package org.apereo.cas.client.validation;

import java.util.Arrays;
import java.util.List;
import org.apereo.cas.client.util.XmlUtils;

/* loaded from: input_file:WEB-INF/lib/cas-client-core-4.0.3.jar:org/apereo/cas/client/validation/Cas20ProxyTicketValidator.class */
public class Cas20ProxyTicketValidator extends Cas20ServiceTicketValidator {
    private boolean acceptAnyProxy;
    private ProxyList allowedProxyChains;
    private boolean allowEmptyProxyChain;

    public Cas20ProxyTicketValidator(String str) {
        super(str);
        this.allowedProxyChains = new ProxyList();
        this.allowEmptyProxyChain = true;
    }

    protected final ProxyList getAllowedProxyChains() {
        return this.allowedProxyChains;
    }

    public final void setAllowedProxyChains(ProxyList proxyList) {
        this.allowedProxyChains = proxyList;
    }

    @Override // org.apereo.cas.client.validation.Cas20ServiceTicketValidator, org.apereo.cas.client.validation.AbstractUrlBasedTicketValidator
    protected String getUrlSuffix() {
        return "proxyValidate";
    }

    @Override // org.apereo.cas.client.validation.Cas20ServiceTicketValidator
    protected void customParseResponse(String str, Assertion assertion) throws TicketValidationException {
        List<String> parseProxiesFromResponse = parseProxiesFromResponse(str);
        if (parseProxiesFromResponse == null) {
            throw new InvalidProxyChainTicketValidationException("Invalid proxy chain: No proxy could be retrieved from response. This indicates a problem with CAS validation. Review logs/configuration to find the root cause.");
        }
        if (this.allowEmptyProxyChain && parseProxiesFromResponse.isEmpty()) {
            this.logger.debug("Found an empty proxy chain, permitted by client configuration");
            return;
        }
        if (this.acceptAnyProxy) {
            this.logger.debug("Client configuration accepts any proxy. It is generally dangerous to use a non-proxied CAS filter specially for protecting resources that require proxy access.");
            return;
        }
        String[] strArr = (String[]) parseProxiesFromResponse.toArray(new String[parseProxiesFromResponse.size()]);
        if (this.allowedProxyChains.contains(strArr)) {
            return;
        }
        this.logger.warn("Proxies received from the CAS validation response are {}. However, none are allowed by allowed proxy chain of the client which is {}", Arrays.toString(strArr), this.allowedProxyChains);
        throw new InvalidProxyChainTicketValidationException("Invalid proxy chain: " + parseProxiesFromResponse.toString());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<String> parseProxiesFromResponse(String str) {
        return XmlUtils.getTextForElements(str, "proxy");
    }

    protected final boolean isAcceptAnyProxy() {
        return this.acceptAnyProxy;
    }

    public final void setAcceptAnyProxy(boolean z) {
        this.acceptAnyProxy = z;
    }

    protected final boolean isAllowEmptyProxyChain() {
        return this.allowEmptyProxyChain;
    }

    public final void setAllowEmptyProxyChain(boolean z) {
        this.allowEmptyProxyChain = z;
    }
}
