package com.huawei.ranger.security.filter;

import com.huawei.ranger.security.AuditLog;
import com.huawei.ranger.security.session.AuditSession;
import com.huawei.ranger.security.session.SessionManager;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.jasig.cas.client.session.SessionMappingStorage;
import org.jasig.cas.client.util.AbstractConfigurationFilter;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.XmlUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/ranger/security/filter/SingleSignOutFilter.class */
public class SingleSignOutFilter extends AbstractConfigurationFilter {
    private static final Logger LOG = LoggerFactory.getLogger(SingleSignOutFilter.class);
    private org.jasig.cas.client.session.SingleSignOutFilter filter = new org.jasig.cas.client.session.SingleSignOutFilter();
    private String logoutParameterName = "logoutRequest";
    private String artifactParameterName = "ticket";

    public void init(FilterConfig filterConfig) throws ServletException {
        this.filter.init(filterConfig);
    }

    public void setArtifactParameterName(String str) {
        this.filter.setArtifactParameterName(str);
    }

    public void setLogoutParameterName(String str) {
        this.filter.setLogoutParameterName(str);
    }

    public void setRelayStateParameterName(String str) {
        this.filter.setRelayStateParameterName(str);
    }

    public void setSessionMappingStorage(SessionMappingStorage sessionMappingStorage) {
        this.filter.setSessionMappingStorage(sessionMappingStorage);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        this.filter.doFilter(servletRequest, servletResponse, filterChain);
        if (isTokenRequest(httpServletRequest)) {
            String safeGetParameter = safeGetParameter(httpServletRequest, this.artifactParameterName);
            if (httpServletRequest.getSession(false) == null) {
                LOG.error("No session exists.");
                return;
            } else {
                SessionManager.getInstance().addTokenToSessionMapping(safeGetParameter, new AuditSession(httpServletRequest.getSession(false).getId()));
                return;
            }
        }
        if (isBackChannelLogoutRequest(httpServletRequest)) {
            AuditSession auditSession = (AuditSession) SessionManager.getInstance().deleteSessionMappingByToken(XmlUtils.getTextForElement(safeGetParameter(httpServletRequest, this.logoutParameterName), "SessionIndex"));
            if (auditSession == null) {
                LOG.error("No session exists.");
                return;
            }
            AuditSession sessionById = SessionManager.getInstance().getSessionById(auditSession.getId());
            if (sessionById == null) {
                LOG.warn("No session found in map for audit log.");
                return;
            }
            String str = (String) sessionById.getAttribute(SessionManager.FI_REMOTE_USER);
            String str2 = (String) sessionById.getAttribute(SessionManager.FI_REMOTE_ADDR);
            LOG.info("Single sign logout, user={}, sessionId={}.", str, sessionById.getId());
            AuditLog.logInfo(str, str2, "Exit and delete the session", "Ranger", "Success");
            AuditLog.logInfo(str, str2, "Logout by SSO", "Ranger", "Success");
            SessionManager.getInstance().deleteSession(sessionById);
        }
    }

    private boolean isTokenRequest(HttpServletRequest httpServletRequest) {
        return CommonUtils.isNotBlank(safeGetParameter(httpServletRequest, this.artifactParameterName));
    }

    private boolean isBackChannelLogoutRequest(HttpServletRequest httpServletRequest) {
        return "POST".equals(httpServletRequest.getMethod()) && !isMultipartRequest(httpServletRequest) && CommonUtils.isNotBlank(safeGetParameter(httpServletRequest, this.logoutParameterName));
    }

    private static String safeGetParameter(HttpServletRequest httpServletRequest, String str) {
        if ("POST".equals(httpServletRequest.getMethod()) && "logoutRequest".equals(str)) {
            return httpServletRequest.getParameter(str);
        }
        if (httpServletRequest.getQueryString() == null || !httpServletRequest.getQueryString().contains(str)) {
            return null;
        }
        return httpServletRequest.getParameter(str);
    }

    private boolean isMultipartRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getContentType() != null && httpServletRequest.getContentType().toLowerCase().startsWith("multipart");
    }

    public void destroy() {
        this.filter.destroy();
    }
}
