package com.ibm.ws.webcontainer.security;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.util.ByteArray;
import com.ibm.ws.webcontainer.security.internal.SSOAuthenticator;
import com.ibm.ws.webcontainer.security.internal.StringUtil;
import com.ibm.wsspi.security.token.SingleSignonToken;
import com.ibm.wsspi.webcontainer.servlet.IExtendedResponse;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.security.auth.Subject;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@TraceOptions(traceGroups = {TraceConstants.TRACE_GROUP}, traceGroup = "", messageBundle = TraceConstants.MESSAGE_BUNDLE, traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.webcontainer.security_1.0.2.jar:com/ibm/ws/webcontainer/security/SSOCookieHelperImpl.class */
public class SSOCookieHelperImpl implements SSOCookieHelper {
    private static final TraceComponent tc = Tr.register(SSOCookieHelperImpl.class);
    private static ConcurrentMap<ByteArray, String> cookieByteStringCache = new ConcurrentHashMap(20);
    private static int MAX_COOKIE_STRING_ENTRIES = 100;
    private final WebAppSecurityConfig config;
    static final long serialVersionUID = -4106442423352395804L;

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SSOCookieHelperImpl(WebAppSecurityConfig webAppSecurityConfig) {
        this.config = webAppSecurityConfig;
    }

    @Override // com.ibm.ws.webcontainer.security.SSOCookieHelper
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void addSSOCookiesToResponse(Subject subject, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        SingleSignonToken defaultSSOTokenFromSubject;
        byte[] bytes;
        if (!allowToAddCookieToResponse(httpServletRequest) || (defaultSSOTokenFromSubject = getDefaultSSOTokenFromSubject(subject)) == null || (bytes = defaultSSOTokenFromSubject.getBytes()) == null) {
            return;
        }
        ByteArray byteArray = new ByteArray(bytes);
        String str = cookieByteStringCache.get(byteArray);
        if (str == null) {
            str = StringUtil.toString(Base64Coder.base64Encode(bytes));
            updateCookieCache(byteArray, str);
        }
        Cookie createCookie = createCookie(httpServletRequest, str);
        removeSSOCookieFromResponse(httpServletResponse);
        httpServletResponse.addCookie(createCookie);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public Cookie createCookie(HttpServletRequest httpServletRequest, String str) {
        Cookie cookie = new Cookie(getSSOCookiename(), str);
        cookie.setMaxAge(-1);
        cookie.setPath("/");
        cookie.setSecure(this.config.getSSORequiresSSL());
        cookie.setHttpOnly(this.config.getHttpOnlyCookies());
        String sSODomainName = getSSODomainName(httpServletRequest, this.config.getSSODomainList(), this.config.getSSOUseDomainFromURL());
        if (sSODomainName != null) {
            cookie.setDomain(sSODomainName);
        }
        return cookie;
    }

    @Override // com.ibm.ws.webcontainer.security.SSOCookieHelper
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public boolean allowToAddCookieToResponse(HttpServletRequest httpServletRequest) {
        if (!this.config.isSingleSignonEnabled()) {
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "SSO is not enabled. Not setting the SSO Cookie", new Object[0]);
            return false;
        }
        boolean isSecure = httpServletRequest.isSecure();
        if (!this.config.getSSORequiresSSL() || isSecure) {
            return true;
        }
        if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
            return false;
        }
        Tr.debug(tc, "SSO requires SSL. The cookie will not be sent back because the request is not over https.", new Object[0]);
        return false;
    }

    @Override // com.ibm.ws.webcontainer.security.SSOCookieHelper
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void removeSSOCookieFromResponse(HttpServletResponse httpServletResponse) {
        ((IExtendedResponse) httpServletResponse).removeCookie(getSSOCookiename());
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private synchronized void updateCookieCache(ByteArray byteArray, String str) {
        if (cookieByteStringCache.size() > MAX_COOKIE_STRING_ENTRIES) {
            cookieByteStringCache.clear();
        }
        if (str != null) {
            cookieByteStringCache.put(byteArray, str);
        }
    }

    @Override // com.ibm.ws.webcontainer.security.SSOCookieHelper
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void createLogoutCookies(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie[] cookies = httpServletRequest.getCookies();
        ArrayList<Cookie> arrayList = new ArrayList<>();
        if (cookies != null) {
            String sSOCookiename = getSSOCookiename();
            for (int i = 0; i < cookies.length; i++) {
                if (cookies[i].getName().equalsIgnoreCase(sSOCookiename)) {
                    addLogoutCookieToList(httpServletRequest, sSOCookiename, arrayList);
                } else if (cookies[i].getName().equalsIgnoreCase(SSOAuthenticator.DEFAULT_SSO_COOKIE_NAME)) {
                    addLogoutCookieToList(httpServletRequest, SSOAuthenticator.DEFAULT_SSO_COOKIE_NAME, arrayList);
                }
            }
            Iterator<Cookie> it = arrayList.iterator();
            while (it.hasNext()) {
                httpServletResponse.addCookie(it.next());
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void addLogoutCookieToList(HttpServletRequest httpServletRequest, String str, ArrayList<Cookie> arrayList) {
        Cookie cookie = new Cookie(str, "");
        cookie.setMaxAge(0);
        cookie.setPath("/");
        cookie.setSecure(httpServletRequest.isSecure());
        if (this.config.getHttpOnlyCookies()) {
            cookie.setHttpOnly(true);
        }
        String sSODomainName = getSSODomainName(httpServletRequest, this.config.getSSODomainList(), this.config.getSSOUseDomainFromURL());
        if (sSODomainName != null) {
            cookie.setDomain(sSODomainName);
        }
        arrayList.add(cookie);
    }

    @Override // com.ibm.ws.webcontainer.security.SSOCookieHelper
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public SingleSignonToken getDefaultSSOTokenFromSubject(Subject subject) {
        if (subject == null) {
            return null;
        }
        r5 = null;
        for (SingleSignonToken singleSignonToken : subject.getPrivateCredentials(SingleSignonToken.class)) {
            if (singleSignonToken.getName().equals(getSSOCookiename())) {
                break;
            }
        }
        return singleSignonToken;
    }

    @Override // com.ibm.ws.webcontainer.security.SSOCookieHelper
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getSSOCookiename() {
        return this.config.getSSOCookieName();
    }

    /*  JADX ERROR: Types fix failed
        java.lang.NullPointerException
        */
    /* JADX WARN: Failed to calculate best type for var: r2v2 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 0, insn: 0x00ba: MOVE (r14 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:35:0x0095 */
    @Override // com.ibm.ws.webcontainer.security.SSOCookieHelper
    @com.ibm.websphere.ras.annotation.InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public java.lang.String getSSODomainName(javax.servlet.http.HttpServletRequest r11, java.util.List<java.lang.String> r12, boolean r13) {
        /*
            r10 = this;
            r0 = r10
            r1 = r11
            java.lang.String r0 = r0.getHostNameFromRequestURL(r1)     // Catch: java.net.MalformedURLException -> L94
            r14 = r0
            r0 = r10
            r1 = r14
            java.lang.String r0 = r0.getHostIPAddr(r1)     // Catch: java.net.MalformedURLException -> L94
            r15 = r0
            r0 = r14
            r1 = r15
            boolean r0 = r0.equals(r1)     // Catch: java.net.MalformedURLException -> L94
            if (r0 != 0) goto L24
            r0 = r14
            java.lang.String r1 = "."
            int r0 = r0.indexOf(r1)     // Catch: java.net.MalformedURLException -> L94
            r1 = -1
            if (r0 != r1) goto L41
        L24:
            boolean r0 = com.ibm.websphere.ras.TraceComponent.isAnyTracingEnabled()     // Catch: java.net.MalformedURLException -> L94
            if (r0 == 0) goto L3f
            com.ibm.websphere.ras.TraceComponent r0 = com.ibm.ws.webcontainer.security.SSOCookieHelperImpl.tc     // Catch: java.net.MalformedURLException -> L94
            boolean r0 = r0.isDebugEnabled()     // Catch: java.net.MalformedURLException -> L94
            if (r0 == 0) goto L3f
            com.ibm.websphere.ras.TraceComponent r0 = com.ibm.ws.webcontainer.security.SSOCookieHelperImpl.tc     // Catch: java.net.MalformedURLException -> L94
            java.lang.String r1 = "URL host is an IP or locahost, no SSO domain will be set."
            r2 = 0
            java.lang.Object[] r2 = new java.lang.Object[r2]     // Catch: java.net.MalformedURLException -> L94
            com.ibm.websphere.ras.Tr.debug(r0, r1, r2)     // Catch: java.net.MalformedURLException -> L94
        L3f:
            r0 = 0
            return r0
        L41:
            r0 = r14
            r1 = r14
            java.lang.String r2 = "."
            int r1 = r1.indexOf(r2)     // Catch: java.net.MalformedURLException -> L94
            java.lang.String r0 = r0.substring(r1)     // Catch: java.net.MalformedURLException -> L94
            r16 = r0
            r0 = r12
            if (r0 == 0) goto L8a
            r0 = r12
            boolean r0 = r0.isEmpty()     // Catch: java.net.MalformedURLException -> L94
            if (r0 != 0) goto L8a
            r0 = r12
            java.util.Iterator r0 = r0.iterator()     // Catch: java.net.MalformedURLException -> L94
            r17 = r0
        L64:
            r0 = r17
            boolean r0 = r0.hasNext()     // Catch: java.net.MalformedURLException -> L94
            if (r0 == 0) goto L8a
            r0 = r17
            java.lang.Object r0 = r0.next()     // Catch: java.net.MalformedURLException -> L94
            java.lang.String r0 = (java.lang.String) r0     // Catch: java.net.MalformedURLException -> L94
            r18 = r0
            r0 = r16
            r1 = r18
            boolean r0 = r0.endsWith(r1)     // Catch: java.net.MalformedURLException -> L94
            if (r0 == 0) goto L87
            r0 = r18
            return r0
        L87:
            goto L64
        L8a:
            r0 = r13
            if (r0 == 0) goto L91
            r0 = r16
            return r0
        L91:
            goto Ldc
        L94:
            r1 = move-exception
            java.lang.String r2 = "com.ibm.ws.webcontainer.security.SSOCookieHelperImpl"
            java.lang.String r3 = "256"
            r4 = r10
            r5 = 3
            java.lang.Object[] r5 = new java.lang.Object[r5]
            r6 = r5
            r7 = 0
            r8 = r11
            r6[r7] = r8
            r6 = r5
            r7 = 1
            r8 = r12
            r6[r7] = r8
            r6 = r5
            r7 = 2
            r8 = r13
            java.lang.Boolean r8 = java.lang.Boolean.valueOf(r8)
            r6[r7] = r8
            com.ibm.ws.ffdc.FFDCFilter.processException(r1, r2, r3, r4, r5)
            r14 = r0
            boolean r0 = com.ibm.websphere.ras.TraceComponent.isAnyTracingEnabled()
            if (r0 == 0) goto Ldc
            com.ibm.websphere.ras.TraceComponent r0 = com.ibm.ws.webcontainer.security.SSOCookieHelperImpl.tc
            boolean r0 = r0.isDebugEnabled()
            if (r0 == 0) goto Ldc
            com.ibm.websphere.ras.TraceComponent r0 = com.ibm.ws.webcontainer.security.SSOCookieHelperImpl.tc
            java.lang.String r1 = "Unexpected exception getting request SSO domain"
            r2 = 1
            java.lang.Object[] r2 = new java.lang.Object[r2]
            r3 = r2
            r4 = 0
            r5 = r14
            r3[r4] = r5
            com.ibm.websphere.ras.Tr.debug(r0, r1, r2)
        Ldc:
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.webcontainer.security.SSOCookieHelperImpl.getSSODomainName(javax.servlet.http.HttpServletRequest, java.util.List, boolean):java.lang.String");
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private String getHostIPAddr(String str) {
        String str2 = "";
        String str3 = "";
        try {
            str2 = InetAddress.getByName(str).getHostAddress().trim();
            str3 = str2;
        } catch (UnknownHostException e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.SSOCookieHelperImpl", "271", this, new Object[]{str});
            String str4 = str2;
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception in getting IP address for URL host, assuming URL host is not an IP", str4);
            }
        }
        return str3;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private String getHostNameFromRequestURL(HttpServletRequest httpServletRequest) throws MalformedURLException {
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "URL: " + stringBuffer, new Object[0]);
        }
        return new URL(stringBuffer).getHost().trim();
    }
}
