package com.ibm.ws.security.web.saml.util;

import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.util.Base64Coder;
import com.ibm.ws.security.util.StringUtil;
import com.ibm.ws.webcontainer.srt.SRTServletRequest;
import com.ibm.ws.websvcs.transport.common.TransportConstants;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/security/web/saml/util/SAMLTaiState.class */
public class SAMLTaiState {
    protected static final String comp = "security.wssecurity";
    protected static final TraceComponent tc = Tr.register(SAMLTaiState.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    protected static final String clsName = SAMLTaiState.class.getName();
    public static final String REFERER_URL_COOKIENAME = "WasSamlSpReqURL";
    protected static final String POSTPARAM_COOKIE = "WASPostParam";
    protected static final String POSTPARAM_FAILED = "NO_PARAMETER";
    protected static final String POSTPARAM_URL = "U";
    protected static final String POSTPARAM_PARAM = "P";
    protected static final String INITIAL_URL = "ACS_INITIAL_URL";
    protected static final String PARAM_NAMES = "ACS_PARAM_NAMES";
    protected static final String PARAM_VALUES = "ACS_PARAM_VALUES";

    public static void restorePostParams(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityConfig securityConfig) {
        HttpSession session;
        String requestURI = httpServletRequest.getRequestURI();
        String method = httpServletRequest.getMethod();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "restorePostParams");
        }
        if (!(httpServletRequest instanceof SRTServletRequest)) {
            Tr.exit(tc, "restorePostParams-No SRTServletRequest");
            return;
        }
        SRTServletRequest sRTServletRequest = (SRTServletRequest) httpServletRequest;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " method : " + method + " URL:" + requestURI);
        }
        int postParamSaveMethod = getPostParamSaveMethod(securityConfig);
        if (postParamSaveMethod == 0) {
            byte[] cookieValueAsBytes = sRTServletRequest.getCookieValueAsBytes(POSTPARAM_COOKIE);
            if (cookieValueAsBytes != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Found the cookie, restoring POST parameters: " + new String(cookieValueAsBytes));
                }
                sRTServletRequest.setMethod("POST");
                try {
                    Hashtable hashtable = (Hashtable) new ObjectInputStream(new ByteArrayInputStream(Base64Coder.base64Decode(cookieValueAsBytes))).readObject();
                    if (tc.isDebugEnabled() && hashtable != null) {
                        Tr.debug(tc, "Original URL:" + hashtable.get(POSTPARAM_URL));
                    }
                    if (hashtable != null && hashtable.get(POSTPARAM_URL).equals(requestURI)) {
                        sRTServletRequest.setInputStreamData((HashMap) ((Map) hashtable.get(POSTPARAM_PARAM)));
                        Tr.debug(tc, "restored POST paramameters");
                    }
                } catch (Exception e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception restoring POST parameters from the cookie: ", new Object[]{e});
                    }
                    FFDCFilter.processException(e, "com.ibm.ws.security.web.WebAuthenticator.restorePostParams", "1984");
                }
            }
        } else if (postParamSaveMethod == 1 && (session = httpServletRequest.getSession(false)) != null) {
            String str = (String) session.getAttribute(INITIAL_URL);
            if (str != null && str.equals(requestURI)) {
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found the session, restoring POST parameters.");
                    }
                    sRTServletRequest.setMethod("POST");
                    Map map = (Map) session.getAttribute(PARAM_VALUES);
                    if (map != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Restoring POST paramameters for URL : " + requestURI);
                        }
                        sRTServletRequest.setInputStreamData((HashMap) map);
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "No parameters to restore for URL : " + requestURI);
                    }
                } catch (IOException e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "IOException restoring POST parameters onto a cookie: ", new Object[]{e2});
                    }
                    FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebAuthenticator.savePostParams", "%C");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Parameters NOT restored. Original URL : " + str + " req. URL : " + requestURI);
            }
        }
        deletePOSTPARAM(httpServletRequest, httpServletResponse, securityConfig);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "restorePostParams");
        }
    }

    private static void savePostParams(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityConfig securityConfig) {
        HttpSession session;
        String requestURI = httpServletRequest.getRequestURI();
        String method = httpServletRequest.getMethod();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "savePostParams");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " method : " + method + " URL:" + requestURI);
        }
        if (!(httpServletRequest instanceof SRTServletRequest)) {
            Tr.exit(tc, "savePostParams-No SRTServletRequest");
            return;
        }
        SRTServletRequest sRTServletRequest = (SRTServletRequest) httpServletRequest;
        try {
            if (method.equalsIgnoreCase("post")) {
                HashMap inputStreamData = sRTServletRequest.getInputStreamData();
                int postParamSaveMethod = getPostParamSaveMethod(securityConfig);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "prop:" + postParamSaveMethod);
                }
                if (postParamSaveMethod == 0) {
                    Hashtable hashtable = new Hashtable();
                    if (inputStreamData != null) {
                        hashtable.put(POSTPARAM_URL, requestURI);
                        hashtable.put(POSTPARAM_PARAM, inputStreamData);
                        String str = null;
                        try {
                            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                            new ObjectOutputStream(byteArrayOutputStream).writeObject(hashtable);
                            byte[] byteArray = byteArrayOutputStream.toByteArray();
                            int intValue = Integer.valueOf(securityConfig.getProperty(SecurityConfig.PROP_POSTPARAM_COOKIE_SIZE)).intValue();
                            if (tc.isDebugEnabled()) {
                                int i = 0;
                                if (byteArray != null) {
                                    i = byteArray.length;
                                }
                                Tr.debug(tc, "length:" + i + "  maximum length:" + intValue);
                            }
                            if (byteArray == null || byteArray.length >= intValue) {
                                Tr.warning(tc, "Post parameters are null or too large to store into a cookie.");
                            } else {
                                byte[] base64Encode = Base64Coder.base64Encode(byteArray);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "encoded length:" + base64Encode.length);
                                }
                                str = StringUtil.toString(base64Encode);
                            }
                        } catch (Exception e) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Exception storing POST parameters onto a cookie: ", new Object[]{e});
                            }
                            FFDCFilter.processException(e, "com.ibm.ws.security.web.WebAuthenticator.savePostParams", "%C");
                        }
                        if (str != null) {
                            Cookie cookie = new Cookie(POSTPARAM_COOKIE, str);
                            cookie.setMaxAge(-1);
                            cookie.setPath(requestURI);
                            httpServletResponse.addCookie(cookie);
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "encoded POST parameters: " + str);
                        }
                    }
                } else if (postParamSaveMethod == 1 && (session = httpServletRequest.getSession(true)) != null) {
                    session.setAttribute(INITIAL_URL, requestURI);
                    session.setAttribute(PARAM_NAMES, null);
                    session.setAttribute(PARAM_VALUES, inputStreamData);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "URL saved : " + requestURI.toString());
                    }
                }
            }
        } catch (IOException e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "IO Exception storing POST parameters onto a cookie: ", new Object[]{e2});
            }
            FFDCFilter.processException(e2, "com.ibm.ws.security.web.WebAuthenticator.savePostParams", "1928");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "savePostParams");
        }
    }

    public static void saveReqURL(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityConfig securityConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "saveReqURL([" + ConfigUtil.getObjState(httpServletRequest) + "],res[" + ConfigUtil.getObjState(httpServletResponse) + "],security[" + ConfigUtil.getObjState(securityConfig) + "])");
        }
        httpServletRequest.getCookies();
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "reqURL [" + ((Object) requestURL) + "]");
        }
        if (httpServletRequest.getQueryString() != null) {
            requestURL.append(TransportConstants.queryStrPrefix);
            requestURL.append(httpServletRequest.getQueryString());
        }
        String stringBuffer = requestURL.toString();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "storedReq [" + stringBuffer + "]");
        }
        String replaceAll = stringBuffer.replaceAll("%", "%25").replaceAll(";", "%3B").replaceAll(",", "%2C");
        Cookie cookie = new Cookie(REFERER_URL_COOKIENAME, replaceAll);
        cookie.setPath("/");
        cookie.setMaxAge(-1);
        httpServletResponse.addCookie(cookie);
        savePostParams(httpServletRequest, httpServletResponse, securityConfig);
        if (tc.isDebugEnabled() && stringBuffer != null && !stringBuffer.equals(replaceAll)) {
            Tr.debug(tc, "SAML TAI Challenge : changed output storedReq from " + stringBuffer + " to " + replaceAll);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SAML TAI challenge login: Referer URL cookie set " + replaceAll);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "saveReqURL");
        }
    }

    public static String restoreReqURL(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "restoreReqURL(req[" + ConfigUtil.getObjState(httpServletRequest) + "],res[" + ConfigUtil.getObjState(httpServletResponse) + "],URLString[" + str + "])");
        }
        String cookieValue = getCookieValue(httpServletRequest.getCookies(), REFERER_URL_COOKIENAME);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "storedReq[" + ConfigUtil.hasValue(cookieValue) + "]");
        }
        if (cookieValue != null && !cookieValue.isEmpty()) {
            cookieValue = cookieValue.replaceAll("%3B", ";").replaceAll("%25", "%").replaceAll("%2C", ",");
            if (!cookieValue.equals(cookieValue) && tc.isDebugEnabled()) {
                Tr.debug(tc, "changed input req from [" + cookieValue + "] to [" + cookieValue + "]");
            }
            if (cookieValue.startsWith("/") || cookieValue.length() == 0) {
                cookieValue = str.substring(0, str.indexOf("/", str.indexOf("//") + 2)) + cookieValue;
            } else {
                try {
                    String host = new URL(cookieValue).getHost();
                    if (str != null && !str.isEmpty() && (host == null || host.isEmpty())) {
                        String host2 = new URL(str).getHost();
                        int indexOf = cookieValue.indexOf("//");
                        if (indexOf != -1) {
                            StringBuffer stringBuffer = new StringBuffer(cookieValue);
                            stringBuffer.insert(indexOf + 2, host2);
                            cookieValue = stringBuffer.toString();
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "WASReqURL is malformed. WASReqURL: " + cookieValue);
                        }
                    }
                } catch (MalformedURLException e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "WASReqURL or requested URL is malformed. WASReqURL: " + cookieValue + " RequestedURL: " + str);
                    }
                }
            }
            destroyREFERER_URLCookie(httpServletResponse);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "redirecting to the original URL: " + cookieValue);
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "original URL is unknown, use [" + str + "]");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "restoreReqURL returns [" + cookieValue + "]");
        }
        return cookieValue;
    }

    public static boolean destroyREFERER_URLCookie(HttpServletResponse httpServletResponse) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "destroyREFERER_URLCookie");
        }
        Cookie cookie = new Cookie(REFERER_URL_COOKIENAME, "");
        cookie.setPath("/");
        cookie.setMaxAge(0);
        httpServletResponse.addCookie(cookie);
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "destroyREFERER_URLCookie");
        return true;
    }

    public static boolean deletePOSTPARAM(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityConfig securityConfig) {
        HttpSession session;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "deletePOSTPARAM");
        }
        SRTServletRequest sRTServletRequest = (SRTServletRequest) httpServletRequest;
        int postParamSaveMethod = getPostParamSaveMethod(securityConfig);
        if (postParamSaveMethod == 0) {
            if (sRTServletRequest.getCookieValueAsBytes(POSTPARAM_COOKIE) != null) {
                Cookie cookie = new Cookie(POSTPARAM_COOKIE, POSTPARAM_FAILED);
                cookie.setPath(httpServletRequest.getRequestURI());
                cookie.setMaxAge(0);
                httpServletResponse.addCookie(cookie);
            }
        } else if (postParamSaveMethod == 1 && (session = httpServletRequest.getSession(true)) != null && session.getAttribute(INITIAL_URL) != null) {
            session.removeAttribute(INITIAL_URL);
            session.removeAttribute(PARAM_NAMES);
            session.removeAttribute(PARAM_VALUES);
        }
        destroyREFERER_URLCookie(httpServletResponse);
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "deletePOSTPARAM");
        return true;
    }

    private static String getCookieValue(Cookie[] cookieArr, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCookieValue", str);
        }
        String str2 = null;
        if (cookieArr != null) {
            int i = 0;
            while (true) {
                if (i >= cookieArr.length) {
                    break;
                }
                if (str.equals(cookieArr[i].getName())) {
                    str2 = cookieArr[i].getValue();
                    break;
                }
                i++;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCookieValue returns [" + str2 + "]");
        }
        return str2;
    }

    protected static int getPostParamSaveMethod(SecurityConfig securityConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPostParamSaveMethod");
        }
        int i = 0;
        String str = null;
        if (securityConfig != null) {
            str = securityConfig.getProperty(SecurityConfig.PROP_POSTPARAM_SAVE_METHOD);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "postParamSaveMethod string: " + str);
        }
        if (str != null) {
            if (str.equalsIgnoreCase("Cookie")) {
                i = 0;
            } else if (str.equalsIgnoreCase("Session")) {
                i = 1;
            } else if (str.equalsIgnoreCase("Disable")) {
                i = 2;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "postParamSaveMethod value: " + i);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPostParamSaveMethod returns [" + i + "]");
        }
        return i;
    }
}
