package com.ejianc.framework.idmclient.cas.logout;

import com.ejianc.framework.idmclient.cas.logout.entity.TenantUser;
import com.ejianc.framework.idmclient.sdk.RedisUtils;
import com.ejianc.framework.idmclient.sdk.UserCacheManagerUtils;
import java.util.Arrays;
import java.util.List;
import java.util.zip.Inflater;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.jasig.cas.client.session.HashMapBackedSessionMappingStorage;
import org.jasig.cas.client.session.SessionMappingStorage;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.XmlUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/ejianc/framework/idmclient/cas/logout/SingleSignOutHandler.class */
public final class SingleSignOutHandler {
    public static final String DEFAULT_ARTIFACT_PARAMETER_NAME = "ticket";
    public static final String DEFAULT_LOGOUT_PARAMETER_NAME = "logoutRequest";
    public static final String DEFAULT_FRONT_LOGOUT_PARAMETER_NAME = "SAMLRequest";
    public static final String DEFAULT_RELAY_STATE_PARAMETER_NAME = "RelayState";
    private static final int DECOMPRESSION_FACTOR = 10;
    private String casServerUrlPrefix;
    private List<String> safeParameters;
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private SessionMappingStorage sessionMappingStorage = new HashMapBackedSessionMappingStorage();
    private String artifactParameterName = DEFAULT_ARTIFACT_PARAMETER_NAME;
    private String logoutParameterName = DEFAULT_LOGOUT_PARAMETER_NAME;
    private String frontLogoutParameterName = DEFAULT_FRONT_LOGOUT_PARAMETER_NAME;
    private String relayStateParameterName = DEFAULT_RELAY_STATE_PARAMETER_NAME;
    private boolean artifactParameterOverPost = false;

    public void setSessionMappingStorage(SessionMappingStorage sessionMappingStorage) {
        this.sessionMappingStorage = sessionMappingStorage;
    }

    public void setArtifactParameterOverPost(boolean z) {
        this.artifactParameterOverPost = z;
    }

    public SessionMappingStorage getSessionMappingStorage() {
        return this.sessionMappingStorage;
    }

    public void setArtifactParameterName(String str) {
        this.artifactParameterName = str;
    }

    public void setLogoutParameterName(String str) {
        this.logoutParameterName = str;
    }

    public void setCasServerUrlPrefix(String str) {
        this.casServerUrlPrefix = str;
    }

    public void setFrontLogoutParameterName(String str) {
        this.frontLogoutParameterName = str;
    }

    public void setRelayStateParameterName(String str) {
        this.relayStateParameterName = str;
    }

    public synchronized void init() {
        if (this.safeParameters == null) {
            CommonUtils.assertNotNull(this.artifactParameterName, "artifactParameterName cannot be null.");
            CommonUtils.assertNotNull(this.logoutParameterName, "logoutParameterName cannot be null.");
            CommonUtils.assertNotNull(this.frontLogoutParameterName, "frontLogoutParameterName cannot be null.");
            CommonUtils.assertNotNull(this.sessionMappingStorage, "sessionMappingStorage cannot be null.");
            CommonUtils.assertNotNull(this.relayStateParameterName, "relayStateParameterName cannot be null.");
            CommonUtils.assertNotNull(this.casServerUrlPrefix, "casServerUrlPrefix cannot be null.");
            if (this.artifactParameterOverPost) {
                this.safeParameters = Arrays.asList(this.logoutParameterName, this.artifactParameterName);
            } else {
                this.safeParameters = Arrays.asList(this.logoutParameterName);
            }
        }
    }

    private boolean isTokenRequest(HttpServletRequest httpServletRequest) {
        return CommonUtils.isNotBlank(CommonUtils.safeGetParameter(httpServletRequest, this.artifactParameterName, this.safeParameters));
    }

    private boolean isBackChannelLogoutRequest(HttpServletRequest httpServletRequest) {
        return "POST".equals(httpServletRequest.getMethod()) && !isMultipartRequest(httpServletRequest) && CommonUtils.isNotBlank(CommonUtils.safeGetParameter(httpServletRequest, this.logoutParameterName, this.safeParameters));
    }

    private boolean isFrontChannelLogoutRequest(HttpServletRequest httpServletRequest) {
        return "GET".equals(httpServletRequest.getMethod()) && CommonUtils.isNotBlank(CommonUtils.safeGetParameter(httpServletRequest, this.frontLogoutParameterName));
    }

    public boolean process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (isTokenRequest(httpServletRequest)) {
            this.logger.trace("Received a token request");
            recordToken(httpServletRequest, httpServletResponse);
            return true;
        }
        if (isBackChannelLogoutRequest(httpServletRequest)) {
            this.logger.trace("Received a back channel logout request");
            destroyToken(httpServletRequest, httpServletResponse);
            return false;
        }
        if (!isFrontChannelLogoutRequest(httpServletRequest)) {
            this.logger.trace("Ignoring URI for logout: {}", httpServletRequest.getRequestURI());
            return true;
        }
        this.logger.trace("Received a front channel logout request");
        destroyToken(httpServletRequest, httpServletResponse);
        String computeRedirectionToServer = computeRedirectionToServer(httpServletRequest);
        if (computeRedirectionToServer == null) {
            return false;
        }
        CommonUtils.sendRedirect(httpServletResponse, computeRedirectionToServer);
        return false;
    }

    private void recordToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.logger.debug("Recording session for token {}", CommonUtils.safeGetParameter(httpServletRequest, this.artifactParameterName, this.safeParameters));
    }

    private String uncompressLogoutMessage(String str) {
        byte[] decodeBase64 = Base64.decodeBase64(str);
        Inflater inflater = null;
        try {
            try {
                inflater = new Inflater();
                inflater.setInput(decodeBase64);
                byte[] bArr = new byte[decodeBase64.length * DECOMPRESSION_FACTOR];
                String str2 = new String(bArr, 0, inflater.inflate(bArr), UserCacheManagerUtils.DEFAULT_CHARSET);
                if (inflater != null) {
                    inflater.end();
                }
                return str2;
            } catch (Exception e) {
                this.logger.error("Unable to decompress logout message", e);
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            if (inflater != null) {
                inflater.end();
            }
            throw th;
        }
    }

    private void destroyToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String uncompressLogoutMessage = isFrontChannelLogoutRequest(httpServletRequest) ? uncompressLogoutMessage(CommonUtils.safeGetParameter(httpServletRequest, this.frontLogoutParameterName)) : CommonUtils.safeGetParameter(httpServletRequest, this.logoutParameterName, this.safeParameters);
        this.logger.trace("Logout request:\n{}", uncompressLogoutMessage);
        String textForElement = XmlUtils.getTextForElement(uncompressLogoutMessage, "SessionIndex");
        String textForElement2 = XmlUtils.getTextForElement(uncompressLogoutMessage, "UserId");
        if (CommonUtils.isNotBlank(textForElement2)) {
            destroyToken(textForElement, textForElement2, httpServletRequest, httpServletResponse);
            HttpSession session = httpServletRequest.getSession(false);
            if (session != null) {
                session.invalidate();
            }
        }
    }

    private void destroyToken(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (StringUtils.isBlank(str2)) {
            return;
        }
        String str3 = str + "__" + str2;
        TenantUser userCache = RedisUtils.getUserCache("user.info.login.tenant:" + str3);
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (cookie.getName().equals("tenant_token") || cookie.getName().equals("tenant_username")) {
                    cookie.setValue((String) null);
                    cookie.setMaxAge(-1);
                    cookie.setHttpOnly(true);
                    cookie.setPath("/");
                    httpServletResponse.addCookie(cookie);
                }
            }
        }
        if (userCache != null) {
            RedisUtils.disCacheUser(str3);
        }
        RedisUtils.removeSessionCacheAttribute("tenant_assertion", str3);
    }

    private String computeRedirectionToServer(HttpServletRequest httpServletRequest) {
        String safeGetParameter = CommonUtils.safeGetParameter(httpServletRequest, this.relayStateParameterName);
        if (!StringUtils.isNotBlank(safeGetParameter)) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(this.casServerUrlPrefix);
        if (!this.casServerUrlPrefix.endsWith("/")) {
            sb.append("/");
        }
        sb.append("logout?_eventId=next&");
        sb.append(this.relayStateParameterName);
        sb.append("=");
        sb.append(CommonUtils.urlEncode(safeGetParameter));
        String sb2 = sb.toString();
        this.logger.debug("Redirection url to the CAS server: {}", sb2);
        return sb2;
    }

    private boolean isMultipartRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getContentType() != null && httpServletRequest.getContentType().toLowerCase().startsWith("multipart");
    }
}
