package com.gentics.portalnode.auth.gcn.cas;

import com.gentics.api.lib.exception.NodeException;
import com.gentics.lib.etc.StringUtils;
import com.gentics.portalnode.auth.gcn.AbstractGCNAuthenticationServletFilter;
import com.gentics.portalnode.auth.gcn.GCNAuthHelper;
import com.gentics.portalnode.auth.gcn.GCNSessionToken;
import com.gentics.portalnode.auth.gcn.ModifiableServletRequestWrapper;
import com.gentics.portalnode.auth.gcn.StatusExposingServletResponse;
import java.io.IOException;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import org.apache.batik.util.XMLConstants;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.methods.GetMethod;
import org.jasig.cas.client.util.AssertionHolder;
import org.jasig.cas.client.validation.Assertion;

/* loaded from: input_file:WEB-INF/lib/portalnode-lib-4.2.0.jar:com/gentics/portalnode/auth/gcn/cas/GCNCasProxyAuthenticationServletFilter.class */
public class GCNCasProxyAuthenticationServletFilter extends AbstractGCNAuthenticationServletFilter {
    public static final String CAS_SERVER_URL_PREFIX_PARAM_NAME = "casServerUrlPrefix";
    protected String casServerUrlPrefix;

    @Override // com.gentics.portalnode.auth.gcn.AbstractGCNAuthenticationServletFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        this.casServerUrlPrefix = loadFilterParameter(filterConfig, CAS_SERVER_URL_PREFIX_PARAM_NAME);
    }

    public GCNSessionToken performGCNProxyLogin(ModifiableServletRequestWrapper modifiableServletRequestWrapper, HttpServletResponse httpServletResponse) throws IOException, NodeException {
        Assertion assertion = AssertionHolder.getAssertion();
        if (assertion == null) {
            throw new NodeException("Could not find a valid assertion. Aborting proxy login.");
        }
        if (this.logger.isDebugEnabled()) {
            printAssertionDebugInfo(assertion);
        }
        String proxyTicketFor = assertion.getPrincipal().getProxyTicketFor(this.gcnRestLoginUrl);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Obtained ProxyTicket for: {" + this.gcnRestLoginUrl + "} is {" + proxyTicketFor + "}");
        }
        if (proxyTicketFor == null) {
            throw new NodeException("Could not fetch ProxyTicket for url {" + this.gcnRestLoginUrl + "}.");
        }
        GCNSessionToken doGCNLogin = doGCNLogin(this.gcnRestLoginUrl, proxyTicketFor);
        saveGCNSessionToUserSession(doGCNLogin, modifiableServletRequestWrapper);
        return doGCNLogin;
    }

    public GCNSessionToken doGCNLogin(String str, String str2) throws NodeException {
        if (str2 == null) {
            throw new NodeException("Invalid proxyTicket {" + str2 + "} provided.");
        }
        HttpClient httpClient = new HttpClient();
        String str3 = str + "?ticket=" + str2;
        GetMethod getMethod = new GetMethod(str3);
        getMethod.setFollowRedirects(true);
        try {
            int executeMethod = httpClient.executeMethod(getMethod);
            if (this.logger.isDebugEnabled()) {
                for (Header header : getMethod.getResponseHeaders()) {
                    this.logger.debug("Header: " + header.getName() + XMLConstants.XML_EQUAL_SIGN + header.getValue());
                }
            }
            String responseBodyAsString = getMethod.getResponseBodyAsString();
            if (executeMethod != 200) {
                this.logger.debug("Request failed with code {" + executeMethod + "} response content was {" + responseBodyAsString + "}");
                throw new NodeException("Could not login because the login response for {" + str3 + "} was invalid: Method failed: " + getMethod.getStatusLine());
            }
            String secretSessionCookieValue = GCNAuthHelper.getSecretSessionCookieValue(getMethod);
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Login successfull\nResponse content (sid): " + responseBodyAsString + "\nResponse Cookie: (sessionsecret): " + secretSessionCookieValue);
            }
            if (StringUtils.isEmpty(responseBodyAsString) && StringUtils.isEmpty(secretSessionCookieValue)) {
                throw new NodeException("Could not login because either session id or the session secret could not be found in the login response.");
            }
            return new GCNSessionToken(responseBodyAsString, secretSessionCookieValue);
        } catch (HttpException e) {
            throw new NodeException("Could not login. Http Request to login url {" + str3 + "} failed.", e);
        } catch (IOException e2) {
            throw new NodeException("Could not login. Http Request to login url {" + str3 + "} failed.", e2);
        }
    }

    protected void printAssertionDebugInfo(Assertion assertion) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Assertion principal name: {" + assertion.getPrincipal().getName() + "}.");
            for (Object obj : assertion.getPrincipal().getAttributes().keySet()) {
                this.logger.debug("Attribute principal attribute:" + obj + XMLConstants.XML_EQUAL_SIGN + ((String) assertion.getPrincipal().getAttributes().get(obj)));
            }
        }
    }

    @Override // com.gentics.portalnode.auth.gcn.AbstractGCNAuthenticationServletFilter
    protected GCNSessionToken performGCNLogin(ModifiableServletRequestWrapper modifiableServletRequestWrapper, StatusExposingServletResponse statusExposingServletResponse) throws IOException, NodeException {
        return performGCNProxyLogin(modifiableServletRequestWrapper, statusExposingServletResponse);
    }
}
