package org.jasig.cas.client.session;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.zip.Inflater;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.xml.bind.DatatypeConverter;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.jasig.cas.client.Protocol;
import org.jasig.cas.client.configuration.ConfigurationKeys;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.XmlUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/cas-client-core-3.4.1.jar:org/jasig/cas/client/session/SingleSignOutHandler.class */
public final class SingleSignOutHandler {
    private static final int DECOMPRESSION_FACTOR = 10;
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private SessionMappingStorage sessionMappingStorage = new HashMapBackedSessionMappingStorage();
    private String artifactParameterName = Protocol.CAS2.getArtifactParameterName();
    private String logoutParameterName = ConfigurationKeys.LOGOUT_PARAMETER_NAME.getDefaultValue();
    private String relayStateParameterName = ConfigurationKeys.RELAY_STATE_PARAMETER_NAME.getDefaultValue();
    private String casServerUrlPrefix = "";
    private boolean artifactParameterOverPost = false;
    private boolean eagerlyCreateSessions = true;
    private List<String> safeParameters;
    private final LogoutStrategy logoutStrategy;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/cas-client-core-3.4.1.jar:org/jasig/cas/client/session/SingleSignOutHandler$LogoutStrategy.class */
    public interface LogoutStrategy {
        void logout(HttpServletRequest httpServletRequest);
    }

    /* loaded from: input_file:BOOT-INF/lib/cas-client-core-3.4.1.jar:org/jasig/cas/client/session/SingleSignOutHandler$Servlet25LogoutStrategy.class */
    private class Servlet25LogoutStrategy implements LogoutStrategy {
        private Servlet25LogoutStrategy() {
        }

        @Override // org.jasig.cas.client.session.SingleSignOutHandler.LogoutStrategy
        public void logout(HttpServletRequest httpServletRequest) {
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/cas-client-core-3.4.1.jar:org/jasig/cas/client/session/SingleSignOutHandler$Servlet30LogoutStrategy.class */
    private class Servlet30LogoutStrategy implements LogoutStrategy {
        private Servlet30LogoutStrategy() {
        }

        @Override // org.jasig.cas.client.session.SingleSignOutHandler.LogoutStrategy
        public void logout(HttpServletRequest httpServletRequest) {
            try {
                httpServletRequest.logout();
            } catch (ServletException e) {
                SingleSignOutHandler.this.logger.debug("Error performing request.logout.");
            }
        }
    }

    public SingleSignOutHandler() {
        this.logoutStrategy = isServlet30() ? new Servlet30LogoutStrategy() : new Servlet25LogoutStrategy();
    }

    public void setSessionMappingStorage(SessionMappingStorage sessionMappingStorage) {
        this.sessionMappingStorage = sessionMappingStorage;
    }

    public void setArtifactParameterOverPost(boolean z) {
        this.artifactParameterOverPost = z;
    }

    public SessionMappingStorage getSessionMappingStorage() {
        return this.sessionMappingStorage;
    }

    public void setArtifactParameterName(String str) {
        this.artifactParameterName = str;
    }

    public void setLogoutParameterName(String str) {
        this.logoutParameterName = str;
    }

    public void setCasServerUrlPrefix(String str) {
        this.casServerUrlPrefix = str;
    }

    public void setRelayStateParameterName(String str) {
        this.relayStateParameterName = str;
    }

    public void setEagerlyCreateSessions(boolean z) {
        this.eagerlyCreateSessions = z;
    }

    public synchronized void init() {
        if (this.safeParameters == null) {
            CommonUtils.assertNotNull(this.artifactParameterName, "artifactParameterName cannot be null.");
            CommonUtils.assertNotNull(this.logoutParameterName, "logoutParameterName cannot be null.");
            CommonUtils.assertNotNull(this.sessionMappingStorage, "sessionMappingStorage cannot be null.");
            CommonUtils.assertNotNull(this.relayStateParameterName, "relayStateParameterName cannot be null.");
            CommonUtils.assertNotNull(this.casServerUrlPrefix, "casServerUrlPrefix cannot be null.");
            if (CommonUtils.isBlank(this.casServerUrlPrefix)) {
                this.logger.warn("Front Channel single sign out redirects are disabled when the 'casServerUrlPrefix' value is not set.");
            }
            if (this.artifactParameterOverPost) {
                this.safeParameters = Arrays.asList(this.logoutParameterName, this.artifactParameterName);
            } else {
                this.safeParameters = Collections.singletonList(this.logoutParameterName);
            }
        }
    }

    private boolean isTokenRequest(HttpServletRequest httpServletRequest) {
        return CommonUtils.isNotBlank(CommonUtils.safeGetParameter(httpServletRequest, this.artifactParameterName, this.safeParameters));
    }

    private boolean isLogoutRequest(HttpServletRequest httpServletRequest) {
        if ("POST".equalsIgnoreCase(httpServletRequest.getMethod())) {
            return !isMultipartRequest(httpServletRequest) && CommonUtils.isNotBlank(CommonUtils.safeGetParameter(httpServletRequest, this.logoutParameterName, this.safeParameters));
        }
        if ("GET".equalsIgnoreCase(httpServletRequest.getMethod())) {
            return CommonUtils.isNotBlank(CommonUtils.safeGetParameter(httpServletRequest, this.logoutParameterName, this.safeParameters));
        }
        return false;
    }

    public boolean process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (isTokenRequest(httpServletRequest)) {
            this.logger.trace("Received a token request");
            recordSession(httpServletRequest);
            return true;
        }
        if (!isLogoutRequest(httpServletRequest)) {
            this.logger.trace("Ignoring URI for logout: {}", httpServletRequest.getRequestURI());
            return true;
        }
        this.logger.trace("Received a logout request");
        destroySession(httpServletRequest);
        return false;
    }

    private void recordSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(this.eagerlyCreateSessions);
        if (session == null) {
            this.logger.debug("No session currently exists (and none created).  Cannot record session information for single sign out.");
            return;
        }
        String safeGetParameter = CommonUtils.safeGetParameter(httpServletRequest, this.artifactParameterName, this.safeParameters);
        this.logger.debug("Recording session for token {}", safeGetParameter);
        try {
            this.sessionMappingStorage.removeBySessionById(session.getId());
        } catch (Exception e) {
        }
        this.sessionMappingStorage.addSessionById(safeGetParameter, session);
    }

    private String uncompressLogoutMessage(String str) {
        byte[] parseBase64Binary = DatatypeConverter.parseBase64Binary(str);
        Inflater inflater = null;
        try {
            try {
                inflater = new Inflater();
                inflater.setInput(parseBase64Binary);
                byte[] bArr = new byte[parseBase64Binary.length * 10];
                String str2 = new String(bArr, 0, inflater.inflate(bArr), "UTF-8");
                if (inflater != null) {
                    inflater.end();
                }
                return str2;
            } catch (Exception e) {
                this.logger.error("Unable to decompress logout message", (Throwable) e);
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            if (inflater != null) {
                inflater.end();
            }
            throw th;
        }
    }

    private void destroySession(HttpServletRequest httpServletRequest) {
        HttpSession removeSessionByMappingId;
        String safeGetParameter = CommonUtils.safeGetParameter(httpServletRequest, this.logoutParameterName, this.safeParameters);
        if (CommonUtils.isBlank(safeGetParameter)) {
            this.logger.error("Could not locate logout message of the request from {}", this.logoutParameterName);
            return;
        }
        if (!safeGetParameter.contains("SessionIndex")) {
            safeGetParameter = uncompressLogoutMessage(safeGetParameter);
        }
        this.logger.trace("Logout request:\n{}", safeGetParameter);
        String textForElement = XmlUtils.getTextForElement(safeGetParameter, "SessionIndex");
        if (!CommonUtils.isNotBlank(textForElement) || (removeSessionByMappingId = this.sessionMappingStorage.removeSessionByMappingId(textForElement)) == null) {
            return;
        }
        this.logger.debug("Invalidating session [{}] for token [{}]", removeSessionByMappingId.getId(), textForElement);
        try {
            removeSessionByMappingId.invalidate();
        } catch (IllegalStateException e) {
            this.logger.debug("Error invalidating session.", (Throwable) e);
        }
        this.logoutStrategy.logout(httpServletRequest);
    }

    private boolean isMultipartRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getContentType() != null && httpServletRequest.getContentType().toLowerCase().startsWith("multipart");
    }

    private static boolean isServlet30() {
        try {
            return HttpServletRequest.class.getMethod(CasWebflowConfigurer.FLOW_ID_LOGOUT, new Class[0]) != null;
        } catch (NoSuchMethodException e) {
            return false;
        }
    }
}
