package com.reps.sso.client.session;

import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.SocketTimeoutException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.zip.Inflater;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.jasig.cas.client.session.HashMapBackedSessionMappingStorage;
import org.jasig.cas.client.session.SessionMappingStorage;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.XmlUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/reps/sso/client/session/RepsSingleSignOutHandler.class */
public final class RepsSingleSignOutHandler {
    public static final String DEFAULT_ARTIFACT_PARAMETER_NAME = "ticket";
    public static final String DEFAULT_LOGOUT_PARAMETER_NAME = "logoutRequest";
    public static final String DEFAULT_FRONT_LOGOUT_PARAMETER_NAME = "SAMLRequest";
    public static final String DEFAULT_RELAY_STATE_PARAMETER_NAME = "RelayState";
    private static final int DECOMPRESSION_FACTOR = 10;
    private static final Logger LOGGER = LoggerFactory.getLogger(RepsSingleSignOutHandler.class);
    private List<String> safeParameters;
    private static final String LOGOUT_CLUSTER_PARAMETER_NAME = "logoutClusterRequest";
    private List<String> clusterUrls;
    private ExecutorService EXECUTOR_SERVICE;
    private LogoutStrategy logoutStrategy;
    private SessionMappingStorage sessionMappingStorage = new HashMapBackedSessionMappingStorage();
    private String artifactParameterName = DEFAULT_ARTIFACT_PARAMETER_NAME;
    private String logoutParameterName = DEFAULT_LOGOUT_PARAMETER_NAME;
    private String frontLogoutParameterName = DEFAULT_FRONT_LOGOUT_PARAMETER_NAME;
    private String relayStateParameterName = DEFAULT_RELAY_STATE_PARAMETER_NAME;
    private String casServerUrlPrefix = "";
    private boolean artifactParameterOverPost = false;
    private boolean eagerlyCreateSessions = true;
    private int connectionTimeout = 5000;
    private int readTimeout = 5000;
    private boolean followRedirects = true;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/reps/sso/client/session/RepsSingleSignOutHandler$LogoutStrategy.class */
    public interface LogoutStrategy {
        void logout(HttpServletRequest httpServletRequest);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/reps/sso/client/session/RepsSingleSignOutHandler$MessageSender.class */
    public static final class MessageSender implements Callable<Boolean> {
        private String url;
        private String message;
        private int readTimeout;
        private int connectionTimeout;
        private boolean followRedirects;

        public MessageSender(String str, String str2, int i, int i2, boolean z) {
            this.url = str;
            this.message = str2;
            this.readTimeout = i;
            this.connectionTimeout = i2;
            this.followRedirects = z;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public Boolean call() throws Exception {
            HttpURLConnection httpURLConnection = null;
            BufferedReader bufferedReader = null;
            try {
                try {
                    RepsSingleSignOutHandler.LOGGER.debug("Attempting to access {}", this.url);
                    URL url = new URL(this.url);
                    String str = "logoutClusterRequest=" + URLEncoder.encode(this.message, "UTF-8");
                    httpURLConnection = (HttpURLConnection) url.openConnection();
                    httpURLConnection.setDoInput(true);
                    httpURLConnection.setDoOutput(true);
                    httpURLConnection.setRequestMethod("POST");
                    httpURLConnection.setReadTimeout(this.readTimeout);
                    httpURLConnection.setConnectTimeout(this.connectionTimeout);
                    httpURLConnection.setInstanceFollowRedirects(this.followRedirects);
                    httpURLConnection.setRequestProperty("Content-Length", Integer.toString(str.getBytes().length));
                    httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
                    DataOutputStream dataOutputStream = new DataOutputStream(httpURLConnection.getOutputStream());
                    dataOutputStream.writeBytes(str);
                    dataOutputStream.flush();
                    dataOutputStream.close();
                    bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
                    for (boolean z = true; z; z = CommonUtils.isNotBlank(bufferedReader.readLine())) {
                    }
                    RepsSingleSignOutHandler.LOGGER.debug("Finished sending message to {}", this.url);
                    IOUtils.closeQuietly(bufferedReader);
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    return true;
                } catch (SocketTimeoutException e) {
                    RepsSingleSignOutHandler.LOGGER.warn("Socket Timeout Detected while attempting to send message to [{}]", this.url);
                    IOUtils.closeQuietly(bufferedReader);
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    return false;
                } catch (Exception e2) {
                    RepsSingleSignOutHandler.LOGGER.warn("Error Sending message to url endpoint [{}]. Error is [{}]", this.url, e2.getMessage());
                    IOUtils.closeQuietly(bufferedReader);
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    return false;
                }
            } catch (Throwable th) {
                IOUtils.closeQuietly(bufferedReader);
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                throw th;
            }
        }
    }

    /* loaded from: input_file:com/reps/sso/client/session/RepsSingleSignOutHandler$Servlet25LogoutStrategy.class */
    private class Servlet25LogoutStrategy implements LogoutStrategy {
        private Servlet25LogoutStrategy() {
        }

        @Override // com.reps.sso.client.session.RepsSingleSignOutHandler.LogoutStrategy
        public void logout(HttpServletRequest httpServletRequest) {
        }
    }

    /* loaded from: input_file:com/reps/sso/client/session/RepsSingleSignOutHandler$Servlet30LogoutStrategy.class */
    private class Servlet30LogoutStrategy implements LogoutStrategy {
        private Servlet30LogoutStrategy() {
        }

        @Override // com.reps.sso.client.session.RepsSingleSignOutHandler.LogoutStrategy
        public void logout(HttpServletRequest httpServletRequest) {
            try {
                httpServletRequest.logout();
            } catch (ServletException e) {
                RepsSingleSignOutHandler.LOGGER.debug("Error performing request.logout.");
            }
        }
    }

    public RepsSingleSignOutHandler() {
        this.logoutStrategy = isServlet30() ? new Servlet30LogoutStrategy() : new Servlet25LogoutStrategy();
    }

    public void setSessionMappingStorage(SessionMappingStorage sessionMappingStorage) {
        this.sessionMappingStorage = sessionMappingStorage;
    }

    public void setArtifactParameterOverPost(boolean z) {
        this.artifactParameterOverPost = z;
    }

    public SessionMappingStorage getSessionMappingStorage() {
        return this.sessionMappingStorage;
    }

    public void setArtifactParameterName(String str) {
        this.artifactParameterName = str;
    }

    public void setLogoutParameterName(String str) {
        this.logoutParameterName = str;
    }

    public void setCasServerUrlPrefix(String str) {
        this.casServerUrlPrefix = str;
    }

    public void setFrontLogoutParameterName(String str) {
        this.frontLogoutParameterName = str;
    }

    public void setRelayStateParameterName(String str) {
        this.relayStateParameterName = str;
    }

    public void setEagerlyCreateSessions(boolean z) {
        this.eagerlyCreateSessions = z;
    }

    public synchronized void init() {
        if (this.safeParameters == null) {
            CommonUtils.assertNotNull(this.artifactParameterName, "artifactParameterName cannot be null.");
            CommonUtils.assertNotNull(this.logoutParameterName, "logoutParameterName cannot be null.");
            CommonUtils.assertNotNull(this.frontLogoutParameterName, "frontLogoutParameterName cannot be null.");
            CommonUtils.assertNotNull(this.sessionMappingStorage, "sessionMappingStorage cannot be null.");
            CommonUtils.assertNotNull(this.relayStateParameterName, "relayStateParameterName cannot be null.");
            CommonUtils.assertNotNull(this.casServerUrlPrefix, "casServerUrlPrefix cannot be null.");
            if (CommonUtils.isBlank(this.casServerUrlPrefix)) {
                LOGGER.warn("Front Channel single sign out redirects are disabled when the 'casServerUrlPrefix' value is not set.");
            }
            if (this.artifactParameterOverPost) {
                this.safeParameters = Arrays.asList(this.logoutParameterName, this.artifactParameterName);
            } else {
                this.safeParameters = Arrays.asList(this.logoutParameterName);
            }
        }
    }

    private boolean isTokenRequest(HttpServletRequest httpServletRequest) {
        return CommonUtils.isNotBlank(CommonUtils.safeGetParameter(httpServletRequest, this.artifactParameterName, this.safeParameters));
    }

    private boolean isBackChannelLogoutRequest(HttpServletRequest httpServletRequest) {
        return "POST".equals(httpServletRequest.getMethod()) && !isMultipartRequest(httpServletRequest) && CommonUtils.isNotBlank(CommonUtils.safeGetParameter(httpServletRequest, this.logoutParameterName, this.safeParameters));
    }

    private boolean isClusterNodeLogoutRequest(HttpServletRequest httpServletRequest) {
        return "POST".equals(httpServletRequest.getMethod()) && CommonUtils.isNotBlank(httpServletRequest.getParameter(LOGOUT_CLUSTER_PARAMETER_NAME));
    }

    private boolean isFrontChannelLogoutRequest(HttpServletRequest httpServletRequest) {
        return "GET".equals(httpServletRequest.getMethod()) && CommonUtils.isNotBlank(this.casServerUrlPrefix) && CommonUtils.isNotBlank(CommonUtils.safeGetParameter(httpServletRequest, this.frontLogoutParameterName));
    }

    public boolean process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (isTokenRequest(httpServletRequest)) {
            LOGGER.trace("Received a token request");
            recordSession(httpServletRequest);
            return true;
        }
        if (isBackChannelLogoutRequest(httpServletRequest)) {
            LOGGER.trace("Received a back channel logout request");
            destroySession(httpServletRequest);
            return false;
        }
        if (isClusterNodeLogoutRequest(httpServletRequest)) {
            LOGGER.trace("Received a cluster node logout request");
            destroySessionFromClusterNode(httpServletRequest);
            return false;
        }
        if (!isFrontChannelLogoutRequest(httpServletRequest)) {
            LOGGER.trace("Ignoring URI for logout: {}", httpServletRequest.getRequestURI());
            return true;
        }
        LOGGER.trace("Received a front channel logout request");
        destroySession(httpServletRequest);
        String computeRedirectionToServer = computeRedirectionToServer(httpServletRequest);
        if (computeRedirectionToServer == null) {
            return false;
        }
        CommonUtils.sendRedirect(httpServletResponse, computeRedirectionToServer);
        return false;
    }

    private void recordSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(this.eagerlyCreateSessions);
        if (session == null) {
            LOGGER.debug("No session currently exists (and none created).  Cannot record session information for single sign out.");
            return;
        }
        String safeGetParameter = CommonUtils.safeGetParameter(httpServletRequest, this.artifactParameterName, this.safeParameters);
        LOGGER.debug("Recording session for token {}", safeGetParameter);
        try {
            this.sessionMappingStorage.removeBySessionById(session.getId());
        } catch (Exception e) {
        }
        this.sessionMappingStorage.addSessionById(safeGetParameter, session);
    }

    private String uncompressLogoutMessage(String str) {
        byte[] decodeBase64 = Base64.decodeBase64(str);
        Inflater inflater = null;
        try {
            try {
                inflater = new Inflater();
                inflater.setInput(decodeBase64);
                byte[] bArr = new byte[decodeBase64.length * DECOMPRESSION_FACTOR];
                String str2 = new String(bArr, 0, inflater.inflate(bArr), "UTF-8");
                if (inflater != null) {
                    inflater.end();
                }
                return str2;
            } catch (Exception e) {
                LOGGER.error("Unable to decompress logout message", e);
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            if (inflater != null) {
                inflater.end();
            }
            throw th;
        }
    }

    private void destroySession(HttpServletRequest httpServletRequest) {
        String uncompressLogoutMessage = isFrontChannelLogoutRequest(httpServletRequest) ? uncompressLogoutMessage(CommonUtils.safeGetParameter(httpServletRequest, this.frontLogoutParameterName)) : CommonUtils.safeGetParameter(httpServletRequest, this.logoutParameterName, this.safeParameters);
        LOGGER.trace("Logout request:\n{}", uncompressLogoutMessage);
        String textForElement = XmlUtils.getTextForElement(uncompressLogoutMessage, "SessionIndex");
        if (CommonUtils.isNotBlank(textForElement)) {
            HttpSession removeSessionByMappingId = this.sessionMappingStorage.removeSessionByMappingId(textForElement);
            if (removeSessionByMappingId == null) {
                destroySessionOfClusterNodes(textForElement);
                return;
            }
            LOGGER.debug("Invalidating session [{}] for token [{}]", removeSessionByMappingId.getId(), textForElement);
            try {
                removeSessionByMappingId.invalidate();
            } catch (IllegalStateException e) {
                LOGGER.debug("Error invalidating session.", e);
            }
            this.logoutStrategy.logout(httpServletRequest);
        }
    }

    private void destroySessionOfClusterNodes(String str) {
        if (this.clusterUrls == null || this.clusterUrls.isEmpty()) {
            return;
        }
        if (this.EXECUTOR_SERVICE == null) {
            this.EXECUTOR_SERVICE = Executors.newFixedThreadPool(this.clusterUrls.size());
        }
        for (String str2 : this.clusterUrls) {
            StringBuilder sb = new StringBuilder(str2.length() + 1);
            sb.append(str2);
            if (!str2.endsWith("/")) {
                sb.append("/");
            }
            this.EXECUTOR_SERVICE.submit(new MessageSender(sb.toString(), str, this.readTimeout, this.connectionTimeout, this.followRedirects));
        }
    }

    private void destroySessionFromClusterNode(HttpServletRequest httpServletRequest) {
        HttpSession removeSessionByMappingId;
        String parameter = httpServletRequest.getParameter(LOGOUT_CLUSTER_PARAMETER_NAME);
        if (!CommonUtils.isNotBlank(parameter) || (removeSessionByMappingId = this.sessionMappingStorage.removeSessionByMappingId(parameter)) == null) {
            return;
        }
        LOGGER.debug("Invalidating session [{}] for token [{}]", removeSessionByMappingId.getId(), parameter);
        try {
            removeSessionByMappingId.invalidate();
        } catch (IllegalStateException e) {
            LOGGER.debug("Error invalidating session.", e);
        }
        this.logoutStrategy.logout(httpServletRequest);
    }

    private String computeRedirectionToServer(HttpServletRequest httpServletRequest) {
        String safeGetParameter = CommonUtils.safeGetParameter(httpServletRequest, this.relayStateParameterName);
        if (!CommonUtils.isNotBlank(safeGetParameter)) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(this.casServerUrlPrefix);
        if (!this.casServerUrlPrefix.endsWith("/")) {
            sb.append("/");
        }
        sb.append("logout?_eventId=next&");
        sb.append(this.relayStateParameterName);
        sb.append("=");
        sb.append(CommonUtils.urlEncode(safeGetParameter));
        String sb2 = sb.toString();
        LOGGER.debug("Redirection url to the CAS server: {}", sb2);
        return sb2;
    }

    private boolean isMultipartRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getContentType() != null && httpServletRequest.getContentType().toLowerCase().startsWith("multipart");
    }

    private static boolean isServlet30() {
        try {
            return HttpServletRequest.class.getMethod("logout", new Class[0]) != null;
        } catch (NoSuchMethodException e) {
            return false;
        }
    }

    public void setClusterUrls(List<String> list) {
        this.clusterUrls = list;
    }

    public void setReadTimeout(int i) {
        this.readTimeout = i;
    }

    public void setConnectionTimeout(int i) {
        this.connectionTimeout = i;
    }

    public void setFollowRedirects(boolean z) {
        this.followRedirects = z;
    }

    public void destroy() {
        if (this.EXECUTOR_SERVICE != null) {
            try {
                this.EXECUTOR_SERVICE.shutdown();
            } catch (Exception e) {
                LOGGER.debug("Error destroy EXECUTOR_SERVICE.");
            }
        }
    }
}
