package com.sun.enterprise.security.web;

import com.sun.enterprise.web.logging.pwc.LogDomains;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Realm;
import org.apache.catalina.Request;
import org.apache.catalina.Response;
import org.apache.catalina.Session;
import org.apache.catalina.SessionEvent;
import org.apache.catalina.SessionListener;
import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.authenticator.SingleSignOnEntry;

/* loaded from: input_file:glassfish-embedded-all-3.0-nx.jar:com/sun/enterprise/security/web/SingleSignOn.class */
public class SingleSignOn extends org.apache.catalina.authenticator.SingleSignOn implements SessionListener, Runnable, SingleSignOnMBean {
    Logger logger = LogDomains.getLogger(SingleSignOn.class, LogDomains.PWC_LOGGER);
    private Thread thread = null;
    private boolean threadDone = false;
    private int ssoReapInterval = 60;
    private int ssoMaxInactive = 300;
    private AtomicInteger hitCount = new AtomicInteger(0);
    private AtomicInteger missCount = new AtomicInteger(0);

    public int getReapInterval() {
        return this.ssoReapInterval;
    }

    public void setReapInterval(int i) {
        this.ssoReapInterval = i;
    }

    public int getMaxInactive() {
        return this.ssoMaxInactive;
    }

    public void setMaxInactive(int i) {
        this.ssoMaxInactive = i;
    }

    @Override // org.apache.catalina.authenticator.SingleSignOn, org.apache.catalina.valves.ValveBase, org.apache.catalina.Lifecycle
    public void start() throws LifecycleException {
        if (this.started) {
            return;
        }
        super.start();
        threadStart();
    }

    @Override // org.apache.catalina.authenticator.SingleSignOn, org.apache.catalina.valves.ValveBase, org.apache.catalina.Lifecycle
    public void stop() throws LifecycleException {
        if (this.started) {
            threadStop();
            super.stop();
        }
    }

    @Override // org.apache.catalina.authenticator.SingleSignOn, org.apache.catalina.SessionListener
    public void sessionEvent(SessionEvent sessionEvent) {
        String str;
        if (Session.SESSION_DESTROYED_EVENT.equals(sessionEvent.getType())) {
            Session session = sessionEvent.getSession();
            if (this.logger.isLoggable(Level.FINE)) {
                this.logger.fine("Process session destroyed on " + session);
            }
            synchronized (this.reverse) {
                str = (String) this.reverse.get(session);
            }
            if (str == null) {
                return;
            }
            if (session.hasExpired()) {
                removeSession(str, session);
            } else {
                deregister(str);
            }
        }
    }

    @Override // org.apache.catalina.authenticator.SingleSignOn, org.apache.catalina.valves.ValveBase, org.glassfish.web.valve.GlassFishValve
    public int invoke(Request request, Response response) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) request.getRequest();
        HttpServletResponse httpServletResponse = (HttpServletResponse) response.getResponse();
        request.removeNote(Constants.REQ_SSOID_NOTE);
        if (this.logger.isLoggable(Level.FINE)) {
            this.logger.fine("Process request for '" + httpServletRequest.getRequestURI() + "'");
        }
        if (httpServletRequest.getUserPrincipal() != null) {
            if (!this.logger.isLoggable(Level.FINE)) {
                return 1;
            }
            this.logger.fine(" Principal '" + httpServletRequest.getUserPrincipal().getName() + "' has already been authenticated");
            return 1;
        }
        if (this.logger.isLoggable(Level.FINE)) {
            this.logger.fine(" Checking for SSO cookie");
        }
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return 1;
        }
        Cookie cookie = null;
        int i = 0;
        while (true) {
            if (i >= cookies.length) {
                break;
            }
            if (Constants.SINGLE_SIGN_ON_COOKIE.equals(cookies[i].getName())) {
                cookie = cookies[i];
                break;
            }
            i++;
        }
        if (cookie == null) {
            if (!this.logger.isLoggable(Level.FINE)) {
                return 1;
            }
            this.logger.fine(" SSO cookie is not present");
            return 1;
        }
        Realm realm = request.getContext().getRealm();
        if (realm == null) {
            if (!this.logger.isLoggable(Level.FINE)) {
                return 1;
            }
            this.logger.fine(" No realm configured for this application, SSO does not apply.");
            return 1;
        }
        String realmName = realm.getRealmName();
        if (realmName == null) {
            if (!this.logger.isLoggable(Level.FINE)) {
                return 1;
            }
            this.logger.fine(" No realm configured for this application, SSO does not apply.");
            return 1;
        }
        if (this.debug >= 1 && this.logger.isLoggable(Level.FINE)) {
            this.logger.fine("This application uses realm '" + realmName + "'");
        }
        if (this.logger.isLoggable(Level.FINE)) {
            this.logger.fine(" Checking for cached principal for " + cookie.getValue());
        }
        SingleSignOnEntry lookupEntry = lookupEntry(cookie.getValue());
        if (lookupEntry == null) {
            if (this.logger.isLoggable(Level.FINE)) {
                this.logger.fine(" No cached principal found, erasing SSO cookie");
            }
            cookie.setMaxAge(0);
            httpServletResponse.addCookie(cookie);
            this.missCount.incrementAndGet();
            return 1;
        }
        if (this.logger.isLoggable(Level.FINE)) {
            this.logger.fine(" Found cached principal '" + lookupEntry.principal.getName() + "' with auth type '" + lookupEntry.authType + "' in realm '" + lookupEntry.realmName + "'");
        }
        if (!lookupEntry.realmName.equals(realmName)) {
            if (this.logger.isLoggable(Level.FINE)) {
                this.logger.fine(" Ignoring SSO entry which does not match application realm '" + realmName + "'");
            }
            this.missCount.incrementAndGet();
            return 1;
        }
        request.setNote(Constants.REQ_SSOID_NOTE, cookie.getValue());
        ((HttpRequest) request).setAuthType(lookupEntry.authType);
        ((HttpRequest) request).setUserPrincipal(lookupEntry.principal);
        lookupEntry.lastAccessTime = System.currentTimeMillis();
        this.hitCount.incrementAndGet();
        return 1;
    }

    @Override // org.apache.catalina.authenticator.SingleSignOn
    public void associate(String str, Session session) {
        if (this.started) {
            if (this.logger.isLoggable(Level.FINE)) {
                this.logger.fine("Associate sso id " + str + " with session " + session);
            }
            SingleSignOnEntry lookupEntry = lookupEntry(str);
            if (lookupEntry == null || !lookupEntry.addSession(this, session)) {
                return;
            }
            synchronized (this.reverse) {
                this.reverse.put(session, str);
            }
        }
    }

    @Override // org.apache.catalina.authenticator.SingleSignOn
    protected void deregister(String str, Session session) {
        synchronized (this.reverse) {
            this.reverse.remove(session);
        }
        SingleSignOnEntry lookupEntry = lookupEntry(str);
        if (lookupEntry == null) {
            return;
        }
        lookupEntry.removeSession(session);
        if (lookupEntry.isEmpty()) {
            synchronized (this.cache) {
            }
        }
    }

    protected void deregister(String str) {
        SingleSignOnEntry singleSignOnEntry;
        if (this.logger.isLoggable(Level.FINE)) {
            this.logger.fine("Deregistering sso id '" + str + "'");
        }
        synchronized (this.cache) {
            singleSignOnEntry = (SingleSignOnEntry) this.cache.remove(str);
        }
        if (singleSignOnEntry == null) {
            return;
        }
        singleSignOnEntry.expireSessions(this.reverse);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.catalina.authenticator.SingleSignOn
    public void register(String str, Principal principal, String str2, String str3, String str4, String str5) {
        if (this.logger.isLoggable(Level.FINE)) {
            this.logger.fine("Registering sso id '" + str + "' for user '" + principal.getName() + " in realm " + str5 + "' with auth type '" + str2 + "'");
        }
        synchronized (this.cache) {
            this.cache.put(str, new SingleSignOnEntry(str, principal, str2, str3, str4, str5));
        }
    }

    protected SingleSignOnEntry lookupEntry(String str) {
        SingleSignOnEntry singleSignOnEntry;
        synchronized (this.cache) {
            singleSignOnEntry = (SingleSignOnEntry) this.cache.get(str);
        }
        return singleSignOnEntry;
    }

    private void processExpires() {
        if (this.ssoMaxInactive < 0) {
            return;
        }
        long currentTimeMillis = System.currentTimeMillis() - (this.ssoMaxInactive * 1000);
        if (this.logger.isLoggable(Level.FINE)) {
            this.logger.fine("SSO expiration started. Current entries: " + this.cache.size());
        }
        ArrayList arrayList = new ArrayList(this.cache.size() / 2);
        try {
            synchronized (this.cache) {
                for (String str : this.cache.keySet()) {
                    SingleSignOnEntry singleSignOnEntry = (SingleSignOnEntry) this.cache.get(str);
                    if (singleSignOnEntry.sessions.length == 0 && singleSignOnEntry.lastAccessTime < currentTimeMillis) {
                        arrayList.add(str);
                    }
                }
            }
            int size = arrayList.size();
            if (this.logger.isLoggable(Level.FINE)) {
                this.logger.fine("SSO cache will expire " + size + " entries.");
            }
            for (int i = 0; i < size; i++) {
                if (this.logger.isLoggable(Level.FINE)) {
                    this.logger.fine("SSO expiration removing entry: " + arrayList.get(i));
                }
                deregister((String) arrayList.get(i));
            }
        } catch (Throwable th) {
            this.logger.warning("Caught exception during SingleSignOn expiration: " + th);
        }
    }

    private void threadSleep() {
        try {
            Thread.sleep(this.ssoReapInterval * 1000);
        } catch (InterruptedException e) {
        }
    }

    private void threadStart() {
        if (this.thread != null) {
            return;
        }
        this.threadDone = false;
        this.thread = new Thread(this, "SingleSignOnExpiration");
        this.thread.setDaemon(true);
        this.thread.start();
    }

    private void threadStop() {
        if (this.thread == null) {
            return;
        }
        this.threadDone = true;
        this.thread.interrupt();
        try {
            this.thread.join();
        } catch (InterruptedException e) {
        }
        this.thread = null;
    }

    @Override // java.lang.Runnable
    public void run() {
        while (!this.threadDone) {
            threadSleep();
            processExpires();
        }
    }

    protected void removeSession(String str, Session session) {
        if (this.logger.isLoggable(Level.FINE)) {
            this.logger.fine("Removing session " + session.toString() + " from sso id " + str);
        }
        SingleSignOnEntry lookupEntry = lookupEntry(str);
        if (lookupEntry == null) {
            return;
        }
        lookupEntry.removeSession(session);
        synchronized (this.reverse) {
            this.reverse.remove(session);
        }
        if (lookupEntry.isEmpty()) {
            deregister(str);
        }
    }

    @Override // com.sun.enterprise.security.web.SingleSignOnMBean
    public int getActiveSessionCount() {
        return this.cache.size();
    }

    @Override // com.sun.enterprise.security.web.SingleSignOnMBean
    public int getHitCount() {
        return this.hitCount.intValue();
    }

    @Override // com.sun.enterprise.security.web.SingleSignOnMBean
    public int getMissCount() {
        return this.missCount.intValue();
    }
}
