package fi.vm.sade.authentication.cas;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpCookie;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.language.bm.Languages;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.io.CacheAndWriteOutputStream;
import org.apache.cxf.io.CachedOutputStream;
import org.apache.cxf.io.CachedOutputStreamCallback;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.CookieStore;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.cookie.Cookie;
import org.apache.http.protocol.HttpContext;
import org.eclipse.jetty.server.SessionManager;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.cas.authentication.CasAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetails;

@Deprecated
/* loaded from: input_file:WEB-INF/lib/generic-common-9.6-SNAPSHOT.jar:fi/vm/sade/authentication/cas/CasFriendlyCxfInterceptor.class */
public class CasFriendlyCxfInterceptor<T extends Message> extends AbstractPhaseInterceptor<T> {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CasFriendlyCxfInterceptor.class);
    public static final String ORIGINAL_POST_BODY_INPUTSTREAM = CasFriendlyCxfInterceptor.class.getName() + ".postBodyStream";
    public static final String ORIGINAL_POST_BODY_LENGTH = CasFriendlyCxfInterceptor.class.getName() + ".postBodyLength";
    public static final String HEADER_COOKIE = "Cookie";
    public static final String HEADER_COOKIE_SEPARATOR = "; ";

    @Autowired
    CasFriendlyCache sessionCache;

    @Value("${auth.mode:cas}")
    private String authMode;
    private String sessionCookieName;
    private String casSessionCookieName;
    private String callerService;
    private boolean useBasicAuthentication;
    private String appClientUsername;
    private String appClientPassword;
    private long maxWaitTimeMillis;
    private boolean sessionRequired;
    private boolean useBlockingConcurrent;
    private boolean useSessionPerUser;

    public CasFriendlyCxfInterceptor() {
        super(Phase.PRE_PROTOCOL);
        this.sessionCookieName = SessionManager.__DefaultSessionCookie;
        this.casSessionCookieName = "CASTGC";
        this.callerService = Languages.ANY;
        this.useBasicAuthentication = false;
        this.maxWaitTimeMillis = 3000L;
        this.sessionRequired = true;
        this.useBlockingConcurrent = false;
        this.useSessionPerUser = true;
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(Message message) throws Fault {
        if (((Boolean) message.get(Message.INBOUND_MESSAGE)).booleanValue()) {
            handleInbound(message);
        } else {
            handleOutbound(message);
        }
    }

    private void prepareOutMessage(final Message message) throws Fault {
        try {
            CacheAndWriteOutputStream cacheAndWriteOutputStream = new CacheAndWriteOutputStream((OutputStream) message.getContent(OutputStream.class));
            message.setContent(OutputStream.class, cacheAndWriteOutputStream);
            cacheAndWriteOutputStream.registerCallback(new CachedOutputStreamCallback() { // from class: fi.vm.sade.authentication.cas.CasFriendlyCxfInterceptor.1
                @Override // org.apache.cxf.io.CachedOutputStreamCallback
                public void onClose(CachedOutputStream cachedOutputStream) {
                    if (cachedOutputStream != null) {
                        try {
                            message.getExchange().put(CasFriendlyCxfInterceptor.ORIGINAL_POST_BODY_INPUTSTREAM, cachedOutputStream.getInputStream());
                            message.getExchange().put(CasFriendlyCxfInterceptor.ORIGINAL_POST_BODY_LENGTH, Long.valueOf(cachedOutputStream.size()));
                        } catch (Exception e) {
                            e.printStackTrace();
                        }
                    }
                }

                @Override // org.apache.cxf.io.CachedOutputStreamCallback
                public void onFlush(CachedOutputStream cachedOutputStream) {
                }
            });
        } catch (Exception e) {
            throw new Fault(e);
        }
    }

    public void handleOutbound(Message message) throws Fault {
        log.debug("Outbound message intercepted.");
        HttpURLConnection resolveConnection = resolveConnection(message);
        Authentication authentication = getAuthentication();
        try {
            String callerService = getCallerService();
            if (callerService == null || callerService.trim().length() <= 0) {
                log.warn("CallerService is not set. Set callerService property to a distinctive name for this service.");
            }
            String resolveTargetServiceUrl = resolveTargetServiceUrl(message);
            log.debug("Outbound target URL: " + resolveTargetServiceUrl);
            String appClientUsername = getAppClientUsername() != null ? getAppClientUsername() : authentication != null ? authentication.getName() : null;
            if (appClientUsername != null) {
                log.debug("Outbound username: " + appClientUsername);
                String sessionIdFromCache = getSessionIdFromCache(callerService, resolveTargetServiceUrl, appClientUsername);
                log.debug("Outbound sessionId from cache: " + sessionIdFromCache);
                if (sessionIdFromCache == null && isUseBlockingConcurrent()) {
                    log.debug("Outbound uses blocking (useBlockingConcurrent == true).");
                    this.sessionCache.waitOrFlagForRunningRequest(callerService, resolveTargetServiceUrl, appClientUsername, getMaxWaitTimeMillis(), true);
                    sessionIdFromCache = getSessionIdFromCache(callerService, resolveTargetServiceUrl, appClientUsername);
                    log.debug("Outbound sessionId from cache after blocking: " + sessionIdFromCache);
                }
                if (sessionIdFromCache != null) {
                    setSessionCookie(resolveConnection, sessionIdFromCache);
                } else if (isSessionRequired()) {
                    log.debug("Outbound requiring sessionId, doing proactive authentication.");
                    doAuthentication(message, resolveTargetServiceUrl, false);
                    String sessionIdFromCache2 = getSessionIdFromCache(callerService, resolveTargetServiceUrl, appClientUsername);
                    log.debug("Outbound sessionId after authentication process: " + sessionIdFromCache2);
                    if (sessionIdFromCache2 != null) {
                        setSessionCookie(resolveConnection, sessionIdFromCache2);
                    }
                }
            } else {
                log.debug("No outbound username available. Continuing as unauthenticated.");
            }
            prepareOutMessage(message);
        } catch (Exception e) {
            log.error("Unable process outbound message in interceptor.", (Throwable) e);
            throw new Fault(e);
        }
    }

    public void handleInbound(Message message) throws Fault {
        log.debug("Inbound message intercepted.");
        Map map = (Map) message.get(Message.PROTOCOL_HEADERS);
        log.debug("Original response code: " + ((Integer) message.get(Message.RESPONSE_CODE)));
        List list = (List) map.get("Location");
        String str = null;
        if (list != null) {
            str = (String) list.get(0);
        }
        if (str != null) {
            log.debug("Redirect proposed: " + str);
            try {
                if (new URL(str).getPath().startsWith("/cas/login")) {
                    Message outMessage = message.getExchange().getOutMessage();
                    doAuthentication(outMessage, resolveTargetServiceUrl(outMessage), true);
                }
            } catch (Exception e) {
                log.warn("Error while calling for CAS.", (Throwable) e);
            }
        }
    }

    private boolean doCasAuthentication(Message message, String str, String str2, String str3, boolean z) throws Exception {
        String str4 = null;
        HttpUriRequest httpUriRequest = null;
        try {
            CasFriendlyHttpClient casFriendlyHttpClient = new CasFriendlyHttpClient();
            Authentication authentication = getAuthentication();
            HttpContext httpContext = null;
            str4 = str2 != null ? str2 : authentication.getName();
            if (z) {
                this.sessionCache.removeSessionId(getCallerService(), str, str4);
            }
            if (str2 != null && str3 != null) {
                httpContext = casFriendlyHttpClient.createHttpContext(str2, str3, this.sessionCache);
            } else {
                if (authentication == null || !(authentication instanceof CasAuthenticationToken)) {
                    if (0 != 0 && (httpUriRequest instanceof HttpRequestBase)) {
                        ((HttpRequestBase) null).releaseConnection();
                    }
                    releaseRequest(getCallerService(), str, str4);
                    return false;
                }
                AttributePrincipal principal = ((CasAuthenticationToken) authentication).getAssertion().getPrincipal();
                if (principal != null) {
                    httpContext = casFriendlyHttpClient.createHttpContext(principal, this.sessionCache);
                }
            }
            httpUriRequest = CasFriendlyHttpClient.createRequest(message, !z, httpContext);
            CloseableHttpResponse execute = casFriendlyHttpClient.execute(httpUriRequest, httpContext);
            String resolveSessionId = resolveSessionId((CookieStore) httpContext.getAttribute("http.cookie-store"), getSessionCookieName());
            if (resolveSessionId != null) {
                setSessionIdToCache(getCallerService(), str, str4, resolveSessionId);
                log.debug("Session cached: " + this.sessionCache.getSessionId(getCallerService(), str, str4));
            }
            if (!z || execute == null) {
                if (httpUriRequest != null && (httpUriRequest instanceof HttpRequestBase)) {
                    ((HttpRequestBase) httpUriRequest).releaseConnection();
                }
                releaseRequest(getCallerService(), str, str4);
                return false;
            }
            fillMessage(message, execute);
            if (httpUriRequest != null && (httpUriRequest instanceof HttpRequestBase)) {
                ((HttpRequestBase) httpUriRequest).releaseConnection();
            }
            releaseRequest(getCallerService(), str, str4);
            return true;
        } catch (Throwable th) {
            if (httpUriRequest != null && (httpUriRequest instanceof HttpRequestBase)) {
                ((HttpRequestBase) httpUriRequest).releaseConnection();
            }
            releaseRequest(getCallerService(), str, str4);
            throw th;
        }
    }

    private boolean doAuthentication(Message message, String str, boolean z) throws Exception {
        return isDevMode() ? doDevAuthentication(message, str, getAppClientUsername(), getAppClientPassword(), z) : doCasAuthentication(message, str, getAppClientUsername(), getAppClientPassword(), z);
    }

    private boolean doDevAuthentication(Message message, String str, String str2, String str3, boolean z) throws Exception {
        try {
            Authentication authentication = getAuthentication();
            if (str2 == null && str3 == null && (authentication instanceof UsernamePasswordAuthenticationToken)) {
                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = (UsernamePasswordAuthenticationToken) authentication;
                str2 = usernamePasswordAuthenticationToken.getName();
                str3 = usernamePasswordAuthenticationToken.getCredentials().toString();
            }
            if (z || !isUseBasicAuthentication()) {
                boolean doCasAuthentication = doCasAuthentication(message, str, str2, str3, z);
                releaseRequest(getCallerService(), str, str2);
                return doCasAuthentication;
            }
            HttpURLConnection httpURLConnection = (HttpURLConnection) message.get("http.connection");
            if (httpURLConnection != null && str2 != null && str3 != null) {
                httpURLConnection.setRequestProperty("Authorization", "Basic " + getBasicAuthenticationEncoding(str2, str3));
            }
            return false;
        } finally {
            releaseRequest(getCallerService(), str, str2);
        }
    }

    private String getBasicAuthenticationEncoding(String str, String str2) {
        return new String(Base64.encodeBase64((str + ":" + str2).getBytes()));
    }

    private static void fillMessage(Message message, HttpResponse httpResponse) throws IllegalStateException, IOException {
        Message inMessage = message.getExchange().getInMessage();
        if (inMessage != null) {
            if (httpResponse.getEntity() != null) {
                InputStream content = httpResponse.getEntity().getContent();
                CachedOutputStream cachedOutputStream = new CachedOutputStream();
                IOUtils.copy(content, cachedOutputStream);
                cachedOutputStream.flush();
                cachedOutputStream.close();
                inMessage.setContent(InputStream.class, cachedOutputStream.getInputStream());
            }
            inMessage.put(Message.RESPONSE_CODE, new Integer(httpResponse.getStatusLine().getStatusCode()));
            Header[] allHeaders = httpResponse.getAllHeaders();
            Map map = (Map) inMessage.get(Message.PROTOCOL_HEADERS);
            for (Header header : allHeaders) {
                map.put(header.getName(), Arrays.asList(header.getValue()));
            }
        }
        message.getExchange().put(Message.RESPONSE_CODE, new Integer(httpResponse.getStatusLine().getStatusCode()));
    }

    protected void setSessionIdToCache(String str, String str2, String str3, String str4) {
        String str5 = str3;
        if (!isUseSessionPerUser()) {
            str5 = getClientSessionId();
        }
        this.sessionCache.setSessionId(str, str2, str5, str4);
    }

    protected String getSessionIdFromCache(String str, String str2, String str3) {
        String str4 = str3;
        if (!isUseSessionPerUser()) {
            str4 = getClientSessionId();
        }
        return this.sessionCache.getSessionId(str, str2, str4);
    }

    protected void releaseRequest(String str, String str2, String str3) {
        String str4 = str3;
        if (!isUseSessionPerUser()) {
            str4 = getClientSessionId();
        }
        if (str2 == null || str4 == null) {
            return;
        }
        this.sessionCache.releaseRequest(str, str2, str4);
    }

    private String resolveSessionId(CookieStore cookieStore, String str) {
        for (Cookie cookie : cookieStore.getCookies()) {
            if (cookie.getName().equals(str)) {
                return cookie.getValue();
            }
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.cxf.phase.AbstractPhaseInterceptor, org.apache.cxf.interceptor.Interceptor
    public void handleFault(Message message) {
        log.debug("Handle fault: " + message);
        try {
            String resolveTargetServiceUrl = resolveTargetServiceUrl(message);
            Authentication authentication = getAuthentication();
            releaseRequest(getCallerService(), resolveTargetServiceUrl, authentication != null ? authentication.getName() : getAppClientUsername());
        } catch (Exception e) {
            log.warn("Unable to release request in handleFault.", (Throwable) e);
        }
        super.handleFault(message);
    }

    protected Authentication getAuthentication() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || !authentication.isAuthenticated()) {
            return null;
        }
        return authentication;
    }

    private static HttpURLConnection resolveConnection(Message message) {
        return (HttpURLConnection) message.getExchange().getOutMessage().get("http.connection");
    }

    private String resolveTargetServiceUrl(Message message) throws MalformedURLException {
        String str = (String) message.get(Message.ENDPOINT_ADDRESS);
        if (str == null) {
            str = (String) message.getExchange().getOutMessage().get(Message.ENDPOINT_ADDRESS);
        }
        return CasFriendlyHttpClient.resolveTargetServiceUrl(str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void setSessionCookie(HttpURLConnection httpURLConnection, String str) {
        String requestProperty = httpURLConnection.getRequestProperty("Cookie");
        List parse = requestProperty != null ? HttpCookie.parse(requestProperty) : new ArrayList();
        Iterator it = parse.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            HttpCookie httpCookie = (HttpCookie) it.next();
            if (getSessionCookieName().equals(httpCookie.getName())) {
                parse.remove(httpCookie);
                break;
            }
        }
        parse.add(new HttpCookie(getSessionCookieName(), str));
        String cookieString = toCookieString(parse);
        log.debug("Injecting cached session id: " + str);
        httpURLConnection.setRequestProperty("Cookie", cookieString);
    }

    private static String toCookieString(List<HttpCookie> list) {
        StringBuilder sb = new StringBuilder();
        for (HttpCookie httpCookie : list) {
            sb.append(sb.length() > 0 ? HEADER_COOKIE_SEPARATOR : "").append(httpCookie.getName()).append("=").append(httpCookie.getValue());
        }
        return sb.toString();
    }

    public boolean isDevMode() {
        return "dev".equalsIgnoreCase(this.authMode);
    }

    private String getClientSessionId() {
        try {
            return ((WebAuthenticationDetails) SecurityContextHolder.getContext().getAuthentication().getDetails()).getSessionId();
        } catch (Exception e) {
            log.error("Unable to get session ID for caching and 'useSessionPerUser' is true.", (Throwable) e);
            return null;
        }
    }

    public String getCallerService() {
        return this.callerService;
    }

    public void setCallerService(String str) {
        this.callerService = str;
    }

    public String getSessionCookieName() {
        return this.sessionCookieName;
    }

    public void setSessionCookieName(String str) {
        this.sessionCookieName = str;
    }

    public CasFriendlyCache getCache() {
        return this.sessionCache;
    }

    public void setCache(CasFriendlyCache casFriendlyCache) {
        this.sessionCache = casFriendlyCache;
    }

    public long getMaxWaitTimeMillis() {
        return this.maxWaitTimeMillis;
    }

    public void setMaxWaitTimeMillis(long j) {
        this.maxWaitTimeMillis = j;
    }

    public boolean isSessionRequired() {
        return this.sessionRequired;
    }

    public void setSessionRequired(boolean z) {
        this.sessionRequired = z;
    }

    public String getAppClientUsername() {
        return this.appClientUsername;
    }

    public void setAppClientUsername(String str) {
        if (str == null || str.length() <= 0) {
            this.appClientUsername = null;
        } else {
            this.appClientUsername = str;
        }
    }

    public String getAppClientPassword() {
        return this.appClientPassword;
    }

    public void setAppClientPassword(String str) {
        if (str == null || str.length() <= 0) {
            this.appClientPassword = null;
        } else {
            this.appClientPassword = str;
        }
    }

    public boolean isUseBasicAuthentication() {
        return this.useBasicAuthentication;
    }

    public void setUseBasicAuthentication(boolean z) {
        this.useBasicAuthentication = z;
    }

    public boolean isUseBlockingConcurrent() {
        return this.useBlockingConcurrent;
    }

    public void setUseBlockingConcurrent(boolean z) {
        this.useBlockingConcurrent = z;
    }

    public String getCasSessionCookieName() {
        return this.casSessionCookieName;
    }

    public void setCasSessionCookieName(String str) {
        this.casSessionCookieName = str;
    }

    public boolean isUseSessionPerUser() {
        return this.useSessionPerUser;
    }

    public void setUseSessionPerUser(boolean z) {
        this.useSessionPerUser = z;
    }

    public String getAuthMode() {
        return this.authMode;
    }

    public void setAuthMode(String str) {
        this.authMode = str;
    }
}
