package org.ametys.plugins.extrausermgt.authentication.cas;

import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletContext;
import org.ametys.core.authentication.AbstractCredentialProvider;
import org.ametys.core.authentication.BlockingCredentialProvider;
import org.ametys.core.authentication.NonBlockingCredentialProvider;
import org.ametys.core.servletwrapper.filter.ServletFilterWrapper;
import org.ametys.core.user.UserIdentity;
import org.apache.avalon.framework.context.Context;
import org.apache.avalon.framework.context.ContextException;
import org.apache.avalon.framework.context.Contextualizable;
import org.apache.cocoon.components.ContextHelper;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.Session;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.message.BasicNameValuePair;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
import org.jasig.cas.client.validation.Assertion;

/* loaded from: input_file:org/ametys/plugins/extrausermgt/authentication/cas/CASCredentialProvider.class */
public class CASCredentialProvider extends AbstractCredentialProvider implements NonBlockingCredentialProvider, BlockingCredentialProvider, Contextualizable {
    public static final String PARAM_SERVER_URL = "authentication.cas.serverUrl";
    private static final String __PARAM_REQUEST_PROXY_TICKETS = "authentication.cas.requestProxyTickets";
    private static final String __PARAM_ACCEPT_ANY_PROXY = "authentication.cas.acceptAnyProxy";
    private static final String __PARAM_AUTHORIZED_PROXY_CHAINS = "authentication.cas.authorizedProxyChain";
    private static final String __PARAM_GATEWAY_ENABLED = "authentication.cas.enableGateway";
    protected String _serverUrl;
    private Context _context;
    private boolean _requestProxyTickets;
    private boolean _acceptAnyProxy;
    private String _authorizedProxyChains;
    private boolean _gatewayModeEnabled;

    public void contextualize(Context context) throws ContextException {
        this._context = context;
    }

    public void init(String str, String str2, Map<String, Object> map, String str3) {
        super.init(str, str2, map, str3);
        this._serverUrl = (String) map.get(PARAM_SERVER_URL);
        this._requestProxyTickets = ((Boolean) map.get(__PARAM_REQUEST_PROXY_TICKETS)).booleanValue();
        this._acceptAnyProxy = ((Boolean) map.get(__PARAM_ACCEPT_ANY_PROXY)).booleanValue();
        this._authorizedProxyChains = (String) map.get(__PARAM_AUTHORIZED_PROXY_CHAINS);
        this._gatewayModeEnabled = ((Boolean) map.get(__PARAM_GATEWAY_ENABLED)).booleanValue();
    }

    public boolean blockingIsStillConnected(UserIdentity userIdentity, Redirector redirector) throws Exception {
        return StringUtils.equals(userIdentity.getLogin(), _getLoginFromFilter(false, redirector));
    }

    public boolean nonBlockingIsStillConnected(UserIdentity userIdentity, Redirector redirector) throws Exception {
        return blockingIsStillConnected(userIdentity, redirector);
    }

    private String _getLoginFromFilter(boolean z, Redirector redirector) throws Exception {
        Map objectModel = ContextHelper.getObjectModel(this._context);
        Request request = ObjectModelHelper.getRequest(objectModel);
        if (request.getRequestURI().startsWith(request.getContextPath() + "/plugins/core/authenticate/") && "true".equals(request.getParameter("proxy"))) {
            getLogger().debug("Redirecting to '{}'", redirector);
            redirector.redirect(true, "cocoon://_plugins/core-impl/ametysCasProxy");
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer(request.getServerName());
        if (request.isSecure()) {
            if (request.getServerPort() != 443) {
                stringBuffer.append(":");
                stringBuffer.append(request.getServerPort());
            }
        } else if (request.getServerPort() != 80) {
            stringBuffer.append(":");
            stringBuffer.append(request.getServerPort());
        }
        String stringBuffer2 = stringBuffer.toString();
        ArrayList arrayList = new ArrayList();
        ServletContext servletContext = (ServletContext) objectModel.get("httpservletcontext");
        HashMap hashMap = new HashMap();
        try {
            hashMap.put("casServerLoginUrl", this._serverUrl + "/login");
            hashMap.put("serverName", stringBuffer2);
            hashMap.put("gateway", String.valueOf(z));
            ServletFilterWrapper servletFilterWrapper = new ServletFilterWrapper(new AuthenticationFilter());
            servletFilterWrapper.init(hashMap, servletContext);
            arrayList.add(servletFilterWrapper);
            hashMap.clear();
            hashMap.put("casServerUrlPrefix", this._serverUrl);
            hashMap.put("serverName", stringBuffer2);
            if (this._acceptAnyProxy) {
                hashMap.put("acceptAnyProxy", "true");
            } else {
                hashMap.put("allowedProxyChains", this._authorizedProxyChains);
            }
            if (this._requestProxyTickets && StringUtils.isNotEmpty(request.getParameter("ticket"))) {
                String str = "https://" + stringBuffer2 + _getProxyCallbackRelativeUrl(request);
                getLogger().debug("The computed proxy callback url is: {}", str);
                hashMap.put("proxyCallbackUrl", str);
                hashMap.put("proxyGrantingTicketStorageClass", CasProxyGrantingTicketManager.class.getName());
                hashMap.put("ticketValidatorClass", AmetysCas20ProxyTicketValidator.class.getName());
            }
            ServletFilterWrapper servletFilterWrapper2 = new ServletFilterWrapper(new AmetysCas20ProxyReceivingTicketValidationFilter());
            servletFilterWrapper2.init(hashMap, servletContext);
            arrayList.add(servletFilterWrapper2);
            hashMap.clear();
            ServletFilterWrapper servletFilterWrapper3 = new ServletFilterWrapper(new HttpServletRequestWrapperFilter());
            servletFilterWrapper3.init(hashMap, servletContext);
            arrayList.add(servletFilterWrapper3);
            getLogger().debug("Executing CAS filter chain...");
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                ((ServletFilterWrapper) it.next()).doFilter(objectModel, redirector);
            }
            if (redirector.hasRedirected()) {
                return null;
            }
            return _getLogin(request);
        } finally {
            getLogger().debug("Destroying CAS filter chain...");
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                ((ServletFilterWrapper) it2.next()).destroy();
            }
        }
    }

    private String _getProxyCallbackRelativeUrl(Request request) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("proxy", "true"));
        String str = (String) request.getAttribute("Runtime:CurrentUserPopulationId");
        if (StringUtils.isNotEmpty(str)) {
            arrayList.add(new BasicNameValuePair("UserPopulation", str));
        }
        Integer _getRunningCpIndex = _getRunningCpIndex(request);
        if (_getRunningCpIndex.equals(-1)) {
            _getRunningCpIndex = 0;
        }
        List list = (List) request.getAttribute("Runtime:Contexts");
        arrayList.add(new BasicNameValuePair("contexts", list != null ? StringUtils.join(list.toArray(), ',') : ""));
        return request.getContextPath() + "/plugins/core/authenticate/" + _getRunningCpIndex.toString() + "?" + URLEncodedUtils.format(arrayList, StandardCharsets.UTF_8);
    }

    private Integer _getRunningCpIndex(Request request) {
        Integer num;
        Integer num2 = (Integer) request.getAttribute("Runtime:RequestCredentialProviderIndex");
        if (num2 != null) {
            return num2;
        }
        Session session = request.getSession(false);
        if (session == null || (num = (Integer) session.getAttribute("Runtime:ConnectingCredentialProviderIndexLastKnown")) == null) {
            return -1;
        }
        return num;
    }

    public boolean blockingGrantAnonymousRequest() {
        return false;
    }

    public boolean nonBlockingGrantAnonymousRequest() {
        return false;
    }

    public UserIdentity blockingGetUserIdentity(Redirector redirector) throws Exception {
        String _getLoginFromFilter = _getLoginFromFilter(false, redirector);
        if (redirector.hasRedirected()) {
            return null;
        }
        if (_getLoginFromFilter == null) {
            throw new IllegalStateException("CAS authentication needs a CAS filter.");
        }
        return new UserIdentity(_getLoginFromFilter, (String) null);
    }

    public UserIdentity nonBlockingGetUserIdentity(Redirector redirector) throws Exception {
        String _getLoginFromFilter;
        if (this._gatewayModeEnabled && (_getLoginFromFilter = _getLoginFromFilter(true, redirector)) != null) {
            return new UserIdentity(_getLoginFromFilter, (String) null);
        }
        return null;
    }

    public void blockingUserNotAllowed(Redirector redirector) throws Exception {
    }

    public void nonBlockingUserNotAllowed(Redirector redirector) throws Exception {
    }

    public void blockingUserAllowed(UserIdentity userIdentity) {
    }

    public void nonBlockingUserAllowed(UserIdentity userIdentity) {
    }

    public boolean requiresNewWindow() {
        return true;
    }

    protected String _getLogin(Request request) {
        String str = null;
        Session session = request.getSession(false);
        Assertion assertion = (Assertion) (session == null ? request.getAttribute("_const_cas_assertion_") : session.getAttribute("_const_cas_assertion_"));
        if (assertion != null) {
            str = assertion.getPrincipal().getName();
        }
        return str;
    }
}
