package com.ibm.ws.security.saml.sso20.internal.utils;

import com.ibm.websphere.pmi.PmiConstants;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.saml.Constants;
import com.ibm.ws.security.saml.error.SamlException;
import com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl;
import com.ibm.ws.webcontainer.security.WebAppSecurityConfig;
import com.ibm.wsspi.webcontainer.servlet.IExtendedRequest;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLDecoder;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.equinox.http.servlet.internal.util.Const;
import org.joda.time.DateTime;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.saml.sso20_1.0.14.jar:com/ibm/ws/security/saml/sso20/internal/utils/RequestInfo.class */
public class RequestInfo implements Serializable {
    private static final long serialVersionUID = 1;
    private static final transient TraceComponent tc = Tr.register((Class<?>) RequestInfo.class, "SAML20", "com.ibm.ws.security.saml.sso20.internal.resources.SamlSso20Messages");
    public static final String METHOD_POST = "POST";
    public static final String METHOD_GET = "GET";
    String queryString;
    String requestUrl;
    String method;
    HashMap<String, String[]> parameters;
    String strInResponseToId;
    String fragement;
    String fragmentCookieId;
    String rawRequestUrl;
    boolean bNeedFragment;
    DateTime birthTime;

    public RequestInfo(HttpServletRequest httpServletRequest) {
        this.fragement = null;
        this.fragmentCookieId = null;
        this.rawRequestUrl = null;
        this.bNeedFragment = true;
        this.birthTime = new DateTime();
        this.requestUrl = httpServletRequest.getRequestURL().toString();
        this.method = httpServletRequest.getMethod();
        this.strInResponseToId = SamlUtil.generateRandomID();
        if ("GET".equalsIgnoreCase(this.method)) {
            initGet(httpServletRequest);
        } else if ("POST".equalsIgnoreCase(this.method)) {
            initPost(httpServletRequest);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Request: unknown method (" + this.method + ")", new Object[0]);
        }
    }

    public String getInResponseToId() {
        return this.strInResponseToId;
    }

    public RequestInfo(String str, String str2) {
        this.fragement = null;
        this.fragmentCookieId = null;
        this.rawRequestUrl = null;
        this.bNeedFragment = true;
        this.birthTime = new DateTime();
        this.method = "GET";
        this.requestUrl = str;
        this.queryString = str2;
    }

    public RequestInfo(String str) {
        this.fragement = null;
        this.fragmentCookieId = null;
        this.rawRequestUrl = null;
        this.bNeedFragment = true;
        this.birthTime = new DateTime();
        this.method = "POST";
        this.requestUrl = str;
    }

    public void setParameter(String str, String[] strArr) {
        if (this.parameters == null) {
            this.parameters = new HashMap<>();
        }
        this.parameters.put(str, strArr);
    }

    void initGet(HttpServletRequest httpServletRequest) {
        this.queryString = httpServletRequest.getQueryString();
        String contentType = httpServletRequest.getContentType();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Request:(" + this.method + ")" + this.requestUrl + "?" + this.queryString + " contentType:" + contentType, new Object[0]);
        }
    }

    void initPost(HttpServletRequest httpServletRequest) {
        Enumeration<String> parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String nextElement = parameterNames.nextElement();
            String[] parameterValues = httpServletRequest.getParameterValues(nextElement);
            if (this.parameters == null) {
                this.parameters = new HashMap<>();
            }
            this.parameters.put(nextElement, parameterValues);
        }
        String contentType = httpServletRequest.getContentType();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Request:(" + this.method + ")" + this.requestUrl + "?" + this.queryString + " contentType:" + contentType, new Object[0]);
        }
    }

    public String getQueryString() {
        return this.queryString;
    }

    public String getRequestUrl() {
        return this.requestUrl;
    }

    public void redirectCachedRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws SamlException {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "redirectCachedRequest:(" + this.method + ")", new Object[0]);
        }
        this.requestUrl = separateFragement(this.requestUrl);
        if ("GET".equalsIgnoreCase(this.method)) {
            queryStringToParameters();
        }
        redirectRequest(httpServletRequest, httpServletResponse, str, str2);
    }

    String separateFragement(String str) {
        int indexOf = str.indexOf("#");
        if (indexOf <= 0) {
            return str;
        }
        this.fragement = str.substring(indexOf + 1);
        return str.substring(0, indexOf);
    }

    public void redirectRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws SamlException {
        if (str != null && str2 != null) {
            try {
                RequestUtil.createCookie(httpServletRequest, httpServletResponse, str, str2);
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.saml.sso20.internal.utils.RequestInfo", "263", this, new Object[]{httpServletRequest, httpServletResponse, str, str2});
                throw new SamlException(e);
            }
        }
        httpServletResponse.setHeader("Cache-Control", "no-cache, no-store, must-revalidate, private, max-age=0");
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setDateHeader("Expires", 0L);
        httpServletResponse.setContentType("text/html");
        if (this.method.equalsIgnoreCase("POST") || !(this.parameters == null || this.parameters.isEmpty())) {
            StringBuffer stringBuffer = new StringBuffer();
            try {
                stringBuffer.append("<HTML xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\">");
                stringBuffer.append("<HEAD>");
                stringBuffer.append("</HEAD>");
                stringBuffer.append("<BODY onload=\"document.forms[0].submit()\">");
                stringBuffer.append("<FORM name=\"redirectform\" id=\"redirectform\" action=\"");
                stringBuffer.append(this.requestUrl);
                if (this.fragement != null && !this.fragement.isEmpty()) {
                    stringBuffer.append("#" + this.fragement);
                }
                stringBuffer.append("\" method=\"" + this.method + "\"><div>");
                if (this.bNeedFragment) {
                    stringBuffer.append(handleFragmentCookies());
                }
                if (this.parameters != null && !this.parameters.isEmpty()) {
                    for (Map.Entry<String, String[]> entry : this.parameters.entrySet()) {
                        String key = entry.getKey();
                        String[] value = entry.getValue();
                        if (value == null || value.length <= 0) {
                            stringBuffer.append("<input type=\"hidden\" name=\"" + key + " value=\"\"/>");
                        } else {
                            for (String str3 : value) {
                                stringBuffer.append("<input type=\"hidden\" name=\"" + key + PmiConstants.XML_VALUE + str3 + "\"/>");
                            }
                        }
                    }
                }
                stringBuffer.append("</div>");
                stringBuffer.append("<noscript><div>");
                stringBuffer.append("<button type=\"submit\" name=\"redirectform\">Process request</button>");
                stringBuffer.append("</div></noscript>");
                stringBuffer.append("</FORM></BODY></HTML>");
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "... expect to be redirected by the browser (" + this.method + ")\n" + stringBuffer.toString(), new Object[0]);
                }
                PrintWriter writer = httpServletResponse.getWriter();
                writer.println(stringBuffer.toString());
                writer.flush();
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.saml.sso20.internal.utils.RequestInfo", "237", this, new Object[]{httpServletRequest, httpServletResponse, str, str2});
                throw new SamlException(e2);
            }
        } else {
            String str4 = this.requestUrl;
            if (this.fragement != null && !this.fragement.isEmpty()) {
                str4 = str4 + "#" + this.fragement;
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "... expect to be redirected by the browser (" + this.method + ")\n" + str4, new Object[0]);
            }
            httpServletResponse.sendRedirect(str4);
        }
    }

    String handleFragmentCookies() {
        String str = Constants.COOKIE_NAME_SAML_FRAGMENT + getFragmentCookieId();
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("\n<SCRIPT type=\"TEXT/JAVASCRIPT\" language=\"JavaScript\">\n");
        stringBuffer.append("document.cookie = '");
        stringBuffer.append(str + "=' + encodeURIComponent(window.location.href) + '; Path=/;");
        WebAppSecurityConfig globalWebAppSecurityConfig = WebAppSecurityCollaboratorImpl.getGlobalWebAppSecurityConfig();
        if (globalWebAppSecurityConfig != null && globalWebAppSecurityConfig.getSSORequiresSSL()) {
            stringBuffer.append(" secure;");
        }
        stringBuffer.append("';\n");
        stringBuffer.append("</SCRIPT>\n");
        return stringBuffer.toString();
    }

    public void redirectPostRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws SamlException {
        this.method = "POST";
        redirectRequest(httpServletRequest, httpServletResponse, str, str2);
    }

    public void redirectGetRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, boolean z) throws SamlException {
        this.method = "GET";
        queryStringToParameters();
        redirectRequest(httpServletRequest, httpServletResponse, str, str2);
    }

    void queryStringToParameters() throws SamlException {
        if (this.parameters == null) {
            this.parameters = new HashMap<>();
        }
        try {
            int indexOf = this.requestUrl.indexOf("?");
            if (indexOf > 0) {
                String substring = this.requestUrl.substring(indexOf + 1);
                this.requestUrl = this.requestUrl.substring(0, indexOf);
                queryStringToParameters(substring);
            }
            queryStringToParameters(this.queryString);
        } catch (UnsupportedEncodingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.saml.sso20.internal.utils.RequestInfo", "334", this, new Object[0]);
            throw new SamlException(e);
        }
    }

    void queryStringToParameters(String str) throws UnsupportedEncodingException {
        if (str == null || str.isEmpty()) {
            return;
        }
        for (String str2 : str.split(Const.AMP)) {
            int indexOf = str2.indexOf("=");
            if (indexOf > 0) {
                handleParameter(str2.substring(0, indexOf), str2.substring(indexOf + 1));
            } else {
                handleParameter(str2, "");
            }
        }
    }

    void handleParameter(String str, String str2) throws UnsupportedEncodingException {
        String decode = URLDecoder.decode(str, "UTF-8");
        this.parameters.put(decode, getStringArray(decode, URLDecoder.decode(str2, "UTF-8")));
    }

    String[] getStringArray(String str, String str2) {
        String[] newArray = getNewArray(this.parameters.get(str));
        newArray[newArray.length - 1] = str2;
        return newArray;
    }

    String[] getNewArray(String[] strArr) {
        if (strArr == null) {
            return new String[1];
        }
        String[] strArr2 = new String[strArr.length + 1];
        System.arraycopy(strArr, 0, strArr2, 0, strArr.length);
        return strArr2;
    }

    public boolean isEquivalent(RequestInfo requestInfo) throws SamlException {
        if (requestInfo == null) {
            return false;
        }
        if ("GET".equalsIgnoreCase(this.method)) {
            return isGetEquivalent(requestInfo);
        }
        if ("POST".equalsIgnoreCase(this.method)) {
            return isPostEquivalent(requestInfo);
        }
        return false;
    }

    private boolean isPostEquivalent(RequestInfo requestInfo) {
        if (safeCompare(this.requestUrl, requestInfo.requestUrl)) {
            return safeCompare(this.parameters, requestInfo.parameters);
        }
        return false;
    }

    boolean safeCompare(HashMap<String, String[]> hashMap, HashMap<String, String[]> hashMap2) {
        if (contains(hashMap, hashMap2)) {
            return contains(hashMap2, hashMap);
        }
        return false;
    }

    public static boolean contains(HashMap<String, String[]> hashMap, HashMap<String, String[]> hashMap2) {
        for (Map.Entry<String, String[]> entry : hashMap2.entrySet()) {
            if (!safeCompare(entry.getValue(), hashMap.get(entry.getKey()))) {
                return false;
            }
        }
        return true;
    }

    public static boolean safeCompare(String[] strArr, String[] strArr2) {
        if (strArr == null) {
            return strArr2 == null;
        }
        if (strArr2 == null || strArr.length != strArr2.length) {
            return false;
        }
        for (String str : strArr) {
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= strArr2.length) {
                    break;
                }
                if (safeCompare(str, strArr2[i])) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                return false;
            }
        }
        return true;
    }

    private boolean isGetEquivalent(RequestInfo requestInfo) throws SamlException {
        return sameUrl(requestInfo.getUrl(), getUrl());
    }

    boolean sameUrl(URL url, URL url2) {
        return url == null ? url2 == null : url2 != null && safeCompare(url.getProtocol(), url2.getProtocol()) && safeCompare(url.getHost(), url2.getHost()) && safeCompare(url.getPort(), url2.getPort()) && safeCompare(url.getPath(), url2.getPath()) && sameQuery(url.getQuery(), url2.getQuery());
    }

    boolean sameQuery(String str, String str2) {
        if (str == null) {
            return str2 == null;
        }
        if (str2 == null) {
            return false;
        }
        return safeCompare(parseQueryString(str), parseQueryString(str2));
    }

    HashMap<String, String[]> parseQueryString(String str) {
        HashMap<String, String[]> hashMap = new HashMap<>();
        for (String str2 : str.split(Const.AMP)) {
            int indexOf = str2.indexOf("=");
            if (indexOf < 0) {
                hashMap.put(str2, new String[0]);
            } else {
                hashMap.put(str2.substring(0, indexOf), new String[]{str2.substring(indexOf + 1)});
            }
        }
        return hashMap;
    }

    public static boolean safeCompare(String str, String str2) {
        return str == null ? str2 == null : str.equals(str2);
    }

    public static boolean safeCompare(int i, int i2) {
        return i == i2;
    }

    URL getUrl() throws SamlException {
        final String requestUrl = getRequestUrl();
        final String queryString = getQueryString();
        try {
            URL url = (URL) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.security.saml.sso20.internal.utils.RequestInfo.1
                static final long serialVersionUID = -2442505448616040835L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    return (queryString == null || queryString.isEmpty()) ? new URL(requestUrl) : new URL(requestUrl + "?" + queryString);
                }
            });
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "URL protocol:" + url.getProtocol() + " host:" + url.getHost() + " port:" + url.getPort() + " path:" + url.getPath() + " query:" + url.getQuery(), new Object[0]);
            }
            return url;
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.saml.sso20.internal.utils.RequestInfo", "575", this, new Object[0]);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Got unexpect exception while parse URL requestUri:[" + requestUrl + "] query:[" + queryString + org.eclipse.persistence.internal.oxm.Constants.XPATH_INDEX_CLOSED, new Object[0]);
            }
            throw new SamlException(e);
        }
    }

    public void setWithFragmentUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SamlException {
        this.rawRequestUrl = RequestUtil.getCookieId((IExtendedRequest) httpServletRequest, httpServletResponse, Constants.COOKIE_NAME_SAML_FRAGMENT + this.fragmentCookieId);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Original RequestUrl:" + this.requestUrl, new Object[0]);
        }
        String str = this.rawRequestUrl;
        if (this.rawRequestUrl != null && !this.rawRequestUrl.isEmpty()) {
            try {
                str = URLDecoder.decode(this.rawRequestUrl, "UTF-8");
                if (str.startsWith(this.requestUrl)) {
                    this.requestUrl = str;
                    this.queryString = "";
                    return;
                }
            } catch (UnsupportedEncodingException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.saml.sso20.internal.utils.RequestInfo", "611", this, new Object[]{httpServletRequest, httpServletResponse});
                throw new SamlException(e);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "***** Hmm ***** newRequestUrl :" + str, new Object[0]);
        }
    }

    public String getFragmentCookieId() {
        if (this.fragmentCookieId == null) {
            this.fragmentCookieId = SamlUtil.generateRandom(8);
        }
        return this.fragmentCookieId;
    }

    public void setFragmentCookieId(String str) {
        this.fragmentCookieId = str;
    }

    public void redirectCachedRequestNoFragment(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws SamlException {
        this.bNeedFragment = false;
        redirectCachedRequest(httpServletRequest, httpServletResponse, str, str2);
    }

    public DateTime getBirthTime() {
        return this.birthTime;
    }
}
