package org.jahia.modules.cas;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.InvocationTargetException;
import java.net.URLEncoder;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.impl.SimpleLog;
import org.jahia.bin.Logout;
import org.jahia.exceptions.JahiaException;
import org.jahia.params.valves.LoginUrlProvider;
import org.jahia.params.valves.LogoutUrlProvider;
import org.jahia.params.valves.SsoValve;
import org.jahia.pipelines.Pipeline;
import org.jahia.pipelines.valves.Valve;
import org.jahia.settings.SettingsBean;
import org.jahia.utils.Url;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.jasig.cas.client.validation.ProxyList;
import org.jasig.cas.client.validation.TicketValidationException;
import org.jasig.cas.client.validation.TicketValidator;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ServiceScope;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.SAXException;

@Component(service = {Valve.class, LoginUrlProvider.class, LogoutUrlProvider.class}, scope = ServiceScope.SINGLETON, immediate = true)
/* loaded from: input_file:org/jahia/modules/cas/CasAuthValve.class */
public class CasAuthValve extends SsoValve implements LoginUrlProvider, LogoutUrlProvider {
    private static final Logger logger = LoggerFactory.getLogger(CasAuthValve.class);
    private Pipeline authPipeline;
    private String loginUrl;
    private String logoutUrl;
    private String ticketValidator;
    private String serverUrlPrefix;
    private boolean proxyValidatorAcceptAnyProxy = false;
    private String proxyValidatorAllowedProxyChain = "";

    @Reference(service = Pipeline.class, target = "(type=authentication)")
    public void setAuthPipeline(Pipeline pipeline) {
        this.authPipeline = pipeline;
    }

    @Activate
    public void activate(Map<String, ?> map) {
        setId("casAuthValve");
        removeValve(this.authPipeline);
        addValve(this.authPipeline, 0, null, null);
        try {
            BeanUtils.copyProperties(this, map);
        } catch (IllegalAccessException | InvocationTargetException e) {
            logger.error("Invalid configuration", e);
        }
    }

    public String getLoginUrl(HttpServletRequest httpServletRequest) {
        return getRedirectUrl(httpServletRequest);
    }

    public String getLogoutUrl(HttpServletRequest httpServletRequest) {
        return getRedirectUrlLogout(httpServletRequest);
    }

    public String getRedirectUrl(HttpServletRequest httpServletRequest) {
        try {
            return this.loginUrl + "?service=" + URLEncoder.encode(getServiceUrl(httpServletRequest), SettingsBean.getInstance().getCharacterEncoding());
        } catch (UnsupportedEncodingException e) {
            throw new IllegalArgumentException(e);
        }
    }

    public String getRedirectUrlLogout(HttpServletRequest httpServletRequest) {
        try {
            return this.logoutUrl + "?service=" + URLEncoder.encode(Url.getServer(httpServletRequest) + httpServletRequest.getContextPath() + Logout.getLogoutServletPath(), SettingsBean.getInstance().getCharacterEncoding());
        } catch (UnsupportedEncodingException e) {
            throw new IllegalArgumentException(e);
        }
    }

    private String getServiceUrl(HttpServletRequest httpServletRequest) {
        String str = (String) httpServletRequest.getAttribute("javax.servlet.error.request_uri");
        if (str == null) {
            str = httpServletRequest.getRequestURI();
        }
        return Url.getServer(httpServletRequest) + str;
    }

    public boolean hasCustomLoginUrl() {
        return isEnabled();
    }

    public boolean hasCustomLogoutUrl() {
        return isEnabled() && StringUtils.isNotEmpty(this.logoutUrl);
    }

    public Object retrieveCredentials(HttpServletRequest httpServletRequest) throws Exception {
        return StringUtils.defaultIfEmpty(httpServletRequest.getParameter("ticket"), (String) null);
    }

    public String validateCredentials(Object obj, HttpServletRequest httpServletRequest) throws JahiaException {
        try {
            return validateTicket((String) obj, getServiceUrl(httpServletRequest));
        } catch (Exception e) {
            throw new JahiaException("Cannot validate CAS credentials", "Cannot validate CAS credentials", 16, 1, e);
        }
    }

    protected TicketValidator getTicketValidator() {
        String str = this.ticketValidator;
        boolean z = -1;
        switch (str.hashCode()) {
            case -431668565:
                if (str.equals("Cas20ProxyTicketValidator")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case SimpleLog.LOG_LEVEL_ALL /* 0 */:
                Cas20ProxyTicketValidator cas20ProxyTicketValidator = new Cas20ProxyTicketValidator(this.serverUrlPrefix);
                cas20ProxyTicketValidator.setAcceptAnyProxy(this.proxyValidatorAcceptAnyProxy);
                cas20ProxyTicketValidator.setAllowedProxyChains(new ProxyList((List) Arrays.stream(this.proxyValidatorAllowedProxyChain.split(",")).map(str2 -> {
                    return str2.split(" ");
                }).collect(Collectors.toList())));
                return cas20ProxyTicketValidator;
            default:
                return new Cas20ServiceTicketValidator(this.serverUrlPrefix);
        }
    }

    public void setTicketValidator(String str) {
        this.ticketValidator = str.trim();
    }

    public void setLoginUrl(String str) {
        this.loginUrl = str;
    }

    public void setLogoutUrl(String str) {
        this.logoutUrl = str;
    }

    public void setServerUrlPrefix(String str) {
        this.serverUrlPrefix = str;
    }

    private String validateTicket(String str, String str2) throws IOException, SAXException, ParserConfigurationException, JahiaException, TicketValidationException {
        AttributePrincipal principal = getTicketValidator().validate(str, str2).getPrincipal();
        if (principal != null) {
            return StringUtils.defaultString(principal.getName(), (String) null);
        }
        return null;
    }
}
