package org.apache.catalina.authenticator;

import java.io.IOException;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.SessionEvent;
import org.apache.catalina.SessionListener;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.util.LifecycleSupport;
import org.apache.catalina.util.StringManager;
import org.apache.catalina.valves.ValveBase;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;

/* loaded from: input_file:hadoop-hdfs-httpfs-2.7.0-mapr-1707-beta/share/hadoop/httpfs/tomcat/lib/catalina.jar:org/apache/catalina/authenticator/SingleSignOn.class */
public class SingleSignOn extends ValveBase implements Lifecycle, SessionListener {
    protected Map<String, SingleSignOnEntry> cache = new HashMap();
    protected LifecycleSupport lifecycle = new LifecycleSupport(this);
    private boolean requireReauthentication = false;
    protected Map<Session, String> reverse = new HashMap();
    protected boolean started = false;
    private String cookieDomain;
    protected static String info = "org.apache.catalina.authenticator.SingleSignOn";
    protected static final StringManager sm = StringManager.getManager(Constants.Package);

    public String getCookieDomain() {
        return this.cookieDomain;
    }

    public void setCookieDomain(String str) {
        if (str != null && str.trim().length() == 0) {
            str = null;
        }
        this.cookieDomain = str;
    }

    public boolean getRequireReauthentication() {
        return this.requireReauthentication;
    }

    public void setRequireReauthentication(boolean z) {
        this.requireReauthentication = z;
    }

    @Override // org.apache.catalina.Lifecycle
    public void addLifecycleListener(LifecycleListener lifecycleListener) {
        this.lifecycle.addLifecycleListener(lifecycleListener);
    }

    @Override // org.apache.catalina.Lifecycle
    public LifecycleListener[] findLifecycleListeners() {
        return this.lifecycle.findLifecycleListeners();
    }

    @Override // org.apache.catalina.Lifecycle
    public void removeLifecycleListener(LifecycleListener lifecycleListener) {
        this.lifecycle.removeLifecycleListener(lifecycleListener);
    }

    @Override // org.apache.catalina.Lifecycle
    public void start() throws LifecycleException {
        if (this.started) {
            throw new LifecycleException(sm.getString("authenticator.alreadyStarted"));
        }
        this.lifecycle.fireLifecycleEvent(Lifecycle.START_EVENT, null);
        this.started = true;
    }

    @Override // org.apache.catalina.Lifecycle
    public void stop() throws LifecycleException {
        if (!this.started) {
            throw new LifecycleException(sm.getString("authenticator.notStarted"));
        }
        this.lifecycle.fireLifecycleEvent(Lifecycle.STOP_EVENT, null);
        this.started = false;
    }

    @Override // org.apache.catalina.SessionListener
    public void sessionEvent(SessionEvent sessionEvent) {
        String str;
        if (Session.SESSION_DESTROYED_EVENT.equals(sessionEvent.getType()) || Session.SESSION_PASSIVATED_EVENT.equals(sessionEvent.getType())) {
            Session session = sessionEvent.getSession();
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug("Process session destroyed on " + session);
            }
            synchronized (this.reverse) {
                str = this.reverse.get(session);
            }
            if (str == null) {
                return;
            }
            if ((session.getMaxInactiveInterval() <= 0 || System.currentTimeMillis() - session.getLastAccessedTimeInternal() < session.getMaxInactiveInterval() * 1000) && !Session.SESSION_PASSIVATED_EVENT.equals(sessionEvent.getType())) {
                deregister(str);
            } else {
                removeSession(str, session);
            }
        }
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public String getInfo() {
        return info;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public void invoke(Request request, Response response) throws IOException, ServletException {
        request.removeNote(Constants.REQ_SSOID_NOTE);
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug("Process request for '" + request.getRequestURI() + "'");
        }
        if (request.getUserPrincipal() != null) {
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug(" Principal '" + request.getUserPrincipal().getName() + "' has already been authenticated");
            }
            getNext().invoke(request, response);
            return;
        }
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug(" Checking for SSO cookie");
        }
        Cookie cookie = null;
        Cookie[] cookies = request.getCookies();
        if (cookies == null) {
            cookies = new Cookie[0];
        }
        int i = 0;
        while (true) {
            if (i >= cookies.length) {
                break;
            }
            if (Constants.SINGLE_SIGN_ON_COOKIE.equals(cookies[i].getName())) {
                cookie = cookies[i];
                break;
            }
            i++;
        }
        if (cookie == null) {
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug(" SSO cookie is not present");
            }
            getNext().invoke(request, response);
            return;
        }
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug(" Checking for cached principal for " + cookie.getValue());
        }
        SingleSignOnEntry lookup = lookup(cookie.getValue());
        if (lookup != null) {
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug(" Found cached principal '" + (lookup.getPrincipal() != null ? lookup.getPrincipal().getName() : "") + "' with auth type '" + lookup.getAuthType() + "'");
            }
            request.setNote(Constants.REQ_SSOID_NOTE, cookie.getValue());
            if (!getRequireReauthentication()) {
                request.setAuthType(lookup.getAuthType());
                request.setUserPrincipal(lookup.getPrincipal());
            }
        } else {
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug(" No cached principal found, erasing SSO cookie");
            }
            cookie.setMaxAge(0);
            response.addCookie(cookie);
        }
        getNext().invoke(request, response);
    }

    @Override // org.apache.catalina.valves.ValveBase
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer("SingleSignOn[");
        if (this.container == null) {
            stringBuffer.append("Container is null");
        } else {
            stringBuffer.append(this.container.getName());
        }
        stringBuffer.append(DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
        return stringBuffer.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void associate(String str, Session session) {
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug("Associate sso id " + str + " with session " + session);
        }
        SingleSignOnEntry lookup = lookup(str);
        if (lookup != null) {
            lookup.addSession(this, session);
        }
        synchronized (this.reverse) {
            this.reverse.put(session, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void deregister(String str, Session session) {
        synchronized (this.reverse) {
            this.reverse.remove(session);
        }
        SingleSignOnEntry lookup = lookup(str);
        if (lookup == null) {
            return;
        }
        lookup.removeSession(session);
        Session[] findSessions = lookup.findSessions();
        if (findSessions == null || findSessions.length == 0) {
            synchronized (this.cache) {
                this.cache.remove(str);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void deregister(String str) {
        SingleSignOnEntry remove;
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug("Deregistering sso id '" + str + "'");
        }
        synchronized (this.cache) {
            remove = this.cache.remove(str);
        }
        if (remove == null) {
            return;
        }
        Session[] findSessions = remove.findSessions();
        for (int i = 0; i < findSessions.length; i++) {
            if (this.containerLog.isTraceEnabled()) {
                this.containerLog.trace(" Invalidating session " + findSessions[i]);
            }
            synchronized (this.reverse) {
                this.reverse.remove(findSessions[i]);
            }
            findSessions[i].expire();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean reauthenticate(String str, Realm realm, Request request) {
        String username;
        Principal authenticate;
        if (str == null || realm == null) {
            return false;
        }
        boolean z = false;
        SingleSignOnEntry lookup = lookup(str);
        if (lookup != null && lookup.getCanReauthenticate() && (username = lookup.getUsername()) != null && (authenticate = realm.authenticate(username, lookup.getPassword())) != null) {
            z = true;
            request.setAuthType(lookup.getAuthType());
            request.setUserPrincipal(authenticate);
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void register(String str, Principal principal, String str2, String str3, String str4) {
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug("Registering sso id '" + str + "' for user '" + (principal != null ? principal.getName() : "") + "' with auth type '" + str2 + "'");
        }
        synchronized (this.cache) {
            this.cache.put(str, new SingleSignOnEntry(principal, str2, str3, str4));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void update(String str, Principal principal, String str2, String str3, String str4) {
        SingleSignOnEntry lookup = lookup(str);
        if (lookup == null || lookup.getCanReauthenticate()) {
            return;
        }
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug("Update sso id " + str + " to auth type " + str2);
        }
        synchronized (lookup) {
            lookup.updateCredentials(principal, str2, str3, str4);
        }
    }

    protected SingleSignOnEntry lookup(String str) {
        SingleSignOnEntry singleSignOnEntry;
        synchronized (this.cache) {
            singleSignOnEntry = this.cache.get(str);
        }
        return singleSignOnEntry;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeSession(String str, Session session) {
        if (this.containerLog.isDebugEnabled()) {
            this.containerLog.debug("Removing session " + session.toString() + " from sso id " + str);
        }
        SingleSignOnEntry lookup = lookup(str);
        if (lookup == null) {
            return;
        }
        lookup.removeSession(session);
        synchronized (this.reverse) {
            this.reverse.remove(session);
        }
        if (lookup.findSessions().length == 0) {
            deregister(str);
        }
    }
}
