package org.apache.cxf.fediz.cxf.plugin;

import java.io.File;
import java.io.IOException;
import java.io.StringReader;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.ResourceBundle;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.Cookie;
import javax.xml.bind.JAXBException;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.i18n.BundleUtils;
import org.apache.cxf.fediz.core.SecurityTokenThreadLocal;
import org.apache.cxf.fediz.core.config.FedizConfigurator;
import org.apache.cxf.fediz.core.config.FedizContext;
import org.apache.cxf.fediz.core.util.CookieUtils;
import org.apache.cxf.fediz.cxf.plugin.state.EHCacheSPStateManager;
import org.apache.cxf.fediz.cxf.plugin.state.ResponseState;
import org.apache.cxf.fediz.cxf.plugin.state.SPStateManager;
import org.apache.cxf.jaxrs.impl.HttpHeadersImpl;
import org.apache.cxf.jaxrs.impl.UriInfoImpl;
import org.apache.cxf.message.Message;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

@PreMatching
/* loaded from: input_file:org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.class */
public abstract class AbstractServiceProviderFilter implements ContainerRequestFilter {
    public static final String SECURITY_CONTEXT_TOKEN = "org.apache.fediz.SECURITY_TOKEN";
    public static final String SECURITY_CONTEXT_STATE = "org.apache.fediz.SECURITY_CONTEXT_STATE";
    protected static final ResourceBundle BUNDLE = BundleUtils.getBundle(AbstractServiceProviderFilter.class);
    private static final Logger LOG = LoggerFactory.getLogger(AbstractServiceProviderFilter.class);
    private boolean addEndpointAddressToContext;
    private FedizConfigurator configurator;
    private String configFile;
    private SPStateManager stateManager;
    private String webAppDomain;
    private boolean addWebAppContext = true;
    private long stateTimeToLive = 120000;

    public String getConfigFile() {
        return this.configFile;
    }

    public void setConfigFile(String str) {
        this.configFile = str;
    }

    @PostConstruct
    public synchronized void configure() throws JAXBException, MalformedURLException {
        if (this.configurator == null) {
            try {
                File file = new File(this.configFile);
                if (!file.exists()) {
                    URL resource = ClassLoaderUtils.getResource(this.configFile, AbstractServiceProviderFilter.class);
                    if (resource == null) {
                        resource = new URL(this.configFile);
                    }
                    if (resource != null) {
                        file = new File(resource.getPath());
                    }
                }
                this.configurator = new FedizConfigurator();
                this.configurator.loadConfig(file);
                LOG.debug("Fediz configuration read from " + file.getAbsolutePath());
            } catch (MalformedURLException e) {
                LOG.error("Error in loading configuration file", e);
                throw e;
            } catch (JAXBException e2) {
                LOG.error("Error in parsing configuration", e2);
                throw e2;
            }
        }
        if (this.stateManager == null) {
            this.stateManager = new EHCacheSPStateManager("fediz-ehcache.xml");
        }
    }

    @PreDestroy
    public synchronized void cleanup() throws IOException {
        List fedizContextList;
        if (this.configurator != null && (fedizContextList = this.configurator.getFedizContextList()) != null) {
            Iterator it = fedizContextList.iterator();
            while (it.hasNext()) {
                try {
                    ((FedizContext) it.next()).close();
                } catch (IOException e) {
                }
            }
        }
        this.stateManager.close();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkSecurityContext(Message message) {
        Map cookies = new HttpHeadersImpl(message).getCookies();
        ResponseState validResponseState = getValidResponseState((Cookie) cookies.get(SECURITY_CONTEXT_TOKEN), message);
        if (validResponseState == null) {
            return false;
        }
        Cookie cookie = (Cookie) cookies.get(SECURITY_CONTEXT_STATE);
        if (cookie == null) {
            reportError("MISSING_RELAY_COOKIE");
            return false;
        }
        if (!validResponseState.getState().equals(cookie.getValue())) {
            reportError("INVALID_RELAY_STATE");
            return false;
        }
        try {
            setSecurityContext(validResponseState, message, StaxUtils.read(new StringReader(validResponseState.getAssertion())).getDocumentElement());
            return true;
        } catch (Exception e) {
            reportError("INVALID_RESPONSE_STATE");
            return false;
        }
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [org.apache.cxf.fediz.cxf.plugin.CXFFedizPrincipal, java.security.Principal] */
    protected void setSecurityContext(ResponseState responseState, Message message, Element element) throws WSSecurityException {
        ?? cXFFedizPrincipal = new CXFFedizPrincipal(responseState.getSubject(), responseState.getClaims(), element);
        SecurityTokenThreadLocal.setToken(cXFFedizPrincipal.getLoginToken());
        message.put(SecurityContext.class, new FedizSecurityContext(cXFFedizPrincipal, responseState.getRoles()));
    }

    protected ResponseState getValidResponseState(Cookie cookie, Message message) {
        if (cookie == null) {
            reportTrace("MISSING_RESPONSE_STATE");
            return null;
        }
        String value = cookie.getValue();
        ResponseState responseState = this.stateManager.getResponseState(value);
        if (responseState == null) {
            reportError("MISSING_RESPONSE_STATE");
            return null;
        }
        if (CookieUtils.isStateExpired(responseState.getCreatedAt(), responseState.getExpiresAt(), getStateTimeToLive())) {
            reportError("EXPIRED_RESPONSE_STATE");
            this.stateManager.removeResponseState(value);
            return null;
        }
        String webAppContext = getWebAppContext(message);
        if ((this.webAppDomain != null && (responseState.getWebAppDomain() == null || !this.webAppDomain.equals(responseState.getWebAppDomain()))) || responseState.getWebAppContext() == null || !webAppContext.equals(responseState.getWebAppContext())) {
            this.stateManager.removeResponseState(value);
            reportError("INVALID_RESPONSE_STATE");
            return null;
        }
        if (responseState.getAssertion() != null) {
            return responseState;
        }
        reportError("INVALID_RESPONSE_STATE");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public FedizContext getFedizContext(Message message) {
        String webAppContext = getWebAppContext(message);
        String[] split = webAppContext.split("/");
        if (split.length > 0) {
            webAppContext = "/" + split[1];
        }
        return getContextConfiguration(webAppContext);
    }

    protected FedizContext getContextConfiguration(String str) {
        if (this.configurator == null) {
            throw new IllegalStateException("No Fediz configuration available");
        }
        FedizContext fedizContext = this.configurator.getFedizContext(str);
        if (fedizContext == null) {
            throw new IllegalStateException("No Fediz configuration for context :" + str);
        }
        String property = System.getProperty("catalina.base");
        if (property != null && property.length() > 0) {
            fedizContext.setRelativePath(property);
        }
        return fedizContext;
    }

    protected void reportError(String str) {
        LOG.warn(new org.apache.cxf.common.i18n.Message(str, BUNDLE, new Object[0]).toString());
    }

    protected void reportTrace(String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(new org.apache.cxf.common.i18n.Message(str, BUNDLE, new Object[0]).toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getWebAppContext(Message message) {
        return this.addWebAppContext ? this.addEndpointAddressToContext ? new UriInfoImpl(message).getBaseUri().getRawPath() : URI.create((String) message.get("http.base.path")).getRawPath() : "/";
    }

    public void setAddWebAppContext(boolean z) {
        this.addWebAppContext = z;
    }

    public SPStateManager getStateManager() {
        return this.stateManager;
    }

    public void setStateManager(SPStateManager sPStateManager) {
        this.stateManager = sPStateManager;
    }

    public String getWebAppDomain() {
        return this.webAppDomain;
    }

    public void setWebAppDomain(String str) {
        this.webAppDomain = str;
    }

    public long getStateTimeToLive() {
        return this.stateTimeToLive;
    }

    public void setStateTimeToLive(long j) {
        this.stateTimeToLive = j;
    }
}
