package edu.yale.its.tp.cas.servlet;

import edu.yale.its.tp.cas.auth.AuthHandler;
import edu.yale.its.tp.cas.auth.PasswordHandler;
import edu.yale.its.tp.cas.auth.TrustHandler;
import edu.yale.its.tp.cas.ticket.GrantorCache;
import edu.yale.its.tp.cas.ticket.LoginTicketCache;
import edu.yale.its.tp.cas.ticket.ServiceTicket;
import edu.yale.its.tp.cas.ticket.ServiceTicketCache;
import edu.yale.its.tp.cas.ticket.TicketException;
import edu.yale.its.tp.cas.ticket.TicketGrantingTicket;
import java.io.IOException;
import java.util.Date;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.jasig.cas.web.support.WebConstants;
import org.kuali.rice.core.database.XAPoolDataSource;
import org.springframework.web.servlet.tags.form.AbstractHtmlInputElementTag;

/* loaded from: input_file:WEB-INF/lib/cas-2.0.12.jar:edu/yale/its/tp/cas/servlet/Login.class */
public class Login extends HttpServlet {
    private static final String TGC_ID = "CASTGC";
    private static final String PRIVACY_ID = "CASPRIVACY";
    private static final String SERVICE = "service";
    private static final String RENEW = "renew";
    private static final String GATEWAY = "gateway";
    private GrantorCache tgcCache;
    private ServiceTicketCache stCache;
    private LoginTicketCache ltCache;
    private AuthHandler handler;
    private String loginForm;
    private String genericSuccess;
    private String serviceSuccess;
    private String confirmService;
    private String redirect;
    private ServletContext app;

    public void init(ServletConfig servletConfig) throws ServletException {
        this.app = servletConfig.getServletContext();
        this.tgcCache = (GrantorCache) this.app.getAttribute("tgcCache");
        this.stCache = (ServiceTicketCache) this.app.getAttribute("stCache");
        this.ltCache = (LoginTicketCache) this.app.getAttribute("ltCache");
        try {
            String initParameter = this.app.getInitParameter("edu.yale.its.tp.cas.authHandler");
            if (initParameter == null) {
                throw new ServletException("need edu.yale.its.tp.cas.authHandler");
            }
            this.handler = (AuthHandler) Class.forName(initParameter).newInstance();
            if (!(this.handler instanceof TrustHandler) && !(this.handler instanceof PasswordHandler)) {
                throw new ServletException(new StringBuffer("unrecognized handler type: ").append(initParameter).toString());
            }
            this.loginForm = this.app.getInitParameter("edu.yale.its.tp.cas.loginForm");
            this.serviceSuccess = this.app.getInitParameter("edu.yale.its.tp.cas.serviceSuccess");
            this.genericSuccess = this.app.getInitParameter("edu.yale.its.tp.cas.genericSuccess");
            this.confirmService = this.app.getInitParameter("edu.yale.its.tp.cas.confirmService");
            this.redirect = this.app.getInitParameter("edu.yale.its.tp.cas.redirect");
            if (this.loginForm == null || this.genericSuccess == null || this.redirect == null || this.confirmService == null) {
                throw new ServletException("need edu.yale.its.tp.cas.loginForm, -genericSuccess, -serviceSuccess, -redirect, and -confirmService");
            }
        } catch (ClassNotFoundException e) {
            throw new ServletException(e.toString());
        } catch (IllegalAccessException e2) {
            throw new ServletException(e2.toString());
        } catch (InstantiationException e3) {
            throw new ServletException(e3.toString());
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGet(httpServletRequest, httpServletResponse);
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setHeader("Cache-Control", "no-store");
        httpServletResponse.setDateHeader("Expires", -1);
        Cookie[] cookies = httpServletRequest.getCookies();
        TicketGrantingTicket ticketGrantingTicket = null;
        if (cookies != null) {
            for (int i = 0; i < cookies.length; i++) {
                if (cookies[i].getName().equals(TGC_ID)) {
                    ticketGrantingTicket = (TicketGrantingTicket) this.tgcCache.getTicket(cookies[i].getValue());
                    if (ticketGrantingTicket != null && httpServletRequest.getParameter("renew") == null) {
                        grantForService(httpServletRequest, httpServletResponse, ticketGrantingTicket, httpServletRequest.getParameter("service"), false);
                        return;
                    }
                }
            }
        }
        if (httpServletRequest.getParameter("service") != null && httpServletRequest.getParameter("gateway") != null) {
            httpServletRequest.setAttribute("serviceId", httpServletRequest.getParameter("service"));
            this.app.getRequestDispatcher(this.redirect).forward(httpServletRequest, httpServletResponse);
            return;
        }
        if (this.handler instanceof TrustHandler) {
            String username = ((TrustHandler) this.handler).getUsername(httpServletRequest);
            if (username == null) {
                throw new ServletException("unable to authenticate user");
            }
            if (ticketGrantingTicket == null) {
                ticketGrantingTicket = sendTgc(username, httpServletRequest, httpServletResponse);
            } else if (!ticketGrantingTicket.getUsername().equals(username)) {
                ticketGrantingTicket.expire();
                ticketGrantingTicket = sendTgc(username, httpServletRequest, httpServletResponse);
            }
            sendPrivacyCookie(httpServletRequest, httpServletResponse);
            grantForService(httpServletRequest, httpServletResponse, ticketGrantingTicket, httpServletRequest.getParameter("service"), true);
            return;
        }
        if ((this.handler instanceof PasswordHandler) && httpServletRequest.getParameter(XAPoolDataSource.USERNAME) != null && httpServletRequest.getParameter("password") != null && httpServletRequest.getParameter("lt") != null) {
            if (this.ltCache.getTicket(httpServletRequest.getParameter("lt")) == null) {
                httpServletRequest.setAttribute("edu.yale.its.tp.cas.badLoginTicket", "");
                System.out.println(new StringBuffer("Login.java: ").append(new Date()).append(": invalid login ticket from ").append(httpServletRequest.getRemoteAddr()).toString());
            } else {
                if (((PasswordHandler) this.handler).authenticate(httpServletRequest, httpServletRequest.getParameter(XAPoolDataSource.USERNAME), httpServletRequest.getParameter("password"))) {
                    if (ticketGrantingTicket == null) {
                        ticketGrantingTicket = sendTgc(httpServletRequest.getParameter(XAPoolDataSource.USERNAME), httpServletRequest, httpServletResponse);
                    } else if (!ticketGrantingTicket.getUsername().equals(httpServletRequest.getParameter(XAPoolDataSource.USERNAME))) {
                        ticketGrantingTicket.expire();
                        ticketGrantingTicket = sendTgc(httpServletRequest.getParameter(XAPoolDataSource.USERNAME), httpServletRequest, httpServletResponse);
                    }
                    sendPrivacyCookie(httpServletRequest, httpServletResponse);
                    grantForService(httpServletRequest, httpServletResponse, ticketGrantingTicket, httpServletRequest.getParameter("service"), true);
                    return;
                }
                httpServletRequest.setAttribute("edu.yale.its.tp.cas.badUsernameOrPassword", "");
            }
        }
        httpServletRequest.setAttribute("edu.yale.its.tp.cas.service", httpServletRequest.getParameter("service"));
        try {
            httpServletRequest.setAttribute("edu.yale.its.tp.cas.lt", this.ltCache.addTicket());
            this.app.getRequestDispatcher(this.loginForm).forward(httpServletRequest, httpServletResponse);
        } catch (TicketException e) {
            throw new ServletException(e);
        }
    }

    private void grantForService(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, TicketGrantingTicket ticketGrantingTicket, String str, boolean z) throws ServletException, IOException {
        try {
            httpServletResponse.getWriter();
            if (str == null) {
                this.app.getRequestDispatcher(this.genericSuccess).forward(httpServletRequest, httpServletResponse);
                return;
            }
            String addTicket = this.stCache.addTicket(new ServiceTicket(ticketGrantingTicket, str, z));
            httpServletRequest.setAttribute("serviceId", str);
            httpServletRequest.setAttribute(SchemaSymbols.ATTVAL_TOKEN, addTicket);
            if (z) {
                httpServletRequest.setAttribute("first", "true");
                this.app.getRequestDispatcher(this.serviceSuccess).forward(httpServletRequest, httpServletResponse);
            } else if (privacyRequested(httpServletRequest)) {
                this.app.getRequestDispatcher(this.confirmService).forward(httpServletRequest, httpServletResponse);
            } else {
                httpServletRequest.setAttribute("first", "false");
                this.app.getRequestDispatcher(this.serviceSuccess).forward(httpServletRequest, httpServletResponse);
            }
        } catch (TicketException e) {
            throw new ServletException(e.toString());
        }
    }

    private TicketGrantingTicket sendTgc(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        try {
            TicketGrantingTicket ticketGrantingTicket = new TicketGrantingTicket(str);
            Cookie cookie = new Cookie(TGC_ID, this.tgcCache.addTicket(ticketGrantingTicket));
            cookie.setSecure(true);
            cookie.setMaxAge(-1);
            cookie.setPath(httpServletRequest.getContextPath());
            httpServletResponse.addCookie(cookie);
            return ticketGrantingTicket;
        } catch (TicketException e) {
            throw new ServletException(e.toString());
        }
    }

    private void sendPrivacyCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        if (httpServletRequest.getParameter(WebConstants.WARN) != null) {
            Cookie cookie = new Cookie(PRIVACY_ID, "enabled");
            cookie.setSecure(true);
            cookie.setMaxAge(-1);
            cookie.setPath(httpServletRequest.getContextPath());
            httpServletResponse.addCookie(cookie);
            return;
        }
        if (privacyRequested(httpServletRequest)) {
            Cookie cookie2 = new Cookie(PRIVACY_ID, AbstractHtmlInputElementTag.DISABLED_ATTRIBUTE);
            cookie2.setSecure(true);
            cookie2.setMaxAge(0);
            cookie2.setPath(httpServletRequest.getContextPath());
            httpServletResponse.addCookie(cookie2);
        }
    }

    private boolean privacyRequested(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return false;
        }
        for (int i = 0; i < cookies.length; i++) {
            if (cookies[i].getName().equals(PRIVACY_ID) && cookies[i].getValue().equals("enabled")) {
                return true;
            }
        }
        return false;
    }
}
