package fi.vm.sade.authentication.cas;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.http.Header;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.ParseException;
import org.apache.http.ProtocolException;
import org.apache.http.client.RedirectStrategy;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.client.EntityEnclosingRequestWrapper;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.protocol.HttpContext;
import org.apache.http.util.EntityUtils;
import org.apache.log4j.spi.LocationInfo;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.cas.ServiceProperties;

@Deprecated
/* loaded from: input_file:WEB-INF/lib/generic-common-9.4-SNAPSHOT.jar:fi/vm/sade/authentication/cas/CasRedirectStrategy.class */
public class CasRedirectStrategy implements RedirectStrategy {
    private static final Logger log = LoggerFactory.getLogger(CasRedirectStrategy.class);
    public static final String CAS_TICKET_URL = "/cas/v1/tickets";
    public static final String CAS_PROXYTICKET_URL = "/cas/proxy";
    public static final String ATTRIBUTE_CACHE = "cache";
    public static final String ATTRIBUTE_PRINCIPAL = "principal";
    public static final String ATTRIBUTE_LOGIN = "login";
    public static final String ATTRIBUTE_PASSWORD = "password";
    public static final String ATTRIBUTE_CAS_TGT = "casTgt";
    public static final String ATTRIBUTE_ORIGINAL_REQUEST = "originalRequest";
    public static final String ATTRIBUTE_ORIGINAL_REQUEST_PARAMS = "originalRequestParams";
    public static final String ATTRIBUTE_SERVICE_URL = "serviceUrl";
    public static final String ATTRIBUTE_CAS_REQUEST_STATE = "casRequestState";
    public static final String ATTRIBUTE_CAS_SERVICE_TICKET = "casServicetTicket";
    public static final String ATTRIBUTE_CAS_AUTHENTICATE_ONLY = "authenticateOnly";
    public static final String CAS_REQUEST_STATE_PREAUTH = "PRE";
    public static final String CAS_REQUEST_STATE_TGT = "TGT";
    public static final String CAS_REQUEST_STATE_ST = "ST";
    public static final String CAS_REQUEST_STATE_SESSION = "SESSION";

    @Override // org.apache.http.client.RedirectStrategy
    public HttpUriRequest getRedirect(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws ProtocolException {
        String str;
        String str2 = null;
        Header firstHeader = httpResponse.getFirstHeader("Location");
        if (firstHeader != null) {
            str2 = firstHeader.getValue();
        }
        log.debug("Redirect location is: " + str2);
        String str3 = "";
        URL url = null;
        if (str2 != null) {
            try {
                url = new URL(str2);
                str3 = url.getPath();
            } catch (UnsupportedEncodingException e) {
                log.warn("Failed to process redirect as CAS redirect. Stopping redirect.", (Throwable) e);
                return null;
            } catch (MalformedURLException e2) {
                log.warn("Failed to process redirect as CAS redirect. Stopping redirect.", (Throwable) e2);
                return null;
            }
        }
        if (!str3.startsWith("/cas/login") && !CAS_REQUEST_STATE_PREAUTH.equals(httpContext.getAttribute(ATTRIBUTE_CAS_REQUEST_STATE))) {
            return str3.startsWith(CAS_TICKET_URL) ? createSTRequest(httpRequest, httpResponse, httpContext, str2) : httpContext.getAttribute(ATTRIBUTE_CAS_SERVICE_TICKET) != null ? createSessionRequest(httpRequest, httpResponse, httpContext) : CAS_REQUEST_STATE_SESSION.equals(httpContext.getAttribute(ATTRIBUTE_CAS_REQUEST_STATE)) ? createOriginalRequest(httpRequest, httpResponse, httpContext) : new HttpGet(str2);
        }
        if (str2 != null) {
            str = resolveService(str2);
            if (str != null) {
                CasFriendlyHttpClient.setTargetServiceUrl(httpContext, str);
            }
        } else {
            str = (String) httpContext.getAttribute(ATTRIBUTE_SERVICE_URL);
        }
        String str4 = (String) httpContext.getAttribute(ATTRIBUTE_CAS_TGT);
        if (str4 != null) {
            log.debug("Using TGT from HttpContext: " + str4);
            return createSTRequest(httpRequest, httpResponse, httpContext, resolveCasTicketUrl(url) + "/" + str4);
        }
        String resolveProxyGrantingTicket = resolveProxyGrantingTicket(httpContext, str);
        if (resolveProxyGrantingTicket != null) {
            log.debug("Found proxy granting ticket: " + resolveProxyGrantingTicket);
        } else {
            log.debug("Not able to get proxy ticket (principal)");
        }
        if (resolveProxyGrantingTicket == null) {
            return createTGTRequest(httpRequest, httpResponse, httpContext, url, (String) httpContext.getAttribute(ATTRIBUTE_LOGIN), (String) httpContext.getAttribute(ATTRIBUTE_PASSWORD));
        }
        httpContext.setAttribute(ATTRIBUTE_CAS_SERVICE_TICKET, resolveProxyGrantingTicket);
        return createSessionRequest(httpRequest, httpResponse, httpContext);
    }

    @Override // org.apache.http.client.RedirectStrategy
    public boolean isRedirected(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws ProtocolException {
        Boolean bool = (Boolean) httpContext.getAttribute(ATTRIBUTE_CAS_AUTHENTICATE_ONLY);
        if (bool == null) {
            bool = false;
        }
        if (CAS_REQUEST_STATE_ST.equals(httpContext.getAttribute(ATTRIBUTE_CAS_REQUEST_STATE)) && httpResponse.getStatusLine().getStatusCode() == 200) {
            try {
                String entityUtils = EntityUtils.toString(httpResponse.getEntity());
                log.debug("Service ticket is: " + entityUtils);
                httpContext.removeAttribute(ATTRIBUTE_CAS_REQUEST_STATE);
                httpContext.setAttribute(ATTRIBUTE_CAS_SERVICE_TICKET, entityUtils);
                return true;
            } catch (IOException e) {
                e.printStackTrace();
                log.warn("CAS redirecting strategy confused. Cancelling further redirects.");
                return false;
            } catch (ParseException e2) {
                e2.printStackTrace();
                log.warn("CAS redirecting strategy confused. Cancelling further redirects.");
                return false;
            }
        }
        if (!bool.booleanValue() && CAS_REQUEST_STATE_SESSION.equals(httpContext.getAttribute(ATTRIBUTE_CAS_REQUEST_STATE)) && httpResponse.getStatusLine().getStatusCode() == 200) {
            return true;
        }
        if (bool.booleanValue() && httpContext.getAttribute(ATTRIBUTE_CAS_REQUEST_STATE) == null && httpResponse.getStatusLine().getStatusCode() == 401) {
            httpContext.setAttribute(ATTRIBUTE_CAS_REQUEST_STATE, CAS_REQUEST_STATE_PREAUTH);
            return true;
        }
        if (CAS_REQUEST_STATE_TGT.equals(httpContext.getAttribute(ATTRIBUTE_CAS_REQUEST_STATE)) && httpResponse.getStatusLine().getStatusCode() == 201) {
            return true;
        }
        return (httpResponse.getFirstHeader("Location") == null || bool.booleanValue()) ? false : true;
    }

    public static HttpUriRequest createTGTRequest(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext, URL url, String str, String str2) throws UnsupportedEncodingException, MalformedURLException {
        String str3 = (String) httpContext.getAttribute(ATTRIBUTE_SERVICE_URL);
        HttpPost httpPost = new HttpPost(url != null ? resolveCasTicketUrl(url) : resolveCasTicketUrl(new URL(str3)));
        httpContext.setAttribute(ATTRIBUTE_CAS_REQUEST_STATE, CAS_REQUEST_STATE_TGT);
        log.debug("CAS state set to: " + httpContext.getAttribute(ATTRIBUTE_CAS_REQUEST_STATE));
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair(ServiceProperties.DEFAULT_CAS_SERVICE_PARAMETER, str3));
        arrayList.add(new BasicNameValuePair("username", str));
        arrayList.add(new BasicNameValuePair(ATTRIBUTE_PASSWORD, str2));
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
        log.debug("Authenticating to: " + str3 + " using login: " + str);
        return httpPost;
    }

    public static HttpUriRequest createSTRequestWithPGT(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext, URL url, String str) throws UnsupportedEncodingException {
        String str2 = (String) httpContext.getAttribute(ATTRIBUTE_SERVICE_URL);
        HttpPost httpPost = new HttpPost(url.getProtocol() + "://" + url.getHost() + (url.getPort() > 0 ? ":" + url.getPort() : "") + CAS_PROXYTICKET_URL);
        httpContext.setAttribute(ATTRIBUTE_CAS_REQUEST_STATE, CAS_REQUEST_STATE_ST);
        log.debug("CAS state set to: " + httpContext.getAttribute(ATTRIBUTE_CAS_REQUEST_STATE));
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("targetService", str2));
        arrayList.add(new BasicNameValuePair("pgt", str));
        httpPost.setEntity(new UrlEncodedFormEntity((List<? extends NameValuePair>) arrayList));
        return httpPost;
    }

    public static HttpUriRequest createSTRequest(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext, String str) throws UnsupportedEncodingException {
        String str2 = (String) httpContext.getAttribute(ATTRIBUTE_SERVICE_URL);
        HttpPost httpPost = new HttpPost(str);
        String substringAfterLast = StringUtils.substringAfterLast(str, "/");
        if (substringAfterLast != null) {
            httpContext.setAttribute(ATTRIBUTE_CAS_TGT, substringAfterLast);
            log.debug("Stored TGT to context: " + substringAfterLast);
        }
        httpContext.setAttribute(ATTRIBUTE_CAS_REQUEST_STATE, CAS_REQUEST_STATE_ST);
        log.debug("CAS state set to: " + httpContext.getAttribute(ATTRIBUTE_CAS_REQUEST_STATE));
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair(ServiceProperties.DEFAULT_CAS_SERVICE_PARAMETER, str2));
        httpPost.setEntity(new UrlEncodedFormEntity((List<? extends NameValuePair>) arrayList));
        return httpPost;
    }

    public static HttpUriRequest createSessionRequest(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) {
        log.debug("Setting CAS state to: SESSION");
        httpContext.setAttribute(ATTRIBUTE_CAS_REQUEST_STATE, CAS_REQUEST_STATE_SESSION);
        String str = (String) httpContext.getAttribute(ATTRIBUTE_SERVICE_URL);
        String str2 = (String) httpContext.getAttribute(ATTRIBUTE_CAS_SERVICE_TICKET);
        httpContext.removeAttribute(ATTRIBUTE_CAS_SERVICE_TICKET);
        return new HttpGet(str.contains(LocationInfo.NA) ? str + "&ticket=" + str2 : str + "?ticket=" + str2);
    }

    public static HttpUriRequest createOriginalRequest(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws UnsupportedEncodingException {
        log.debug("CAS process done. Continuing with the original request.");
        httpContext.removeAttribute(ATTRIBUTE_CAS_REQUEST_STATE);
        HttpRequest httpRequest2 = (HttpRequest) httpContext.getAttribute(ATTRIBUTE_ORIGINAL_REQUEST);
        String resolveUrl = resolveUrl(httpRequest2);
        HttpUriRequest httpUriRequest = null;
        if (httpRequest2.getRequestLine().getMethod().contains("POST")) {
            httpUriRequest = new HttpPost(resolveUrl);
            ((HttpPost) httpUriRequest).setEntity(((EntityEnclosingRequestWrapper) httpRequest2).getEntity());
        } else if (httpRequest2.getRequestLine().getMethod().contains("GET")) {
            httpUriRequest = new HttpGet(resolveUrl);
        } else if (httpRequest2.getRequestLine().getMethod().contains("DELETE")) {
            httpUriRequest = new HttpDelete(resolveUrl);
        } else if (httpRequest2.getRequestLine().getMethod().contains("PUT")) {
            httpUriRequest = new HttpPut(resolveUrl);
            ((HttpPut) httpUriRequest).setEntity(((EntityEnclosingRequestWrapper) httpRequest2).getEntity());
        }
        return httpUriRequest;
    }

    private static String resolveService(String str) throws UnsupportedEncodingException {
        if (!str.contains("service=")) {
            return null;
        }
        String decode = URLDecoder.decode(StringUtils.substringAfter(str, "service="), "UTF-8");
        if (decode.indexOf(";") > 0) {
            decode = StringUtils.substringBeforeLast(decode, ";");
        }
        return decode;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String resolveUrl(HttpRequest httpRequest) {
        return httpRequest.getProtocolVersion().getProtocol().toLowerCase() + "://" + httpRequest.getFirstHeader("Host").getValue() + httpRequest.getRequestLine().getUri();
    }

    private static String resolveProxyGrantingTicket(HttpContext httpContext, String str) {
        AttributePrincipal attributePrincipal = (AttributePrincipal) httpContext.getAttribute(ATTRIBUTE_PRINCIPAL);
        if (attributePrincipal != null) {
            return attributePrincipal.getProxyTicketFor(str);
        }
        return null;
    }

    private static String resolveCasTicketUrl(URL url) {
        return url.getProtocol() + "://" + url.getHost() + (url.getPort() > 0 ? ":" + url.getPort() : "") + CAS_TICKET_URL;
    }
}
