package com.kuaike.cas.filter.logout;

import com.kuaike.cas.session.AuthSessionManager;
import com.kuaike.cas.session.HttpSessionStorage;
import com.kuaike.cas.util.EnvProperties;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.zip.Inflater;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.DatatypeConverter;
import org.jasig.cas.client.Protocol;
import org.jasig.cas.client.configuration.ConfigurationKeys;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.XmlUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.connection.DefaultMessage;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/kuaike/cas/filter/logout/SingleSignOutHandler.class */
class SingleSignOutHandler {
    private static final Logger log = LoggerFactory.getLogger(SingleSignOutHandler.class);
    private static final int DECOMPRESSION_FACTOR = 10;

    @Autowired
    private HttpSessionStorage httpSessionStorage;

    @Autowired
    private AuthSessionManager authSessionManager;

    @Autowired
    private MessageBroadcastManager messageBroadcastManager;
    private String artifactParameterName = Protocol.CAS2.getArtifactParameterName();
    private String logoutParameterName = (String) ConfigurationKeys.LOGOUT_PARAMETER_NAME.getDefaultValue();
    private String relayStateParameterName = (String) ConfigurationKeys.RELAY_STATE_PARAMETER_NAME.getDefaultValue();
    private String casServerUrlPrefix = "";
    private boolean artifactParameterOverPost = false;
    private boolean eagerlyCreateSessions = true;
    private List<String> safeParameters;

    SingleSignOutHandler() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setArtifactParameterOverPost(boolean z) {
        this.artifactParameterOverPost = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setArtifactParameterName(String str) {
        this.artifactParameterName = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setLogoutParameterName(String str) {
        this.logoutParameterName = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCasServerUrlPrefix(String str) {
        this.casServerUrlPrefix = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRelayStateParameterName(String str) {
        this.relayStateParameterName = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setEagerlyCreateSessions(boolean z) {
        this.eagerlyCreateSessions = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void init() {
        if (this.safeParameters == null) {
            CommonUtils.assertNotNull(this.artifactParameterName, "artifactParameterName cannot be null.");
            CommonUtils.assertNotNull(this.logoutParameterName, "logoutParameterName cannot be null.");
            CommonUtils.assertNotNull(this.httpSessionStorage, "httpSessionStorage cannot be null.");
            CommonUtils.assertNotNull(this.relayStateParameterName, "relayStateParameterName cannot be null.");
            CommonUtils.assertNotNull(this.casServerUrlPrefix, "casServerUrlPrefix cannot be null.");
            if (CommonUtils.isBlank(this.casServerUrlPrefix)) {
                log.warn("Front Channel single sign out redirects are disabled when the 'casServerUrlPrefix' value is not set.");
            }
            if (this.artifactParameterOverPost) {
                this.safeParameters = Arrays.asList(this.logoutParameterName, this.artifactParameterName);
            } else {
                this.safeParameters = Collections.singletonList(this.logoutParameterName);
            }
        }
    }

    private boolean isTokenRequest(HttpServletRequest httpServletRequest) {
        return CommonUtils.isNotBlank(CommonUtils.safeGetParameter(httpServletRequest, this.artifactParameterName, this.safeParameters));
    }

    private boolean isLogoutRequest(HttpServletRequest httpServletRequest) {
        if ("POST".equalsIgnoreCase(httpServletRequest.getMethod())) {
            return !isMultipartRequest(httpServletRequest) && CommonUtils.isNotBlank(CommonUtils.safeGetParameter(httpServletRequest, this.logoutParameterName, this.safeParameters));
        }
        if ("GET".equalsIgnoreCase(httpServletRequest.getMethod())) {
            return CommonUtils.isNotBlank(CommonUtils.safeGetParameter(httpServletRequest, this.logoutParameterName, this.safeParameters));
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!isLogoutRequest(httpServletRequest)) {
            log.trace("Ignoring URI for logout: {}", httpServletRequest.getRequestURI());
            return true;
        }
        log.info("收到来自cas服务器推送的登出请求，请求方法：{}，请求路径：{}", httpServletRequest.getMethod(), httpServletRequest.getRequestURI());
        destroySession(httpServletRequest);
        return false;
    }

    private String uncompressLogoutMessage(String str) {
        byte[] parseBase64Binary = DatatypeConverter.parseBase64Binary(str);
        Inflater inflater = null;
        try {
            try {
                inflater = new Inflater();
                inflater.setInput(parseBase64Binary);
                byte[] bArr = new byte[parseBase64Binary.length * DECOMPRESSION_FACTOR];
                String str2 = new String(bArr, 0, inflater.inflate(bArr), "UTF-8");
                if (inflater != null) {
                    inflater.end();
                }
                return str2;
            } catch (Exception e) {
                log.error("Unable to decompress logout message", e);
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            if (inflater != null) {
                inflater.end();
            }
            throw th;
        }
    }

    private String parseToken(HttpServletRequest httpServletRequest) {
        String safeGetParameter = CommonUtils.safeGetParameter(httpServletRequest, this.logoutParameterName, this.safeParameters);
        if (CommonUtils.isBlank(safeGetParameter)) {
            log.error("Could not locate logout message of the request from {}", this.logoutParameterName);
            return null;
        }
        if (!safeGetParameter.contains("SessionIndex")) {
            safeGetParameter = uncompressLogoutMessage(safeGetParameter);
        }
        log.debug("cas服务器回调登出消息为：\n{}", safeGetParameter);
        String textForElement = XmlUtils.getTextForElement(safeGetParameter, "SessionIndex");
        log.info("cas服务器回调返回的ST为：\n{}", textForElement);
        return textForElement;
    }

    private void destroySession(HttpServletRequest httpServletRequest) {
        String parseToken = parseToken(httpServletRequest);
        if (CommonUtils.isNotBlank(parseToken)) {
            destroySessionByTicket(parseToken);
            String str = EnvProperties.get("cas.logout.topic");
            this.messageBroadcastManager.broadcast(new DefaultMessage(str.getBytes(), parseToken.getBytes()));
            log.info("向其他服务器广播用户退出消息，topic：{}，ticket：{}", str, parseToken);
        }
    }

    private void destroySessionByTicket(String str) {
        this.httpSessionStorage.removeSessionByTicket(str);
        this.authSessionManager.destroySessionByTicket(str);
    }

    private boolean isMultipartRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getContentType() != null && httpServletRequest.getContentType().toLowerCase().startsWith("multipart");
    }
}
