package edu.yale.its.tp.cas.servlet;

import edu.yale.its.tp.cas.ticket.GrantorCache;
import edu.yale.its.tp.cas.ticket.ProxyGrantingTicket;
import edu.yale.its.tp.cas.ticket.ServiceTicket;
import edu.yale.its.tp.cas.ticket.ServiceTicketCache;
import edu.yale.its.tp.cas.ticket.TicketException;
import edu.yale.its.tp.cas.ticket.Util;
import edu.yale.its.tp.cas.util.SecureURL;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.SecureRandom;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jasig.cas.web.support.WebConstants;

/* loaded from: input_file:WEB-INF/lib/cas-2.0.12.jar:edu/yale/its/tp/cas/servlet/ServiceValidate.class */
public class ServiceValidate extends HttpServlet {
    private static final int PGT_IOU_LENGTH = 50;
    protected ServiceTicketCache stCache;
    protected GrantorCache pgtCache;
    private ServletContext app;
    private static final String INVALID_REQUEST = INVALID_REQUEST;
    private static final String INVALID_REQUEST = INVALID_REQUEST;
    private static final String INVALID_TICKET = INVALID_TICKET;
    private static final String INVALID_TICKET = INVALID_TICKET;
    private static final String INVALID_SERVICE = INVALID_SERVICE;
    private static final String INVALID_SERVICE = INVALID_SERVICE;
    private static final String INTERNAL_ERROR = INTERNAL_ERROR;
    private static final String INTERNAL_ERROR = INTERNAL_ERROR;
    private static int serial = 0;

    public void init(ServletConfig servletConfig) throws ServletException {
        this.app = servletConfig.getServletContext();
        this.stCache = (ServiceTicketCache) this.app.getAttribute("stCache");
        this.pgtCache = (GrantorCache) this.app.getAttribute("pgtCache");
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        try {
            PrintWriter writer = httpServletResponse.getWriter();
            if (httpServletRequest.getParameter("service") != null && httpServletRequest.getParameter(WebConstants.TICKET) != null) {
                String parameter = httpServletRequest.getParameter(WebConstants.TICKET);
                String parameter2 = httpServletRequest.getParameter("service");
                String parameter3 = httpServletRequest.getParameter("renew");
                ServiceTicket serviceTicket = (ServiceTicket) this.stCache.getTicket(parameter);
                if (serviceTicket == null) {
                    validationFailure(writer, INVALID_TICKET, new StringBuffer("ticket '").append(parameter).append("' not recognized").toString());
                } else if (!serviceTicket.getService().equals(parameter2)) {
                    validationFailure(writer, INVALID_SERVICE, new StringBuffer("ticket '").append(parameter).append("' does not match supplied service").toString());
                } else if (!"true".equals(parameter3) || serviceTicket.isFromNewLogin()) {
                    String str = null;
                    if (httpServletRequest.getParameter(WebConstants.PGTURL) != null) {
                        str = sendPgt(serviceTicket, httpServletRequest.getParameter(WebConstants.PGTURL));
                    }
                    validationSuccess(writer, serviceTicket, str);
                } else {
                    validationFailure(writer, INVALID_TICKET, "ticket not backed by initial CAS login, as requested");
                }
                return;
            }
            validationFailure(writer, INVALID_REQUEST, "'service' and 'ticket' parameters are both required");
        } catch (Exception e) {
            if (0 != 0) {
                try {
                    validationFailure(null, INTERNAL_ERROR, "Unexpected exception");
                } catch (IOException e2) {
                }
            }
        }
    }

    protected static void validationFailure(PrintWriter printWriter, String str, String str2) throws IOException {
        printWriter.println("<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>");
        printWriter.println(new StringBuffer("  <cas:authenticationFailure code='").append(str).append("'>").toString());
        printWriter.println(new StringBuffer("    ").append(str2).toString());
        printWriter.println("  </cas:authenticationFailure>");
        printWriter.println("</cas:serviceResponse>");
    }

    protected void validationSuccess(PrintWriter printWriter, ServiceTicket serviceTicket, String str) {
        printWriter.println("<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>");
        printWriter.println("  <cas:authenticationSuccess>");
        printWriter.println(new StringBuffer("    <cas:user>").append(serviceTicket.getUsername()).append("</cas:user>").toString());
        if (str != null && !str.equals("")) {
            printWriter.println(new StringBuffer("    <cas:proxyGrantingTicket>").append(str).append("</cas:proxyGrantingTicket>").toString());
        }
        printWriter.println("  </cas:authenticationSuccess>");
        printWriter.println("</cas:serviceResponse>");
    }

    private String sendPgt(ServiceTicket serviceTicket, String str) throws TicketException {
        String addTicket = this.pgtCache.addTicket(new ProxyGrantingTicket(serviceTicket, str));
        byte[] bArr = new byte[50];
        new SecureRandom().nextBytes(bArr);
        StringBuffer stringBuffer = new StringBuffer("PGTIOU-");
        int i = serial;
        serial = i + 1;
        String stringBuffer2 = stringBuffer.append(i).append("-").append(Util.toPrintable(bArr)).toString();
        if (callbackWithPgt(str, addTicket, stringBuffer2)) {
            return stringBuffer2;
        }
        return null;
    }

    private boolean callbackWithPgt(String str, String str2, String str3) {
        try {
            SecureURL.retrieve(str.indexOf(63) == -1 ? new StringBuffer().append(str).append("?pgtIou=").append(str3).append("&pgtId=").append(str2).toString() : new StringBuffer().append(str).append("&pgtIou=").append(str3).append("&pgtId=").append(str2).toString());
            return true;
        } catch (IOException e) {
            this.app.log(new StringBuffer("PGT callback failed: ").append(e.toString()).toString());
            return false;
        }
    }

    public static boolean validateDn(String str, String str2) {
        int indexOf = str.indexOf("CN=") + "CN=".length();
        if (indexOf == -1) {
            return false;
        }
        int indexOf2 = str.substring(indexOf).indexOf(44) + indexOf;
        return (indexOf2 <= indexOf ? str.substring(indexOf) : str.substring(indexOf, indexOf2)).equals(str2);
    }
}
