>\n</noscript>\n<form action=\"").append(getGatewayLoginUrl()).append("\" method=\"post\" name=\"usernamePasswordLoginForm\" enctype=\"application/x-www-form-urlencoded\">\n        <div>");
        Enumeration parameterNames = request.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            String parameter = request.getParameter(str);
            if (!Constants.JOSSO_SPLASH_RESOURCE_PARAMETER.equals(str)) {
                sb.append("\n            <input type=\"hidden\" value=\"").append(parameter).append("\" name=\"").append(str).append("\" />");
            }
        }
        sb.append("\n            <noscript><input type=\"submit\" value=\"Continue\"/></noscript>\n        </div>\n</form>\n</body>\n</html>");
        response.setContentType("text/html");
        PrintWriter writer = response.getWriter();
        writer.print(sb.toString());
        if (this.debug >= 1) {
            log("Sending an automatic post form : \n" + sb.toString());
        }
        writer.flush();
    }

    public void prepareNonCacheResponse(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader(HTTPConstants.HEADER_CACHE_CONTROL, HTTPConstants.HEADER_CACHE_CONTROL_NOCACHE);
        httpServletResponse.setHeader(HTTPConstants.HEADER_PRAGMA, HTTPConstants.HEADER_CACHE_CONTROL_NOCACHE);
        httpServletResponse.setHeader("Expires", CustomBooleanEditor.VALUE_0);
    }

    public boolean isResourceIgnored(SSOPartnerAppConfig sSOPartnerAppConfig, HttpServletRequest httpServletRequest) {
        String[] ignoredUrlPatterns = sSOPartnerAppConfig.getIgnoredUrlPatterns();
        if (this.debug >= 1) {
            log("Found [" + (ignoredUrlPatterns != null ? ignoredUrlPatterns.length + "" : CustomBooleanEditor.VALUE_NO) + "] ignored url patterns ");
        }
        if (ignoredUrlPatterns == null || ignoredUrlPatterns.length <= 0) {
            return false;
        }
        String servletPath = httpServletRequest.getServletPath();
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo != null) {
            servletPath = servletPath + pathInfo;
        }
        for (String str : ignoredUrlPatterns) {
            if (matchPattern(servletPath, str)) {
                if (this.debug < 1) {
                    return true;
                }
                log("Not subject to SSO protection :  url-pattern:" + str);
                return true;
            }
        }
        return false;
    }

    protected boolean matchPattern(String str, String str2) {
        if (str == null || str.length() == 0) {
            str = "/";
        }
        if (str2 == null || str2.length() == 0) {
            str2 = "/";
        }
        if (str.equals(str2)) {
            return true;
        }
        if (!str2.startsWith("/") || !str2.endsWith("/*")) {
            if (!str2.startsWith("*.")) {
                return str2.equals("/");
            }
            int lastIndexOf = str.lastIndexOf(47);
            return lastIndexOf >= 0 && str.lastIndexOf(46) > lastIndexOf && str.endsWith(str2.substring(1));
        }
        String substring = str2.substring(0, str2.length() - 2);
        if (substring.length() == 0) {
            return true;
        }
        if (str.endsWith("/")) {
            str = str.substring(0, str.length() - 1);
        }
        while (!substring.equals(str)) {
            int lastIndexOf2 = str.lastIndexOf(47);
            if (lastIndexOf2 <= 0) {
                return false;
            }
            str = str.substring(0, lastIndexOf2);
        }
        return true;
    }

    public SSORole[] getRoleSets(String str, String str2, String str3) {
        AbstractSSOAgent.NodeServices nodeServices;
        try {
            SSOIdentityManagerService identityManagerService = _currentRequest.get().getConfig(this).getIdentityManagerService();
            if (identityManagerService == null) {
                identityManagerService = getSSOIdentityManager();
                if (str3 != null && !"".equals(str3) && (nodeServices = this.servicesByNode.get(str3)) != null && nodeServices.getIm() != null) {
                    identityManagerService = nodeServices.getIm();
                }
            }
            return identityManagerService.findRolesBySSOSessionId(str, str2);
        } catch (Exception e) {
            log("Error finding roles for : " + str2, e);
            throw new RuntimeException("Error finding roles for : " + str2);
        }
    }

    public String getJossoLoginUri() {
        return this._jossoLoginUri;
    }

    public void setJossoLoginUri(String str) {
        this._jossoLoginUri = str;
    }

    public String getJossoUserLoginUri() {
        return this._jossoUserLoginUri;
    }

    public void setJossoUserLoginUri(String str) {
        this._jossoUserLoginUri = str;
    }

    public String getJossoSecurityCheckUri() {
        return this._jossoSecurityCheckUri;
    }

    public void setJossoSecurityCheckUri(String str) {
        this._jossoSecurityCheckUri = str;
    }

    public String getJossoLogoutUri() {
        return this._jossoLogoutUri;
    }

    public void setJossoLogoutUri(String str) {
        this._jossoLogoutUri = str;
    }

    public String getJossoAuthenticationUri() {
        return this._jossoAuthenticationUri;
    }

    public void setJossoAuthenticationUri(String str) {
        this._jossoAuthenticationUri = str;
    }

    public void setParametersBuilders(List<FrontChannelParametersBuilder> list) {
        this._builders = list;
    }

    public List<FrontChannelParametersBuilder> getParametersBuilders() {
        return this._builders;
    }

    public void setAttribute(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        String str3;
        if (!isStateOnClient()) {
            log("Storing attribute " + str + "=" + str2 + " server side");
            httpServletRequest.getSession().setAttribute(str, str2);
            return;
        }
        Set set = (Set) httpServletRequest.getAttribute("org.josso.attrs.removed");
        if (set == null) {
            set = new HashSet();
        }
        if (set.contains(str)) {
            set.remove(str);
        }
        log("Storing attribute " + str + "=" + str2 + " client side");
        if (httpServletResponse == null) {
            throw new IllegalArgumentException("HTTP Servlet response cannot be null.  Are you using any deprecated operations?");
        }
        try {
            str3 = URLEncoder.encode(CipherUtil.encodeBase64(str2.getBytes("UTF-8")), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            log("Base64 encoding failed : " + str2, e);
            str3 = str2;
        }
        Cookie cookie = new Cookie(str, str3);
        cookie.setPath(httpServletRequest.getContextPath().equals("") ? "/" : httpServletRequest.getContextPath());
        cookie.setMaxAge(-1);
        cookie.setSecure(httpServletRequest.isSecure());
        httpServletResponse.addCookie(cookie);
        httpServletRequest.setAttribute(str, str2);
    }

    public String getAttribute(HttpServletRequest httpServletRequest, String str) {
        String str2;
        if (!isStateOnClient()) {
            return (String) httpServletRequest.getSession().getAttribute(str);
        }
        Set set = (Set) httpServletRequest.getAttribute("org.josso.attrs.removed");
        if (set == null) {
            set = new HashSet();
        }
        if (set.contains(str)) {
            return null;
        }
        String str3 = (String) httpServletRequest.getAttribute(str);
        if (str3 != null && !"".equals(str3)) {
            return str3;
        }
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(str)) {
                String value = cookie.getValue();
                try {
                    value = URLDecoder.decode(value, "UTF-8");
                    str2 = new String(CipherUtil.decodeBase64(value));
                } catch (UnsupportedEncodingException e) {
                    log("Base64 decoding failed : " + value, e);
                    str2 = value;
                }
                if (str2 == null || str2.equals("-") || str2.equals("")) {
                    return null;
                }
                return str2;
            }
        }
        return null;
    }

    public void removeAttribute(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        if (!isStateOnClient()) {
            log("Remove attribute " + str + " from server side");
            httpServletRequest.getSession().removeAttribute(str);
            return;
        }
        Set set = (Set) httpServletRequest.getAttribute("org.josso.attrs.removed");
        if (set == null) {
            set = new HashSet();
        }
        log("Remove attribute " + str + " from client side");
        Cookie cookie = new Cookie(str, "-");
        cookie.setPath(httpServletRequest.getContextPath());
        cookie.setMaxAge(0);
        cookie.setSecure(httpServletRequest.isSecure());
        httpServletResponse.addCookie(cookie);
        set.add(str);
        httpServletRequest.removeAttribute(str);
    }

    public List<AutomaticLoginStrategy> getAutomaticLoginStrategies() {
        return this._automaticStrategies;
    }

    public void setAutomaticLoginStrategies(List<AutomaticLoginStrategy> list) {
        this._automaticStrategies = list;
    }

    public void setUriEncoding(String str) {
        this._uriEncoding = str;
    }

    public String getUriEncoding() {
        return this._uriEncoding;
    }

    public boolean isAgentReservedUri(String str, String str2) {
        if (str2 == null) {
            return false;
        }
        if (str == null) {
            str = "";
        }
        return str2.startsWith(new StringBuilder().append(str).append(getJossoLoginUri()).toString()) || str2.startsWith(new StringBuilder().append(str).append(getJossoSecurityCheckUri()).toString()) || str2.startsWith(new StringBuilder().append(str).append(getJossoLogoutUri()).toString()) || str2.startsWith(new StringBuilder().append(str).append(getJossoUserLoginUri()).toString());
    }
}
