package org.jasig.cas.client.validation;

import java.io.IOException;
import java.security.PrivateKey;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Timer;
import java.util.TimerTask;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jasig.cas.client.Protocol;
import org.jasig.cas.client.configuration.ConfigurationKeys;
import org.jasig.cas.client.proxy.AbstractEncryptedProxyGrantingTicketStorageImpl;
import org.jasig.cas.client.proxy.Cas20ProxyRetriever;
import org.jasig.cas.client.proxy.CleanUpTimerTask;
import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
import org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl;
import org.jasig.cas.client.ssl.HttpsURLConnectionFactory;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.PrivateKeyUtils;
import org.jasig.cas.client.util.ReflectUtils;

/* loaded from: input_file:WEB-INF/lib/cas-client-core-3.6.1.jar:org/jasig/cas/client/validation/Cas20ProxyReceivingTicketValidationFilter.class */
public class Cas20ProxyReceivingTicketValidationFilter extends AbstractTicketValidationFilter {
    private static final String[] RESERVED_INIT_PARAMS = {ConfigurationKeys.ARTIFACT_PARAMETER_NAME.getName(), ConfigurationKeys.SERVER_NAME.getName(), ConfigurationKeys.SERVICE.getName(), ConfigurationKeys.RENEW.getName(), ConfigurationKeys.LOGOUT_PARAMETER_NAME.getName(), ConfigurationKeys.ARTIFACT_PARAMETER_OVER_POST.getName(), ConfigurationKeys.EAGERLY_CREATE_SESSIONS.getName(), ConfigurationKeys.ENCODE_SERVICE_URL.getName(), ConfigurationKeys.SSL_CONFIG_FILE.getName(), ConfigurationKeys.ROLE_ATTRIBUTE.getName(), ConfigurationKeys.IGNORE_CASE.getName(), ConfigurationKeys.CAS_SERVER_LOGIN_URL.getName(), ConfigurationKeys.GATEWAY.getName(), ConfigurationKeys.AUTHENTICATION_REDIRECT_STRATEGY_CLASS.getName(), ConfigurationKeys.GATEWAY_STORAGE_CLASS.getName(), ConfigurationKeys.CAS_SERVER_URL_PREFIX.getName(), ConfigurationKeys.ENCODING.getName(), ConfigurationKeys.TOLERANCE.getName(), ConfigurationKeys.IGNORE_PATTERN.getName(), ConfigurationKeys.IGNORE_URL_PATTERN_TYPE.getName(), ConfigurationKeys.HOSTNAME_VERIFIER.getName(), ConfigurationKeys.HOSTNAME_VERIFIER_CONFIG.getName(), ConfigurationKeys.EXCEPTION_ON_VALIDATION_FAILURE.getName(), ConfigurationKeys.REDIRECT_AFTER_VALIDATION.getName(), ConfigurationKeys.USE_SESSION.getName(), ConfigurationKeys.SECRET_KEY.getName(), ConfigurationKeys.CIPHER_ALGORITHM.getName(), ConfigurationKeys.PROXY_RECEPTOR_URL.getName(), ConfigurationKeys.PROXY_GRANTING_TICKET_STORAGE_CLASS.getName(), ConfigurationKeys.MILLIS_BETWEEN_CLEAN_UPS.getName(), ConfigurationKeys.ACCEPT_ANY_PROXY.getName(), ConfigurationKeys.ALLOWED_PROXY_CHAINS.getName(), ConfigurationKeys.TICKET_VALIDATOR_CLASS.getName(), ConfigurationKeys.PROXY_CALLBACK_URL.getName(), ConfigurationKeys.RELAY_STATE_PARAMETER_NAME.getName(), ConfigurationKeys.METHOD.getName(), ConfigurationKeys.PRIVATE_KEY_PATH.getName(), ConfigurationKeys.PRIVATE_KEY_ALGORITHM.getName()};
    private String proxyReceptorUrl;
    private Timer timer;
    private TimerTask timerTask;
    private int millisBetweenCleanUps;
    protected Class<? extends Cas20ServiceTicketValidator> defaultServiceTicketValidatorClass;
    protected Class<? extends Cas20ProxyTicketValidator> defaultProxyTicketValidatorClass;
    private PrivateKey privateKey;
    private ProxyGrantingTicketStorage proxyGrantingTicketStorage;

    public Cas20ProxyReceivingTicketValidationFilter() {
        this(Protocol.CAS2);
        this.defaultServiceTicketValidatorClass = Cas20ServiceTicketValidator.class;
        this.defaultProxyTicketValidatorClass = Cas20ProxyTicketValidator.class;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Cas20ProxyReceivingTicketValidationFilter(Protocol protocol) {
        super(protocol);
        this.proxyGrantingTicketStorage = new ProxyGrantingTicketStorageImpl();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jasig.cas.client.validation.AbstractTicketValidationFilter, org.jasig.cas.client.util.AbstractCasFilter
    public void initInternal(FilterConfig filterConfig) throws ServletException {
        setProxyReceptorUrl(getString(ConfigurationKeys.PROXY_RECEPTOR_URL));
        Class cls = getClass(ConfigurationKeys.PROXY_GRANTING_TICKET_STORAGE_CLASS);
        if (cls != null) {
            this.proxyGrantingTicketStorage = (ProxyGrantingTicketStorage) ReflectUtils.newInstance(cls, new Object[0]);
            if (this.proxyGrantingTicketStorage instanceof AbstractEncryptedProxyGrantingTicketStorageImpl) {
                AbstractEncryptedProxyGrantingTicketStorageImpl abstractEncryptedProxyGrantingTicketStorageImpl = (AbstractEncryptedProxyGrantingTicketStorageImpl) this.proxyGrantingTicketStorage;
                String string = getString(ConfigurationKeys.CIPHER_ALGORITHM);
                String string2 = getString(ConfigurationKeys.SECRET_KEY);
                abstractEncryptedProxyGrantingTicketStorageImpl.setCipherAlgorithm(string);
                if (string2 != null) {
                    try {
                        abstractEncryptedProxyGrantingTicketStorageImpl.setSecretKey(string2);
                    } catch (Exception e) {
                        throw new RuntimeException(e);
                    }
                }
            }
        }
        this.millisBetweenCleanUps = getInt(ConfigurationKeys.MILLIS_BETWEEN_CLEAN_UPS);
        this.privateKey = buildPrivateKey(getString(ConfigurationKeys.PRIVATE_KEY_PATH), getString(ConfigurationKeys.PRIVATE_KEY_ALGORITHM));
        super.initInternal(filterConfig);
    }

    @Override // org.jasig.cas.client.validation.AbstractTicketValidationFilter, org.jasig.cas.client.util.AbstractCasFilter
    public void init() {
        super.init();
        CommonUtils.assertNotNull(this.proxyGrantingTicketStorage, "proxyGrantingTicketStorage cannot be null.");
        if (this.timer == null) {
            this.timer = new Timer(true);
        }
        if (this.timerTask == null) {
            this.timerTask = new CleanUpTimerTask(this.proxyGrantingTicketStorage);
        }
        this.timer.schedule(this.timerTask, this.millisBetweenCleanUps, this.millisBetweenCleanUps);
    }

    private <T> T createNewTicketValidator(Class<? extends Cas20ServiceTicketValidator> cls, String str, Class<T> cls2) {
        return cls == null ? (T) ReflectUtils.newInstance(cls2, str) : (T) ReflectUtils.newInstance(cls, str);
    }

    public static PrivateKey buildPrivateKey(String str, String str2) {
        if (str != null) {
            return PrivateKeyUtils.createKey(str, str2);
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v43, types: [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] */
    @Override // org.jasig.cas.client.validation.AbstractTicketValidationFilter
    protected final TicketValidator getTicketValidator(FilterConfig filterConfig) {
        Cas20ProxyTicketValidator cas20ProxyTicketValidator;
        boolean z = getBoolean(ConfigurationKeys.ACCEPT_ANY_PROXY);
        String string = getString(ConfigurationKeys.ALLOWED_PROXY_CHAINS);
        String string2 = getString(ConfigurationKeys.CAS_SERVER_URL_PREFIX);
        Class<? extends Cas20ServiceTicketValidator> cls = getClass(ConfigurationKeys.TICKET_VALIDATOR_CLASS);
        if (z || CommonUtils.isNotBlank(string)) {
            Cas20ProxyTicketValidator cas20ProxyTicketValidator2 = (Cas20ProxyTicketValidator) createNewTicketValidator(cls, string2, this.defaultProxyTicketValidatorClass);
            cas20ProxyTicketValidator2.setAcceptAnyProxy(z);
            cas20ProxyTicketValidator2.setAllowedProxyChains(CommonUtils.createProxyList(string));
            cas20ProxyTicketValidator = cas20ProxyTicketValidator2;
        } else {
            cas20ProxyTicketValidator = (Cas20ServiceTicketValidator) createNewTicketValidator(cls, string2, this.defaultServiceTicketValidatorClass);
        }
        cas20ProxyTicketValidator.setProxyCallbackUrl(getString(ConfigurationKeys.PROXY_CALLBACK_URL));
        cas20ProxyTicketValidator.setProxyGrantingTicketStorage(this.proxyGrantingTicketStorage);
        HttpsURLConnectionFactory httpsURLConnectionFactory = new HttpsURLConnectionFactory(getHostnameVerifier(), getSSLConfig());
        cas20ProxyTicketValidator.setURLConnectionFactory(httpsURLConnectionFactory);
        cas20ProxyTicketValidator.setProxyRetriever(new Cas20ProxyRetriever(string2, getString(ConfigurationKeys.ENCODING), httpsURLConnectionFactory));
        cas20ProxyTicketValidator.setRenew(getBoolean(ConfigurationKeys.RENEW));
        cas20ProxyTicketValidator.setEncoding(getString(ConfigurationKeys.ENCODING));
        HashMap hashMap = new HashMap();
        List asList = Arrays.asList(RESERVED_INIT_PARAMS);
        Enumeration<String> initParameterNames = filterConfig.getInitParameterNames();
        while (initParameterNames.hasMoreElements()) {
            String nextElement = initParameterNames.nextElement();
            if (!asList.contains(nextElement)) {
                hashMap.put(nextElement, filterConfig.getInitParameter(nextElement));
            }
        }
        cas20ProxyTicketValidator.setPrivateKey(this.privateKey);
        cas20ProxyTicketValidator.setCustomParameters(hashMap);
        return cas20ProxyTicketValidator;
    }

    @Override // org.jasig.cas.client.util.AbstractCasFilter, javax.servlet.Filter
    public void destroy() {
        super.destroy();
        this.timer.cancel();
    }

    @Override // org.jasig.cas.client.validation.AbstractTicketValidationFilter
    protected final boolean preFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String requestURI = httpServletRequest.getRequestURI();
        if (CommonUtils.isEmpty(this.proxyReceptorUrl) || !requestURI.endsWith(this.proxyReceptorUrl)) {
            return true;
        }
        try {
            CommonUtils.readAndRespondToProxyReceptorRequest(httpServletRequest, httpServletResponse, this.proxyGrantingTicketStorage);
            return false;
        } catch (RuntimeException e) {
            this.logger.error(e.getMessage(), (Throwable) e);
            throw e;
        }
    }

    public final void setProxyReceptorUrl(String str) {
        this.proxyReceptorUrl = str;
    }

    public void setProxyGrantingTicketStorage(ProxyGrantingTicketStorage proxyGrantingTicketStorage) {
        this.proxyGrantingTicketStorage = proxyGrantingTicketStorage;
    }

    public void setTimer(Timer timer) {
        this.timer = timer;
    }

    public void setTimerTask(TimerTask timerTask) {
        this.timerTask = timerTask;
    }

    public void setMillisBetweenCleanUps(int i) {
        this.millisBetweenCleanUps = i;
    }
}
