package fi.vm.sade.authentication.cas.httpsessionbased;

import fi.vm.sade.authentication.cas.CasClient;
import java.net.HttpCookie;
import java.net.HttpURLConnection;
import java.util.Iterator;
import java.util.List;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:WEB-INF/lib/generic-common-9.4-SNAPSHOT.jar:fi/vm/sade/authentication/cas/httpsessionbased/SessionBasedCxfAuthInterceptor.class */
public class SessionBasedCxfAuthInterceptor extends AbstractPhaseInterceptor<Message> {
    private static final Logger log = LoggerFactory.getLogger(SessionBasedCxfAuthInterceptor.class);
    public static final String COOKIE = "Cookie";
    public static final String COOKIE_SEPARATOR = "; ";
    private BlockingAuthCookieCache blockingAuthCookieCache;
    private String serviceUser;
    private String servicePass;

    public SessionBasedCxfAuthInterceptor(BlockingAuthCookieCache blockingAuthCookieCache, String str, String str2) {
        super("post-protocol");
        this.blockingAuthCookieCache = blockingAuthCookieCache;
        this.serviceUser = str;
        this.servicePass = str2;
    }

    public void handleMessage(Message message) throws Fault {
        boolean z = this.serviceUser == null || this.serviceUser.trim().length() == 0;
        String casTargetService = getCasTargetService(getUrl(message));
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        String name = authentication != null ? authentication.getName() : this.serviceUser;
        writeCookiesToMessage(message, z ? this.blockingAuthCookieCache.getAuthenticatedCookiesForProxyAuth(authentication, name, casTargetService) : this.blockingAuthCookieCache.getAuthenticatedCookiesForServiceUser(this.serviceUser, this.servicePass, name, casTargetService));
    }

    private static String getUrl(Message message) {
        return (String) message.get(Message.ENDPOINT_ADDRESS);
    }

    public static void writeCookiesToMessage(Message message, List<String> list) {
        HttpURLConnection httpURLConnection = (HttpURLConnection) message.get("http.connection");
        String requestProperty = httpURLConnection.getRequestProperty("Cookie");
        String cookieString = toCookieString(list);
        httpURLConnection.setRequestProperty("Cookie", cookieString);
        log.info("wrote cookies to message, url: " + getUrl(message) + ", oldCookieHeader: " + requestProperty + ", newCookieHeader: " + cookieString);
    }

    public static String toCookieString(List<String> list) {
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            for (HttpCookie httpCookie : HttpCookie.parse(it.next())) {
                sb.append(sb.length() > 0 ? "; " : "").append(httpCookie.getName()).append("=").append(httpCookie.getValue());
            }
        }
        return sb.toString();
    }

    private static String getCasTargetService(String str) {
        return str.replaceAll("(.*?//.*?/.*?)/.*", "$1") + CasClient.SERVICE_URL_SUFFIX;
    }

    public BlockingAuthCookieCache getBlockingAuthCookieCache() {
        return this.blockingAuthCookieCache;
    }
}
