package org.apache.catalina.authenticator;

import java.io.IOException;
import java.security.Principal;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import okhttp3.internal.cache.DiskLruCache;
import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.Engine;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Manager;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.SessionListener;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
import org.apache.juli.logging.Log;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-9.0.60.jar:org/apache/catalina/authenticator/SingleSignOn.class */
public class SingleSignOn extends ValveBase {
    private static final StringManager sm = StringManager.getManager((Class<?>) SingleSignOn.class);
    private Engine engine;
    protected Map<String, SingleSignOnEntry> cache;
    private boolean requireReauthentication;
    private String cookieDomain;
    private String cookieName;

    public SingleSignOn() {
        super(true);
        this.cache = new ConcurrentHashMap();
        this.requireReauthentication = false;
        this.cookieName = Constants.SINGLE_SIGN_ON_COOKIE;
    }

    public String getCookieDomain() {
        return this.cookieDomain;
    }

    public void setCookieDomain(String str) {
        if (str == null || str.trim().length() != 0) {
            this.cookieDomain = str;
        } else {
            this.cookieDomain = null;
        }
    }

    public String getCookieName() {
        return this.cookieName;
    }

    public void setCookieName(String str) {
        this.cookieName = str;
    }

    public boolean getRequireReauthentication() {
        return this.requireReauthentication;
    }

    public void setRequireReauthentication(boolean z) {
        this.requireReauthentication = z;
    }

    @Override // org.apache.catalina.Valve
    public void invoke(Request request, Response response) throws IOException, ServletException {
        request.removeNote(Constants.REQ_SSOID_NOTE);
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug(sm.getString("singleSignOn.debug.invoke", request.getRequestURI()));
        }
        if (request.getUserPrincipal() != null) {
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug(sm.getString("singleSignOn.debug.hasPrincipal", request.getUserPrincipal().getName()));
            }
            getNext().invoke(request, response);
            return;
        }
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug(sm.getString("singleSignOn.debug.cookieCheck"));
        }
        Cookie cookie = null;
        Cookie[] cookies = request.getCookies();
        if (cookies != null) {
            int length = cookies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Cookie cookie2 = cookies[i];
                if (this.cookieName.equals(cookie2.getName())) {
                    cookie = cookie2;
                    break;
                }
                i++;
            }
        }
        if (cookie == null) {
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug(sm.getString("singleSignOn.debug.cookieNotFound"));
            }
            getNext().invoke(request, response);
            return;
        }
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug(sm.getString("singleSignOn.debug.principalCheck", cookie.getValue()));
        }
        SingleSignOnEntry singleSignOnEntry = this.cache.get(cookie.getValue());
        if (singleSignOnEntry != null) {
            if (this.containerLog.isDebugEnabled()) {
                Log log = this.containerLog;
                StringManager stringManager = sm;
                Object[] objArr = new Object[2];
                objArr[0] = singleSignOnEntry.getPrincipal() != null ? singleSignOnEntry.getPrincipal().getName() : "";
                objArr[1] = singleSignOnEntry.getAuthType();
                log.debug(stringManager.getString("singleSignOn.debug.principalFound", objArr));
            }
            request.setNote(Constants.REQ_SSOID_NOTE, cookie.getValue());
            if (!getRequireReauthentication()) {
                request.setAuthType(singleSignOnEntry.getAuthType());
                request.setUserPrincipal(singleSignOnEntry.getPrincipal());
            }
        } else {
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug(sm.getString("singleSignOn.debug.principalNotFound", cookie.getValue()));
            }
            cookie.setValue(DiskLruCache.REMOVE);
            cookie.setMaxAge(0);
            cookie.setPath("/");
            String cookieDomain = getCookieDomain();
            if (cookieDomain != null) {
                cookie.setDomain(cookieDomain);
            }
            cookie.setSecure(request.isSecure());
            if (request.getServletContext().getSessionCookieConfig().isHttpOnly() || request.getContext().getUseHttpOnly()) {
                cookie.setHttpOnly(true);
            }
            response.addCookie(cookie);
        }
        getNext().invoke(request, response);
    }

    public void sessionDestroyed(String str, Session session) {
        if (getState().isAvailable()) {
            if ((session.getMaxInactiveInterval() > 0 && session.getIdleTimeInternal() >= session.getMaxInactiveInterval() * 1000) || !session.getManager().getContext().getState().isAvailable()) {
                if (this.containerLog.isDebugEnabled()) {
                    this.containerLog.debug(sm.getString("singleSignOn.debug.sessionTimeout", str, session));
                }
                removeSession(str, session);
            } else {
                if (this.containerLog.isDebugEnabled()) {
                    this.containerLog.debug(sm.getString("singleSignOn.debug.sessionLogout", str, session));
                }
                removeSession(str, session);
                if (this.cache.containsKey(str)) {
                    deregister(str);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean associate(String str, Session session) {
        SingleSignOnEntry singleSignOnEntry = this.cache.get(str);
        if (singleSignOnEntry == null) {
            if (!this.containerLog.isDebugEnabled()) {
                return false;
            }
            this.containerLog.debug(sm.getString("singleSignOn.debug.associateFail", str, session));
            return false;
        }
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug(sm.getString("singleSignOn.debug.associate", str, session));
        }
        singleSignOnEntry.addSession(this, str, session);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void deregister(String str) {
        SingleSignOnEntry remove = this.cache.remove(str);
        if (remove == null) {
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug(sm.getString("singleSignOn.debug.deregisterFail", str));
                return;
            }
            return;
        }
        Set<SingleSignOnSessionKey> findSessions = remove.findSessions();
        if (findSessions.size() == 0 && this.containerLog.isDebugEnabled()) {
            this.containerLog.debug(sm.getString("singleSignOn.debug.deregisterNone", str));
        }
        for (SingleSignOnSessionKey singleSignOnSessionKey : findSessions) {
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug(sm.getString("singleSignOn.debug.deregister", singleSignOnSessionKey, str));
            }
            expire(singleSignOnSessionKey);
        }
    }

    private void expire(SingleSignOnSessionKey singleSignOnSessionKey) {
        if (this.engine == null) {
            this.containerLog.warn(sm.getString("singleSignOn.sessionExpire.engineNull", singleSignOnSessionKey));
            return;
        }
        Container findChild = this.engine.findChild(singleSignOnSessionKey.getHostName());
        if (findChild == null) {
            this.containerLog.warn(sm.getString("singleSignOn.sessionExpire.hostNotFound", singleSignOnSessionKey));
            return;
        }
        Context context = (Context) findChild.findChild(singleSignOnSessionKey.getContextName());
        if (context == null) {
            this.containerLog.warn(sm.getString("singleSignOn.sessionExpire.contextNotFound", singleSignOnSessionKey));
            return;
        }
        Manager manager = context.getManager();
        if (manager == null) {
            this.containerLog.warn(sm.getString("singleSignOn.sessionExpire.managerNotFound", singleSignOnSessionKey));
            return;
        }
        try {
            Session findSession = manager.findSession(singleSignOnSessionKey.getSessionId());
            if (findSession == null) {
                this.containerLog.warn(sm.getString("singleSignOn.sessionExpire.sessionNotFound", singleSignOnSessionKey));
            } else {
                findSession.expire();
            }
        } catch (IOException e) {
            this.containerLog.warn(sm.getString("singleSignOn.sessionExpire.managerError", singleSignOnSessionKey), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean reauthenticate(String str, Realm realm, Request request) {
        String username;
        Principal authenticate;
        if (str == null || realm == null) {
            return false;
        }
        boolean z = false;
        SingleSignOnEntry singleSignOnEntry = this.cache.get(str);
        if (singleSignOnEntry != null && singleSignOnEntry.getCanReauthenticate() && (username = singleSignOnEntry.getUsername()) != null && (authenticate = realm.authenticate(username, singleSignOnEntry.getPassword())) != null) {
            z = true;
            request.setAuthType(singleSignOnEntry.getAuthType());
            request.setUserPrincipal(authenticate);
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void register(String str, Principal principal, String str2, String str3, String str4) {
        if (this.containerLog.isDebugEnabled()) {
            Log log = this.containerLog;
            StringManager stringManager = sm;
            Object[] objArr = new Object[3];
            objArr[0] = str;
            objArr[1] = principal != null ? principal.getName() : "";
            objArr[2] = str2;
            log.debug(stringManager.getString("singleSignOn.debug.register", objArr));
        }
        this.cache.put(str, new SingleSignOnEntry(principal, str2, str3, str4));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean update(String str, Principal principal, String str2, String str3, String str4) {
        SingleSignOnEntry singleSignOnEntry = this.cache.get(str);
        if (singleSignOnEntry == null || singleSignOnEntry.getCanReauthenticate()) {
            return false;
        }
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug(sm.getString("singleSignOn.debug.update", str, str2));
        }
        singleSignOnEntry.updateCredentials(principal, str2, str3, str4);
        return true;
    }

    protected void removeSession(String str, Session session) {
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug(sm.getString("singleSignOn.debug.removeSession", session, str));
        }
        SingleSignOnEntry singleSignOnEntry = this.cache.get(str);
        if (singleSignOnEntry == null) {
            return;
        }
        singleSignOnEntry.removeSession(session);
        if (singleSignOnEntry.findSessions().size() == 0) {
            deregister(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SessionListener getSessionListener(String str) {
        return new SingleSignOnListener(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.util.LifecycleBase
    public synchronized void startInternal() throws LifecycleException {
        Container container;
        Container container2 = getContainer();
        while (true) {
            container = container2;
            if (container == null || (container instanceof Engine)) {
                break;
            } else {
                container2 = container.getParent();
            }
        }
        if (container != null) {
            this.engine = (Engine) container;
        }
        super.startInternal();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.util.LifecycleBase
    public synchronized void stopInternal() throws LifecycleException {
        super.stopInternal();
        this.engine = null;
    }
}
