package com.ibm.ws.webcontainer.security;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.webcontainer.security.internal.URLHandler;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.myfaces.shared_impl.renderkit.html.HTML;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.webcontainer.security_1.0.10.jar:com/ibm/ws/webcontainer/security/ReferrerURLCookieHandler.class */
public class ReferrerURLCookieHandler extends URLHandler {
    private static final TraceComponent tc = Tr.register(ReferrerURLCookieHandler.class);
    public static final String REFERRER_URL_COOKIENAME = "WASReqURL";
    public static final String CUSTOM_RELOGIN_URL_COOKIENAME = "WASReLoginURL";
    static final long serialVersionUID = 5405920011087030244L;

    public ReferrerURLCookieHandler(WebAppSecurityConfig webAppSecurityConfig) {
        super(webAppSecurityConfig);
    }

    @Sensitive
    public String getReferrerURLFromCookies(HttpServletRequest httpServletRequest, String str) {
        String cookieValue = CookieHelper.getCookieValue(httpServletRequest.getCookies(), str);
        if (cookieValue != null) {
            cookieValue = restoreHostNameToURL(decodeURL(cookieValue), httpServletRequest.getRequestURL().toString());
        }
        return cookieValue;
    }

    public Cookie createReferrerURLCookie(String str, @Sensitive String str2, HttpServletRequest httpServletRequest) {
        if (!this.webAppSecConfig.getPreserveFullyQualifiedReferrerUrl()) {
            str2 = removeHostNameFromURL(str2);
        }
        return createCookie(str, str2, httpServletRequest);
    }

    public Cookie createCookie(String str, @Sensitive String str2, HttpServletRequest httpServletRequest) {
        return createCookie(str, encodeURL(str2), true, httpServletRequest);
    }

    public Cookie createCookie(String str, @Sensitive String str2, boolean z, HttpServletRequest httpServletRequest) {
        Cookie cookie = new Cookie(str, str2);
        if (str.equals(REFERRER_URL_COOKIENAME) || str.startsWith("WASOidcStateKey")) {
            cookie.setPath(getPathName(httpServletRequest));
        } else {
            cookie.setPath("/");
        }
        cookie.setMaxAge(-1);
        if (z && this.webAppSecConfig.getHttpOnlyCookies()) {
            cookie.setHttpOnly(true);
        }
        if (this.webAppSecConfig.getSSORequiresSSL()) {
            cookie.setSecure(true);
        }
        return cookie;
    }

    public void invalidateReferrerURLCookies(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String[] strArr) {
        for (String str : strArr) {
            invalidateReferrerURLCookie(httpServletRequest, httpServletResponse, str);
        }
    }

    public void invalidateReferrerURLCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        invalidateCookie(httpServletRequest, httpServletResponse, str, true);
    }

    public void invalidateCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z) {
        Cookie cookie = new Cookie(str, "");
        if (str.equals(REFERRER_URL_COOKIENAME)) {
            cookie.setPath(getPathName(httpServletRequest));
        } else {
            cookie.setPath("/");
        }
        cookie.setMaxAge(0);
        if (z && this.webAppSecConfig.getHttpOnlyCookies()) {
            cookie.setHttpOnly(true);
        }
        if (this.webAppSecConfig.getSSORequiresSSL()) {
            cookie.setSecure(true);
        }
        httpServletResponse.addCookie(cookie);
    }

    public void clearReferrerURLCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        String cookieValue = CookieHelper.getCookieValue(httpServletRequest.getCookies(), str);
        if (cookieValue == null || cookieValue.length() <= 0) {
            return;
        }
        invalidateReferrerURLCookie(httpServletRequest, httpServletResponse, str);
    }

    public AuthenticationResult shouldRedirectToReferrerURL(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        AuthenticationResult authenticationResult = null;
        if (0 == 0) {
            return null;
        }
        String referrerURLFromCookies = getReferrerURLFromCookies(httpServletRequest, str);
        if (referrerURLFromCookies != null && referrerURLFromCookies.trim().length() > 0) {
            StringBuffer requestURL = httpServletRequest.getRequestURL();
            if (httpServletRequest.getQueryString() != null) {
                requestURL.append(HTML.HREF_PATH_FROM_PARAM_SEPARATOR);
                requestURL.append(httpServletRequest.getQueryString());
            }
            String stringBuffer = requestURL.toString();
            String servletURI = getServletURI(httpServletRequest);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "\nCurrentURL: " + stringBuffer + "\nCurrentURI: " + servletURI + "\nWasReqURL: " + referrerURLFromCookies, new Object[0]);
            }
            if (stringBuffer != null && servletURI != null && referrerURLFromCookies.toLowerCase().indexOf(servletURI.toLowerCase()) > 0 && !referrerURLFromCookies.equalsIgnoreCase(stringBuffer)) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Redirect the request to the original URL: " + referrerURLFromCookies, new Object[0]);
                }
                authenticationResult = new AuthenticationResult(AuthResult.REDIRECT, referrerURLFromCookies);
                invalidateReferrerURLCookie(httpServletRequest, httpServletResponse, str);
            }
        }
        return authenticationResult;
    }

    public String getPathName(HttpServletRequest httpServletRequest) {
        return this.webAppSecConfig.isIncludePathInWASReqURL() ? httpServletRequest.getContextPath() : "/";
    }

    public void setReferrerURLCookie(HttpServletRequest httpServletRequest, AuthenticationResult authenticationResult, String str) {
        if (str.contains("/favicon.ico") && CookieHelper.getCookieValue(httpServletRequest.getCookies(), REFERRER_URL_COOKIENAME) != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Will not update the WASReqURL cookie", new Object[0]);
                return;
            }
            return;
        }
        if (!this.webAppSecConfig.getPreserveFullyQualifiedReferrerUrl()) {
            str = removeHostNameFromURL(str);
        }
        String encodeURL = encodeURL(str);
        Cookie cookie = new Cookie(REFERRER_URL_COOKIENAME, encodeURL);
        cookie.setPath(getPathName(httpServletRequest));
        cookie.setMaxAge(-1);
        cookie.setSecure(this.webAppSecConfig.getSSORequiresSSL());
        authenticationResult.setCookie(cookie);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "set WASReqURL cookie into AuthenticationResult.", new Object[0]);
            Tr.debug(tc, "setReferrerURLCookie", "Referrer URL cookie set " + encodeURL);
        }
    }
}
