package org.ametys.runtime.plugins.core.authentication;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletContext;
import org.ametys.runtime.authentication.AuthenticateAction;
import org.ametys.runtime.authentication.Credentials;
import org.ametys.runtime.authentication.CredentialsProvider;
import org.ametys.runtime.authentication.filter.RuntimeFilter;
import org.ametys.runtime.config.Config;
import org.ametys.runtime.util.LoggerFactory;
import org.apache.avalon.framework.activity.Initializable;
import org.apache.avalon.framework.configuration.Configurable;
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.avalon.framework.context.Context;
import org.apache.avalon.framework.context.ContextException;
import org.apache.avalon.framework.context.Contextualizable;
import org.apache.avalon.framework.logger.Logger;
import org.apache.cocoon.components.ContextHelper;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.Session;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;

/* loaded from: input_file:org/ametys/runtime/plugins/core/authentication/CASCredentialsProvider.class */
public class CASCredentialsProvider implements CredentialsProvider, Initializable, Configurable, Contextualizable {
    private static Logger _logger = LoggerFactory.getLoggerFor(CASCredentialsProvider.class);
    protected boolean _gateway;
    private Map<String, List<RuntimeFilter>> _filters;
    private String _serverUrl;
    private Context _context;
    private String _authorizedProxyChains;

    public void contextualize(Context context) throws ContextException {
        this._context = context;
    }

    public void configure(Configuration configuration) throws ConfigurationException {
        this._gateway = configuration.getChild("gateway").getValueAsBoolean(false);
    }

    public void initialize() throws Exception {
        this._filters = new HashMap();
        this._serverUrl = Config.getInstance().getValueAsString("runtime.authentication.cas.serverUrl");
        this._authorizedProxyChains = Config.getInstance().getValueAsString("runtime.authentication.cas.authorizedProxyChain");
        if (this._authorizedProxyChains == null || this._authorizedProxyChains.trim().length() == 0) {
            this._authorizedProxyChains = "";
        }
    }

    @Override // org.ametys.runtime.authentication.CredentialsProvider
    public boolean validate(Redirector redirector) throws Exception {
        Map objectModel = ContextHelper.getObjectModel(this._context);
        Request request = ObjectModelHelper.getRequest(objectModel);
        StringBuffer stringBuffer = new StringBuffer(request.getServerName());
        if (request.isSecure()) {
            if (request.getServerPort() != 443) {
                stringBuffer.append(":");
                stringBuffer.append(request.getServerPort());
            }
        } else if (request.getServerPort() != 80) {
            stringBuffer.append(":");
            stringBuffer.append(request.getServerPort());
        }
        String stringBuffer2 = stringBuffer.toString();
        List<RuntimeFilter> list = this._filters.get(stringBuffer2);
        if (list == null) {
            list = new ArrayList();
            this._filters.put(stringBuffer2, list);
            ServletContext servletContext = (ServletContext) objectModel.get("httpservletcontext");
            HashMap hashMap = new HashMap();
            hashMap.put("casServerLoginUrl", this._serverUrl + "/login");
            hashMap.put("serverName", stringBuffer2);
            hashMap.put("gateway", String.valueOf(this._gateway));
            RuntimeFilter runtimeFilter = new RuntimeFilter(new AuthenticationFilter());
            runtimeFilter.init(hashMap, servletContext);
            list.add(runtimeFilter);
            hashMap.clear();
            hashMap.put("casServerUrlPrefix", this._serverUrl);
            hashMap.put("serverName", stringBuffer2);
            hashMap.put("allowedProxyChains", this._authorizedProxyChains);
            RuntimeFilter runtimeFilter2 = new RuntimeFilter(new Cas20ProxyReceivingTicketValidationFilter());
            runtimeFilter2.init(hashMap, servletContext);
            list.add(runtimeFilter2);
            hashMap.clear();
            RuntimeFilter runtimeFilter3 = new RuntimeFilter(new HttpServletRequestWrapperFilter());
            runtimeFilter3.init(hashMap, servletContext);
            list.add(runtimeFilter3);
        }
        if (_logger.isDebugEnabled()) {
            _logger.debug("Executing CAS filter chain...");
        }
        Iterator<RuntimeFilter> it = list.iterator();
        while (it.hasNext()) {
            it.next().doFilter(objectModel, redirector);
        }
        boolean z = true;
        if (!redirector.hasRedirected()) {
            Session session = request.getSession(false);
            String _getLogin = _getLogin(request);
            z = _getLogin != null && _getLogin.equals(session == null ? null : (String) session.getAttribute(AuthenticateAction.SESSION_USERLOGIN));
        }
        return z;
    }

    @Override // org.ametys.runtime.authentication.CredentialsProvider
    public boolean accept() {
        String _getLogin = _getLogin(ObjectModelHelper.getRequest(ContextHelper.getObjectModel(this._context)));
        if (!this._gateway || _getLogin != null) {
            return false;
        }
        if (!_logger.isDebugEnabled()) {
            return true;
        }
        _logger.debug("Gateway CAS : unauthenticated user, letting him through.");
        return true;
    }

    @Override // org.ametys.runtime.authentication.CredentialsProvider
    public Credentials getCredentials(Redirector redirector) throws Exception {
        String _getLogin = _getLogin(ObjectModelHelper.getRequest(ContextHelper.getObjectModel(this._context)));
        if (_getLogin != null) {
            if (_logger.isDebugEnabled()) {
                _logger.debug("User authenticated by CAS : " + _getLogin);
            }
            return new Credentials(_getLogin, "");
        }
        if (this._gateway) {
            return null;
        }
        String str = "CAS authentication needs a CAS filter to be configured into the WEB-INF/web.xml file. Please see documentation for more details. It is recommanded to use the filter: " + AuthenticationFilter.class.getName();
        _logger.error(str);
        throw new IllegalStateException(str);
    }

    @Override // org.ametys.runtime.authentication.CredentialsProvider
    public void notAllowed(Redirector redirector) throws Exception {
    }

    @Override // org.ametys.runtime.authentication.CredentialsProvider
    public void allowed(Redirector redirector) {
    }

    protected String _getLogin(Request request) {
        String str = null;
        Session session = request.getSession(false);
        Assertion assertion = (Assertion) (session == null ? request.getAttribute("_const_cas_assertion_") : session.getAttribute("_const_cas_assertion_"));
        if (assertion != null) {
            str = assertion.getPrincipal().getName();
        }
        return str;
    }
}
