package org.josso.wls81.agent;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.log4j.spi.LocationInfo;
import org.josso.agent.Constants;
import org.josso.agent.LocalSession;
import org.josso.agent.Lookup;
import org.josso.agent.SSOAgentRequest;
import org.josso.agent.SSOPartnerAppConfig;
import org.josso.agent.SingleSignOnEntry;
import org.josso.agent.http.WebAccessControlUtil;
import org.josso.servlet.agent.GenericServletLocalSession;
import org.josso.servlet.agent.GenericServletSSOAgentRequest;
import org.springframework.transaction.interceptor.RuleBasedTransactionAttribute;
import weblogic.servlet.security.ServletAuthentication;

/* loaded from: input_file:WEB-INF/lib/josso-weblogic81-agent-1.8.8.jar:org/josso/wls81/agent/WLSAgentServletFilter.class */
public class WLSAgentServletFilter implements Filter {
    private static final String KEY_SESSION_MAP = "org.josso.servlet.agent.sessionMap";
    private WLSSSOAgent _agent;
    private static final Log log;
    static Class class$org$josso$wls81$agent$WLSAgentServletFilter;

    public void init(FilterConfig filterConfig) throws ServletException {
        filterConfig.getServletContext().setAttribute(KEY_SESSION_MAP, new HashMap());
        if (this._agent == null) {
            try {
                Lookup lookup = Lookup.getInstance();
                lookup.init("josso-agent-config.xml");
                this._agent = (WLSSSOAgent) lookup.lookupSSOAgent();
                if (log.isDebugEnabled()) {
                    this._agent.setDebug(1);
                }
                this._agent.start();
                filterConfig.getServletContext().setAttribute(Constants.Package, this._agent);
            } catch (Exception e) {
                throw new ServletException(new StringBuffer().append("Error starting SSO Agent : ").append(e.getMessage()).toString(), e);
            }
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("Processing : ").append(httpServletRequest.getContextPath()).append(" [").append((Object) httpServletRequest.getRequestURL()).append("]").toString());
        }
        try {
            String contextPath = httpServletRequest.getContextPath();
            if ("".equals(contextPath)) {
                contextPath = "/";
            }
            if (!this._agent.isPartnerApp(servletRequest.getServerName(), contextPath)) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                log.warn("JOSSO WLS 8.1 Filter is running on a non-JOSSO Partner application!");
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("Processed : ").append(httpServletRequest.getContextPath()).append(" [").append((Object) httpServletRequest.getRequestURL()).append("]").toString());
                    return;
                }
                return;
            }
            SSOPartnerAppConfig partnerAppConfig = this._agent.getPartnerAppConfig(servletRequest.getServerName(), contextPath);
            if (partnerAppConfig.isSendP3PHeader() && !httpServletResponse.isCommitted()) {
                httpServletResponse.setHeader("P3P", partnerAppConfig.getP3PHeaderValue());
            }
            HttpSession session = httpServletRequest.getSession(true);
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("Checking if its a josso_login_request for '").append(httpServletRequest.getRequestURI()).append("'").toString());
            }
            if (httpServletRequest.getRequestURI().endsWith(this._agent.getJossoLoginUri()) || httpServletRequest.getRequestURI().endsWith(this._agent.getJossoUserLoginUri())) {
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("josso_login_request received for uri '").append(httpServletRequest.getRequestURI()).append("'").toString());
                }
                if (httpServletRequest.getRequestURI().endsWith(this._agent.getJossoUserLoginUri())) {
                    saveLoginBackToURL(httpServletRequest, httpServletResponse, session, true);
                } else {
                    saveLoginBackToURL(httpServletRequest, httpServletResponse, session, false);
                }
                String buildLoginUrl = this._agent.buildLoginUrl(httpServletRequest);
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("Redirecting to login url '").append(buildLoginUrl).append("'").toString());
                }
                this._agent.prepareNonCacheResponse(httpServletResponse);
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(buildLoginUrl));
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("Processed : ").append(httpServletRequest.getContextPath()).append(" [").append((Object) httpServletRequest.getRequestURL()).append("]").toString());
                    return;
                }
                return;
            }
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("Checking if its a josso_logout request for '").append(httpServletRequest.getRequestURI()).append("'").toString());
            }
            if (httpServletRequest.getRequestURI().endsWith(this._agent.getJossoLogoutUri())) {
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("josso_logout request received for uri '").append(httpServletRequest.getRequestURI()).append("'").toString());
                }
                String buildLogoutUrl = this._agent.buildLogoutUrl(httpServletRequest, partnerAppConfig);
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("Redirecting to logout url '").append(buildLogoutUrl).append("'").toString());
                }
                httpServletResponse.addCookie(this._agent.newJossoCookie(httpServletRequest.getContextPath(), RuleBasedTransactionAttribute.PREFIX_ROLLBACK_RULE, httpServletRequest.isSecure()));
                this._agent.prepareNonCacheResponse(httpServletResponse);
                ServletAuthentication.logout(httpServletRequest);
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(buildLogoutUrl));
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("Processed : ").append(httpServletRequest.getContextPath()).append(" [").append((Object) httpServletRequest.getRequestURL()).append("]").toString());
                    return;
                }
                return;
            }
            if (log.isDebugEnabled()) {
                log.debug("Checking for SSO cookie");
            }
            Cookie cookie = null;
            Cookie[] cookies = httpServletRequest.getCookies();
            if (cookies == null) {
                cookies = new Cookie[0];
            }
            int i = 0;
            while (true) {
                if (i >= cookies.length) {
                    break;
                }
                if (org.josso.gateway.Constants.JOSSO_SINGLE_SIGN_ON_COOKIE.equals(cookies[i].getName())) {
                    cookie = cookies[i];
                    break;
                }
                i++;
            }
            String value = cookie == null ? null : cookie.getValue();
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("Session is: ").append(session).toString());
            }
            GenericServletLocalSession genericServletLocalSession = new GenericServletLocalSession(session);
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("Checking if its a josso_authentication for '").append(httpServletRequest.getRequestURI()).append("'").toString());
            }
            if (httpServletRequest.getRequestURI().endsWith(this._agent.getJossoAuthenticationUri())) {
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("josso_authentication received for uri '").append(httpServletRequest.getRequestURI()).append("'").toString());
                }
                this._agent.processRequest(doMakeSSOAgentRequest(partnerAppConfig.getId(), 4, value, genericServletLocalSession, null, httpServletRequest, httpServletResponse));
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("Processed : ").append(httpServletRequest.getContextPath()).append(" [").append((Object) httpServletRequest.getRequestURL()).append("]").toString());
                    return;
                }
                return;
            }
            if (cookie == null || cookie.getValue().equals(RuleBasedTransactionAttribute.PREFIX_ROLLBACK_RULE)) {
                if (log.isDebugEnabled()) {
                    log.debug("SSO cookie is not present, verifying optional login process ");
                }
                if (httpServletRequest.getRequestURI().endsWith(this._agent.getJossoSecurityCheckUri()) && httpServletRequest.getParameter(Constants.JOSSO_ASSERTION_ID_PARAMETER) == null) {
                    if (log.isDebugEnabled()) {
                        log.debug(new StringBuffer().append(this._agent.getJossoSecurityCheckUri()).append(" received without assertion.  Login Optional Process failed").toString());
                    }
                    String savedRequestURL = getSavedRequestURL(httpServletRequest);
                    this._agent.prepareNonCacheResponse(httpServletResponse);
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(savedRequestURL));
                    if (log.isDebugEnabled()) {
                        log.debug(new StringBuffer().append("Processed : ").append(httpServletRequest.getContextPath()).append(" [").append((Object) httpServletRequest.getRequestURL()).append("]").toString());
                        return;
                    }
                    return;
                }
                if (!httpServletRequest.getRequestURI().endsWith(this._agent.getJossoSecurityCheckUri())) {
                    if (!this._agent.isResourceIgnored(partnerAppConfig, httpServletRequest) && this._agent.isAutomaticLoginRequired(httpServletRequest, httpServletResponse)) {
                        if (log.isDebugEnabled()) {
                            log.debug("SSO cookie is not present, attempting automatic login");
                        }
                        saveRequestURL(httpServletRequest, httpServletResponse);
                        String buildLoginOptionalUrl = this._agent.buildLoginOptionalUrl(httpServletRequest);
                        if (log.isDebugEnabled()) {
                            log.debug(new StringBuffer().append("Redirecting to login url '").append(buildLoginOptionalUrl).append("'").toString());
                        }
                        this._agent.prepareNonCacheResponse(httpServletResponse);
                        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(buildLoginOptionalUrl));
                        if (log.isDebugEnabled()) {
                            log.debug(new StringBuffer().append("Processed : ").append(httpServletRequest.getContextPath()).append(" [").append((Object) httpServletRequest.getRequestURL()).append("]").toString());
                            return;
                        }
                        return;
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("SSO cookie is not present, but login optional process is not required");
                    }
                }
                if (log.isDebugEnabled()) {
                    log.debug("SSO cookie is not present, checking for outbound relaying");
                }
                if (!httpServletRequest.getRequestURI().endsWith(this._agent.getJossoSecurityCheckUri()) || httpServletRequest.getParameter(Constants.JOSSO_ASSERTION_ID_PARAMETER) == null) {
                    log.debug("SSO cookie not present and relaying was not requested, skipping");
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    if (log.isDebugEnabled()) {
                        log.debug(new StringBuffer().append("Processed : ").append(httpServletRequest.getContextPath()).append(" [").append((Object) httpServletRequest.getRequestURL()).append("]").toString());
                        return;
                    }
                    return;
                }
            }
            if (this._agent.isResourceIgnored(partnerAppConfig, httpServletRequest)) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("Processed : ").append(httpServletRequest.getContextPath()).append(" [").append((Object) httpServletRequest.getRequestURL()).append("]").toString());
                    return;
                }
                return;
            }
            if (log.isDebugEnabled()) {
                log.debug("Executing agent...");
            }
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("Checking if its a josso_security_check for '").append(httpServletRequest.getRequestURI()).append("'").toString());
            }
            if (!httpServletRequest.getRequestURI().endsWith(this._agent.getJossoSecurityCheckUri()) || httpServletRequest.getParameter(Constants.JOSSO_ASSERTION_ID_PARAMETER) == null) {
                log.debug(new StringBuffer().append("Creating Security Context for Session [").append(session).append("]").toString());
                SingleSignOnEntry processRequest = this._agent.processRequest(doMakeSSOAgentRequest(partnerAppConfig.getId(), 1, value, genericServletLocalSession, null, httpServletRequest, httpServletResponse));
                if (log.isDebugEnabled()) {
                    log.debug("Executed agent.");
                }
                Map map = (Map) httpServletRequest.getSession().getServletContext().getAttribute(KEY_SESSION_MAP);
                if (map.get(genericServletLocalSession.getWrapped()) == null) {
                    map.put(session, genericServletLocalSession);
                }
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("Process request for '").append(httpServletRequest.getRequestURI()).append("'").toString());
                }
                if (processRequest == null) {
                    log.info("No Valid SSO Session, attempt an optional login?");
                    if (cookie != null) {
                        cookie = this._agent.newJossoCookie(httpServletRequest.getContextPath(), RuleBasedTransactionAttribute.PREFIX_ROLLBACK_RULE, httpServletRequest.isSecure());
                        httpServletResponse.addCookie(cookie);
                    }
                    if (cookie != null || (getSavedRequestURL(httpServletRequest) == null && this._agent.isAutomaticLoginRequired(httpServletRequest, httpServletResponse))) {
                        if (log.isDebugEnabled()) {
                            log.debug("SSO Session is not valid, attempting automatic login");
                        }
                        saveRequestURL(httpServletRequest, httpServletResponse);
                        String buildLoginOptionalUrl2 = this._agent.buildLoginOptionalUrl(httpServletRequest);
                        if (log.isDebugEnabled()) {
                            log.debug(new StringBuffer().append("Redirecting to login url '").append(buildLoginOptionalUrl2).append("'").toString());
                        }
                        this._agent.prepareNonCacheResponse(httpServletResponse);
                        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(buildLoginOptionalUrl2));
                        if (log.isDebugEnabled()) {
                            log.debug(new StringBuffer().append("Processed : ").append(httpServletRequest.getContextPath()).append(" [").append((Object) httpServletRequest.getRequestURL()).append("]").toString());
                            return;
                        }
                        return;
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("SSO cookie is not present, but login optional process is not required");
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("Principal '").append(processRequest.principal).append("' has already been authenticated").toString());
                }
                httpServletRequest.setAttribute("org.josso.agent.gateway-login-url", this._agent.getGatewayLoginUrl());
                httpServletRequest.setAttribute("org.josso.agent.gateway-logout-url", this._agent.getGatewayLogoutUrl());
                httpServletRequest.setAttribute("org.josso.agent.ssoSessionid", value);
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("Processed : ").append(httpServletRequest.getContextPath()).append(" [").append((Object) httpServletRequest.getRequestURL()).append("]").toString());
                    return;
                }
                return;
            }
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("josso_security_check received for uri '").append(httpServletRequest.getRequestURI()).append("' assertion id '").append(httpServletRequest.getParameter(Constants.JOSSO_ASSERTION_ID_PARAMETER)).toString());
            }
            String parameter = httpServletRequest.getParameter(Constants.JOSSO_ASSERTION_ID_PARAMETER);
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("Outbound relaying requested for assertion id [").append(parameter).append("]").toString());
            }
            SingleSignOnEntry processRequest2 = this._agent.processRequest(doMakeSSOAgentRequest(partnerAppConfig.getId(), 2, null, genericServletLocalSession, parameter, httpServletRequest, httpServletResponse));
            if (processRequest2 == null) {
                log.error(new StringBuffer().append("Outbound relaying failed for assertion id [").append(parameter).append("], no Principal found.").toString());
                throw new ServletException("Outbound relaying failed. No Principal found. Verify your SSO Agent Configuration!");
            }
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("Outbound relaying succesfull for assertion id [").append(parameter).append("]").toString());
            }
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("Assertion id [").append(parameter).append("] mapped to SSO session id [").append(processRequest2.ssoId).append("]").toString());
            }
            httpServletResponse.addCookie(this._agent.newJossoCookie(httpServletRequest.getContextPath(), processRequest2.ssoId, httpServletRequest.isSecure()));
            String savedSplashResource = getSavedSplashResource(httpServletRequest);
            if (savedSplashResource == null) {
                savedSplashResource = getSavedRequestURL(httpServletRequest);
                if (savedSplashResource == null) {
                    savedSplashResource = partnerAppConfig.getDefaultResource() != null ? partnerAppConfig.getDefaultResource() : httpServletRequest.getRequestURI().substring(0, httpServletRequest.getRequestURI().length() - this._agent.getJossoSecurityCheckUri().length());
                    String singlePointOfAccess = this._agent.getSinglePointOfAccess();
                    if (singlePointOfAccess != null) {
                        savedSplashResource = new StringBuffer().append(singlePointOfAccess).append(savedSplashResource).toString();
                    } else {
                        String header = httpServletRequest.getHeader(org.josso.gateway.Constants.JOSSO_REVERSE_PROXY_HEADER);
                        if (header != null) {
                            savedSplashResource = new StringBuffer().append(header).append(savedSplashResource).toString();
                        }
                    }
                    if (log.isDebugEnabled()) {
                        log.debug(new StringBuffer().append("No saved request found, using : '").append(savedSplashResource).append("'").toString());
                    }
                }
            }
            clearSavedRequestURLs(httpServletRequest, httpServletResponse);
            this._agent.clearAutomaticLoginReferer(httpServletRequest, httpServletResponse);
            this._agent.prepareNonCacheResponse(httpServletResponse);
            String postAuthenticationResource = partnerAppConfig.getPostAuthenticationResource();
            if (postAuthenticationResource != null) {
                String buildPostAuthUrl = this._agent.buildPostAuthUrl(httpServletResponse, savedSplashResource, postAuthenticationResource);
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("Redirecting to post-auth-resource '").append(buildPostAuthUrl).append("'").toString());
                }
                httpServletResponse.sendRedirect(buildPostAuthUrl);
            } else {
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("Redirecting to original '").append(savedSplashResource).append("'").toString());
                }
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(savedSplashResource));
            }
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("Processed : ").append(httpServletRequest.getContextPath()).append(" [").append((Object) httpServletRequest.getRequestURL()).append("]").toString());
            }
        } catch (Throwable th) {
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("Processed : ").append(httpServletRequest.getContextPath()).append(" [").append((Object) httpServletRequest.getRequestURL()).append("]").toString());
            }
            throw th;
        }
    }

    public void destroy() {
        if (this._agent != null) {
            this._agent.stop();
            this._agent = null;
        }
    }

    protected SSOAgentRequest doMakeSSOAgentRequest(String str, int i, String str2, LocalSession localSession, String str3, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        GenericServletSSOAgentRequest genericServletSSOAgentRequest = new GenericServletSSOAgentRequest(str, i, str2, localSession, str3);
        genericServletSSOAgentRequest.setRequest(httpServletRequest);
        genericServletSSOAgentRequest.setResponse(httpServletResponse);
        return genericServletSSOAgentRequest;
    }

    private String getSavedSplashResource(HttpServletRequest httpServletRequest) {
        return this._agent.getAttribute(httpServletRequest, Constants.JOSSO_SPLASH_RESOURCE_PARAMETER);
    }

    private void saveRequestURL(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        StringBuffer stringBuffer = new StringBuffer(httpServletRequest.getRequestURI());
        if (httpServletRequest.getQueryString() != null) {
            String queryString = httpServletRequest.getQueryString();
            if (!queryString.startsWith(LocationInfo.NA)) {
                stringBuffer.append('?');
            }
            stringBuffer.append(queryString);
        }
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("Storing Original resources '").append(stringBuffer.toString()).append("'").toString());
        }
        this._agent.setAttribute(httpServletRequest, httpServletResponse, WebAccessControlUtil.KEY_JOSSO_SAVED_REQUEST_URI, stringBuffer.toString());
    }

    private String getSavedRequestURL(HttpServletRequest httpServletRequest) {
        return this._agent.getAttribute(httpServletRequest, WebAccessControlUtil.KEY_JOSSO_SAVED_REQUEST_URI);
    }

    protected void saveLoginBackToURL(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession, boolean z) {
        String header = httpServletRequest.getHeader("referer");
        String savedRequestURL = getSavedRequestURL(httpServletRequest);
        String targetURLForFormAuthentication = ServletAuthentication.getTargetURLForFormAuthentication(httpSession);
        if (((savedRequestURL == null && targetURLForFormAuthentication == null) || z) && header != null && !header.equals("")) {
            this._agent.setAttribute(httpServletRequest, httpServletResponse, WebAccessControlUtil.KEY_JOSSO_SAVED_REQUEST_URI, header);
        } else if (targetURLForFormAuthentication != null) {
            this._agent.setAttribute(httpServletRequest, httpServletResponse, WebAccessControlUtil.KEY_JOSSO_SAVED_REQUEST_URI, targetURLForFormAuthentication);
        }
    }

    protected void clearSavedRequestURLs(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this._agent.removeAttribute(httpServletRequest, httpServletResponse, WebAccessControlUtil.KEY_JOSSO_SAVED_REQUEST_URI);
        this._agent.removeAttribute(httpServletRequest, httpServletResponse, Constants.JOSSO_SPLASH_RESOURCE_PARAMETER);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$josso$wls81$agent$WLSAgentServletFilter == null) {
            cls = class$("org.josso.wls81.agent.WLSAgentServletFilter");
            class$org$josso$wls81$agent$WLSAgentServletFilter = cls;
        } else {
            cls = class$org$josso$wls81$agent$WLSAgentServletFilter;
        }
        log = LogFactory.getLog(cls);
    }
}
