package com.ibm.ws.security.web;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.events.util.CeiString;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.cmdframework.impl.CommandSecurityUtil;
import com.ibm.ws.security.audit.AuditHandlerImpl;
import com.ibm.ws.security.auth.AuthCache;
import com.ibm.ws.security.auth.CacheException;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.SecurityConfig;
import com.ibm.ws.webcontainer.util.WebContainerSystemProps;
import com.ibm.wsspi.security.audit.AuditOutcome;
import com.ibm.wsspi.security.audit.AuditService;
import com.ibm.wsspi.security.audit.J2EEAuditEventFactory;
import com.ibm.wsspi.webcontainer.extension.WebExtensionProcessor;
import com.ibm.wsspi.webcontainer.servlet.IServletContext;
import java.io.IOException;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.Principal;
import java.util.Enumeration;
import java.util.StringTokenizer;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ws/security/web/FormLogoutExtensionProcessor.class */
public class FormLogoutExtensionProcessor extends WebExtensionProcessor {
    private static TraceComponent tc;
    protected static String DEFAULT_LOGOUT_MSG;
    private WebAttributes _webAttrs;
    private String _authMechanism;
    boolean _securityEnabled;
    private static AuditHandlerImpl auditHandler;
    private static J2EEAuditEventFactory auditFactory;
    private static final String providerName = "WebSphere";
    private static final boolean providerSuccess = true;
    private static AuditService auditService;
    private static final String ADMIN_APP = "adminconsole";
    private static String ABSOLUTE_URI;
    private boolean _adminConsole;
    private boolean _absoluteUri;
    static Class class$com$ibm$ws$security$web$FormLogoutExtensionProcessor;

    public FormLogoutExtensionProcessor(IServletContext iServletContext) {
        super(iServletContext);
        this._webAttrs = null;
        this._authMechanism = null;
        this._securityEnabled = false;
        this._adminConsole = false;
        this._absoluteUri = false;
        this._adminConsole = false;
        this._absoluteUri = false;
        this._securityEnabled = ((Boolean) SecurityConfig.getConfig().getValue("security.enabled")).booleanValue();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("int, securityEnabled[").append(this._securityEnabled).append(CeiString.END_SQUARE_BRACKET).toString());
        }
        if (this._securityEnabled) {
            try {
                SecurityMetaData securityMetaData = (SecurityMetaData) iServletContext.getWebAppConfig().getMetaData().getSecurityMetaData();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Create WebAttributes for this webApp.");
                }
                if (securityMetaData != null) {
                    this._webAttrs = securityMetaData.getWebAttributes();
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "In FormLogoutExtensionProcessor(), security MetaData is null.");
                }
                if (this._webAttrs == null) {
                    Tr.error(tc, "security.web.form.createWebAttr");
                } else {
                    this._authMechanism = this._webAttrs.getAuthMechanism();
                    if (ADMIN_APP.equalsIgnoreCase(this._webAttrs.getWebAppName())) {
                        this._adminConsole = true;
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("securityEnabled[").append(this._securityEnabled).append("] ").append("authMachism[").append(this._authMechanism).append(CeiString.END_SQUARE_BRACKET).toString());
                    }
                }
                String property = System.getProperty(ABSOLUTE_URI);
                if (property != null && property.equalsIgnoreCase("true")) {
                    this._absoluteUri = true;
                }
                this._authMechanism = (String) SecurityConfig.getConfig().getValue("security.activeAuthMechanism");
                if (auditService == null) {
                    auditService = ContextManagerFactory.getInstance().getAuditService();
                    if (auditService != null) {
                        auditHandler = (AuditHandlerImpl) auditService.newAuditHandler("WAS.security", "WAS.security");
                        auditFactory = (J2EEAuditEventFactory) auditHandler.getAuditEventFactory(CommonConstants.AUDIT_J2EE_FACTORY_NAME);
                        if (auditFactory != null && !Class.forName("com.ibm.wsspi.security.audit.J2EEAuditEventFactory").isInstance(auditFactory)) {
                            auditFactory = null;
                        }
                    }
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.web.FormLogoutServlet.init", "103", this);
                Tr.error(tc, "security.web.form.noWebAppInfo", new Object[]{e});
            }
        }
    }

    public void handleRequest(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (this._securityEnabled && (servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse)) {
            formLogout((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse);
        }
    }

    private void formLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Principal userPrincipal;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "formLogout");
        }
        if (auditHandler != null && this._webAttrs != null) {
            auditHandler.setAppName(this._webAttrs.getWebAppName());
        }
        if (auditFactory != null && httpServletRequest != null && auditFactory.isActive(11, 0)) {
            auditFactory.sendLogoutAuditEvent(auditHandler, AuditOutcome.SUCCESS, "SUCCESS", httpServletRequest.getSession().getId(), null, ContextManagerFactory.getInstance().getDefaultRealm(), null, providerName, true, null, httpServletRequest.getRemoteAddr(), httpServletRequest.getRemoteHost(), httpServletRequest.getRemotePort(), "security.audit.logout.success.audit", null);
        }
        if (this._authMechanism.equals("LTPA")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "LTPA Enabled, clearing LTPA Cookies");
            }
            this._webAttrs.createLogoutCookies(httpServletRequest, httpServletResponse);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "LTPA and SSO NOT Enabled");
        }
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "invalidating existing HTTP Session");
            }
            session.invalidate();
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Existing HTTP Session does not exist, nothing to invalidate");
        }
        String remoteUser = httpServletRequest.getRemoteUser();
        if (remoteUser == null && (userPrincipal = httpServletRequest.getUserPrincipal()) != null) {
            remoteUser = userPrincipal.getName();
        }
        if (remoteUser != null) {
            try {
                AuthCache.getInstance().removeEntry(null, remoteUser);
            } catch (CacheException e) {
                Tr.debug(tc, new StringBuffer().append("Exception caught while trying to remove a cache entry: ").append(e).toString());
            }
        }
        if (tc.isDebugEnabled()) {
            Enumeration parameterNames = httpServletRequest.getParameterNames();
            while (parameterNames.hasMoreElements()) {
                String str = (String) parameterNames.nextElement();
                Tr.debug(tc, new StringBuffer().append("paramName:").append(str).toString());
                String[] parameterValues = httpServletRequest.getParameterValues(str);
                if (parameterValues.length == 1) {
                    String str2 = parameterValues[0];
                    if (str2.length() == 0) {
                        Tr.debug(tc, "paramValue:No Value");
                    } else {
                        Tr.debug(tc, new StringBuffer().append("paramValue:").append(str2).toString());
                    }
                } else {
                    for (String str3 : parameterValues) {
                        Tr.debug(tc, new StringBuffer().append("paramValue:").append(str3).toString());
                    }
                }
            }
        }
        String parameter = httpServletRequest.getParameter("logoutExitPage");
        boolean z = false;
        try {
            boolean z2 = SecurityConfig.getConfig().getBoolean(SecurityConfig.ALLOW_ANY_LOGOUT_EXIT_PAGE_HOST);
            Tr.debug(tc, new StringBuffer().append("com.ibm.websphere.security.allowAnyLogoutExitPageHost is set to: ").append(z2).toString());
            if (parameter == null || z2 || parameter.equals("logon.jsp")) {
                z = true;
            } else {
                z = verifyLogoutURL(httpServletRequest, parameter);
                if (z) {
                    Tr.debug(tc, new StringBuffer().append("after verifyLogoutURL, logoutExitPage is valid: ").append(parameter).toString());
                } else {
                    Tr.debug(tc, new StringBuffer().append("after verifyLogoutURL, logoutExitPage is not valid: ").append(parameter).toString());
                }
            }
        } catch (Throwable th) {
            Tr.debug(tc, new StringBuffer().append("caught exception from calling: verifyLogoutURL: ").append(th.getMessage()).toString());
        }
        if (parameter == null || parameter.length() == 0 || !z) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No logoutExitPage or invalid logoutExitPage specified");
            }
            httpServletResponse.getWriter().println(DEFAULT_LOGOUT_MSG);
        } else {
            if (parameter.startsWith("//")) {
                parameter = parameter.substring(1);
            }
            if (!WebContainerSystemProps.getSendRedirectCompatibilty()) {
                Tr.debug(tc, "Compatibility=false (default) redirect mode");
                if (this._absoluteUri && !this._adminConsole) {
                    if (parameter.equals("/")) {
                        parameter = "";
                    } else if (parameter.startsWith("/")) {
                        parameter = parameter.substring(1);
                    }
                    Tr.debug(tc, "Logout exit page is not relative to Context Root.");
                } else if (parameter.startsWith("/")) {
                    StringBuffer stringBuffer = new StringBuffer();
                    String contextPath = httpServletRequest.getContextPath();
                    if (contextPath != null && contextPath.endsWith("/")) {
                        contextPath = contextPath.substring(0, contextPath.lastIndexOf("/"));
                    }
                    stringBuffer.append(contextPath);
                    stringBuffer.append(parameter);
                    parameter = stringBuffer.toString();
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("logoutExitPage specified, redirecting to: ").append(parameter).toString());
            }
            httpServletResponse.sendRedirect(httpServletResponse.encodeURL(parameter));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "formLogout");
        }
    }

    private boolean verifyLogoutURL(HttpServletRequest httpServletRequest, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "verifyLogoutURL", str);
        }
        boolean z = false;
        String str2 = null;
        try {
            String property = SecurityConfig.getConfig().getProperty(SecurityConfig.LOGOUT_EXIT_PAGE_DOMAIN_LIST);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("List of configured domains for the logout exit page is: ").append(property).toString());
            }
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "about to getLocalHost");
            }
            InetAddress localHost = InetAddress.getLocalHost();
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, new StringBuffer().append("return from getLocalHost: ").append(localHost).toString());
            }
            String hostName = localHost.getHostName();
            String hostAddress = localHost.getHostAddress();
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, new StringBuffer().append("short name of this host is: ").append(hostName).toString());
            }
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, new StringBuffer().append("ip address of this host is: ").append(hostAddress).toString());
            }
            String str3 = hostName;
            if (hostAddress != null) {
                str3 = InetAddress.getByName(hostAddress).getHostName();
                if (tc.isEntryEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("this host full name is: ").append(str3).toString());
                }
            }
            try {
                str2 = new URL(str).getHost();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("domain for exitPage url: ").append(str2).toString());
                }
            } catch (MalformedURLException e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("caught MalformedURLException getting url for exitPage: ").append(e.getMessage()).toString());
                }
                z = true;
            } catch (Exception e2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("caught exception getting url for exitPage: ").append(e2.getMessage()).toString());
                }
                z = false;
            }
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, new StringBuffer().append("specified name of the host for the url redirect is: ").append(str2).toString());
            }
            if (!z && str2 != null && (str2.equalsIgnoreCase("localhost") || str2.equals("127.0.0.1") || ((str3 != null && str2.equalsIgnoreCase(str3)) || ((hostName != null && str2.equalsIgnoreCase(hostName)) || (hostAddress != null && str2.equals(hostAddress)))))) {
                z = true;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exitPage points to this host: all ok");
                }
            } else if (!z && str2 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exitPage points to another host: verify that it is one on the list of allowed domains.");
                }
                if (property != null && property.length() > 0) {
                    StringTokenizer stringTokenizer = new StringTokenizer(property, CommandSecurityUtil.PARAM_DELIM);
                    while (stringTokenizer.hasMoreTokens()) {
                        String nextToken = stringTokenizer.nextToken();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("trying to match the domain for the exitPage : ").append(str2).append(" to a domain name: ").append(nextToken).append(" from the configured domain list").toString());
                        }
                        if (nextToken.equalsIgnoreCase(str2) || nextToken.equalsIgnoreCase(str)) {
                            z = true;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, new StringBuffer().append("matched a configured logout exit page domain: ").append(nextToken).toString());
                            }
                        }
                    }
                }
            } else if (str2 == null) {
                z = true;
            }
        } catch (Exception e3) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("caught an unknown exception: ").append(e3.getMessage()).toString());
            }
            z = false;
        }
        if (!z) {
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "about to attempt matching the logout exit url with the domain of the request.");
                }
                String host = new URL(new String(httpServletRequest.getRequestURL())).getHost();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append(" host of the request url is: ").append(host).append(" and the host of the logout URL is: ").append(str2).toString());
                }
                if (str2 != null && host != null) {
                    if (str2.equalsIgnoreCase(host)) {
                        z = true;
                    }
                }
            } catch (Exception e4) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("caught Exception trying to form  request URL object: ").append(e4.getMessage()).toString());
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "verifyLogoutURL", new Boolean(z));
        }
        return z;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$web$FormLogoutExtensionProcessor == null) {
            cls = class$("com.ibm.ws.security.web.FormLogoutExtensionProcessor");
            class$com$ibm$ws$security$web$FormLogoutExtensionProcessor = cls;
        } else {
            cls = class$com$ibm$ws$security$web$FormLogoutExtensionProcessor;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ejs.resources.security");
        DEFAULT_LOGOUT_MSG = "<!DOCTYPE HTML PUBLIC \"-//W3C/DTD HTML 4.0 Transitional//EN\"><HTML><TITLE>Default Logout Exit Page</TITLE><BODY><H2>Successful Logout</H2></BODY></HTML>";
        auditHandler = null;
        auditFactory = null;
        auditService = null;
        ABSOLUTE_URI = "com.ibm.websphere.security.web.absoluteUri";
    }
}
