package org.geoserver.security.cas;

import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpCookie;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:org/geoserver/security/cas/CasAuthenticationHelper.class */
public abstract class CasAuthenticationHelper {
    protected URL casUrlPrefix;
    protected boolean secure;
    protected HttpCookie ticketGrantingCookie;
    protected HttpCookie warningCookie;

    public CasAuthenticationHelper(URL url) {
        this.secure = "HTTPS".equalsIgnoreCase(url.getProtocol());
        this.casUrlPrefix = url;
    }

    protected URL createURLFromCasURI(String str) {
        try {
            return new URL(this.casUrlPrefix.getProtocol(), this.casUrlPrefix.getHost(), this.casUrlPrefix.getPort(), this.casUrlPrefix.getPath() + str);
        } catch (MalformedURLException e) {
            throw new RuntimeException("Cannot build url from " + this.casUrlPrefix.toExternalForm() + " and " + str);
        }
    }

    protected String readResponse(HttpURLConnection httpURLConnection) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                bufferedReader.close();
                return stringBuffer.toString();
            }
            stringBuffer.append(readLine);
        }
    }

    protected List<String> getResponseHeaderValues(HttpURLConnection httpURLConnection, String str) {
        ArrayList arrayList = new ArrayList();
        int i = 0;
        while (true) {
            String headerFieldKey = httpURLConnection.getHeaderFieldKey(i);
            String headerField = httpURLConnection.getHeaderField(i);
            if (headerFieldKey == null && headerField == null) {
                return arrayList;
            }
            if (str.equalsIgnoreCase(headerFieldKey)) {
                arrayList.add(headerField);
            }
            i++;
        }
    }

    protected List<HttpCookie> getCookies(HttpURLConnection httpURLConnection) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = getResponseHeaderValues(httpURLConnection, "Set-Cookie").iterator();
        while (it.hasNext()) {
            arrayList.addAll(HttpCookie.parse("Set-Cookie: " + it.next()));
        }
        Iterator<String> it2 = getResponseHeaderValues(httpURLConnection, "Set-Cookie2").iterator();
        while (it2.hasNext()) {
            arrayList.addAll(HttpCookie.parse("Set-Cookie2: " + it2.next()));
        }
        return arrayList;
    }

    protected HttpCookie getCookieNamed(List<HttpCookie> list, String str) {
        for (HttpCookie httpCookie : list) {
            if (httpCookie.getName().equalsIgnoreCase(str)) {
                return httpCookie;
            }
        }
        return null;
    }

    protected void writeParamsForPostAndSend(HttpURLConnection httpURLConnection, Map<String, String> map) throws IOException {
        DataOutputStream dataOutputStream = new DataOutputStream(httpURLConnection.getOutputStream());
        StringBuffer stringBuffer = new StringBuffer();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (stringBuffer.length() > 0) {
                stringBuffer.append("&");
            }
            stringBuffer.append(entry.getKey()).append("=").append(URLEncoder.encode(entry.getValue(), "utf-8"));
        }
        dataOutputStream.writeBytes(stringBuffer.toString());
        dataOutputStream.flush();
        dataOutputStream.close();
    }

    public HttpCookie getTicketGrantingCookie() {
        return this.ticketGrantingCookie;
    }

    public HttpCookie getWarningCookie() {
        return this.warningCookie;
    }

    public boolean ssoLogout() throws IOException {
        if (!this.secure || this.ticketGrantingCookie == null) {
            return true;
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) createURLFromCasURI(GeoServerCasConstants.LOGOUT_URI).openConnection();
        addCasCookies(httpURLConnection);
        httpURLConnection.getInputStream().close();
        extractCASCookies(getCookies(httpURLConnection), httpURLConnection);
        return getTicketGrantingCookie() != null && "\"\"".equals(getTicketGrantingCookie().getValue());
    }

    protected void addCasCookies(HttpURLConnection httpURLConnection) {
        String httpCookie = checkCookieForSend(this.warningCookie) ? this.warningCookie.toString() : "";
        if (checkCookieForSend(this.ticketGrantingCookie)) {
            if (httpCookie.length() > 0) {
                httpCookie = httpCookie + ",";
            }
            httpCookie = httpCookie + this.ticketGrantingCookie.toString();
        }
        if (httpCookie.length() > 0) {
            httpURLConnection.setRequestProperty("Cookie", httpCookie);
        }
    }

    public boolean isSecure() {
        return this.secure;
    }

    protected boolean checkCookieForSend(HttpCookie httpCookie) {
        if (httpCookie == null || httpCookie.hasExpired()) {
            return false;
        }
        return isSecure() || !httpCookie.getSecure();
    }

    public abstract boolean ssoLogin() throws IOException;

    public String getServiceTicket(URL url) throws IOException {
        if (getTicketGrantingCookie() == null || getTicketGrantingCookie().getValue().isEmpty()) {
            throw new IOException("na valid TGC ");
        }
        URL createURLFromCasURI = createURLFromCasURI("/login?service=" + url.toExternalForm());
        HttpURLConnection httpURLConnection = (HttpURLConnection) createURLFromCasURI.openConnection();
        httpURLConnection.setInstanceFollowRedirects(false);
        addCasCookies(httpURLConnection);
        httpURLConnection.getInputStream().close();
        List<String> responseHeaderValues = getResponseHeaderValues(httpURLConnection, "Location");
        if (responseHeaderValues.isEmpty()) {
            throw new IOException("No redirect received for " + createURLFromCasURI);
        }
        String str = null;
        String[] split = new URL(responseHeaderValues.get(0)).getQuery().split("&");
        int length = split.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            String[] split2 = split[i].split("=");
            if (GeoServerCasConstants.ARTIFACT_PARAMETER.equalsIgnoreCase(split2[0].trim())) {
                str = split2[1].trim();
                break;
            }
            i++;
        }
        return str;
    }

    public void extractCASCookies(List<HttpCookie> list, HttpURLConnection httpURLConnection) {
        this.warningCookie = getCookieNamed(list, "CASPRIVACY");
        this.ticketGrantingCookie = getCookieNamed(list, "CASTGC");
    }
}
