package io.github.springboot.httpclient.auth.cas;

import io.github.springboot.httpclient.core.utils.HostUtils;
import java.net.URL;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpRequest;
import org.apache.http.client.CookieStore;
import org.apache.http.client.fluent.Executor;
import org.apache.http.client.fluent.Request;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.cookie.Cookie;
import org.jasig.cas.client.util.AssertionHolder;
import org.jasig.cas.client.validation.Assertion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;

/* loaded from: input_file:io/github/springboot/httpclient/auth/cas/CasAuthenticator.class */
public class CasAuthenticator {
    private static final Logger log = LoggerFactory.getLogger(CasAuthenticator.class);

    @Autowired
    private ObjectProvider<CookieStore> cookieStoreProvider;

    @Autowired
    @Lazy
    private Executor httpExecutor;

    public void authCas(HttpRequest httpRequest, String str) throws Exception {
        Assertion assertion = AssertionHolder.getAssertion();
        if (assertion == null) {
            throw new IllegalStateException("No cas assertion found for CAS proxy ticket authentification");
        }
        String str2 = str;
        String uri = httpRequest.getRequestLine().getUri();
        URL url = new URL(uri);
        String rootPath = HostUtils.getRootPath(url);
        if (StringUtils.isBlank(str2)) {
            String baseUrl = HostUtils.getBaseUrl(url);
            if (StringUtils.isNotBlank(rootPath)) {
                baseUrl = baseUrl + rootPath + "/";
            }
            str2 = baseUrl + "auth/login";
        }
        if (StringUtils.startsWithIgnoreCase(uri, str2)) {
            log.trace("Authentication request on URL ({}); no need to authenticate itself this request", httpRequest);
            return;
        }
        if (StringUtils.startsWithIgnoreCase(StringUtils.substringAfterLast(url.getPath(), "/"), "public")) {
            log.debug("This URL ({}) is public, bypass CAS Authentication...", httpRequest);
            return;
        }
        log.debug("This URL ({}) is CAS protected, using Proxy Ticket mechanism to authenticate user", httpRequest);
        String hasSessionOn = hasSessionOn(url, rootPath);
        if (!StringUtils.isBlank(hasSessionOn)) {
            log.debug("Already authenticated on CAS protected URL ({}), no need to authenticate again, current sessionID : {}", httpRequest, hasSessionOn);
            return;
        }
        log.debug("Using CAS Authentication for url : {} on endpoint {}", httpRequest, str2);
        String proxyTicketFor = assertion.getPrincipal().getProxyTicketFor(str2);
        if (!StringUtils.isNotBlank(proxyTicketFor)) {
            log.info("ProxyTicket for {} (CAS protected URL) is NULL, unable to authenticate through endpoint {}", httpRequest, str2);
            return;
        }
        log.debug("Using PT : {} for {}", proxyTicketFor, str2);
        URIBuilder uRIBuilder = new URIBuilder(str2);
        uRIBuilder.addParameter("ticket", proxyTicketFor);
        String uri2 = uRIBuilder.build().toString();
        log.debug("PRE-Authenticating on URL : {}; gives : {}", uri2, this.httpExecutor.execute(Request.Get(uri2)).returnContent().asString());
    }

    private String hasSessionOn(URL url, String str) {
        CookieStore cookieStore = (CookieStore) this.cookieStoreProvider.getIfAvailable();
        if (cookieStore == null) {
            return null;
        }
        String str2 = null;
        List<Cookie> cookies = cookieStore.getCookies();
        if (cookies != null && !cookies.isEmpty()) {
            Iterator<Cookie> it = cookies.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Cookie next = it.next();
                if (StringUtils.equalsIgnoreCase(next.getName(), "jsessionid") && StringUtils.equalsIgnoreCase(next.getDomain(), url.getHost()) && StringUtils.equalsIgnoreCase(next.getPath(), str)) {
                    str2 = next.getValue();
                    break;
                }
            }
        }
        return str2;
    }
}
