package com.ibm.ws.webcontainer.security.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.webcontainer.security.AuthenticateApi;
import com.ibm.ws.webcontainer.security.WebAppSecurityConfig;
import com.ibm.ws.webcontainer.util.WebContainerSystemProps;
import com.ibm.wsspi.webcontainer.osgi.extension.WebExtensionProcessor;
import com.ibm.wsspi.webcontainer.servlet.IServletContext;
import java.io.IOException;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.myfaces.shared_impl.util.CommentUtils;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.webcontainer.security_1.0.2.jar:com/ibm/ws/webcontainer/security/internal/FormLogoutExtensionProcessor.class */
public class FormLogoutExtensionProcessor extends WebExtensionProcessor {
    protected static final String DEFAULT_LOGOUT_MSG = "<!DOCTYPE HTML PUBLIC \"-//W3C/DTD HTML 4.0 Transitional//EN\"><HTML><TITLE>Default Logout Exit Page</TITLE><BODY><H2>Successful Logout</H2></BODY></HTML>";
    private boolean absoluteUri;
    private final WebAppSecurityConfig webAppSecurityConfig;
    AuthenticateApi authenticateApi;
    static final long serialVersionUID = -3214294873143327180L;
    private static final TraceComponent tc = Tr.register(FormLogoutExtensionProcessor.class);
    private static String ABSOLUTE_URI = "com.ibm.websphere.security.web.absoluteUri";

    public FormLogoutExtensionProcessor(IServletContext iServletContext, WebAppSecurityConfig webAppSecurityConfig, AuthenticateApi authenticateApi) {
        super(iServletContext);
        this.absoluteUri = false;
        this.authenticateApi = null;
        this.authenticateApi = authenticateApi;
        this.webAppSecurityConfig = webAppSecurityConfig;
        String property = System.getProperty(ABSOLUTE_URI);
        if (property == null || !property.equalsIgnoreCase("true")) {
            return;
        }
        this.absoluteUri = true;
    }

    @Override // com.ibm.wsspi.webcontainer.RequestProcessor
    public void handleRequest(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if ((servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse)) {
            final HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            final HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.webcontainer.security.internal.FormLogoutExtensionProcessor.1
                static final long serialVersionUID = -8649240704909426242L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws ServletException, IOException {
                    FormLogoutExtensionProcessor.this.formLogout(httpServletRequest, httpServletResponse);
                    return null;
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void formLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        this.authenticateApi.logout(httpServletRequest, httpServletResponse, this.webAppSecurityConfig);
        redirectLogoutExitPage(httpServletRequest, httpServletResponse);
    }

    private void redirectLogoutExitPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter("logoutExitPage");
        if (parameter == null || parameter.length() == 0) {
            useDefaultLogoutMsg(httpServletResponse);
            return;
        }
        if (!verifyLogoutURL(httpServletRequest, parameter)) {
            useDefaultLogoutMsg(httpServletResponse);
            return;
        }
        String compatibilityExitPage = compatibilityExitPage(httpServletRequest, removeFirstSlash(parameter));
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "logoutExitPage specified, redirecting to: " + compatibilityExitPage, new Object[0]);
        }
        httpServletResponse.sendRedirect(httpServletResponse.encodeURL(compatibilityExitPage));
    }

    /* JADX WARN: Type inference failed for: r0v10, types: [java.io.PrintWriter, java.io.IOException] */
    private void useDefaultLogoutMsg(HttpServletResponse httpServletResponse) {
        ?? writer;
        try {
            writer = httpServletResponse.getWriter();
            writer.println(DEFAULT_LOGOUT_MSG);
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.internal.FormLogoutExtensionProcessor", "129", this, new Object[]{httpServletResponse});
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, writer.getMessage(), new Object[0]);
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "No logoutExitPage specified", new Object[0]);
        }
    }

    private String compatibilityExitPage(HttpServletRequest httpServletRequest, String str) {
        if (!WebContainerSystemProps.getSendRedirectCompatibilty()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Compatibility=false (default) redirect mode", new Object[0]);
            }
            if (this.absoluteUri) {
                if (str.equals("/")) {
                    str = "";
                } else if (str.startsWith("/")) {
                    str = str.substring(1);
                }
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Logout exit page is not relative to Context Root.", new Object[0]);
                }
            } else if (str.startsWith("/")) {
                StringBuffer stringBuffer = new StringBuffer();
                String contextPath = httpServletRequest.getContextPath();
                if (contextPath != null && contextPath.endsWith("/")) {
                    contextPath = contextPath.substring(0, contextPath.lastIndexOf("/"));
                }
                stringBuffer.append(contextPath);
                stringBuffer.append(str);
                str = stringBuffer.toString();
            }
        }
        return str;
    }

    private String removeFirstSlash(String str) {
        if (str.startsWith(CommentUtils.INLINE_SCRIPT_COMMENT)) {
            str = str.substring(1);
        }
        return str;
    }

    @FFDCIgnore({MalformedURLException.class, UnknownHostException.class})
    private boolean verifyLogoutURL(HttpServletRequest httpServletRequest, String str) {
        boolean z;
        String hostName;
        String hostAddress;
        String hostName2;
        boolean allowLogoutPageRedirectToAnyHost = this.webAppSecurityConfig.getAllowLogoutPageRedirectToAnyHost();
        if (str.equals("logon.jsp") || allowLogoutPageRedirectToAnyHost) {
            z = true;
        } else {
            String str2 = null;
            try {
                InetAddress localHost = InetAddress.getLocalHost();
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "return from getLocalHost: " + localHost, new Object[0]);
                }
                hostName = localHost.getHostName();
                hostAddress = localHost.getHostAddress();
                hostName2 = hostAddress == null ? hostName : InetAddress.getByName(hostAddress).getHostName();
                try {
                    str2 = new URL(str).getHost();
                } catch (MalformedURLException e) {
                    if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
                        return true;
                    }
                    Tr.debug(tc, "caught MalformedURLException getting url for exitPage: " + e.getMessage(), new Object[0]);
                    return true;
                }
            } catch (UnknownHostException e2) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "caught an unknown exception: " + e2.getMessage(), new Object[0]);
                }
                z = false;
            }
            if (str2 == null) {
                return true;
            }
            boolean isRedirectHostTheSameAsLocalHost = isRedirectHostTheSameAsLocalHost(str, str2, hostName2, hostName, hostAddress);
            if (isRedirectHostTheSameAsLocalHost) {
                return isRedirectHostTheSameAsLocalHost;
            }
            z = isLogoutPageMatchDomainNameList(str, str2, this.webAppSecurityConfig.getLogoutPageRedirectDomainList());
            if (!z) {
                z = isRequestURLEqualsExitPageHost(httpServletRequest, str2);
            }
        }
        return z;
    }

    private boolean isRedirectHostTheSameAsLocalHost(String str, String str2, String str3, String str4, String str5) {
        boolean z = false;
        if (str2.equalsIgnoreCase("localhost") || str2.equals("127.0.0.1") || ((str3 != null && str2.equalsIgnoreCase(str3)) || ((str4 != null && str2.equalsIgnoreCase(str4)) || (str5 != null && str2.equals(str5))))) {
            z = true;
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "exitPage points to this host: all ok", new Object[0]);
            }
        }
        return z;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private boolean isRequestURLEqualsExitPageHost(HttpServletRequest httpServletRequest, String str) {
        boolean z = false;
        boolean z2 = false;
        try {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "about to attempt matching the logout exit url with the domain of the request.", new Object[0]);
            }
            String host = new URL(new String(httpServletRequest.getRequestURL())).getHost();
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, " host of the request url is: " + host + " and the host of the logout URL is: " + str, new Object[0]);
            }
            if (str != null && host != null) {
                z = str.equalsIgnoreCase(host);
                if (z) {
                    z2 = true;
                }
            }
        } catch (MalformedURLException e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.internal.FormLogoutExtensionProcessor", "273", this, new Object[]{httpServletRequest, str});
            MalformedURLException malformedURLException = z;
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "caught Exception trying to form request URL object: " + malformedURLException.getMessage(), new Object[0]);
            }
        }
        return z2;
    }

    boolean isLogoutPageMatchDomainNameList(String str, String str2, List<String> list) {
        boolean z = false;
        if (list != null && !list.isEmpty()) {
            for (String str3 : list) {
                if (str2.endsWith(str3) || str.endsWith(str3)) {
                    z = true;
                    break;
                }
            }
        }
        return z;
    }
}
