package org.jasig.cas.client.jetty;

import java.io.IOException;
import java.lang.ref.WeakReference;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.jasig.cas.client.Protocol;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.ReflectUtils;
import org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator;
import org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.TicketValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jasig/cas/client/jetty/CasAuthenticator.class */
public class CasAuthenticator extends AbstractLifeCycle implements Authenticator {
    public static final String AUTH_METHOD = "CAS";
    private static final String CACHED_AUTHN_ATTRIBUTE = "org.jasig.cas.client.jetty.Authentication";
    private final Logger logger = LoggerFactory.getLogger(CasAuthenticator.class);
    private final ConcurrentMap<String, WeakReference<HttpSession>> sessionMap = new ConcurrentHashMap();
    private TicketValidator ticketValidator;
    private String serverNames;
    private String roleAttribute;
    private String casServerLoginUrl;
    private Protocol protocol;
    private boolean renew;

    public void setTicketValidator(TicketValidator ticketValidator) {
        CommonUtils.assertNotNull(ticketValidator, "TicketValidator cannot be null");
        if (!(ticketValidator instanceof AbstractUrlBasedTicketValidator)) {
            throw new IllegalArgumentException("Unsupported ticket validator " + ticketValidator);
        }
        if (ticketValidator instanceof AbstractCasProtocolUrlBasedTicketValidator) {
            this.protocol = Protocol.CAS2;
        } else {
            this.protocol = Protocol.SAML11;
        }
        this.casServerLoginUrl = ReflectUtils.getField("casServerUrlPrefix", ticketValidator) + "/login";
        this.renew = ((Boolean) ReflectUtils.getField("renew", ticketValidator)).booleanValue();
        this.ticketValidator = ticketValidator;
    }

    public void setServerNames(String str) {
        CommonUtils.isNotBlank(str);
        this.serverNames = str;
    }

    public String getRoleAttribute() {
        return this.roleAttribute;
    }

    public void setRoleAttribute(String str) {
        CommonUtils.isNotBlank(str);
        this.roleAttribute = str;
    }

    public void setConfiguration(Authenticator.AuthConfiguration authConfiguration) {
    }

    public String getAuthMethod() {
        return AUTH_METHOD;
    }

    public void prepareRequest(ServletRequest servletRequest) {
    }

    public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        CasAuthentication fetchCachedAuthentication = fetchCachedAuthentication(httpServletRequest);
        if (fetchCachedAuthentication != null) {
            return fetchCachedAuthentication;
        }
        String parameter = httpServletRequest.getParameter(this.protocol.getArtifactParameterName());
        if (parameter != null && z) {
            try {
                this.logger.debug("Attempting to validate {}", parameter);
                Assertion validate = this.ticketValidator.validate(parameter, serviceUrl(httpServletRequest, httpServletResponse));
                this.logger.info("Successfully authenticated {}", validate.getPrincipal());
                fetchCachedAuthentication = new CasAuthentication(this, parameter, validate);
                cacheAuthentication(httpServletRequest, fetchCachedAuthentication);
            } catch (Exception e) {
                throw new ServerAuthException("CAS ticket validation failed", e);
            }
        }
        if (fetchCachedAuthentication != null) {
            return fetchCachedAuthentication;
        }
        if (!z) {
            return Authentication.UNAUTHENTICATED;
        }
        redirectToCas(httpServletRequest, httpServletResponse);
        return Authentication.SEND_CONTINUE;
    }

    public boolean secureResponse(ServletRequest servletRequest, ServletResponse servletResponse, boolean z, Authentication.User user) throws ServerAuthException {
        return true;
    }

    protected void doStart() throws Exception {
        if (this.ticketValidator == null) {
            throw new RuntimeException("TicketValidator cannot be null");
        }
        if (this.serverNames == null) {
            throw new RuntimeException("ServerNames cannot be null");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void clearCachedAuthentication(String str) {
        WeakReference<HttpSession> remove = this.sessionMap.remove(str);
        if (remove == null || remove.get() == null) {
            return;
        }
        remove.get().removeAttribute(CACHED_AUTHN_ATTRIBUTE);
    }

    private void cacheAuthentication(HttpServletRequest httpServletRequest, CasAuthentication casAuthentication) {
        HttpSession session = httpServletRequest.getSession(true);
        if (session != null) {
            session.setAttribute(CACHED_AUTHN_ATTRIBUTE, casAuthentication);
            this.sessionMap.put(casAuthentication.getTicket(), new WeakReference<>(session));
        }
    }

    private CasAuthentication fetchCachedAuthentication(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            return (CasAuthentication) session.getAttribute(CACHED_AUTHN_ATTRIBUTE);
        }
        return null;
    }

    private String serviceUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return CommonUtils.constructServiceUrl(httpServletRequest, httpServletResponse, (String) null, this.serverNames, this.protocol.getServiceParameterName(), this.protocol.getArtifactParameterName(), true);
    }

    private void redirectToCas(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServerAuthException {
        try {
            String constructRedirectUrl = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, this.protocol.getServiceParameterName(), serviceUrl(httpServletRequest, httpServletResponse), this.renew, false);
            this.logger.debug("Redirecting to {}", constructRedirectUrl);
            httpServletResponse.sendRedirect(constructRedirectUrl);
        } catch (IOException e) {
            this.logger.debug("Redirect to CAS failed with error: {}", e);
            throw new ServerAuthException("Redirect to CAS failed", e);
        }
    }
}
