package edu.yale.its.tp.cas.client.filter;

import com.xunlei.cas.XLCasFilter;
import edu.yale.its.tp.cas.client.ProxyTicketValidator;
import edu.yale.its.tp.cas.client.ServiceTicketValidator;
import edu.yale.its.tp.cas.client.Util;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.StringTokenizer;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.xml.parsers.ParserConfigurationException;
import org.xml.sax.SAXException;

/* loaded from: input_file:edu/yale/its/tp/cas/client/filter/CASFilter.class */
public class CASFilter implements Filter {
    public static final String CAS_FILTER_USER = "edu.yale.its.tp.cas.client.filter.user";
    private String casLogin;
    private String casValidate;
    private String casAuthorizedProxy;
    private String casServiceUrl;
    private String casRenew;
    private String casServerName;
    private boolean wrapRequest;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.casLogin = filterConfig.getInitParameter(XLCasFilter.initparam_casLogin);
        this.casValidate = filterConfig.getInitParameter(XLCasFilter.initparam_casValidate);
        this.casServiceUrl = filterConfig.getInitParameter(XLCasFilter.initparam_casServiceUrl);
        this.casAuthorizedProxy = filterConfig.getInitParameter(XLCasFilter.initparam_casAuthorizedProxy);
        this.casRenew = filterConfig.getInitParameter(XLCasFilter.initparam_casRenew);
        this.casServerName = filterConfig.getInitParameter(XLCasFilter.initparam_casServerName);
        this.wrapRequest = Boolean.valueOf(filterConfig.getInitParameter(XLCasFilter.initparam_wrapRequest)).booleanValue();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            throw new ServletException("CASFilter protects only HTTP resources");
        }
        if (this.wrapRequest) {
            servletRequest = new CASFilterRequestWrapper((HttpServletRequest) servletRequest);
        }
        HttpSession session = ((HttpServletRequest) servletRequest).getSession();
        if (session != null && session.getAttribute("edu.yale.its.tp.cas.client.filter.user") != null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String parameter = servletRequest.getParameter("ticket");
        if (parameter == null || parameter.equals("")) {
            if (this.casLogin == null) {
                throw new ServletException("When CASFilter protects pages that do not receive a 'ticket' parameter, it needs a edu.yale.its.tp.cas.client.filter.loginUrl filter parameter");
            }
            ((HttpServletResponse) servletResponse).sendRedirect(new StringBuffer().append(this.casLogin).append("?service=").append(getService((HttpServletRequest) servletRequest)).append((this.casRenew == null || this.casRenew.equals("")) ? "" : new StringBuffer("&renew=").append(this.casRenew).toString()).toString());
        } else {
            String authenticatedUser = getAuthenticatedUser((HttpServletRequest) servletRequest);
            if (authenticatedUser == null) {
                throw new ServletException("Unexpected CAS authentication error");
            }
            if (session != null) {
                session.setAttribute("edu.yale.its.tp.cas.client.filter.user", authenticatedUser);
            }
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void destroy() {
    }

    private String getAuthenticatedUser(HttpServletRequest httpServletRequest) throws ServletException {
        ServiceTicketValidator serviceTicketValidator = null;
        try {
            ProxyTicketValidator proxyTicketValidator = new ProxyTicketValidator();
            proxyTicketValidator.setCasValidateUrl(this.casValidate);
            proxyTicketValidator.setServiceTicket(httpServletRequest.getParameter("ticket"));
            proxyTicketValidator.setService(getService(httpServletRequest));
            proxyTicketValidator.setRenew(Boolean.valueOf(this.casRenew).booleanValue());
            proxyTicketValidator.validate();
            if (!proxyTicketValidator.isAuthenticationSuccesful()) {
                throw new ServletException(new StringBuffer("CAS authentication error: ").append(proxyTicketValidator.getErrorCode()).append(": ").append(proxyTicketValidator.getErrorMessage()).toString());
            }
            if (proxyTicketValidator.getProxyList().size() != 0) {
                if (this.casAuthorizedProxy == null) {
                    throw new ServletException("this page does not accept proxied tickets");
                }
                boolean z = false;
                String str = (String) proxyTicketValidator.getProxyList().get(0);
                StringTokenizer stringTokenizer = new StringTokenizer(this.casAuthorizedProxy);
                while (true) {
                    if (!stringTokenizer.hasMoreTokens()) {
                        break;
                    }
                    if (str.equals(stringTokenizer.nextToken())) {
                        z = true;
                        break;
                    }
                }
                if (!z) {
                    throw new ServletException(new StringBuffer("unauthorized top-level proxy: '").append(proxyTicketValidator.getProxyList().get(0)).append("'").toString());
                }
            }
            return proxyTicketValidator.getUser();
        } catch (IOException e) {
            throw new ServletException(e);
        } catch (ParserConfigurationException e2) {
            throw new ServletException(e2);
        } catch (SAXException e3) {
            throw new ServletException(new StringBuffer().append(e3).append(" ").append(0 != 0 ? serviceTicketValidator.getResponse() : "").toString());
        }
    }

    private String getService(HttpServletRequest httpServletRequest) throws ServletException {
        if (this.casServerName == null && this.casServiceUrl == null) {
            throw new ServletException("need one of the following configuration parameters: edu.yale.its.tp.cas.client.filter.serviceUrl or edu.yale.its.tp.cas.client.filter.serverName");
        }
        return this.casServiceUrl != null ? URLEncoder.encode(this.casServiceUrl) : Util.getService(httpServletRequest, this.casServerName);
    }
}
