package com.xunlei.cas;

import edu.yale.its.tp.cas.client.ProxyTicketValidator;
import edu.yale.its.tp.cas.client.ServiceTicketValidator;
import edu.yale.its.tp.cas.client.Util;
import edu.yale.its.tp.cas.client.filter.CASFilterRequestWrapper;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.StringTokenizer;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.xml.parsers.ParserConfigurationException;
import org.xml.sax.SAXException;

/* loaded from: input_file:com/xunlei/cas/XLCasFilter.class */
public class XLCasFilter implements Filter {
    public static final String CAS_FILTER_USER = "edu.yale.its.tp.cas.client.filter.user";
    public static final String initparam_xl = "com.xunlei.cas";
    public static final String initparam_xlCasAdminURL_S = "CasAdminURL";
    public static final String initparam_xlFormerLoginURI_S = "FormerLoginURI";
    public static final String initparam_xlCasURL_S = "CasURL";
    public static final String initparam_xlServerName_S = "ServerName";
    public static final String initparam_xlFormerLoginURI = "com.xunlei.cas.FormerLoginURI";
    public static final String initparam_xlCasURL = "com.xunlei.cas.CasURL";
    public static final String initparam_xlServerName = "com.xunlei.cas.ServerName";
    public static final String initparam_casServerLoginURI = "edu.yale.its.tp.cas.client.filter.serverLoginURI";
    public static final String initparam_casLogin = "edu.yale.its.tp.cas.client.filter.loginUrl";
    public static final String initparam_casLogout = "edu.yale.its.tp.cas.client.filter.logoutUrl";
    public static final String initparam_casValidate = "edu.yale.its.tp.cas.client.filter.validateUrl";
    public static final String initparam_casServerName = "edu.yale.its.tp.cas.client.filter.serverName";
    public static final String initparam_casRenew = "edu.yale.its.tp.cas.client.filter.renew";
    public static final String initparam_casAuthorizedProxy = "edu.yale.its.tp.cas.client.filter.authorizedProxy";
    public static final String initparam_casServiceUrl = "edu.yale.its.tp.cas.client.filter.serviceUrl";
    public static final String initparam_wrapRequest = "edu.yale.its.tp.cas.client.filter.wrapRequest";
    private static String casLogin;
    private static String casLogout;
    private static String casValidate;
    private static String casAdminUrl;
    private String casServerLoginURI;
    private String casAuthorizedProxy;
    private String casServiceUrl;
    private String casRenew;
    private String casServerName;
    private boolean wrapRequest;

    public static String getCasAdminUrl() {
        return casAdminUrl;
    }

    public static String getCasLogin() {
        return casLogin;
    }

    public static String getCasLogout() {
        return casLogout;
    }

    public static String getCasValidate() {
        return casValidate;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter;
        String initParameter2 = filterConfig.getInitParameter(initparam_xlFormerLoginURI_S);
        String initParameter3 = filterConfig.getInitParameter(initparam_xlCasURL_S);
        String initParameter4 = filterConfig.getInitParameter(initparam_xlServerName_S);
        if (initParameter2 == null) {
            initParameter2 = filterConfig.getInitParameter(initparam_xlFormerLoginURI);
        }
        if (initParameter3 == null) {
            initParameter3 = filterConfig.getInitParameter(initparam_xlCasURL);
        }
        if (initParameter4 == null) {
            initParameter4 = filterConfig.getInitParameter(initparam_xlServerName);
        }
        if (initParameter2 == null || initParameter3 == null || initParameter4 == null) {
            this.casServerLoginURI = filterConfig.getInitParameter(initparam_casServerLoginURI);
            if (casLogin == null) {
                casLogin = filterConfig.getInitParameter(initparam_casLogin);
            }
            if (casLogout == null) {
                casLogout = filterConfig.getInitParameter(initparam_casLogout);
            }
            if (casValidate == null) {
                casValidate = filterConfig.getInitParameter(initparam_casValidate);
            }
            this.casServerName = filterConfig.getInitParameter(initparam_casServerName);
        } else {
            this.casServerName = initParameter4;
            this.casServerLoginURI = initParameter2;
            if (!initParameter3.endsWith("/")) {
                initParameter3 = String.valueOf(initParameter3) + "/";
            }
            if (casAdminUrl == null && (initParameter = filterConfig.getInitParameter(initparam_xlCasAdminURL_S)) != null) {
                casAdminUrl = initParameter;
            }
            if (casLogin == null) {
                casLogin = String.valueOf(initParameter3) + "login";
            }
            if (casLogout == null) {
                casLogout = String.valueOf(initParameter3) + "logout";
            }
            if (casValidate == null) {
                casValidate = String.valueOf(initParameter3) + "serviceValidate";
            }
        }
        this.casRenew = filterConfig.getInitParameter(initparam_casRenew);
        this.casAuthorizedProxy = filterConfig.getInitParameter(initparam_casAuthorizedProxy);
        this.casServiceUrl = filterConfig.getInitParameter(initparam_casServiceUrl);
        this.wrapRequest = Boolean.valueOf(filterConfig.getInitParameter(initparam_wrapRequest)).booleanValue();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            throw new ServletException("CASFilter protects only HTTP resources");
        }
        if (this.wrapRequest) {
            servletRequest = new CASFilterRequestWrapper((HttpServletRequest) servletRequest);
        }
        HttpSession session = ((HttpServletRequest) servletRequest).getSession();
        if (session != null && session.getAttribute("edu.yale.its.tp.cas.client.filter.user") != null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String parameter = servletRequest.getParameter("ticket");
        if (casLogout == null) {
            throw new ServletException("需要在web.xml中配置以下过滤器参数(init-param): com.xunlei.cas.CasURL 或者 edu.yale.its.tp.cas.client.filter.logoutUrl");
        }
        if (parameter == null || parameter.equals("")) {
            if (casLogin == null) {
                throw new ServletException("当CASFilter主页未接收到'ticket'参数时,需要一个 edu.yale.its.tp.cas.client.filter.loginUrl 过滤器参数(init-param)");
            }
            ((HttpServletResponse) servletResponse).sendRedirect(String.valueOf(casLogin) + "?service=" + getService((HttpServletRequest) servletRequest) + ((this.casRenew == null || this.casRenew.equals("")) ? "" : "&renew=" + this.casRenew) + ((this.casServerLoginURI == null || this.casServerLoginURI.equals("")) ? "" : "&serverlogin=" + getLoginURIService((HttpServletRequest) servletRequest, this.casServerName, this.casServerLoginURI)));
        } else {
            String authenticatedUser = getAuthenticatedUser((HttpServletRequest) servletRequest);
            if (authenticatedUser == null) {
                throw new ServletException("Unexpected CAS authentication error");
            }
            if (session != null) {
                session.setAttribute("edu.yale.its.tp.cas.client.filter.user", authenticatedUser);
            }
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void destroy() {
    }

    private String getAuthenticatedUser(HttpServletRequest httpServletRequest) throws ServletException {
        ServiceTicketValidator serviceTicketValidator = null;
        try {
            ProxyTicketValidator proxyTicketValidator = new ProxyTicketValidator();
            proxyTicketValidator.setCasValidateUrl(casValidate);
            proxyTicketValidator.setServiceTicket(httpServletRequest.getParameter("ticket"));
            proxyTicketValidator.setService(getService(httpServletRequest));
            proxyTicketValidator.setRenew(Boolean.valueOf(this.casRenew).booleanValue());
            proxyTicketValidator.validate();
            if (!proxyTicketValidator.isAuthenticationSuccesful()) {
                throw new ServletException("CAS authentication error: " + proxyTicketValidator.getErrorCode() + ": " + proxyTicketValidator.getErrorMessage());
            }
            if (proxyTicketValidator.getProxyList().size() != 0) {
                if (this.casAuthorizedProxy == null) {
                    throw new ServletException("this page does not accept proxied tickets");
                }
                boolean z = false;
                String str = (String) proxyTicketValidator.getProxyList().get(0);
                StringTokenizer stringTokenizer = new StringTokenizer(this.casAuthorizedProxy);
                while (true) {
                    if (!stringTokenizer.hasMoreTokens()) {
                        break;
                    }
                    if (str.equals(stringTokenizer.nextToken())) {
                        z = true;
                        break;
                    }
                }
                if (!z) {
                    throw new ServletException("unauthorized top-level proxy: '" + proxyTicketValidator.getProxyList().get(0) + "'");
                }
            }
            return proxyTicketValidator.getUser();
        } catch (IOException e) {
            throw new ServletException(e);
        } catch (ParserConfigurationException e2) {
            throw new ServletException(e2);
        } catch (SAXException e3) {
            throw new ServletException(e3 + " " + (0 != 0 ? serviceTicketValidator.getResponse() : ""));
        }
    }

    private String getService(HttpServletRequest httpServletRequest) throws ServletException {
        if (this.casServerName == null && this.casServiceUrl == null) {
            throw new ServletException("需要在web.xml中配置以下参数(init-param): com.xunlei.cas.CasURL 或者 edu.yale.its.tp.cas.client.filter.serviceUrl 或者 edu.yale.its.tp.cas.client.filter.serverName");
        }
        return this.casServiceUrl != null ? URLEncoder.encode(this.casServiceUrl) : Util.getService(httpServletRequest, this.casServerName);
    }

    public static String getLoginURIService(HttpServletRequest httpServletRequest, String str, String str2) throws ServletException {
        if (str2 == null) {
            throw new IllegalArgumentException("loginURI of server is required");
        }
        if (str == null) {
            throw new IllegalArgumentException("name of server is required");
        }
        StringBuffer stringBuffer = new StringBuffer();
        if (httpServletRequest.isSecure()) {
            stringBuffer.append("https://");
        } else {
            stringBuffer.append("http://");
        }
        stringBuffer.append(str);
        stringBuffer.append(httpServletRequest.getContextPath());
        if (str2.indexOf("/") != 0) {
            stringBuffer.append("/");
        }
        stringBuffer.append(str2);
        return URLEncoder.encode(stringBuffer.toString());
    }
}
