package com.liferay.portal.servlet.filters.sso.cas;

import com.ekingstar.jigsaw.util.ExtPropconfigUtil;
import com.liferay.portal.kernel.captcha.CaptchaException;
import com.liferay.portal.kernel.captcha.CaptchaUtil;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.HttpUtil;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.model.User;
import com.liferay.portal.security.ldap.PortalLDAPImporterUtil;
import com.liferay.portal.security.pwd.PwdAuthenticator;
import com.liferay.portal.service.UserLocalServiceUtil;
import com.liferay.portal.servlet.filters.BasePortalFilter;
import com.liferay.portal.servlet.filters.sso.cas.util.Base16;
import com.liferay.portal.servlet.filters.sso.cas.util.CommonUtil;
import com.liferay.portal.servlet.filters.sso.cas.util.RSA;
import com.liferay.portal.util.PortalUtil;
import com.liferay.portal.util.PrefsPropsUtil;
import com.liferay.portal.util.PropsValues;
import java.net.URLEncoder;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.ajaxanywhere.AAConstants;
import org.apache.hadoop.mapred.lib.aggregate.ValueAggregatorDescriptor;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
import org.jasig.cas.client.validation.TicketValidator;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/ext-impl/classes/com/liferay/portal/servlet/filters/sso/cas/CASFilter.class
 */
/* loaded from: input_file:WEB-INF/ext-impl/ext-impl.jar:com/liferay/portal/servlet/filters/sso/cas/CASFilter.class */
public class CASFilter extends BasePortalFilter {
    private static Log _log = LogFactoryUtil.getLog(CASFilter.class);
    private static Map<Long, TicketValidator> _ticketValidators = new ConcurrentHashMap();

    public static void reload(long j) {
        _ticketValidators.remove(Long.valueOf(j));
    }

    public boolean isFilterEnabled(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            return ExtPropconfigUtil.getBooleanFromDB("cas.auth.enabled", false).booleanValue();
        } catch (Exception e) {
            _log.error(e, e);
            return false;
        }
    }

    protected Log getLog() {
        return _log;
    }

    protected TicketValidator getTicketValidator(long j) throws Exception {
        TicketValidator ticketValidator = _ticketValidators.get(Long.valueOf(j));
        if (ticketValidator != null) {
            return ticketValidator;
        }
        String stringFromDB = ExtPropconfigUtil.getStringFromDB("cas.server.name", "");
        String stringFromDB2 = ExtPropconfigUtil.getStringFromDB("cas.server.url", "");
        String stringFromDB3 = ExtPropconfigUtil.getStringFromDB("cas.login.url", "");
        Cas20ProxyTicketValidator cas20ProxyTicketValidator = new Cas20ProxyTicketValidator(stringFromDB2);
        HashMap hashMap = new HashMap();
        hashMap.put("serverName", stringFromDB);
        hashMap.put("casServerUrlPrefix", stringFromDB2);
        hashMap.put("casServerLoginUrl", stringFromDB3);
        hashMap.put("redirectAfterValidation", "false");
        cas20ProxyTicketValidator.setCustomParameters(hashMap);
        _ticketValidators.put(Long.valueOf(j), cas20ProxyTicketValidator);
        return cas20ProxyTicketValidator;
    }

    protected void processFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws Exception {
        HttpSession session = httpServletRequest.getSession();
        long companyId = PortalUtil.getCompanyId(httpServletRequest);
        String pathInfo = httpServletRequest.getPathInfo();
        System.out.println("CASFilter.processFilter");
        if (!ExtPropconfigUtil.getBooleanFromDB("cas.auth.enabled", false).booleanValue()) {
            System.out.println("CASFilter.processFilter skip");
            processFilter(CASFilter.class, httpServletRequest, httpServletResponse, filterChain);
            return;
        }
        String stringFromDB = ExtPropconfigUtil.getStringFromDB("cas.no.such.user.redirect.url", "");
        String stringFromDB2 = ExtPropconfigUtil.getStringFromDB("cas.login.url", "");
        String stringFromDB3 = ExtPropconfigUtil.getStringFromDB("cas.logout.url", "");
        String stringFromDB4 = ExtPropconfigUtil.getStringFromDB("cas.status.url", "");
        String stringFromDB5 = ExtPropconfigUtil.getStringFromDB("cas.service.url", "");
        String stringFromDB6 = ExtPropconfigUtil.getStringFromDB("cas.server.name", "");
        if (stringFromDB6.length() <= 0) {
            stringFromDB6 = httpServletRequest.getServerName() + (httpServletRequest.getServerPort() == 80 ? "" : ValueAggregatorDescriptor.TYPE_SEPARATOR + httpServletRequest.getServerPort());
            System.out.println("serverName==" + stringFromDB6);
        }
        if (session.getAttribute("CAS_FORCE_LOGOUT") != null) {
            session.removeAttribute("CAS_FORCE_LOGOUT");
            if (CommonUtil.isCasAlive(stringFromDB4, 0)) {
                httpServletResponse.sendRedirect(HttpUtil.addParameter(stringFromDB3, "service", stringFromDB5));
                return;
            }
        }
        if (pathInfo.indexOf("/portal/logout") != -1) {
            session.invalidate();
            if (CommonUtil.isCasAlive(stringFromDB4, 0)) {
                httpServletResponse.sendRedirect(HttpUtil.addParameter(stringFromDB3, "service", stringFromDB5));
                return;
            }
        } else {
            String constructServiceUrl = CommonUtils.constructServiceUrl(httpServletRequest, httpServletResponse, "", stringFromDB6, "ticket", false);
            System.out.println("serviceUrl==" + constructServiceUrl);
            String str = (String) session.getAttribute("CAS_LOGIN");
            String string = ParamUtil.getString(httpServletRequest, "ticket");
            if (Validator.isNull(string)) {
                String string2 = ParamUtil.getString(httpServletRequest, "errorCode");
                session.setAttribute("LIFERAY_SHARED_ERROR_CODE", string2);
                if (Validator.isNotNull(string2)) {
                    int integer = GetterUtil.getInteger(session.getAttribute("LIFERAY_SHARED_ERROR_COUNT"), 0);
                    if (!"000".equals(string2)) {
                        if ("001".equals(string2)) {
                            integer++;
                        } else if ("002".equals(string2)) {
                            integer++;
                        }
                    }
                    session.setAttribute("LIFERAY_SHARED_ERROR_COUNT", Integer.valueOf(integer));
                    session.setAttribute("errorCode", string2);
                    httpServletResponse.sendRedirect(stringFromDB + "?errorCode=" + string2);
                    return;
                }
                if (Validator.isNotNull(str)) {
                    processFilter(CASFilter.class, httpServletRequest, httpServletResponse, filterChain);
                    return;
                }
                String string3 = ParamUtil.getString(httpServletRequest, "login");
                String string4 = ParamUtil.getString(httpServletRequest, "password");
                if (!CommonUtil.isCasAlive(stringFromDB4, 0)) {
                    if (Validator.isNull(string3) || Validator.isNull(string4)) {
                        session.setAttribute("LIFERAY_SHARED_ERROR_CODE", "990");
                        session.setAttribute("errorCode", "990");
                        httpServletResponse.sendRedirect(stringFromDB + "?errorCode=990");
                        return;
                    }
                    String string5 = PrefsPropsUtil.getString(companyId, "company.security.auth.type", PropsValues.COMPANY_SECURITY_AUTH_TYPE);
                    User user = null;
                    if (ExtPropconfigUtil.getBooleanFromDB("cas.import.from.ldap", false).booleanValue()) {
                        try {
                            user = string5.equals("screenName") ? PortalLDAPImporterUtil.importLDAPUser(companyId, "", string3) : PortalLDAPImporterUtil.importLDAPUser(companyId, string3, "");
                        } catch (SystemException e) {
                        }
                    }
                    if (user == null) {
                        user = string5.equals("screenName") ? UserLocalServiceUtil.getUserByScreenName(companyId, string3) : UserLocalServiceUtil.getUserByEmailAddress(companyId, string3);
                    }
                    if (user == null && string5.equals("screenName")) {
                        string3 = "cas." + string3;
                        user = UserLocalServiceUtil.getUserByScreenName(companyId, string3);
                    }
                    if (user == null) {
                        session.setAttribute("LIFERAY_SHARED_ERROR_CODE", "991");
                        session.setAttribute("errorCode", "991");
                        httpServletResponse.sendRedirect(stringFromDB + "?errorCode=991");
                        return;
                    } else if (PwdAuthenticator.authenticate(string3, string4, user.getPassword())) {
                        session.setAttribute("CAS_LOGIN", string3);
                        processFilter(CASFilter.class, httpServletRequest, httpServletResponse, filterChain);
                        return;
                    } else {
                        session.setAttribute("LIFERAY_SHARED_ERROR_CODE", "992");
                        session.setAttribute("errorCode", "992");
                        httpServletResponse.sendRedirect(stringFromDB + "?errorCode=992");
                        return;
                    }
                }
                String addParameter = HttpUtil.addParameter(stringFromDB2, "service", constructServiceUrl);
                if (!Validator.isNotNull(string3) || !Validator.isNotNull(string4)) {
                    String parameter = httpServletRequest.getParameter(AAConstants.AA_XML_REDIRECT);
                    if ((parameter == null || parameter.isEmpty()) && ExtPropconfigUtil.getBooleanFromDB("cas.use.local.login.page", false).booleanValue()) {
                        httpServletResponse.sendRedirect(HttpUtil.addParameter(HttpUtil.addParameter(addParameter, "isLoginValid", "isLoginValid"), "back", "back"));
                        return;
                    } else {
                        httpServletResponse.sendRedirect(addParameter);
                        return;
                    }
                }
                int intValue = ExtPropconfigUtil.getIntegerFromDB("captcha.image.max.error.count", -1).intValue();
                int integer2 = GetterUtil.getInteger(session.getAttribute("LIFERAY_SHARED_ERROR_COUNT"), 0);
                if (intValue > -1 && integer2 >= intValue) {
                    try {
                        CaptchaUtil.check(httpServletRequest);
                    } catch (CaptchaException e2) {
                        session.setAttribute("LIFERAY_SHARED_ERROR_CODE", "003");
                        session.setAttribute("errorCode", "003");
                        httpServletResponse.sendRedirect(stringFromDB + "?errorCode=003");
                        return;
                    }
                }
                String stringFromDB7 = ExtPropconfigUtil.getStringFromDB("cas.auth.password.encrpto.type", "");
                if (Validator.isNotNull(stringFromDB7)) {
                    Long valueOf = Long.valueOf(new Date().getTime());
                    if ("RSA".equalsIgnoreCase(stringFromDB7)) {
                        RSA rsa = new RSA();
                        rsa.initPublicKey("5598e3b75d21a2989274e222fa59ab07d829faa29b544e3a920c4dd287aed9302a657280c23220a35ae985ba157400e0502ce8e44570a1513bf7146f372e9c842115fb1b86def80e2ecf9f8e7a586656d12b27529f487e55052e5c31d0836b2e8c01c011bca911d983b1541f20b7466c325b4e30b4a79652470e88135113c9d9", "10001");
                        string4 = URLEncoder.encode("{RSA}", "UTF-8") + Base16.encode(rsa.encrypt((valueOf + "/" + string3 + "/" + string4).getBytes("UTF-8")));
                    } else {
                        string4 = URLEncoder.encode("{" + stringFromDB7 + "}", "UTF-8") + CommonUtil.encrypto(valueOf + "/" + string3 + "/" + string4, stringFromDB7).substring(stringFromDB7.length() + 2);
                    }
                }
                httpServletResponse.sendRedirect(HttpUtil.addParameter(HttpUtil.addParameter(HttpUtil.addParameter(HttpUtil.addParameter(addParameter, "username", string3), "password", string4), "isLoginService", "isLoginService"), "back", "back"));
                return;
            }
            TicketValidator ticketValidator = getTicketValidator(companyId);
            System.out.println("CASFilter.processFilter start validate ticket[" + string + "]");
            Assertion validate = ticketValidator.validate(string, constructServiceUrl);
            System.out.println("CASFilter.processFilter end validate ticket[" + string + "]");
            if (validate != null) {
                String name = validate.getPrincipal().getName();
                session.setAttribute("CAS_LOGIN", name);
                session.setAttribute("LIFERAY_SHARED_ERROR_COUNT", 0);
                session.setAttribute("LIFERAY_SHARED_ERROR_CODE", "");
                System.out.println("CASFilter.processFilter success validate ticket[" + string + "]login[" + name + "]");
            }
        }
        processFilter(CASFilter.class, httpServletRequest, httpServletResponse, filterChain);
    }
}
