package org.nuxeo.ecm.platform.ui.web.auth.cas2;

import edu.yale.its.tp.cas.client.ProxyTicketValidator;
import edu.yale.its.tp.cas.client.ServiceTicketValidator;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.platform.api.login.UserIdentificationInfo;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.LoginResponseHandler;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPlugin;
import org.nuxeo.ecm.platform.ui.web.auth.interfaces.NuxeoAuthenticationPluginLogoutExtension;
import org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService;
import org.nuxeo.ecm.platform.ui.web.util.BaseURL;
import org.nuxeo.ecm.platform.web.common.vh.VirtualHostHelper;
import org.nuxeo.runtime.api.Framework;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/nuxeo/ecm/platform/ui/web/auth/cas2/Cas2Authenticator.class */
public class Cas2Authenticator implements NuxeoAuthenticationPlugin, NuxeoAuthenticationPluginLogoutExtension, LoginResponseHandler {
    protected static final String CAS_SERVER_HEADER_KEY = "CasServer";
    protected static final String CAS_SERVER_PATTERN_KEY = "$CASSERVER";
    protected static final String NUXEO_SERVER_PATTERN_KEY = "$NUXEO";
    protected static final String LOGIN_ACTION = "Login";
    protected static final String LOGOUT_ACTION = "Logout";
    protected static final String VALIDATE_ACTION = "Valid";
    protected static final String PROXY_VALIDATE_ACTION = "ProxyValid";
    protected static final Log log = LogFactory.getLog(Cas2Authenticator.class);
    protected static final String EXCLUDE_PROMPT_KEY = "excludePromptURL";
    protected String ticketKey = "ticket";
    protected String proxyKey = "proxy";
    protected String appURL = "http://127.0.0.1:8080/nuxeo/";
    protected String serviceLoginURL = "http://127.0.0.1:8080/cas/login";
    protected String serviceValidateURL = "http://127.0.0.1:8080/cas/serviceValidate";
    protected String proxyValidateURL = "http://127.0.0.1:8080/cas/proxyValidate";
    protected String serviceKey = "service";
    protected String logoutURL = "";
    protected String defaultCasServer = "";
    protected String ticketValidatorClassName = "edu.yale.its.tp.cas.client.ServiceTicketValidator";
    protected String proxyValidatorClassName = "edu.yale.its.tp.cas.client.ProxyTicketValidator";
    protected boolean promptLogin = true;
    protected List<String> excludePromptURLs;
    protected String errorPage;

    public List<String> getUnAuthenticatedURLPrefix() {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getServiceURL(HttpServletRequest httpServletRequest, String str) {
        String str2 = "";
        if (str.equals(LOGIN_ACTION)) {
            str2 = this.serviceLoginURL;
        } else if (str.equals(LOGOUT_ACTION)) {
            str2 = this.logoutURL;
        } else if (str.equals(VALIDATE_ACTION)) {
            str2 = this.serviceValidateURL;
        } else if (str.equals(PROXY_VALIDATE_ACTION)) {
            str2 = this.proxyValidateURL;
        }
        if (str2.contains(CAS_SERVER_PATTERN_KEY)) {
            String header = httpServletRequest.getHeader(CAS_SERVER_HEADER_KEY);
            if (header != null) {
                str2 = str2.replace(CAS_SERVER_PATTERN_KEY, header);
            } else if (str2.contains(CAS_SERVER_PATTERN_KEY)) {
                str2 = str2.replace(CAS_SERVER_PATTERN_KEY, this.defaultCasServer);
            }
        }
        log.debug("serviceUrl: " + str2);
        return str2;
    }

    public Boolean handleLoginPrompt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        String str2 = null;
        try {
            str2 = getServiceURL(httpServletRequest, LOGIN_ACTION) + "?" + this.serviceKey + "=" + getAppURL(httpServletRequest);
            httpServletResponse.sendRedirect(str2);
            return true;
        } catch (IOException e) {
            log.error("Unable to redirect to CAS login screen to " + str2, e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getAppURL(HttpServletRequest httpServletRequest) {
        if (isValidStartupPage(httpServletRequest)) {
            return httpServletRequest.getRequestURL().toString();
        }
        if (this.appURL == null || this.appURL.equals("")) {
            this.appURL = NUXEO_SERVER_PATTERN_KEY;
        }
        if (!this.appURL.contains(NUXEO_SERVER_PATTERN_KEY)) {
            return this.appURL;
        }
        return this.appURL.replace(NUXEO_SERVER_PATTERN_KEY, BaseURL.getBaseURL(httpServletRequest));
    }

    private boolean isValidStartupPage(HttpServletRequest httpServletRequest) {
        PluggableAuthenticationService pluggableAuthenticationService;
        if (httpServletRequest.getRequestURI() == null || (pluggableAuthenticationService = (PluggableAuthenticationService) Framework.getRuntime().getComponent("org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService")) == null) {
            return false;
        }
        String replace = httpServletRequest.getRequestURI().replace(VirtualHostHelper.getContextPath(httpServletRequest) + "/", "");
        Iterator it = pluggableAuthenticationService.getStartURLPatterns().iterator();
        while (it.hasNext()) {
            if (replace.startsWith((String) it.next())) {
                return true;
            }
        }
        return false;
    }

    public UserIdentificationInfo handleRetrieveIdentity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter(this.ticketKey);
        String parameter2 = httpServletRequest.getParameter(this.proxyKey);
        if (parameter == null) {
            log.debug("No ticket found");
            return null;
        }
        String checkCasTicket = parameter2 == null ? checkCasTicket(parameter, httpServletRequest) : checkProxyCasTicket(parameter, httpServletRequest);
        if (checkCasTicket == null) {
            return null;
        }
        UserIdentificationInfo userIdentificationInfo = new UserIdentificationInfo(checkCasTicket, parameter);
        userIdentificationInfo.setToken(parameter);
        return userIdentificationInfo;
    }

    public void initPlugin(Map<String, String> map) {
        if (map.containsKey(CAS2Parameters.TICKET_NAME_KEY)) {
            this.ticketKey = map.get(CAS2Parameters.TICKET_NAME_KEY);
        }
        if (map.containsKey(CAS2Parameters.PROXY_NAME_KEY)) {
            this.proxyKey = map.get(CAS2Parameters.PROXY_NAME_KEY);
        }
        if (map.containsKey(CAS2Parameters.NUXEO_APP_URL_KEY)) {
            this.appURL = map.get(CAS2Parameters.NUXEO_APP_URL_KEY);
        }
        if (map.containsKey(CAS2Parameters.SERVICE_LOGIN_URL_KEY)) {
            this.serviceLoginURL = map.get(CAS2Parameters.SERVICE_LOGIN_URL_KEY);
        }
        if (map.containsKey(CAS2Parameters.SERVICE_VALIDATE_URL_KEY)) {
            this.serviceValidateURL = map.get(CAS2Parameters.SERVICE_VALIDATE_URL_KEY);
        }
        if (map.containsKey(CAS2Parameters.PROXY_VALIDATE_URL_KEY)) {
            this.proxyValidateURL = map.get(CAS2Parameters.PROXY_VALIDATE_URL_KEY);
        }
        if (map.containsKey(CAS2Parameters.SERVICE_NAME_KEY)) {
            this.serviceKey = map.get(CAS2Parameters.SERVICE_NAME_KEY);
        }
        if (map.containsKey(CAS2Parameters.LOGOUT_URL_KEY)) {
            this.logoutURL = map.get(CAS2Parameters.LOGOUT_URL_KEY);
        }
        if (map.containsKey(CAS2Parameters.DEFAULT_CAS_SERVER_KEY)) {
            this.defaultCasServer = map.get(CAS2Parameters.DEFAULT_CAS_SERVER_KEY);
        }
        if (map.containsKey(CAS2Parameters.SERVICE_VALIDATOR_CLASS)) {
            this.ticketValidatorClassName = map.get(CAS2Parameters.SERVICE_VALIDATOR_CLASS);
        }
        if (map.containsKey(CAS2Parameters.PROXY_VALIDATOR_CLASS)) {
            this.proxyValidatorClassName = map.get(CAS2Parameters.PROXY_VALIDATOR_CLASS);
        }
        if (map.containsKey(CAS2Parameters.PROMPT_LOGIN)) {
            this.promptLogin = Boolean.parseBoolean(map.get(CAS2Parameters.PROMPT_LOGIN));
        }
        this.excludePromptURLs = new ArrayList();
        for (String str : map.keySet()) {
            if (str.startsWith(EXCLUDE_PROMPT_KEY)) {
                this.excludePromptURLs.add(map.get(str));
            }
        }
        if (map.containsKey(CAS2Parameters.ERROR_PAGE)) {
            this.errorPage = map.get(CAS2Parameters.ERROR_PAGE);
        }
    }

    public Boolean needLoginPrompt(HttpServletRequest httpServletRequest) {
        String substring = httpServletRequest.getRequestURI().substring((httpServletRequest.getContextPath() + '/').length());
        Iterator<String> it = this.excludePromptURLs.iterator();
        while (it.hasNext()) {
            if (substring.startsWith(it.next())) {
                return false;
            }
        }
        return Boolean.valueOf(this.promptLogin);
    }

    public Boolean handleLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this.logoutURL == null || this.logoutURL.equals("")) {
            log.debug("No CAS logout params, skipping CAS2Logout");
            return false;
        }
        try {
            httpServletResponse.sendRedirect(getServiceURL(httpServletRequest, LOGOUT_ACTION));
            return true;
        } catch (IOException e) {
            log.error("Unable to redirect to CAS logout screen:", e);
            return false;
        }
    }

    protected String checkProxyCasTicket(String str, HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(this.serviceKey);
        if (parameter == null) {
            log.error("checkProxyCasTicket: no service name in the URL");
            return null;
        }
        try {
            ProxyTicketValidator proxyTicketValidator = (ProxyTicketValidator) Framework.getRuntime().getContext().loadClass(this.proxyValidatorClassName).newInstance();
            proxyTicketValidator.setCasValidateUrl(getServiceURL(httpServletRequest, PROXY_VALIDATE_ACTION));
            proxyTicketValidator.setService(parameter);
            proxyTicketValidator.setServiceTicket(str);
            try {
                proxyTicketValidator.validate();
                log.debug("checkProxyCasTicket: validation executed without error");
                String user = proxyTicketValidator.getUser();
                log.debug("checkProxyCasTicket: validation returned username = " + user);
                return user;
            } catch (IOException e) {
                log.error("checkProxyCasTicket failed with IOException:", e);
                return null;
            } catch (ParserConfigurationException e2) {
                log.error("checkProxyCasTicket failed with ParserConfigurationException:", e2);
                return null;
            } catch (SAXException e3) {
                log.error("checkProxyCasTicket failed with SAXException:", e3);
                return null;
            }
        } catch (ClassNotFoundException e4) {
            log.error("checkProxyCasTicket during the ProxyTicketValidator initialization with ClassNotFoundException:", e4);
            return null;
        } catch (IllegalAccessException e5) {
            log.error("checkProxyCasTicket during the ProxyTicketValidator initialization with IllegalAccessException:", e5);
            return null;
        } catch (InstantiationException e6) {
            log.error("checkProxyCasTicket during the ProxyTicketValidator initialization with InstantiationException:", e6);
            return null;
        }
    }

    protected String checkCasTicket(String str, HttpServletRequest httpServletRequest) {
        try {
            ServiceTicketValidator serviceTicketValidator = (ServiceTicketValidator) Framework.getRuntime().getContext().loadClass(this.ticketValidatorClassName).newInstance();
            serviceTicketValidator.setCasValidateUrl(getServiceURL(httpServletRequest, VALIDATE_ACTION));
            serviceTicketValidator.setService(getAppURL(httpServletRequest));
            serviceTicketValidator.setServiceTicket(str);
            try {
                serviceTicketValidator.validate();
                log.debug("checkCasTicket : validation executed without error");
                String user = serviceTicketValidator.getUser();
                log.debug("checkCasTicket: validation returned username = " + user);
                return user;
            } catch (IOException e) {
                log.error("checkCasTicket failed with IOException:", e);
                return null;
            } catch (ParserConfigurationException e2) {
                log.error("checkCasTicket failed with ParserConfigurationException:", e2);
                return null;
            } catch (SAXException e3) {
                log.error("checkCasTicket failed with SAXException:", e3);
                return null;
            }
        } catch (ClassNotFoundException e4) {
            log.error("checkCasTicket during the ServiceTicketValidator initialization with ClassNotFoundException:", e4);
            return null;
        } catch (IllegalAccessException e5) {
            log.error("checkCasTicket during the ServiceTicketValidator initialization with IllegalAccessException:", e5);
            return null;
        } catch (InstantiationException e6) {
            log.error("checkCasTicket during the ServiceTicketValidator initialization with InstantiationException:", e6);
            return null;
        }
    }

    public boolean onError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            httpServletResponse.setStatus(401);
            if (this.errorPage != null) {
                httpServletResponse.sendRedirect(this.errorPage);
            }
            return true;
        } catch (Exception e) {
            log.error(e);
            return false;
        }
    }

    public boolean onSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return false;
    }
}
