package com.alfaariss.oa.sso.web.profile.ssoquery;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.RequestorEvent;
import com.alfaariss.oa.UserEvent;
import com.alfaariss.oa.UserException;
import com.alfaariss.oa.api.IService;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.logging.IAuthority;
import com.alfaariss.oa.api.session.SessionState;
import com.alfaariss.oa.api.sso.ISSOProfile;
import com.alfaariss.oa.api.tgt.ITGT;
import com.alfaariss.oa.engine.core.Engine;
import com.alfaariss.oa.engine.core.tgt.factory.ITGTFactory;
import com.alfaariss.oa.sso.web.profile.ssoquery.whitelist.IWhitelist;
import com.alfaariss.oa.util.logging.RequestorEventLogItem;
import com.alfaariss.oa.util.web.CookieTool;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/sso/web/profile/ssoquery/SSOQueryProfile.class */
public class SSOQueryProfile implements ISSOProfile, IService, IAuthority {
    public static final String PROFILE_ID = "ssoquery";
    private static final String PARAM_RESPONSE_URL = "response_url";
    private static final String PARAM_RESULT = "result";
    private static final String AUTHORITY_NAME = "SSOQuery";
    private static Log _logger;
    private static Log _eventLogger;
    private boolean _bEnabled;
    private CookieTool _cookieTool;
    private ITGTFactory<?> _tgtFactory;
    private String _sProfileID;
    private IWhitelist _whitelist;

    public SSOQueryProfile() {
        _logger = LogFactory.getLog(SSOQueryProfile.class);
        _eventLogger = LogFactory.getLog("com.alfaariss.oa.EventLogger");
        this._bEnabled = false;
    }

    public void destroy() {
        this._bEnabled = false;
        this._cookieTool = null;
        if (this._whitelist != null) {
            this._whitelist.stop();
        }
    }

    public String getID() {
        return this._sProfileID;
    }

    public void init(ServletContext servletContext, IConfigurationManager iConfigurationManager, Element element, Element element2) throws OAException {
        this._bEnabled = true;
        this._sProfileID = PROFILE_ID;
        if (element2 != null) {
            this._sProfileID = iConfigurationManager.getParam(element2, "id");
            if (this._sProfileID == null) {
                this._sProfileID = PROFILE_ID;
                _logger.error("No 'id' item in 'profile' section in configuration, using default: " + this._sProfileID);
            }
            String param = iConfigurationManager.getParam(element2, "enabled");
            if (param != null) {
                if (param.equalsIgnoreCase("FALSE")) {
                    this._bEnabled = false;
                } else if (!param.equalsIgnoreCase("TRUE")) {
                    _logger.error("Unknown value in 'enabled' configuration item: " + param);
                    throw new OAException(17);
                }
            }
        }
        if (this._bEnabled) {
            this._tgtFactory = Engine.getInstance().getTGTFactory();
            this._cookieTool = new CookieTool(iConfigurationManager, element);
            readWhitelistConfig(iConfigurationManager, element2);
        }
        _logger.info("Started SSO Query Request Profile: " + this._sProfileID);
    }

    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OAException {
        ITGT retrieve;
        try {
            if (!this._bEnabled) {
                _logger.debug("Component is disabled");
                throw new UserException(UserEvent.INTERNAL_ERROR);
            }
            _logger.debug("Performing 'sso query' request sent from IP: " + httpServletRequest.getRemoteAddr());
            String parameter = httpServletRequest.getParameter(PARAM_RESPONSE_URL);
            if (parameter == null) {
                _logger.debug("No parameter 'response_url' available in request");
                throw new UserException(UserEvent.REQUEST_INVALID);
            }
            if (this._whitelist != null) {
                try {
                    URL url = new URL(parameter);
                    if (!this._whitelist.isWhitelisted(url.getHost())) {
                        _logger.debug("Hostname isn't whitelisted: " + url.getHost());
                        throw new UserException(UserEvent.REQUEST_INVALID);
                    }
                } catch (MalformedURLException e) {
                    StringBuffer stringBuffer = new StringBuffer("Invalid parameter '");
                    stringBuffer.append(PARAM_RESPONSE_URL);
                    stringBuffer.append("' available in request: ");
                    stringBuffer.append(parameter);
                    _logger.debug(stringBuffer.toString());
                    throw new UserException(UserEvent.REQUEST_INVALID);
                }
            }
            String str = "false";
            String cookieValue = this._cookieTool.getCookieValue("oa_sso_id", httpServletRequest);
            if (cookieValue != null && (retrieve = this._tgtFactory.retrieve(cookieValue)) != null && !retrieve.isExpired()) {
                str = "true";
            }
            StringBuffer stringBuffer2 = new StringBuffer(parameter);
            if (parameter.contains("?")) {
                stringBuffer2.append("&");
            } else {
                stringBuffer2.append("?");
            }
            stringBuffer2.append(PARAM_RESULT);
            stringBuffer2.append("=");
            stringBuffer2.append(str);
            _eventLogger.info(new RequestorEventLogItem((String) null, cookieValue, (SessionState) null, RequestorEvent.QUERY_SUCCESSFUL, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, str));
            _logger.debug("Redirecting user to: " + stringBuffer2.toString());
            httpServletResponse.sendRedirect(stringBuffer2.toString());
        } catch (UserException e2) {
            try {
                if (!httpServletResponse.isCommitted()) {
                    httpServletResponse.sendError(400);
                }
            } catch (IOException e3) {
                _logger.debug("Could not respond", e3);
                throw new OAException(1);
            }
        } catch (Exception e4) {
            _logger.fatal("Internal error during sso request", e4);
            throw new OAException(1);
        }
    }

    public String getAuthority() {
        return AUTHORITY_NAME + this._sProfileID;
    }

    private void readWhitelistConfig(IConfigurationManager iConfigurationManager, Element element) throws OAException {
        this._whitelist = null;
        Element section = iConfigurationManager.getSection(element, "whitelist");
        if (section == null) {
            _logger.warn("No optional 'whitelist' section found in configuration");
            return;
        }
        String param = iConfigurationManager.getParam(section, "class");
        if (param == null) {
            _logger.error("No 'class' parameter found in 'whitelist' section");
            throw new OAException(17);
        }
        try {
            this._whitelist = (IWhitelist) Class.forName(param).newInstance();
            this._whitelist.start(iConfigurationManager, section);
        } catch (ClassCastException e) {
            _logger.error("Configured Whitelist class isn't of type 'IWhitelist': " + param, e);
            throw new OAException(17);
        } catch (ClassNotFoundException e2) {
            _logger.error("Configured Whitelist class could not be found: " + param, e2);
            throw new OAException(17);
        } catch (IllegalAccessException e3) {
            _logger.error("Configured Whitelist class could not be accessed: " + param, e3);
            throw new OAException(17);
        } catch (InstantiationException e4) {
            _logger.error("Configured Whitelist class could not be instantiated: " + param, e4);
            throw new OAException(17);
        }
    }
}
