package com.liferay.portal.security.sso.cas.internal.servlet.filter;

import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.module.configuration.ConfigurationProvider;
import com.liferay.portal.kernel.servlet.BaseFilter;
import com.liferay.portal.kernel.settings.CompanyServiceSettingsLocator;
import com.liferay.portal.kernel.util.HashMapBuilder;
import com.liferay.portal.kernel.util.Http;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.Portal;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.security.sso.cas.configuration.CASConfiguration;
import com.liferay.portal.security.sso.cas.internal.constants.CASWebKeys;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
import org.jasig.cas.client.validation.TicketValidator;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(configurationPid = {"com.liferay.portal.security.sso.cas.configuration.CASConfiguration"}, immediate = true, property = {"before-filter=Auto Login Filter", "dispatcher=FORWARD", "dispatcher=REQUEST", "servlet-context-name=", "servlet-filter-name=SSO CAS Filter", "url-pattern=/c/portal/login", "url-pattern=/c/portal/logout"}, service = {Filter.class})
/* loaded from: input_file:com/liferay/portal/security/sso/cas/internal/servlet/filter/CASFilter.class */
public class CASFilter extends BaseFilter {
    private static final Log _log = LogFactoryUtil.getLog(CASFilter.class);
    private static final Map<Long, TicketValidator> _ticketValidators = new ConcurrentHashMap();
    private ConfigurationProvider _configurationProvider;

    @Reference
    private Http _http;

    @Reference
    private Portal _portal;

    public static void reload(long j) {
        _ticketValidators.remove(Long.valueOf(j));
    }

    public boolean isFilterEnabled(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            return ((CASConfiguration) this._configurationProvider.getConfiguration(CASConfiguration.class, new CompanyServiceSettingsLocator(this._portal.getCompanyId(httpServletRequest), "com.liferay.portal.security.sso.cas"))).enabled();
        } catch (Exception e) {
            _log.error(e, e);
            return false;
        }
    }

    protected Log getLog() {
        return _log;
    }

    protected TicketValidator getTicketValidator(long j) throws Exception {
        TicketValidator ticketValidator = _ticketValidators.get(Long.valueOf(j));
        if (ticketValidator != null) {
            return ticketValidator;
        }
        CASConfiguration cASConfiguration = (CASConfiguration) this._configurationProvider.getConfiguration(CASConfiguration.class, new CompanyServiceSettingsLocator(j, "com.liferay.portal.security.sso.cas"));
        String serverName = cASConfiguration.serverName();
        String serverURL = cASConfiguration.serverURL();
        String loginURL = cASConfiguration.loginURL();
        Cas20ProxyTicketValidator cas20ProxyTicketValidator = new Cas20ProxyTicketValidator(serverURL);
        cas20ProxyTicketValidator.setCustomParameters(HashMapBuilder.put("casServerLoginUrl", loginURL).put("casServerUrlPrefix", serverURL).put("redirectAfterValidation", "false").put("serverName", serverName).build());
        _ticketValidators.put(Long.valueOf(j), cas20ProxyTicketValidator);
        return cas20ProxyTicketValidator;
    }

    protected void processFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws Exception {
        HttpSession session = httpServletRequest.getSession();
        long companyId = this._portal.getCompanyId(httpServletRequest);
        CASConfiguration cASConfiguration = (CASConfiguration) this._configurationProvider.getConfiguration(CASConfiguration.class, new CompanyServiceSettingsLocator(companyId, "com.liferay.portal.security.sso.cas"));
        if (session.getAttribute(CASWebKeys.CAS_FORCE_LOGOUT) != null) {
            session.removeAttribute(CASWebKeys.CAS_FORCE_LOGOUT);
            httpServletResponse.sendRedirect(cASConfiguration.logoutURL());
            return;
        }
        String pathInfo = httpServletRequest.getPathInfo();
        if (Validator.isNotNull(pathInfo) && pathInfo.contains("/portal/logout")) {
            session.invalidate();
            httpServletResponse.sendRedirect(cASConfiguration.logoutURL());
            return;
        }
        if (Validator.isNotNull((String) session.getAttribute(CASWebKeys.CAS_LOGIN))) {
            processFilter(CASFilter.class.getName(), httpServletRequest, httpServletResponse, filterChain);
            return;
        }
        String serverName = cASConfiguration.serverName();
        String serviceURL = cASConfiguration.serviceURL();
        if (Validator.isNull(serviceURL)) {
            serviceURL = CommonUtils.constructServiceUrl(httpServletRequest, httpServletResponse, serviceURL, serverName, "ticket", false);
        }
        String string = ParamUtil.getString(httpServletRequest, "ticket");
        if (Validator.isNull(string)) {
            httpServletResponse.sendRedirect(this._http.addParameter(cASConfiguration.loginURL(), "service", serviceURL));
        } else {
            Assertion validate = getTicketValidator(companyId).validate(string, serviceURL);
            if (validate != null) {
                session.setAttribute(CASWebKeys.CAS_LOGIN, validate.getPrincipal().getName());
            }
            processFilter(CASFilter.class.getName(), httpServletRequest, httpServletResponse, filterChain);
        }
    }

    @Reference(unbind = "-")
    protected void setConfigurationProvider(ConfigurationProvider configurationProvider) {
        this._configurationProvider = configurationProvider;
    }
}
