package edu.umich.auth.cosign;

import edu.umich.auth.ServletCallbackHandler;
import edu.umich.auth.cosign.util.ServiceConfig;
import java.io.File;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:edu/umich/auth/cosign/CosignAuthenticationFilterIII.class */
public class CosignAuthenticationFilterIII implements Filter {
    public static final String COSIGN_CONFIG_INIT_PARAM = "Cosign.ConfigurationFile";
    public static final String COSIGN_FINE_CONFIG_INIT_PARAM = "Cosign.FineConfigurationFile";
    private static final String JAAS_CONFIG_PROPERTY = "java.security.auth.login.config";
    private File jaasFile;
    private static final String COSIGN_APP_CONFIG_ENTRY_NAME = "edu.umich.auth.cosign.CosignAuthenticationFilter:JAAS";
    public static final String JAAS_CONFIG_FILE_INIT_PARAM = "Auth.JAASConfigurationFile";
    private static final String USER_SUBJECT_ATTRIBUTE = "edu.umich.auth.AuthentincatonFilter:Subject";
    private String cosignConfigFile;
    private String appConfigurationEntryName;
    private Class callbackHandlerClass;
    static Class class$edu$umich$auth$cosign$CosignServletCallbackHandler;
    static Class class$edu$umich$auth$cosign$CosignAuthenticationFilterIII$CosignAppConfigurationEntry;
    static Class class$edu$umich$auth$cosign$CosignLoginModule;
    protected Log log = LogFactory.getLog(getClass());
    private boolean isConfigValid = false;
    private Map parameters = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:edu/umich/auth/cosign/CosignAuthenticationFilterIII$CosignAppConfigurationEntry.class */
    public static class CosignAppConfigurationEntry extends AppConfigurationEntry {
        protected Log log;

        /* JADX WARN: Illegal instructions before constructor call */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public CosignAppConfigurationEntry(java.lang.String r6) {
            /*
                r5 = this;
                r0 = r5
                java.lang.Class r1 = edu.umich.auth.cosign.CosignAuthenticationFilterIII.class$edu$umich$auth$cosign$CosignLoginModule
                if (r1 != 0) goto L13
                java.lang.String r1 = "edu.umich.auth.cosign.CosignLoginModule"
                java.lang.Class r1 = edu.umich.auth.cosign.CosignAuthenticationFilterIII.class$(r1)
                r2 = r1
                edu.umich.auth.cosign.CosignAuthenticationFilterIII.class$edu$umich$auth$cosign$CosignLoginModule = r2
                goto L16
            L13:
                java.lang.Class r1 = edu.umich.auth.cosign.CosignAuthenticationFilterIII.class$edu$umich$auth$cosign$CosignLoginModule
            L16:
                java.lang.String r1 = r1.getName()
                javax.security.auth.login.AppConfigurationEntry$LoginModuleControlFlag r2 = javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag.REQUIRED
                r3 = r6
                java.util.HashMap r3 = createOptions(r3)
                r0.<init>(r1, r2, r3)
                r0 = r5
                java.lang.Class r1 = edu.umich.auth.cosign.CosignAuthenticationFilterIII.class$edu$umich$auth$cosign$CosignAuthenticationFilterIII$CosignAppConfigurationEntry
                if (r1 != 0) goto L36
                java.lang.String r1 = "edu.umich.auth.cosign.CosignAuthenticationFilterIII$CosignAppConfigurationEntry"
                java.lang.Class r1 = edu.umich.auth.cosign.CosignAuthenticationFilterIII.class$(r1)
                r2 = r1
                edu.umich.auth.cosign.CosignAuthenticationFilterIII.class$edu$umich$auth$cosign$CosignAuthenticationFilterIII$CosignAppConfigurationEntry = r2
                goto L39
            L36:
                java.lang.Class r1 = edu.umich.auth.cosign.CosignAuthenticationFilterIII.class$edu$umich$auth$cosign$CosignAuthenticationFilterIII$CosignAppConfigurationEntry
            L39:
                org.apache.commons.logging.Log r1 = org.apache.commons.logging.LogFactory.getLog(r1)
                r0.log = r1
                r0 = r5
                org.apache.commons.logging.Log r0 = r0.log
                java.lang.StringBuffer r1 = new java.lang.StringBuffer
                r2 = r1
                r2.<init>()
                java.lang.String r2 = "CosignAppConfigurationEntry: Config file init parameter is: "
                java.lang.StringBuffer r1 = r1.append(r2)
                r2 = r6
                java.lang.StringBuffer r1 = r1.append(r2)
                java.lang.String r1 = r1.toString()
                r0.info(r1)
                return
            */
            throw new UnsupportedOperationException("Method not decompiled: edu.umich.auth.cosign.CosignAuthenticationFilterIII.CosignAppConfigurationEntry.<init>(java.lang.String):void");
        }

        private static HashMap createOptions(String str) {
            HashMap hashMap = new HashMap();
            hashMap.put(CosignLoginModule.COSIGN_CONFIG_FILE_OPTION, str);
            System.out.println(new StringBuffer().append("CosignAppConfigurationEntry: create options: ").append(hashMap).toString());
            return hashMap;
        }
    }

    public void init(FilterConfig filterConfig) {
        Class cls;
        try {
            this.cosignConfigFile = filterConfig.getInitParameter(COSIGN_CONFIG_INIT_PARAM);
            this.log.info(new StringBuffer().append("CosignAuthenticationFilter: Config file init parameter is: ").append(this.cosignConfigFile).toString());
            this.log.info("CosignAuthenticationFilter: COSIGN_APP_CONFIG_ENTRY_NAME is: edu.umich.auth.cosign.CosignAuthenticationFilter:JAAS");
            this.jaasFile = new File(filterConfig.getInitParameter(JAAS_CONFIG_FILE_INIT_PARAM));
            if (!this.jaasFile.exists()) {
                throw new ServletException(new StringBuffer().append("Cannot find JAAS configuration file ").append(filterConfig.getInitParameter(JAAS_CONFIG_FILE_INIT_PARAM)).append(".").toString());
            }
            if (!this.jaasFile.canRead()) {
                throw new ServletException(new StringBuffer().append("Cannot read JAAS configuration file ").append(this.jaasFile.getAbsolutePath()).append(".").toString());
            }
            System.setProperty(JAAS_CONFIG_PROPERTY, this.jaasFile.getAbsolutePath());
            setJAASAppConfigurationEntryName(COSIGN_APP_CONFIG_ENTRY_NAME);
            if (class$edu$umich$auth$cosign$CosignServletCallbackHandler == null) {
                cls = class$("edu.umich.auth.cosign.CosignServletCallbackHandler");
                class$edu$umich$auth$cosign$CosignServletCallbackHandler = cls;
            } else {
                cls = class$edu$umich$auth$cosign$CosignServletCallbackHandler;
            }
            setJAASServletCallbackHandler(cls);
            this.isConfigValid = true;
        } catch (Exception e) {
            this.log.error("Failed to init AuthenticationFilter!", e);
            this.isConfigValid = false;
        }
    }

    protected void setJAASAppConfigurationEntryName(String str) {
        this.appConfigurationEntryName = str;
    }

    protected void setJAASServletCallbackHandler(Class cls) {
        this.callbackHandlerClass = cls;
    }

    public void destroy() {
    }

    protected void validateFilter() throws ServletException {
        this.log.info("CosignAuthenticationFilter: validateFilter called");
        this.log.info(new StringBuffer().append("CosignAuthenticationFilter: Filter configuration file: ").append(this.cosignConfigFile).toString());
        if (!this.isConfigValid) {
            throw new ServletException("AuthorizationFilter failed to initialize.");
        }
        if (!System.getProperty(JAAS_CONFIG_PROPERTY).equals(this.jaasFile.getAbsolutePath())) {
            throw new ServletException("JAAS configuration file system property has been overwritten.\nNOTE: All Web applications configured to use JAAS must share the same JAAS configuration file.");
        }
        Configuration configuration = Configuration.getConfiguration();
        AppConfigurationEntry[] appConfigurationEntry = configuration.getAppConfigurationEntry(COSIGN_APP_CONFIG_ENTRY_NAME);
        if (appConfigurationEntry == null) {
            this.log.info("CosignAuthenticationFilter: cosignAppConfigurationEntries was null");
            Configuration.setConfiguration(new Configuration(this, new CosignAppConfigurationEntry[]{new CosignAppConfigurationEntry(this.cosignConfigFile)}, configuration) { // from class: edu.umich.auth.cosign.CosignAuthenticationFilterIII.1
                private final CosignAppConfigurationEntry[] val$newCosignAppConfigurationEntries;
                private final Configuration val$currentConfiguration;
                private final CosignAuthenticationFilterIII this$0;

                {
                    this.this$0 = this;
                    this.val$newCosignAppConfigurationEntries = r5;
                    this.val$currentConfiguration = configuration;
                }

                public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                    return CosignAuthenticationFilterIII.COSIGN_APP_CONFIG_ENTRY_NAME.equals(str) ? this.val$newCosignAppConfigurationEntries : this.val$currentConfiguration.getAppConfigurationEntry(str);
                }

                public void refresh() {
                    this.val$currentConfiguration.refresh();
                }
            });
            CosignConfig.INSTANCE.setConfigFilePath(this.cosignConfigFile);
        } else {
            this.log.info("CosignAuthenticationFilter: cosignAppConfigurationEntries was NOT null");
            if (appConfigurationEntry.length == 0 || !(appConfigurationEntry[0] instanceof CosignAppConfigurationEntry)) {
                this.log.info("CosignAuthenticationFilter: We hit the error");
                this.log.info(new StringBuffer().append("CosignAuthenticationFilter: cosignAppConfigurationEntries.length is: ").append(appConfigurationEntry.length).toString());
                this.log.info(new StringBuffer().append("CosignAuthenticationFilter: cosignAppConfigurationEntry is correct class? ").append(appConfigurationEntry[0] instanceof CosignAppConfigurationEntry).toString());
                this.log.info(new StringBuffer().append("CosignAuthenticationFilter: cosignAppConfigurationEntry class is: ").append(appConfigurationEntry[0].getClass()).toString());
                this.log.info(new StringBuffer().append("CosignAuthenticationFilter: cosignAppConfigurationEntry  name is: ").append(appConfigurationEntry[0].getLoginModuleName()).toString());
                this.log.info(new StringBuffer().append("CosignAuthenticationFilter: cosignAppConfigurationEntry  control flag is: ").append(appConfigurationEntry[0].getControlFlag()).toString());
                this.log.info(new StringBuffer().append("CosignAuthenticationFilter: cosignAppConfigurationEntry  options are: ").append(appConfigurationEntry[0].getOptions()).toString());
                Iterator it = appConfigurationEntry[0].getOptions().values().iterator();
                while (it.hasNext()) {
                    this.log.info(new StringBuffer().append("config value= : ").append(it.next()).toString());
                }
                if (CosignConfig.INSTANCE.getConfigFilePath() == null) {
                    CosignConfig.INSTANCE.setConfigFilePath(this.cosignConfigFile);
                }
            } else if (this.cosignConfigFile == null || !this.cosignConfigFile.equals(this.cosignConfigFile)) {
                throw new ServletException("Cosign config file path is different than expected. Only one CosignConfig file is possible for each instance of a JVM.");
            }
        }
        if (!CosignConfig.INSTANCE.isConfigValid()) {
            throw new ServletException("Cosign config is invalid.  Check the server logs for more details.");
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException {
        Subject subject;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String requestURI = httpServletRequest.getRequestURI();
        try {
            validateFilter();
            String substring = requestURI.substring(httpServletRequest.getContextPath().length());
            String substring2 = substring.substring(substring.lastIndexOf(47) + 1);
            boolean z = substring.lastIndexOf(47) == substring.indexOf(47);
            if (substring.charAt(substring.length() - 1) != '/' && !z) {
                substring = substring.substring(0, substring.lastIndexOf(47) + 1);
            }
            String str = (String) CosignConfig.INSTANCE.getPropertyValue(CosignConfig.LOCATION_HANDLER_URL);
            this.log.debug(new StringBuffer().append("Location URL: ").append(str).toString());
            this.log.debug(new StringBuffer().append("Request URL: ").append(requestURI).toString());
            this.log.debug(new StringBuffer().append("Current path: ").append(substring).toString());
            if (requestURI.equalsIgnoreCase(str)) {
                this.log.debug("Location URL and current url match");
                if (httpServletRequest.getQueryString() == null) {
                    throw new ServletException("Location handler has been entered but no querystring arguments where passed.");
                }
                String[] split = httpServletRequest.getQueryString().split("&", 2);
                String[] split2 = split[0].split("=");
                String str2 = split2[0];
                ServiceConfig matchServiceWithName = CosignConfig.INSTANCE.matchServiceWithName(str2);
                this.log.debug(new StringBuffer().append("Cookie name is: ").append(str2).toString());
                if (matchServiceWithName == null) {
                    throw new ServletException(new StringBuffer().append("No service defined/found for service cookie retuned: ").append(str2).toString());
                }
                this.log.debug("Location handler: service config not null");
                String str3 = split[1];
                if (!Pattern.compile((String) CosignConfig.INSTANCE.getPropertyValue(CosignConfig.REDIRECT_REGEX)).matcher(str3).matches()) {
                    if (CosignConfig.INSTANCE.getPropertyValue(CosignConfig.VALIDATION_ERROR_REDIRECT) == null) {
                        throw new ServletException("Redirect URL does not match redirection configuration Regular Expression.");
                    }
                    this.log.debug("Location handler refused redirect URL, pattern did not match.");
                    httpServletResponse.sendRedirect((String) CosignConfig.INSTANCE.getPropertyValue(CosignConfig.VALIDATION_ERROR_REDIRECT));
                    return;
                }
                if (new CosignLocationHandler().check(split2[1], matchServiceWithName, str3, httpServletResponse)) {
                    this.log.debug("Location handler checked ok");
                    httpServletResponse.sendRedirect(str3);
                    return;
                }
                this.log.debug("Location handler Failed check.");
            }
            ServiceConfig hasServiceOveride = CosignConfig.INSTANCE.hasServiceOveride(substring, substring2, httpServletRequest.getQueryString());
            if (hasServiceOveride != null && hasServiceOveride.isPublicAccess()) {
                this.log.debug("Anonymous user permitted access to site.");
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            if (hasServiceOveride == null) {
                this.log.error("Cosign filter defined to pickup URL but no service defined.");
                throw new ServletException("Cosign filter defined to pickup URL but no service defined.");
            }
            Object attribute = httpServletRequest.getSession().getAttribute(USER_SUBJECT_ATTRIBUTE);
            if (attribute == null) {
                HttpSession session = httpServletRequest.getSession();
                Subject subject2 = new Subject();
                subject = subject2;
                session.setAttribute(USER_SUBJECT_ATTRIBUTE, subject2);
            } else {
                if (!(attribute instanceof Subject)) {
                    throw new ServletException("Invalid authentication Subject in user's session.");
                }
                subject = (Subject) attribute;
            }
            ServletCallbackHandler servletCallbackHandler = null;
            try {
                servletCallbackHandler = (ServletCallbackHandler) this.callbackHandlerClass.newInstance();
                if (servletCallbackHandler.init(this.parameters, httpServletRequest, httpServletResponse, subject)) {
                    new LoginContext(this.appConfigurationEntryName, subject, servletCallbackHandler).login();
                }
                servletCallbackHandler.handleSuccessfulLogin();
            } catch (LoginException e) {
                if (!servletCallbackHandler.handleFailedLogin(e)) {
                    return;
                }
            }
            filterChain.doFilter(servletCallbackHandler.getRequest(), servletCallbackHandler.getResponse());
        } catch (Exception e2) {
            this.log.error(e2.getMessage(), e2);
            httpServletResponse.sendError(503, e2.getMessage());
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
