package org.apache.jetspeed.portlet;

import java.io.IOException;
import java.security.AccessController;
import java.util.HashMap;
import java.util.StringTokenizer;
import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
import javax.portlet.PortletConfig;
import javax.portlet.PortletContext;
import javax.portlet.PortletException;
import javax.portlet.PortletMode;
import javax.portlet.PortletPreferences;
import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
import javax.security.auth.Subject;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.auth.AuthState;
import org.apache.commons.httpclient.auth.BasicScheme;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jetspeed.CommonPortletServices;
import org.apache.jetspeed.rewriter.WebContentRewriter;
import org.apache.jetspeed.security.JSSubject;
import org.apache.jetspeed.sso.SSOContext;
import org.apache.jetspeed.sso.SSOException;
import org.apache.jetspeed.sso.SSOProvider;
import org.apache.portals.messaging.PortletMessaging;

/* loaded from: input_file:portal.zip:webapps/demo.war:WEB-INF/lib/jetspeed-web-content-2.1.4.jar:org/apache/jetspeed/portlet/SSOWebContentPortlet.class */
public class SSOWebContentPortlet extends WebContentPortlet {
    public static final String SSO_TYPE = "sso.type";
    public static final String SSO_TYPE_HTTP = "http";
    public static final String SSO_TYPE_BASIC = "basic";
    public static final String SSO_TYPE_BASIC_PREEMPTIVE = "basic.preemptive";
    public static final String SSO_TYPE_FORM = "form";
    public static final String SSO_TYPE_FORM_GET = "form.get";
    public static final String SSO_TYPE_FORM_POST = "form.post";
    public static final String SSO_TYPE_URL = "url";
    public static final String SSO_TYPE_URL_BASE64 = "url.base64";
    public static final String SSO_TYPE_CERTIFICATE = "certificate";
    public static final String SSO_TYPE_DEFAULT = "basic";
    public static final String BASIC_AUTH_SCHEME_NAME = new BasicScheme().getSchemeName();
    public static final String SSO_TYPE_URL_USERNAME_PARAM = "sso.url.Principal";
    public static final String SSO_TYPE_URL_PASSWORD_PARAM = "sso.url.Credential";
    public static final String SSO_TYPE_FORM_ACTION_URL = "sso.form.Action";
    public static final String SSO_TYPE_FORM_ACTION_ARGS = "sso.form.Args";
    public static final String SSO_TYPE_FORM_USERNAME_FIELD = "sso.form.Principal";
    public static final String SSO_TYPE_FORM_PASSWORD_FIELD = "sso.form.Credential";
    public static final String SSO_REQUEST_ATTRIBUTE_USERNAME = "sso.ra.username";
    public static final String SSO_REQUEST_ATTRIBUTE_PASSWORD = "sso.ra.password";
    public static final String SSO_EDIT_FIELD_PRINCIPAL = "ssoPrincipal";
    public static final String SSO_EDIT_FIELD_CREDENTIAL = "ssoCredential";
    public static final String FORM_AUTH_STATE = "ssowebcontent.form.authstate";
    protected static final Log log;
    protected PortletContext context;
    protected SSOProvider sso;
    static Class class$org$apache$jetspeed$portlet$SSOWebContentPortlet;

    @Override // org.apache.jetspeed.portlet.WebContentPortlet, org.apache.portals.bridges.velocity.GenericVelocityPortlet, org.apache.portals.bridges.common.GenericServletPortlet, javax.portlet.GenericPortlet, javax.portlet.Portlet
    public void init(PortletConfig portletConfig) throws PortletException {
        super.init(portletConfig);
        this.context = getPortletContext();
        this.sso = (SSOProvider) this.context.getAttribute(CommonPortletServices.CPS_SSO_COMPONENT);
        if (null == this.sso) {
            throw new PortletException("Failed to find SSO Provider on portlet initialization");
        }
    }

    @Override // org.apache.jetspeed.portlet.WebContentPortlet, org.apache.portals.bridges.velocity.GenericVelocityPortlet, org.apache.portals.bridges.common.GenericServletPortlet, javax.portlet.GenericPortlet, javax.portlet.Portlet
    public void processAction(ActionRequest actionRequest, ActionResponse actionResponse) throws PortletException, IOException {
        String parameter = actionRequest.getParameter(WebContentRewriter.ACTION_PARAMETER_URL);
        String parameter2 = actionRequest.getParameter("ssoPrincipal");
        String parameter3 = actionRequest.getParameter("ssoCredential");
        super.processAction(actionRequest, actionResponse);
        if (parameter == null || actionRequest.getPortletMode() == PortletMode.EDIT) {
            String value = actionRequest.getPreferences().getValue("SRC", "");
            try {
                Subject subject = getSubject();
                if (!this.sso.hasSSOCredentials(subject, value)) {
                    this.sso.addCredentialsForSite(subject, parameter2, value, parameter3);
                } else if (this.sso.getCredentials(subject, value).getRemotePrincipalName().equals(parameter2)) {
                    this.sso.updateCredentialsForSite(subject, parameter2, value, parameter3);
                } else {
                    this.sso.removeCredentialsForSite(subject, value);
                    this.sso.addCredentialsForSite(subject, parameter2, value, parameter3);
                }
            } catch (SSOException e) {
                throw new PortletException(e);
            }
        }
    }

    @Override // org.apache.jetspeed.portlet.WebContentPortlet, org.apache.portals.bridges.velocity.GenericVelocityPortlet, org.apache.portals.bridges.common.GenericServletPortlet, javax.portlet.GenericPortlet
    public void doView(RenderRequest renderRequest, RenderResponse renderResponse) throws PortletException, IOException {
        String value = renderRequest.getPreferences().getValue("SRC", null);
        if (value == null) {
            renderRequest.setAttribute("ViewPage", getPortletConfig().getInitParameter("EditPage"));
            setupPreferencesEdit(renderRequest, renderResponse);
        } else {
            try {
                SSOContext credentials = this.sso.getCredentials(getSubject(), value);
                renderRequest.setAttribute("sso.ra.username", credentials.getRemotePrincipalName());
                renderRequest.setAttribute("sso.ra.password", credentials.getRemoteCredential());
            } catch (SSOException e) {
                if (!e.getMessage().equals(SSOException.NO_CREDENTIALS_FOR_SITE)) {
                    throw new PortletException(e);
                }
                renderRequest.setAttribute("ViewPage", getPortletConfig().getInitParameter("EditPage"));
                setupPreferencesEdit(renderRequest, renderResponse);
            }
        }
        super.doView(renderRequest, renderResponse);
    }

    @Override // org.apache.jetspeed.portlet.WebContentPortlet, org.apache.portals.bridges.velocity.GenericVelocityPortlet, org.apache.portals.bridges.common.GenericServletPortlet, javax.portlet.GenericPortlet
    public void doEdit(RenderRequest renderRequest, RenderResponse renderResponse) throws PortletException, IOException {
        try {
            SSOContext credentials = this.sso.getCredentials(getSubject(), renderRequest.getPreferences().getValue("SRC", ""));
            getContext(renderRequest).put("ssoPrincipal", credentials.getRemotePrincipalName());
            getContext(renderRequest).put("ssoCredential", credentials.getRemoteCredential());
        } catch (SSOException e) {
            if (!e.getMessage().equals(SSOException.NO_CREDENTIALS_FOR_SITE)) {
                throw new PortletException(e);
            }
            getContext(renderRequest).put("ssoPrincipal", "");
            getContext(renderRequest).put("ssoCredential", "");
        }
        super.doEdit(renderRequest, renderResponse);
    }

    private Subject getSubject() {
        return JSSubject.getSubject(AccessController.getContext());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jetspeed.portlet.WebContentPortlet
    public byte[] doPreemptiveAuthentication(HttpClient httpClient, HttpMethod httpMethod, RenderRequest renderRequest, RenderResponse renderResponse) {
        byte[] doPreemptiveAuthentication = super.doPreemptiveAuthentication(httpClient, httpMethod, renderRequest, renderResponse);
        if (doPreemptiveAuthentication != null) {
            return doPreemptiveAuthentication;
        }
        PortletPreferences preferences = renderRequest.getPreferences();
        String singleSignOnAuthType = getSingleSignOnAuthType(preferences);
        if (singleSignOnAuthType.equalsIgnoreCase(SSO_TYPE_BASIC_PREEMPTIVE)) {
            String str = (String) renderRequest.getAttribute("sso.ra.username");
            if (str == null) {
                str = "";
            }
            String str2 = (String) renderRequest.getAttribute("sso.ra.password");
            if (str2 == null) {
                str2 = "";
            }
            httpMethod.setDoAuthentication(true);
            httpMethod.getHostAuthState().setPreemptive();
            httpClient.getState().setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(str, str2));
            return doPreemptiveAuthentication;
        }
        if (!singleSignOnAuthType.startsWith("form")) {
            if (!singleSignOnAuthType.equalsIgnoreCase("url") && !singleSignOnAuthType.equalsIgnoreCase("url.base64")) {
                return null;
            }
            String value = preferences.getValue("sso.url.Principal", "");
            if (value == null || value.length() == 0) {
                log.warn("sso.type specified as 'url', but no: sso.url.Principal, username parameter was specified - unable to preemptively authenticate by URL.");
                return null;
            }
            String value2 = preferences.getValue("sso.url.Credential", "");
            if (value2 == null || value2.length() == 0) {
                log.warn("sso.type specified as 'url', but no: sso.url.Credential, password parameter was specified - unable to preemptively authenticate by URL.");
                return null;
            }
            String str3 = (String) renderRequest.getAttribute("sso.ra.username");
            if (str3 == null) {
                str3 = "";
            }
            String str4 = (String) renderRequest.getAttribute("sso.ra.password");
            if (str4 == null) {
                str4 = "";
            }
            if (singleSignOnAuthType.equalsIgnoreCase("url.base64")) {
                Base64 base64 = new Base64();
                str3 = new String(base64.encode(str3.getBytes()));
                str4 = new String(base64.encode(str4.getBytes()));
            }
            if (httpMethod instanceof PostMethod) {
                PostMethod postMethod = (PostMethod) httpMethod;
                postMethod.addParameter(value, str3);
                postMethod.addParameter(value2, str4);
            } else {
                NameValuePair[] nameValuePairArr = {new NameValuePair(value, str3), new NameValuePair(value2, str4)};
                String queryString = httpMethod.getQueryString();
                httpMethod.setQueryString(nameValuePairArr);
                if (queryString != null && queryString.length() > 0) {
                    httpMethod.setQueryString(new StringBuffer().append(queryString).append('&').append(httpMethod.getQueryString()).toString());
                }
            }
            return doPreemptiveAuthentication;
        }
        try {
            Boolean bool = (Boolean) PortletMessaging.receive(renderRequest, FORM_AUTH_STATE);
            if (bool != null) {
                if (bool.booleanValue()) {
                    return doPreemptiveAuthentication;
                }
                return null;
            }
            PortletMessaging.publish(renderRequest, FORM_AUTH_STATE, Boolean.FALSE);
            String value3 = preferences.getValue(SSO_TYPE_FORM_ACTION_URL, "");
            if (value3 == null || value3.length() == 0) {
                log.warn("sso.type specified as 'form', but no: sso.form.Action, action was specified - unable to preemptively authenticate by form.");
                return null;
            }
            String value4 = preferences.getValue(SSO_TYPE_FORM_USERNAME_FIELD, "");
            if (value4 == null || value4.length() == 0) {
                log.warn("sso.type specified as 'form', but no: sso.form.Principal, username field was specified - unable to preemptively authenticate by form.");
                return null;
            }
            String value5 = preferences.getValue(SSO_TYPE_FORM_PASSWORD_FIELD, "password");
            if (value5 == null || value5.length() == 0) {
                log.warn("sso.type specified as 'form', but no: sso.form.Credential, password field was specified - unable to preemptively authenticate by form.");
                return null;
            }
            String str5 = (String) renderRequest.getAttribute("sso.ra.username");
            if (str5 == null) {
                str5 = "";
            }
            String str6 = (String) renderRequest.getAttribute("sso.ra.password");
            if (str6 == null) {
                str6 = "";
            }
            int indexOf = singleSignOnAuthType.indexOf(46);
            boolean equalsIgnoreCase = indexOf > 0 ? singleSignOnAuthType.substring(indexOf + 1).equalsIgnoreCase("post") : true;
            HashMap hashMap = new HashMap();
            hashMap.put(value4, new String[]{str5});
            hashMap.put(value5, new String[]{str6});
            String value6 = preferences.getValue(SSO_TYPE_FORM_ACTION_ARGS, "");
            if (value6 != null && value6.length() > 0) {
                StringTokenizer stringTokenizer = new StringTokenizer(value6, ";");
                while (stringTokenizer.hasMoreTokens()) {
                    String nextToken = stringTokenizer.nextToken();
                    int indexOf2 = nextToken.indexOf(61);
                    if (indexOf2 > 0) {
                        hashMap.put(nextToken.substring(0, indexOf2), new String[]{nextToken.substring(indexOf2 + 1)});
                    }
                }
            }
            byte[] doHttpWebContent = doHttpWebContent(httpClient, getHttpMethod(httpClient, getURLSource(value3, hashMap, renderRequest, renderResponse), hashMap, equalsIgnoreCase ? "post" : "get", renderRequest), 0, renderRequest, renderResponse);
            PortletMessaging.publish(renderRequest, FORM_AUTH_STATE, Boolean.valueOf(doHttpWebContent != null));
            return doHttpWebContent;
        } catch (Exception e) {
            log.error("Form-based authentication failed", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jetspeed.portlet.WebContentPortlet
    public boolean doRequestedAuthentication(HttpClient httpClient, HttpMethod httpMethod, RenderRequest renderRequest, RenderResponse renderResponse) {
        if (super.doRequestedAuthentication(httpClient, httpMethod, renderRequest, renderResponse)) {
            return true;
        }
        if (!httpMethod.getHostAuthState().getAuthScheme().getSchemeName().equals(BASIC_AUTH_SCHEME_NAME)) {
            log.warn(new StringBuffer().append("SSOWebContentPortlent.doAuthenticate() - unexpected authentication scheme: ").append(httpMethod.getHostAuthState().getAuthScheme().getSchemeName()).toString());
            return false;
        }
        String str = (String) renderRequest.getAttribute("sso.ra.username");
        if (str == null) {
            str = "";
        }
        String str2 = (String) renderRequest.getAttribute("sso.ra.password");
        if (str2 == null) {
            str2 = "";
        }
        httpMethod.setDoAuthentication(true);
        AuthState hostAuthState = httpMethod.getHostAuthState();
        httpClient.getState().setCredentials(new AuthScope(AuthScope.ANY_HOST, -1, hostAuthState.getRealm(), hostAuthState.getAuthScheme().getSchemeName()), new UsernamePasswordCredentials(str, str2));
        return true;
    }

    protected String getSingleSignOnAuthType(PortletPreferences portletPreferences) {
        String value = portletPreferences.getValue("sso.type", "basic");
        if (value != null && value.equalsIgnoreCase("http")) {
            log.warn("sso.type: http, has been deprecated - use: basic, or: basic.preemptive");
            value = "basic";
        }
        return value;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$jetspeed$portlet$SSOWebContentPortlet == null) {
            cls = class$("org.apache.jetspeed.portlet.SSOWebContentPortlet");
            class$org$apache$jetspeed$portlet$SSOWebContentPortlet = cls;
        } else {
            cls = class$org$apache$jetspeed$portlet$SSOWebContentPortlet;
        }
        log = LogFactory.getLog(cls);
    }
}
