package org.kathrynhuxtable.middleware.shibshim.filter;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.Date;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.kathrynhuxtable.middleware.shibshim.util.AESCrypt;
import org.kathrynhuxtable.middleware.shibshim.util.AESCryptException;
import org.kathrynhuxtable.middleware.shibshim.util.Base64;
import org.kathrynhuxtable.middleware.shibshim.util.RSASignature;
import org.kathrynhuxtable.middleware.shibshim.util.RSASignatureException;

/* loaded from: input_file:org/kathrynhuxtable/middleware/shibshim/filter/FilterHandler.class */
public class FilterHandler {
    private static Logger log;
    private static final int DEFAULT_SSL_PORT = 443;
    private HttpServletRequest request;
    private HttpServletResponse response;
    private FilterChain chain;
    private ShibShimFilter filter;
    private HttpSession session;
    private UserAttributesImpl attributes;
    static Class class$org$kathrynhuxtable$middleware$shibshim$filter$FilterHandler;

    public FilterHandler(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain, ShibShimFilter shibShimFilter) throws ImmediateReturnException {
        this.request = null;
        this.response = null;
        this.chain = null;
        this.filter = null;
        this.session = null;
        this.attributes = null;
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            ErrorPage.displayErrorPage(servletResponse, "The Shibboleth Shim filter only supports HTTP and HTTPS");
        }
        this.request = (HttpServletRequest) servletRequest;
        this.response = (HttpServletResponse) servletResponse;
        log.debug(new StringBuffer().append("ServletPath = \"").append(this.request.getServletPath()).append("\"").toString());
        this.chain = filterChain;
        this.filter = shibShimFilter;
        if (shibShimFilter.getApplication() == null) {
            String serverName = this.request.getServerName();
            shibShimFilter.setApplication(new StringBuffer().append(this.request.getServerPort() != DEFAULT_SSL_PORT ? new StringBuffer().append(serverName).append(":").append(this.request.getServerPort()).toString() : serverName).append(this.request.getContextPath()).toString());
        }
        this.session = this.request.getSession(false);
        if (this.session != null) {
            this.attributes = (UserAttributesImpl) this.session.getAttribute(shibShimFilter.getSessionAttribute());
        }
    }

    public void filterRequest() throws ImmediateReturnException {
        handleLogin();
        handleLogout();
        if (this.session == null) {
            this.session = this.request.getSession(true);
        }
        initializeAttributes(false);
        handleACS();
        this.attributes.put("config-application", this.filter.getApplication());
        long time = new Date().getTime();
        long intConfigHeader = getIntConfigHeader("config-verifytime", 0L);
        log.debug("Do we need to get user info");
        verifyUser(this.attributes.getHeader("handle"), time, intConfigHeader);
        if (!this.attributes.hasAttributes() && this.filter.isSessionRequired()) {
            String stringBuffer = this.request.getRequestURL().toString();
            String queryString = this.request.getQueryString();
            if (queryString != null) {
                stringBuffer = new StringBuffer().append(stringBuffer).append("?").append(queryString).toString();
            }
            redirectToLogin(stringBuffer);
        }
        if (this.attributes.hasAttributes()) {
            this.attributes.put("config-lasttime", Long.toString(getIntConfigHeader("config-currenttime", time)));
            this.attributes.put("config-currenttime", Long.toString(time));
        }
        if (checkForACSPath()) {
            redirectToTarget();
        } else {
            wrapRequest();
        }
    }

    private void redirectToTarget() throws ImmediateReturnException {
        String parameter = this.request.getParameter("target");
        generalShibShimRedirect(parameter == null ? "" : parameter.charAt(0) != '/' ? new StringBuffer().append(this.request.getContextPath()).append("/").append(parameter).toString() : new StringBuffer().append(this.request.getContextPath()).append(parameter).toString());
    }

    private void wrapRequest() throws ImmediateReturnException {
        try {
            this.chain.doFilter(new RequestWrapper(this.request, this.attributes, this.filter.getRemoteUserAttribute()), this.response);
        } catch (IOException e) {
            ErrorPage.displayErrorPage(this.response, new StringBuffer().append("Error protecting application: ").append(e).toString());
        } catch (ServletException e2) {
            ErrorPage.displayErrorPage(this.response, new StringBuffer().append("Error protecting application: ").append(e2).toString());
        }
    }

    private boolean checkForACSPath() {
        return this.request.getServletPath().equals(this.filter.getLocalAcsPath());
    }

    private void handleACS() throws ImmediateReturnException {
        if (checkForACSPath()) {
            this.attributes.clearUserInfo();
            log.debug("Trying to get user info");
            try {
                String extractAndVerifyUserInfo = extractAndVerifyUserInfo();
                this.attributes.parseUserInfo(extractAndVerifyUserInfo);
                this.attributes.put("config-attributes", extractAndVerifyUserInfo);
            } catch (UserInfoException e) {
                ErrorPage.displayErrorPage(this.response, e.getMessage());
            }
            log.debug("Back from getting user info");
        }
    }

    private boolean checkForLoginPath() {
        return this.request.getServletPath().equals(this.filter.getLoginRedirectPath());
    }

    private void handleLogin() throws ImmediateReturnException {
        String application;
        if (checkForLoginPath()) {
            if (this.session == null) {
                this.session = this.request.getSession(true);
            }
            initializeAttributes(true);
            String parameter = this.request.getParameter("target");
            if (parameter == null) {
                application = this.filter.getApplication();
            } else {
                try {
                    application = URLDecoder.decode(parameter, "US-ASCII");
                } catch (IOException e) {
                    log.error(new StringBuffer().append("IOException encountered decoding target: ").append(e).toString());
                    application = this.filter.getApplication();
                }
            }
            String parameter2 = this.request.getParameter("force");
            if (parameter2 == null || !parameter2.equalsIgnoreCase("true")) {
                redirectToLogin(application);
            } else {
                redirectToForceLogin(this.session.getId(), application);
            }
        }
    }

    private boolean checkForLogoutPath() {
        return this.request.getServletPath().equals(this.filter.getLogoutRedirectPath());
    }

    private void handleLogout() throws ImmediateReturnException {
        if (checkForLogoutPath()) {
            if (this.session != null) {
                this.session.invalidate();
            }
            String parameter = this.request.getParameter("target");
            if (parameter != null) {
                try {
                    parameter = URLDecoder.decode(parameter, "US-ASCII");
                } catch (IOException e) {
                    log.error(new StringBuffer().append("IOException encountered decoding target: ").append(e).toString());
                    parameter = "";
                }
            }
            redirectToLogout(parameter);
        }
    }

    private boolean isTimeToVerifyAuthentication(long j, long j2) {
        return false;
    }

    private void verifyUser(String str, long j, long j2) throws ImmediateReturnException {
        if (isTimeToVerifyAuthentication(j, j2)) {
        }
    }

    protected void redirectToLogin(String str) throws ImmediateReturnException {
        String acsUrl = this.filter.getAcsUrl();
        int i = 0;
        if (str.startsWith("https://")) {
            acsUrl = new StringBuffer().append(acsUrl).append("/https/").toString();
            i = "https://".length();
        } else if (str.startsWith("http://")) {
            acsUrl = new StringBuffer().append(acsUrl).append("/http/").toString();
            i = "http://".length();
        }
        int indexOf = str.indexOf(47, i);
        if (indexOf < 0) {
            indexOf = str.length();
        }
        String stringBuffer = new StringBuffer().append(acsUrl).append(str.substring(i, indexOf)).append(this.request.getContextPath()).append(this.filter.getLocalAcsPath()).toString();
        String replaceFirst = str.replaceFirst(new StringBuffer().append("^https?://[^/]+").append(this.request.getContextPath()).toString(), "");
        log.debug("User info is still empty");
        try {
            generalShibShimRedirect(new StringBuffer().append(stringBuffer).append("?target=").append(URLEncoder.encode(replaceFirst, "US-ASCII")).toString());
        } catch (UnsupportedEncodingException e) {
            ErrorPage.displayErrorPage(this.response, "Got error attempting to log in");
        }
    }

    protected void redirectToForceLogin(String str, String str2) throws ImmediateReturnException {
        try {
            generalShibShimRedirect(new StringBuffer().append(this.filter.getAcsUrl()).append("?").append("return=").append(URLEncoder.encode(str2, "US-ASCII")).toString());
        } catch (UnsupportedEncodingException e) {
            ErrorPage.displayErrorPage(this.response, "Got error attempting to log in");
        }
    }

    protected void redirectToLogout(String str) throws ImmediateReturnException {
        try {
            String acsUrl = this.filter.getAcsUrl();
            if (str != null) {
                acsUrl = new StringBuffer().append(acsUrl).append("?return=").append(URLEncoder.encode(str, "US-ASCII")).toString();
            }
            generalShibShimRedirect(acsUrl);
        } catch (UnsupportedEncodingException e) {
            ErrorPage.displayErrorPage(this.response, "Got error attempting to log out");
        }
    }

    protected void generalShibShimRedirect(String str) throws ImmediateReturnException {
        try {
            log.debug(new StringBuffer().append("Redirecting to \"").append(str).append("\"").toString());
            this.response.sendRedirect(str);
        } catch (IOException e) {
        }
        throw new ImmediateReturnException();
    }

    protected String extractAndVerifyUserInfo() throws ImmediateReturnException {
        byte[] bArr = null;
        try {
            bArr = AESCrypt.decrypt(Base64.decode(this.request.getParameter("assertion")), this.filter.getShibShimServerCryptKey());
        } catch (AESCryptException e) {
            ErrorPage.displayErrorPage(this.response, new StringBuffer().append("AES decrypt exception: ").append(e).toString());
        }
        boolean z = false;
        try {
            z = RSASignature.verify(bArr, Base64.decode(this.request.getParameter("signature")), this.filter.getShibShimServerCert());
        } catch (RSASignatureException e2) {
            ErrorPage.displayErrorPage(this.response, new StringBuffer().append("RSA signature exception: ").append(e2).toString());
        }
        if (!z) {
            ErrorPage.displayErrorPage(this.response, "The Shibboleth Shim Server signature failed to verify");
        }
        String str = new String(bArr);
        log.debug(new StringBuffer().append("assertion = \"").append(str).append("\"").toString());
        return str;
    }

    private long getIntConfigHeader(String str, long j) throws ImmediateReturnException {
        long j2 = j;
        String str2 = (String) this.attributes.get(str);
        if (str2 != null) {
            try {
                j2 = Long.parseLong(str2);
            } catch (NumberFormatException e) {
                ErrorPage.displayErrorPage(this.response, e.getMessage());
            }
        }
        return j2;
    }

    private void initializeAttributes(boolean z) throws ImmediateReturnException {
        if (this.attributes == null) {
            this.attributes = new UserAttributesImpl(this.filter.getAttributeMap());
            if (this.attributes == null) {
                log.error(new StringBuffer().append("Cannot create ").append(this.filter.getSessionAttribute()).append(" object").toString());
                ErrorPage.displayErrorPage(this.response, "Unable to log in due to a system problem on the application's server");
            }
            this.session.setAttribute(this.filter.getSessionAttribute(), this.attributes);
        }
        if (z) {
            this.attributes.clearUserInfo();
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$kathrynhuxtable$middleware$shibshim$filter$FilterHandler == null) {
            cls = class$("org.kathrynhuxtable.middleware.shibshim.filter.FilterHandler");
            class$org$kathrynhuxtable$middleware$shibshim$filter$FilterHandler = cls;
        } else {
            cls = class$org$kathrynhuxtable$middleware$shibshim$filter$FilterHandler;
        }
        log = Logger.getLogger(cls.getName());
    }
}
