package com.alfaariss.oa.sso.web.profile.web;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.UserEvent;
import com.alfaariss.oa.UserException;
import com.alfaariss.oa.api.IService;
import com.alfaariss.oa.api.authentication.IAuthenticationProfile;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.logging.IAuthority;
import com.alfaariss.oa.api.persistence.PersistenceException;
import com.alfaariss.oa.api.requestor.IRequestor;
import com.alfaariss.oa.api.session.ISession;
import com.alfaariss.oa.api.session.SessionState;
import com.alfaariss.oa.api.sso.ISSOProfile;
import com.alfaariss.oa.api.tgt.ITGT;
import com.alfaariss.oa.engine.core.Engine;
import com.alfaariss.oa.engine.core.requestor.RequestorPool;
import com.alfaariss.oa.engine.core.server.Server;
import com.alfaariss.oa.sso.SSOException;
import com.alfaariss.oa.sso.SSOService;
import com.alfaariss.oa.sso.authentication.web.AuthenticationManager;
import com.alfaariss.oa.sso.authorization.web.PostAuthorizationManager;
import com.alfaariss.oa.sso.authorization.web.PreAuthorizationManager;
import com.alfaariss.oa.sso.web.WebSSOServlet;
import com.alfaariss.oa.sso.web.profile.user.UserProfile;
import com.alfaariss.oa.util.logging.SystemLogItem;
import com.alfaariss.oa.util.logging.UserEventLogItem;
import com.alfaariss.oa.util.validation.SessionValidator;
import com.alfaariss.oa.util.validation.TGTValidator;
import com.alfaariss.oa.util.web.CookieTool;
import com.alfaariss.oa.util.web.HttpUtils;
import com.alfaariss.oa.util.web.ResponseHeader;
import java.io.IOException;
import java.util.List;
import java.util.Locale;
import java.util.Vector;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.asimba.utility.web.RequestorHelper;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/sso/web/profile/web/WebProfile.class */
public class WebProfile implements ISSOProfile, IService, IAuthority {
    public static final String PROFILE_ID = "web";
    public static final String AUTHN_PROFILES_NAME = "authenticationProfiles";
    public static final String REQUESTORS_ATTRIBUTE_NAME = "requestors";
    public static final String AUTHN_PROFILES_ATTRIBUTE_NAME = "authnProfiles";
    private static final long serialVersionUID = 216120079251404994L;
    private static final String AUTHORITY_NAME = "WebSSO";
    private static final String DEFAULT_JSP_SELECTION = "/ui/sso/select.jsp";
    private static final String PROPERTY_WEB_ALWAYS_SHOW_SELECT = ".always_show_select_form";
    public static final String PARAMETER_LANGUAGE_LOCALE = "locale_language";
    protected static final String TGT_ATTR_TGTPROFILE = "TGT-Profile";
    private boolean _bShowAlways;
    private AuthenticationManager _authenticationManager;
    private IConfigurationManager _configurationManager;
    private String _sGlobalPreAuthzProfileID;
    private String _sGlobalPostAuthzProfileID;
    static final /* synthetic */ boolean $assertionsDisabled;
    protected boolean _bTGTProfileEnabled = false;
    private Log _systemLogger = LogFactory.getLog(WebProfile.class);
    private Log _eventLogger = LogFactory.getLog("com.alfaariss.oa.EventLogger");
    private PostAuthorizationManager _postAuthorizationManager = new PostAuthorizationManager();
    private PreAuthorizationManager _preAuthorizationManager = new PreAuthorizationManager();
    private SSOService _ssoService = new SSOService();
    private boolean _bStarted = false;
    private String _sSelectionPath = null;
    private CookieTool _cookieTool = null;
    private List<ResponseHeader> _listHeaders = new Vector();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.alfaariss.oa.sso.web.profile.web.WebProfile$1, reason: invalid class name */
    /* loaded from: input_file:com/alfaariss/oa/sso/web/profile/web/WebProfile$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$alfaariss$oa$api$session$SessionState = new int[SessionState.values().length];

        static {
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.SESSION_CREATED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.PRE_AUTHZ_IN_PROGRESS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.PRE_AUTHZ_OK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.AUTHN_SELECTION_IN_PROGRESS.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.AUTHN_SELECTION_OK.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.AUTHN_IN_PROGRESS.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.POST_AUTHZ_IN_PROGRESS.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.POST_AUTHZ_OK.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.POST_AUTHZ_FAILED.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.PRE_AUTHZ_FAILED.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.AUTHN_SELECTION_FAILED.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.AUTHN_OK.ordinal()] = 12;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.USER_CANCELLED.ordinal()] = 13;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.AUTHN_FAILED.ordinal()] = 14;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.AUTHN_NOT_SUPPORTED.ordinal()] = 15;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.USER_BLOCKED.ordinal()] = 16;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.USER_UNKNOWN.ordinal()] = 17;
            } catch (NoSuchFieldError e17) {
            }
        }
    }

    public WebProfile(AuthenticationManager authenticationManager) {
        this._authenticationManager = authenticationManager;
    }

    public String getID() {
        return PROFILE_ID;
    }

    public void init(ServletContext servletContext, IConfigurationManager iConfigurationManager, Element element, Element element2) throws OAException {
        if (iConfigurationManager == null) {
            throw new IllegalArgumentException("Supplied ConfigurationManager is empty");
        }
        this._configurationManager = iConfigurationManager;
        Server server = Engine.getInstance().getServer();
        if (server == null) {
            this._systemLogger.error("Server object could not be retrieved");
            throw new OAException(2);
        }
        this._sGlobalPreAuthzProfileID = server.getPreAuthorizationProfileID();
        this._sGlobalPostAuthzProfileID = server.getPostAuthorizationProfileID();
        this._ssoService.start(iConfigurationManager, element);
        readDefaultConfiguration(element);
        this._cookieTool = new CookieTool(iConfigurationManager, element);
        readHeadersConfiguration(element);
        Element section = this._configurationManager.getSection(element, "preauthorization");
        if (section == null) {
            this._systemLogger.info("No preauthorization configuration found, pre authorization is disabled");
        } else {
            this._preAuthorizationManager.start(this._configurationManager, section);
        }
        Element section2 = this._configurationManager.getSection(element, "postauthorization");
        if (section2 == null) {
            this._systemLogger.info("No postauthorization configuration found, post authorization is disabled");
        } else {
            this._postAuthorizationManager.start(this._configurationManager, section2);
        }
        Element section3 = this._configurationManager.getSection(element, "authentication");
        if (section3 == null) {
            this._systemLogger.error("No authentication configuration found");
            throw new OAException(17);
        }
        readShowAlwaysConfiguration(section3);
        Element section4 = this._configurationManager.getSection(element, "tgt");
        if (section4 != null) {
            this._bTGTProfileEnabled = establishOptionalBooleanAttribute(section4, "addprofile", "websso/tgt");
        }
        this._systemLogger.info("WebSSO started [Localization; TGTProfile patches]");
        this._bStarted = true;
    }

    public String getAuthority() {
        return AUTHORITY_NAME;
    }

    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OAException {
        try {
            if (!this._bStarted) {
                httpServletResponse.sendError(503);
                return;
            }
            HttpUtils.setDisableCachingHttpHeaders(httpServletRequest, httpServletResponse);
            ISession iSession = (ISession) httpServletRequest.getAttribute("asid");
            if (iSession == null) {
                String parameter = httpServletRequest.getParameter("asid");
                if (parameter != null) {
                    if (!SessionValidator.validateDefaultSessionId(parameter)) {
                        this._systemLogger.warn("Invalid session id in request: " + parameter);
                        throw new UserException(UserEvent.REQUEST_INVALID);
                    }
                    iSession = this._ssoService.getSession(parameter);
                }
                if (iSession == null) {
                    this._systemLogger.debug("No valid session found");
                    handleStartPage(httpServletRequest, httpServletResponse);
                }
            }
            if (iSession != null) {
                if (!iSession.isExpired()) {
                    if (httpServletRequest.getParameter("cancel") != null) {
                        try {
                            iSession.setState(SessionState.USER_CANCELLED);
                            iSession.persist();
                            this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), UserEvent.USER_CANCELLED, this, (String) null));
                        } catch (OAException e) {
                            this._systemLogger.warn("Could not store session");
                            throw new SSOException(e.getCode(), e);
                        }
                    }
                    if (httpServletRequest.getParameter(PARAMETER_LANGUAGE_LOCALE) != null) {
                        String parameter2 = httpServletRequest.getParameter(PARAMETER_LANGUAGE_LOCALE);
                        if (!parameter2.equals("")) {
                            iSession.setLocale(new Locale(parameter2));
                            iSession.persist();
                            this._systemLogger.info("User changed session 'locale_language' to " + parameter2);
                        }
                    }
                    RequestorPool requestorPool = this._ssoService.getRequestorPool(iSession);
                    if (requestorPool != null) {
                        switch (AnonymousClass1.$SwitchMap$com$alfaariss$oa$api$session$SessionState[iSession.getState().ordinal()]) {
                            case 1:
                                List allAuthNProfiles = this._ssoService.getAllAuthNProfiles(requestorPool);
                                if (!allAuthNProfiles.isEmpty()) {
                                    iSession.setAuthNProfiles(allAuthNProfiles);
                                    iSession.setState(SessionState.PRE_AUTHZ_IN_PROGRESS);
                                    if (requestorPool.isForcedAuthenticate()) {
                                        iSession.setForcedAuthentication(true);
                                        this._systemLogger.debug("Forced by requestor pool: Force authentication");
                                    }
                                    handlePreAuthorization(httpServletRequest, httpServletResponse, iSession, requestorPool);
                                    break;
                                } else {
                                    this._systemLogger.warn("Not one enabled authentication profile for requestor pool: " + requestorPool.getID());
                                    throw new SSOException(1);
                                }
                            case 2:
                                handlePreAuthorization(httpServletRequest, httpServletResponse, iSession, requestorPool);
                                break;
                            case 3:
                                checkTGT(httpServletRequest, httpServletResponse, iSession, requestorPool);
                                break;
                            case 4:
                                handleAuthenticationSelection(httpServletRequest, httpServletResponse, iSession, requestorPool);
                                break;
                            case 5:
                            case 6:
                                handleAuthentication(httpServletRequest, httpServletResponse, iSession, requestorPool, iSession.getSelectedAuthNProfile());
                                break;
                            case 7:
                                handlePostAuthorization(httpServletRequest, httpServletResponse, iSession, requestorPool);
                                break;
                            case 8:
                            case 9:
                            case 10:
                            case 11:
                            case 12:
                            case 13:
                            case 14:
                            case 15:
                            case 16:
                            case 17:
                            default:
                                this._systemLogger.debug(new SystemLogItem(iSession.getId(), 0, "Redirect back to Profile"));
                                httpServletResponse.sendRedirect(iSession.getProfileURL());
                                break;
                        }
                    } else {
                        this._systemLogger.warn(new SystemLogItem(iSession.getId(), 1, "Could not retrieve requestor pool from session"));
                        throw new SSOException(1);
                    }
                } else {
                    throw new UserException(UserEvent.SESSION_EXPIRED);
                }
            }
        } catch (SSOException e2) {
            if (0 != 0) {
                this._eventLogger.info(new UserEventLogItem((ISession) null, httpServletRequest.getRemoteAddr(), UserEvent.INTERNAL_ERROR, this, (String) null));
            } else {
                this._eventLogger.info(new UserEventLogItem((String) null, (String) null, (SessionState) null, UserEvent.INTERNAL_ERROR, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, (String) null));
            }
            handleError(httpServletRequest, httpServletResponse, null, e2, e2.getCode());
        } catch (Exception e3) {
            handleError(httpServletRequest, httpServletResponse, null, e3, 1);
        } catch (OAException e4) {
            handleError(httpServletRequest, httpServletResponse, null, e4, e4.getCode());
        } catch (UserException e5) {
            if (0 != 0) {
                this._eventLogger.info(new UserEventLogItem((ISession) null, httpServletRequest.getRemoteAddr(), e5.getEvent(), this, (String) null));
            } else {
                this._eventLogger.info(new UserEventLogItem((String) null, (String) null, (SessionState) null, e5.getEvent(), (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, (String) null));
            }
            if (httpServletResponse.isCommitted()) {
                return;
            }
            try {
                httpServletResponse.sendError(400);
            } catch (IOException e6) {
                this._systemLogger.warn("Could not send response", e6);
            }
        }
    }

    public void destroy() {
        this._bStarted = false;
        this._cookieTool = null;
        if (this._ssoService != null) {
            this._ssoService.stop();
        }
        if (this._preAuthorizationManager != null) {
            this._preAuthorizationManager.stop();
        }
        if (this._postAuthorizationManager != null) {
            this._postAuthorizationManager.stop();
        }
        this._systemLogger.info("WebSSO stopped");
    }

    private void handleError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession, Throwable th, int i) {
        IRequestor requestor;
        if (iSession != null) {
            this._systemLogger.error(new SystemLogItem(iSession.getId(), i, "Internal error while processing request"), th);
            try {
                httpServletRequest.setAttribute("sessionLocale", iSession.getLocale());
                httpServletRequest.setAttribute("serverInfo", Engine.getInstance().getServer());
                if (iSession.getRequestorId() != null && (requestor = this._ssoService.getRequestor(iSession)) != null) {
                    httpServletRequest.setAttribute("requestor", requestor);
                }
            } catch (Exception e) {
                this._systemLogger.error("could not set request attributes", e);
            }
            iSession.expire();
            try {
                iSession.persist();
            } catch (PersistenceException e2) {
                this._systemLogger.error("Could not persist session", e2);
            }
        } else {
            this._systemLogger.error("Internal error while processing request", th);
        }
        if (httpServletResponse.isCommitted()) {
            return;
        }
        try {
            httpServletResponse.sendError(500);
        } catch (IOException e3) {
            this._systemLogger.warn("Could not send response", e3);
        }
    }

    private void readDefaultConfiguration(Element element) throws OAException {
        if (!$assertionsDisabled && element == null) {
            throw new AssertionError("Supplied config == null");
        }
        this._sSelectionPath = DEFAULT_JSP_SELECTION;
        Element section = this._configurationManager.getSection(element, "view");
        if (section == null) {
            this._systemLogger.warn("No optional 'view' section configuration found, using default");
        } else {
            Element section2 = this._configurationManager.getSection(section, "profile_selection");
            if (section2 == null) {
                this._systemLogger.warn("No optional 'profile_selection' section found in 'view' section in configuration, using default");
            } else {
                this._sSelectionPath = this._configurationManager.getParam(section2, "path");
                if (this._sSelectionPath == null || this._sSelectionPath.length() == 0) {
                    this._systemLogger.error("No 'path' parameter in 'profile_selection' section in configuration");
                    throw new OAException(17);
                }
            }
        }
        this._systemLogger.warn("Using profile selection JSP: " + this._sSelectionPath);
    }

    private void readShowAlwaysConfiguration(Element element) throws OAException {
        if (!$assertionsDisabled && element == null) {
            throw new AssertionError("Supplied authentication config element == null");
        }
        this._bShowAlways = false;
        String param = this._configurationManager.getParam(element, "always_show_select_form");
        if (param != null) {
            if ("true".equalsIgnoreCase(param)) {
                this._bShowAlways = true;
            } else if (!"false".equalsIgnoreCase(param)) {
                this._systemLogger.error("Invalid value for 'always_show_select_form' item found in configuration: " + param);
                throw new OAException(17);
            }
            this._systemLogger.info("Optional 'always_show_select_form' item is configured with value: " + this._bShowAlways);
        }
    }

    private boolean establishOptionalBooleanAttribute(Element element, String str, String str2) throws OAException {
        boolean z = false;
        String param = this._configurationManager.getParam(element, str);
        if (param != null) {
            if ("true".equalsIgnoreCase(param)) {
                z = true;
            } else if (!"false".equalsIgnoreCase(param)) {
                this._systemLogger.error("Invalid value for optional @" + str + "-attribute of " + str2 + ": " + param);
                throw new OAException(17);
            }
            this._systemLogger.info("Optional '" + str + "' item is configured with value: " + z);
        }
        return z;
    }

    private void readHeadersConfiguration(Element element) throws OAException {
        if (!$assertionsDisabled && element == null) {
            throw new AssertionError("Supplied config == null");
        }
        this._listHeaders.clear();
        Element section = this._configurationManager.getSection(element, "headers");
        if (section == null) {
            return;
        }
        Element section2 = this._configurationManager.getSection(section, "header");
        while (true) {
            Element element2 = section2;
            if (element2 == null) {
                return;
            }
            ResponseHeader responseHeader = new ResponseHeader(this._configurationManager, element2);
            this._listHeaders.add(responseHeader);
            this._systemLogger.info("Adding header: " + responseHeader.toString());
            section2 = this._configurationManager.getNextSection(element2);
        }
    }

    private void handleStartPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SSOException, IOException, ServletException {
        try {
            String servletPath = httpServletRequest.getServletPath();
            StringBuffer stringBuffer = new StringBuffer(servletPath);
            if (!servletPath.endsWith("/")) {
                stringBuffer.append("/");
            }
            stringBuffer.append(UserProfile.PROFILE_ID);
            RequestDispatcher requestDispatcher = httpServletRequest.getRequestDispatcher(stringBuffer.toString());
            if (requestDispatcher != null) {
                requestDispatcher.forward(httpServletRequest, httpServletResponse);
            } else {
                this._systemLogger.fatal("Forward request not supported: " + stringBuffer.toString());
                throw new SSOException(1);
            }
        } catch (SSOException e) {
            throw e;
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:6:0x0023. Please report as an issue. */
    private void handlePreAuthorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession, RequestorPool requestorPool) throws OAException, IOException, UserException {
        if (!this._preAuthorizationManager.isEnabled()) {
            iSession.setState(SessionState.PRE_AUTHZ_OK);
            this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), UserEvent.USER_PRE_AUTHORIZED, this, (String) null));
            checkTGT(httpServletRequest, httpServletResponse, iSession, requestorPool);
            return;
        }
        this._preAuthorizationManager.authorize(httpServletRequest, httpServletResponse, iSession, requestorPool);
        try {
            switch (AnonymousClass1.$SwitchMap$com$alfaariss$oa$api$session$SessionState[iSession.getState().ordinal()]) {
                case 2:
                    return;
                case 3:
                    StringBuffer stringBuffer = new StringBuffer();
                    if (this._sGlobalPreAuthzProfileID != null) {
                        stringBuffer.append(this._sGlobalPreAuthzProfileID);
                    }
                    String preAuthorizationProfileID = requestorPool.getPreAuthorizationProfileID();
                    if (preAuthorizationProfileID != null) {
                        if (this._sGlobalPreAuthzProfileID != null) {
                            stringBuffer.append(",");
                        }
                        stringBuffer.append(preAuthorizationProfileID);
                    }
                    this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), UserEvent.USER_PRE_AUTHORIZED, this, stringBuffer.toString()));
                    checkTGT(httpServletRequest, httpServletResponse, iSession, requestorPool);
                    return;
                case 10:
                    try {
                        iSession.persist();
                        httpServletResponse.sendRedirect(iSession.getProfileURL());
                        return;
                    } catch (OAException e) {
                        this._systemLogger.warn("Could not persist session", e);
                        throw new SSOException(e.getCode(), e);
                    }
                case 13:
                    try {
                        iSession.persist();
                        httpServletResponse.sendRedirect(iSession.getProfileURL());
                        return;
                    } catch (OAException e2) {
                        this._systemLogger.warn("Could not persist session", e2);
                        throw new SSOException(e2.getCode(), e2);
                    }
                default:
                    this._systemLogger.error(new SystemLogItem(iSession.getId(), 1, "Session state not supported during preautorization"));
                    throw new SSOException(1);
            }
        } catch (OAException e3) {
            throw e3;
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:6:0x0023. Please report as an issue. */
    private void handlePostAuthorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession, RequestorPool requestorPool) throws OAException, IOException {
        if (!this._postAuthorizationManager.isEnabled()) {
            this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), UserEvent.USER_POST_AUTHORIZED, this, (String) null));
            finishAuthentication(httpServletResponse, iSession, requestorPool);
            return;
        }
        this._postAuthorizationManager.authorize(httpServletRequest, httpServletResponse, iSession, requestorPool);
        try {
            switch (AnonymousClass1.$SwitchMap$com$alfaariss$oa$api$session$SessionState[iSession.getState().ordinal()]) {
                case 7:
                    return;
                case 8:
                    StringBuffer stringBuffer = new StringBuffer();
                    if (this._sGlobalPostAuthzProfileID != null) {
                        stringBuffer.append(this._sGlobalPostAuthzProfileID);
                    }
                    String postAuthorizationProfileID = requestorPool.getPostAuthorizationProfileID();
                    if (postAuthorizationProfileID != null) {
                        if (this._sGlobalPostAuthzProfileID != null) {
                            stringBuffer.append(",");
                        }
                        stringBuffer.append(postAuthorizationProfileID);
                    }
                    this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), UserEvent.USER_POST_AUTHORIZED, this, stringBuffer.toString()));
                    finishAuthentication(httpServletResponse, iSession, requestorPool);
                    return;
                case 9:
                    try {
                        iSession.persist();
                        httpServletResponse.sendRedirect(iSession.getProfileURL());
                        return;
                    } catch (OAException e) {
                        this._systemLogger.warn("Could not persist session", e);
                        throw new SSOException(e.getCode(), e);
                    }
                case 10:
                case 11:
                case 12:
                default:
                    this._systemLogger.error(new SystemLogItem(iSession.getId(), 1, "Session state not supported during postautorization"));
                    throw new SSOException(1);
                case 13:
                    try {
                        iSession.persist();
                        httpServletResponse.sendRedirect(iSession.getProfileURL());
                        return;
                    } catch (OAException e2) {
                        this._systemLogger.warn("Could not persist session", e2);
                        throw new SSOException(e2.getCode(), e2);
                    }
            }
        } catch (OAException e3) {
            throw e3;
        }
    }

    private void checkTGT(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession, RequestorPool requestorPool) throws SSOException, IOException, UserException {
        String cookieValue;
        boolean z = false;
        try {
            try {
                cookieValue = this._cookieTool.getCookieValue(WebSSOServlet.TGT_COOKIE_NAME, httpServletRequest);
            } catch (UserException e) {
                this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), e.getEvent(), this, (String) null));
                this._cookieTool.removeCookie(WebSSOServlet.TGT_COOKIE_NAME, httpServletRequest, httpServletResponse);
            }
            if (cookieValue != null && !TGTValidator.validateDefaultTGTId(cookieValue)) {
                this._systemLogger.debug("Invalid request, tgt id invalid: " + cookieValue);
                throw new UserException(UserEvent.REQUEST_INVALID);
            }
            boolean z2 = true;
            if (this._bTGTProfileEnabled && cookieValue != null) {
                String entityHostFromRequestor = RequestorHelper.entityHostFromRequestor(iSession.getProfileURL());
                this._systemLogger.debug("Checking whether a TGT is valid for profile " + entityHostFromRequestor);
                ITGT tgt = this._ssoService.getTGT(cookieValue);
                if (tgt != null) {
                    String str = (String) tgt.getAttributes().get(WebProfile.class, TGT_ATTR_TGTPROFILE);
                    if (str == null) {
                        this._systemLogger.debug("No TGT Profile with TGT: " + cookieValue);
                        throw new UserException(UserEvent.REQUEST_INVALID);
                    }
                    if (!str.equalsIgnoreCase(entityHostFromRequestor)) {
                        this._systemLogger.debug("TGT was issued for profile " + str + "; but request is for profile " + entityHostFromRequestor + ". TGT is ignored for this request.");
                        z2 = false;
                    }
                }
            }
            if (!this._bTGTProfileEnabled || (this._bTGTProfileEnabled && z2)) {
                z = this._ssoService.checkSingleSignon(iSession, cookieValue, requestorPool);
            }
            if (z) {
                this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), UserEvent.USER_AUTHENTICATED, this, "TGT"));
                iSession.setState(SessionState.POST_AUTHZ_IN_PROGRESS);
                this._ssoService.gatherAttributes(iSession);
                handlePostAuthorization(httpServletRequest, httpServletResponse, iSession, requestorPool);
            } else if (iSession.isPassive()) {
                iSession.setState(SessionState.PASSIVE_FAILED);
                try {
                    iSession.persist();
                    httpServletResponse.sendRedirect(iSession.getProfileURL());
                } catch (OAException e2) {
                    this._systemLogger.warn("Could not persist session", e2);
                    throw new SSOException(e2.getCode(), e2);
                }
            } else {
                iSession.setState(SessionState.AUTHN_SELECTION_IN_PROGRESS);
                this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), UserEvent.TGT_NOT_SUFFICIENT, this, (String) null));
                handleAuthenticationSelection(httpServletRequest, httpServletResponse, iSession, requestorPool);
            }
        } catch (OAException e3) {
            this._systemLogger.warn("Could not check TGT", e3);
            throw new SSOException(e3.getCode(), e3);
        } catch (SSOException e4) {
            throw e4;
        }
    }

    private void handleAuthenticationSelection(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession, RequestorPool requestorPool) throws SSOException, UserException {
        try {
            IAuthenticationProfile selectedAuthNProfile = this._ssoService.getSelectedAuthNProfile(iSession, httpServletRequest.getParameter("profile"), doShowAlways(requestorPool, this._ssoService.getRequestor(iSession.getRequestorId())));
            if (selectedAuthNProfile != null) {
                if (iSession.getState() == SessionState.AUTHN_NOT_SUPPORTED) {
                    httpServletRequest.setAttribute("userEvent", UserEvent.AUTHN_METHOD_NOT_SUPPORTED);
                }
                iSession.setState(SessionState.AUTHN_SELECTION_OK);
                this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), UserEvent.AUTHN_PROFILE_SELECTED, this, (String) null));
                handleAuthentication(httpServletRequest, httpServletResponse, iSession, requestorPool, selectedAuthNProfile);
            } else if (iSession.getAuthNProfiles().isEmpty()) {
                iSession.setState(SessionState.AUTHN_SELECTION_FAILED);
                this._systemLogger.error("No allowed authentication profiles available for session: " + iSession.getId());
                try {
                    iSession.persist();
                    this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), UserEvent.AUTHN_PROFILE_NOT_AVAILABLE, this, requestorPool.getID()));
                    httpServletResponse.sendRedirect(iSession.getProfileURL());
                } catch (OAException e) {
                    this._systemLogger.warn("Could not persists session", e);
                    throw new SSOException(e.getCode(), e);
                }
            } else {
                showSelectPage(httpServletRequest, httpServletResponse, iSession);
            }
        } catch (UserException e2) {
            throw e2;
        } catch (Exception e3) {
            this._systemLogger.error("Internal error during authN profile selection", e3);
            throw new SSOException(1);
        } catch (SSOException e4) {
            throw e4;
        }
    }

    private void showSelectPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession) throws SSOException {
        try {
            if (iSession.getState() == SessionState.AUTHN_NOT_SUPPORTED) {
                httpServletRequest.setAttribute("userEvent", UserEvent.AUTHN_METHOD_NOT_SUPPORTED);
            }
            iSession.setState(SessionState.AUTHN_SELECTION_IN_PROGRESS);
            iSession.persist();
            httpServletRequest.setAttribute("requestor", this._ssoService.getRequestor(iSession));
            httpServletRequest.setAttribute(AUTHN_PROFILES_NAME, iSession.getAuthNProfiles());
            httpServletRequest.setAttribute("asid", iSession.getId());
            httpServletRequest.setAttribute("sessionLocale", iSession.getLocale());
            httpServletRequest.setAttribute("serverInfo", Engine.getInstance().getServer());
            RequestDispatcher requestDispatcher = httpServletRequest.getRequestDispatcher(this._sSelectionPath);
            if (requestDispatcher == null) {
                this._systemLogger.fatal(new SystemLogItem(iSession.getId(), 1, "Forward request not supported"));
                throw new SSOException(1);
            }
            requestDispatcher.forward(httpServletRequest, httpServletResponse);
        } catch (SSOException e) {
            throw e;
        } catch (OAException e2) {
            throw new SSOException(e2.getCode(), e2);
        } catch (Exception e3) {
            this._systemLogger.fatal("Could not forward request with session: " + iSession.getId(), e3);
            throw new SSOException(1);
        }
    }

    private void handleAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession, RequestorPool requestorPool, IAuthenticationProfile iAuthenticationProfile) throws OAException, IOException, UserException {
        Cookie createCookie;
        this._authenticationManager.authenticate(iAuthenticationProfile, httpServletRequest, httpServletResponse, iSession);
        switch (AnonymousClass1.$SwitchMap$com$alfaariss$oa$api$session$SessionState[iSession.getState().ordinal()]) {
            case 6:
                return;
            case 7:
            case 8:
            case 9:
            case 10:
            case 11:
            default:
                this._systemLogger.fatal(new SystemLogItem(iSession.getId(), 1, "Session state not supported during authentication"));
                throw new SSOException(1);
            case 12:
                iSession.setState(SessionState.POST_AUTHZ_IN_PROGRESS);
                if (iSession.getUser() == null) {
                    this._systemLogger.error(new SystemLogItem(iSession.getId(), 1, "No user added during authentication, invalid configuration"));
                    throw new SSOException(1);
                }
                ITGT handleSingleSignon = this._ssoService.handleSingleSignon(iSession);
                if (handleSingleSignon != null) {
                    String entityHostFromRequestor = RequestorHelper.entityHostFromRequestor(iSession.getProfileURL());
                    if (this._bTGTProfileEnabled) {
                        createCookie = this._cookieTool.createCookie(WebSSOServlet.TGT_COOKIE_NAME, handleSingleSignon.getId(), "profiles/" + entityHostFromRequestor, httpServletRequest);
                        handleSingleSignon.getAttributes().put(WebProfile.class, TGT_ATTR_TGTPROFILE, entityHostFromRequestor);
                        handleSingleSignon.persist();
                    } else {
                        createCookie = this._cookieTool.createCookie(WebSSOServlet.TGT_COOKIE_NAME, handleSingleSignon.getId(), httpServletRequest);
                    }
                    httpServletResponse.addCookie(createCookie);
                    addHeaders(httpServletResponse);
                }
                try {
                    iSession.persist();
                    this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), UserEvent.USER_AUTHENTICATED, this, iAuthenticationProfile.getID()));
                    this._ssoService.gatherAttributes(iSession);
                    handlePostAuthorization(httpServletRequest, httpServletResponse, iSession, requestorPool);
                    return;
                } catch (OAException e) {
                    this._systemLogger.warn("Could not persist session", e);
                    throw new SSOException(e.getCode(), e);
                }
            case 13:
            case 14:
            case 16:
            case 17:
                try {
                    iSession.persist();
                    httpServletResponse.sendRedirect(iSession.getProfileURL());
                    return;
                } catch (OAException e2) {
                    this._systemLogger.warn("Could not persist session", e2);
                    throw new SSOException(e2.getCode(), e2);
                }
            case 15:
                List authNProfiles = iSession.getAuthNProfiles();
                authNProfiles.remove(iAuthenticationProfile);
                iSession.setAuthNProfiles(authNProfiles);
                handleAuthenticationSelection(httpServletRequest, httpServletResponse, iSession, requestorPool);
                return;
        }
    }

    private void addHeaders(HttpServletResponse httpServletResponse) {
        for (int i = 0; i < this._listHeaders.size(); i++) {
            ResponseHeader responseHeader = this._listHeaders.get(i);
            httpServletResponse.addHeader(responseHeader.getName(), responseHeader.getValue());
        }
    }

    private void finishAuthentication(HttpServletResponse httpServletResponse, ISession iSession, RequestorPool requestorPool) throws OAException, IOException {
        this._ssoService.performAttributeReleasePolicy(iSession, requestorPool.getAttributeReleasePolicyID());
        iSession.setState(SessionState.AUTHN_OK);
        iSession.persist();
        httpServletResponse.sendRedirect(iSession.getProfileURL());
    }

    private boolean doShowAlways(RequestorPool requestorPool, IRequestor iRequestor) {
        String str = (String) iRequestor.getProperty("web.always_show_select_form");
        if (str == null) {
            StringBuffer stringBuffer = new StringBuffer("No (optional) requestor specific '");
            stringBuffer.append("web.always_show_select_form");
            stringBuffer.append("' property found for requestor with ID: ");
            stringBuffer.append(iRequestor.getID());
            this._systemLogger.debug(stringBuffer.toString());
        } else {
            if ("TRUE".equalsIgnoreCase(str)) {
                return true;
            }
            if ("FALSE".equalsIgnoreCase(str)) {
                return false;
            }
            StringBuffer stringBuffer2 = new StringBuffer("Invalid requestor specific '");
            stringBuffer2.append("web.always_show_select_form");
            stringBuffer2.append("' property found for requestor with ID '");
            stringBuffer2.append(iRequestor.getID());
            stringBuffer2.append("': ");
            stringBuffer2.append(str);
            this._systemLogger.error(stringBuffer2.toString());
        }
        String str2 = (String) requestorPool.getProperty("web.always_show_select_form");
        if (str2 == null) {
            StringBuffer stringBuffer3 = new StringBuffer("No (optional) requestorpool specific '");
            stringBuffer3.append("web.always_show_select_form");
            stringBuffer3.append("' property found for requestorpool with ID: ");
            stringBuffer3.append(requestorPool.getID());
            this._systemLogger.debug(stringBuffer3.toString());
        } else {
            if ("TRUE".equalsIgnoreCase(str2)) {
                return true;
            }
            if ("FALSE".equalsIgnoreCase(str2)) {
                return false;
            }
            StringBuffer stringBuffer4 = new StringBuffer("Invalid requestorpool specific '");
            stringBuffer4.append("web.always_show_select_form");
            stringBuffer4.append("' property found for requestorpool with ID '");
            stringBuffer4.append(requestorPool.getID());
            stringBuffer4.append("': ");
            stringBuffer4.append(str2);
            this._systemLogger.error(stringBuffer4.toString());
        }
        return this._bShowAlways;
    }

    static {
        $assertionsDisabled = !WebProfile.class.desiredAssertionStatus();
    }
}
