package eu.cec.digit.ecas.client.resolver.service;

import eu.cec.digit.ecas.client.EcasUtil;
import eu.cec.digit.ecas.client.authentication.EcasServletAuthentication;
import eu.cec.digit.ecas.client.configuration.ConfigurationDependent;
import eu.cec.digit.ecas.client.configuration.EcasConfigurationIntf;
import eu.cec.digit.ecas.client.constants.RequestConstant;
import eu.cec.digit.ecas.client.logging.Logger;
import eu.cec.digit.ecas.client.resolver.logging.ClientFactory;
import eu.cec.digit.ecas.client.resolver.session.HttpSessionHandlerStrategy;
import eu.cec.digit.ecas.client.resolver.session.SessionCreationRuntimeException;
import eu.cec.digit.ecas.client.session.CookieHelper;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.Serializable;
import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.Locale;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.spi.LocationInfo;
import sun.misc.BASE64Decoder;

/* loaded from: input_file:eu/cec/digit/ecas/client/resolver/service/ReverseProxyAwareServiceResolver.class */
public final class ReverseProxyAwareServiceResolver extends AbstractStatefulServiceResolver implements ServiceResolver, InteractiveServiceResolver, ConfigurationDependent, Serializable {
    private static final long serialVersionUID = 7684516617776900949L;
    public static final String DEFAULT_ENCODING = "UTF-8";
    public static final String HTTP_CRLF = "\r\n";
    private static final String FALLBACK_COOKIE_NAME = "ecdecw";
    private static final String APHRW_PREFIX = "{aphrw}";
    private static final String SERVICE_URL_PLACE_HOLDER = "${SERVICE_URL}";
    private static final String CLONED_PARAMS_PLACE_HOLDER = "${CLONED_PARAMS}";
    private static final String JS_URL_PLACE_HOLDER = "${JS_URL}";
    private static final String TX_ID_PLACE_HOLDER = "${TX_ID}";
    private static final String WYSIWYG_JS = "eu.cec.digit.ecas.client.wysiwygJs";
    private static final Logger LOG;
    static Class class$eu$cec$digit$ecas$client$resolver$service$ReverseProxyAwareServiceResolver;
    static Class class$java$lang$String;
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
    private static final String WYSIWYG_FORM_HTML = "ReverseProxyAwareServiceResolver.html";
    private static final String WYSIWYG_SERVICE_FORM_HTML_TEMPLATE = getWysiwygServiceFormFile(WYSIWYG_FORM_HTML);
    private static final String WYSIWYG_FORM_JS = "ReverseProxyAwareServiceResolver.min.js";
    private static final String WYSIWYG_SERVICE_FORM_JS = getWysiwygServiceFormFile(WYSIWYG_FORM_JS);

    @Override // eu.cec.digit.ecas.client.resolver.service.AbstractServiceResolver, eu.cec.digit.ecas.client.resolver.service.ServiceResolver
    public String getService(HttpServletRequest httpServletRequest, EcasConfigurationIntf ecasConfigurationIntf, EcasServletAuthentication ecasServletAuthentication) {
        String str = (String) httpServletRequest.getAttribute(RequestConstant.WYSIWYG_URL.toString());
        if (null == str) {
            String str2 = null;
            try {
                str = (String) HttpSessionHandlerStrategy.getInstance().getOrCreateSession(httpServletRequest).getAttribute(RequestConstant.WYSIWYG_URL.toString());
                str2 = "session";
            } catch (SessionCreationRuntimeException e) {
                String cookieValue = CookieHelper.getCookieValue(httpServletRequest, getCookieName(httpServletRequest));
                if (null != cookieValue && !CookieHelper.isDisabled(cookieValue)) {
                    try {
                        str = new String(new BASE64Decoder().decodeBuffer(cookieValue), "UTF-8");
                        str2 = "cookie";
                    } catch (IOException e2) {
                    }
                }
            }
            if (null == str) {
                if (null != ecasServletAuthentication) {
                    try {
                        str = ecasServletAuthentication.getAbsoluteTargetURLForFormAuthentication(httpServletRequest);
                    } catch (ServletException e3) {
                    }
                }
                if (null == str) {
                    str = super.getService(httpServletRequest, ecasConfigurationIntf, ecasServletAuthentication);
                }
            } else if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("retrieved in ").append(str2).append(": end-user service \"").append(str).append("\"").toString());
            }
        }
        return str;
    }

    @Override // eu.cec.digit.ecas.client.resolver.service.InteractiveServiceResolver
    public String getServiceForLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        HttpSession orCreateSession;
        String parameter = httpServletRequest.getParameter(RequestConstant.WYSIWYG_URL.toString());
        if (null != parameter) {
            String invertAntiProxyHtmlRewrite = invertAntiProxyHtmlRewrite(parameter);
            validateService(invertAntiProxyHtmlRewrite);
            int indexOf = invertAntiProxyHtmlRewrite.indexOf(63);
            if (indexOf != -1) {
                String removeUnwantedQueryStringParameters = EcasUtil.removeUnwantedQueryStringParameters(invertAntiProxyHtmlRewrite.substring(indexOf + 1));
                invertAntiProxyHtmlRewrite = invertAntiProxyHtmlRewrite.substring(0, indexOf);
                if (null != removeUnwantedQueryStringParameters && removeUnwantedQueryStringParameters.trim().length() > 0) {
                    invertAntiProxyHtmlRewrite = new StringBuffer().append(invertAntiProxyHtmlRewrite).append('?').append(removeUnwantedQueryStringParameters).toString();
                }
            }
            try {
                orCreateSession = HttpSessionHandlerStrategy.getInstance().getOrCreateSession(httpServletRequest);
            } catch (SessionCreationRuntimeException e) {
            }
            if (!orCreateSession.isNew() && !isTransactionIdValid(orCreateSession, httpServletRequest)) {
                httpServletResponse.sendError(403);
                httpServletResponse.flushBuffer();
                return null;
            }
            orCreateSession.setAttribute(RequestConstant.WYSIWYG_URL.toString(), invertAntiProxyHtmlRewrite);
            if (null != getEcasServletAuthentication()) {
                getEcasServletAuthentication().setAbsoluteTargetURLForFormAuthentication(httpServletRequest, invertAntiProxyHtmlRewrite);
            }
            httpServletRequest.setAttribute(RequestConstant.WYSIWYG_URL.toString(), invertAntiProxyHtmlRewrite);
            CookieHelper.addCookie(httpServletRequest, httpServletResponse, getCookieName(httpServletRequest), EcasUtil.encodeInBase64(invertAntiProxyHtmlRewrite.getBytes("UTF-8")));
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("received via javascript: end-user service \"").append(invertAntiProxyHtmlRewrite).append("\"").toString());
            }
            return invertAntiProxyHtmlRewrite;
        }
        httpServletResponse.setStatus(200, "ECAS Authentication Required");
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setHeader("Cache-Control", "no-cache,no-store,must-revalidate");
        httpServletResponse.setDateHeader("Expires", -1L);
        httpServletResponse.setHeader("X-Webkit-CSP", "default-src 'none'; connect-src 'self'; script-src 'self'; form-action 'self'");
        httpServletResponse.setHeader("X-Content-Security-Policy", "default-src 'none'; connect-src 'self'; script-src 'self'; form-action 'self'");
        httpServletResponse.setHeader("Content-Security-Policy", "default-src 'none'; connect-src 'self'; script-src 'self'; form-action 'self'");
        httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");
        httpServletResponse.setHeader("X-Content-Type-Options", "nosniff");
        if (null == httpServletRequest.getParameter(WYSIWYG_JS)) {
            httpServletResponse.setContentType(new StringBuffer().append("text/html; charset=").append("UTF-8".toLowerCase(Locale.ENGLISH)).toString());
            String service = super.getService(httpServletRequest, getConfiguration(), getEcasServletAuthentication());
            PrintWriter writer = httpServletResponse.getWriter();
            String contentType = httpServletRequest.getContentType();
            Map parameterMap = (null == contentType || !contentType.trim().toLowerCase(Locale.ENGLISH).startsWith("application/x-www-form-urlencoded")) ? Collections.EMPTY_MAP : httpServletRequest.getParameterMap();
            boolean z = null != httpServletRequest.getParameter(RequestConstant.TICKET.toString());
            String filterHtml = EcasUtil.filterHtml(service);
            String randomString = getRandomString(64);
            try {
                HttpSessionHandlerStrategy.getInstance().getOrCreateSession(httpServletRequest).setAttribute(RequestConstant.TRANSACTION_ID.toString(), randomString);
            } catch (SessionCreationRuntimeException e2) {
            }
            String queryString = httpServletRequest.getQueryString();
            writer.write(getWysiwygServiceFormHtml(filterHtml, parameterMap, z, new StringBuffer().append((null == queryString || queryString.trim().length() == 0) ? LocationInfo.NA : new StringBuffer().append(LocationInfo.NA).append(queryString).append("&").toString()).append("eu.cec.digit.ecas.client.wysiwygJs=js").toString(), randomString));
        } else {
            httpServletResponse.setContentType(new StringBuffer().append("application/javascript; charset=").append("UTF-8".toLowerCase(Locale.ENGLISH)).toString());
            httpServletResponse.getWriter().write(WYSIWYG_SERVICE_FORM_JS);
        }
        httpServletResponse.flushBuffer();
        return null;
    }

    private boolean isTransactionIdValid(HttpSession httpSession, HttpServletRequest httpServletRequest) {
        String str = (String) httpSession.getAttribute(RequestConstant.TRANSACTION_ID.toString());
        if (null == str) {
            return false;
        }
        httpSession.removeAttribute(RequestConstant.TRANSACTION_ID.toString());
        return str.equals(httpServletRequest.getParameter(RequestConstant.TRANSACTION_ID.toString()));
    }

    private String getRandomString(int i) {
        byte[] bArr = new byte[i];
        SECURE_RANDOM.nextBytes(bArr);
        return EcasUtil.encodeInBase64(bArr);
    }

    private void validateService(String str) throws ServletException {
        Class<?> cls;
        if ((str.startsWith("http://") || str.startsWith("https://")) && str.indexOf(13) == -1 && str.indexOf(10) == -1 && str.indexOf(60) == -1 && str.indexOf(62) == -1 && str.indexOf(34) == -1 && str.indexOf(39) == -1) {
            try {
                new URL(str);
                Class<?> cls2 = Class.forName("java.net.URI");
                Class<?>[] clsArr = new Class[1];
                if (class$java$lang$String == null) {
                    cls = class$("java.lang.String");
                    class$java$lang$String = cls;
                } else {
                    cls = class$java$lang$String;
                }
                clsArr[0] = cls;
                cls2.getConstructor(clsArr).newInstance(str);
                return;
            } catch (ClassNotFoundException e) {
                return;
            } catch (IllegalAccessException e2) {
                throw new IllegalStateException("The URI(String str) constructor is not public in java.net.URI");
            } catch (InstantiationException e3) {
                throw new IllegalStateException("The java.net.URI class is abstract");
            } catch (NoSuchMethodException e4) {
                throw new IllegalStateException("The public URI(String str) constructor does not exist in java.net.URI");
            } catch (InvocationTargetException e5) {
            } catch (MalformedURLException e6) {
            }
        }
        if (LOG.isErrorEnabled()) {
            LOG.error(new StringBuffer().append("received via javascript INVALID end-user service: (filtered) = \"").append(EcasUtil.filterHtml(str)).append("\"").toString());
        }
        throw new ServletException("Invalid service");
    }

    @Override // eu.cec.digit.ecas.client.resolver.service.InteractiveServiceResolver
    public String getServiceForValidation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        return getService(httpServletRequest);
    }

    @Override // eu.cec.digit.ecas.client.resolver.service.InteractiveServiceResolver
    public void clearState(HttpServletRequest httpServletRequest) {
        throw new UnsupportedOperationException("clearState(HttpServletRequest) is not supported, use clearState(HttpServletRequest,HttpServletResponse) instead");
    }

    @Override // eu.cec.digit.ecas.client.resolver.service.InteractiveServiceResolver
    public void clearState(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession existingSession = HttpSessionHandlerStrategy.getInstance().getExistingSession(httpServletRequest);
        if (null != existingSession) {
            existingSession.removeAttribute(RequestConstant.WYSIWYG_URL.toString());
        }
        CookieHelper.removeCookie(httpServletRequest, httpServletResponse, getCookieName(httpServletRequest));
    }

    private String getCookieName(HttpServletRequest httpServletRequest) {
        return new StringBuffer().append("ecdecw_").append(httpServletRequest.getContextPath().replace('/', '_')).toString();
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:9:0x008f
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private static java.lang.String getWysiwygServiceFormFile(java.lang.String r6) {
        /*
            r0 = 0
            r7 = r0
            java.lang.Class r0 = eu.cec.digit.ecas.client.resolver.service.ReverseProxyAwareServiceResolver.class$eu$cec$digit$ecas$client$resolver$service$ReverseProxyAwareServiceResolver     // Catch: java.io.IOException -> L55 java.lang.Throwable -> L79
            if (r0 != 0) goto L14
            java.lang.String r0 = "eu.cec.digit.ecas.client.resolver.service.ReverseProxyAwareServiceResolver"
            java.lang.Class r0 = class$(r0)     // Catch: java.io.IOException -> L55 java.lang.Throwable -> L79
            r1 = r0
            eu.cec.digit.ecas.client.resolver.service.ReverseProxyAwareServiceResolver.class$eu$cec$digit$ecas$client$resolver$service$ReverseProxyAwareServiceResolver = r1     // Catch: java.io.IOException -> L55 java.lang.Throwable -> L79
            goto L17
        L14:
            java.lang.Class r0 = eu.cec.digit.ecas.client.resolver.service.ReverseProxyAwareServiceResolver.class$eu$cec$digit$ecas$client$resolver$service$ReverseProxyAwareServiceResolver     // Catch: java.io.IOException -> L55 java.lang.Throwable -> L79
        L17:
            r8 = r0
            r0 = r8
            java.lang.StringBuffer r1 = new java.lang.StringBuffer     // Catch: java.io.IOException -> L55 java.lang.Throwable -> L79
            r2 = r1
            r2.<init>()     // Catch: java.io.IOException -> L55 java.lang.Throwable -> L79
            r2 = 47
            java.lang.StringBuffer r1 = r1.append(r2)     // Catch: java.io.IOException -> L55 java.lang.Throwable -> L79
            r2 = r8
            java.lang.Package r2 = r2.getPackage()     // Catch: java.io.IOException -> L55 java.lang.Throwable -> L79
            java.lang.String r2 = r2.getName()     // Catch: java.io.IOException -> L55 java.lang.Throwable -> L79
            r3 = 46
            r4 = 47
            java.lang.String r2 = r2.replace(r3, r4)     // Catch: java.io.IOException -> L55 java.lang.Throwable -> L79
            java.lang.StringBuffer r1 = r1.append(r2)     // Catch: java.io.IOException -> L55 java.lang.Throwable -> L79
            r2 = 47
            java.lang.StringBuffer r1 = r1.append(r2)     // Catch: java.io.IOException -> L55 java.lang.Throwable -> L79
            r2 = r6
            java.lang.StringBuffer r1 = r1.append(r2)     // Catch: java.io.IOException -> L55 java.lang.Throwable -> L79
            java.lang.String r1 = r1.toString()     // Catch: java.io.IOException -> L55 java.lang.Throwable -> L79
            java.io.InputStream r0 = r0.getResourceAsStream(r1)     // Catch: java.io.IOException -> L55 java.lang.Throwable -> L79
            r7 = r0
            r0 = r7
            java.lang.String r1 = "UTF-8"
            r2 = 4096(0x1000, float:5.74E-42)
            java.lang.String r0 = eu.cec.digit.ecas.util.commons.io.InputStreamUtil.readFullyAsString(r0, r1, r2)     // Catch: java.io.IOException -> L55 java.lang.Throwable -> L79
            r9 = r0
            r0 = jsr -> L81
        L53:
            r1 = r9
            return r1
        L55:
            r8 = move-exception
            java.lang.IllegalStateException r0 = new java.lang.IllegalStateException     // Catch: java.lang.Throwable -> L79
            r1 = r0
            java.lang.StringBuffer r2 = new java.lang.StringBuffer     // Catch: java.lang.Throwable -> L79
            r3 = r2
            r3.<init>()     // Catch: java.lang.Throwable -> L79
            java.lang.String r3 = "Unable to load "
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> L79
            r3 = r6
            java.lang.StringBuffer r2 = r2.append(r3)     // Catch: java.lang.Throwable -> L79
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Throwable -> L79
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L79
            r9 = r0
            r0 = r9
            r1 = r8
            java.lang.Throwable r0 = eu.cec.digit.ecas.client.resolver.ExceptionVersion.initCause(r0, r1)     // Catch: java.lang.Throwable -> L79
            r0 = r9
            throw r0     // Catch: java.lang.Throwable -> L79
        L79:
            r10 = move-exception
            r0 = jsr -> L81
        L7e:
            r1 = r10
            throw r1
        L81:
            r11 = r0
            r0 = 0
            r1 = r7
            if (r0 == r1) goto L91
            r0 = r7
            r0.close()     // Catch: java.io.IOException -> L8f
            goto L91
        L8f:
            r12 = move-exception
        L91:
            ret r11
        */
        throw new UnsupportedOperationException("Method not decompiled: eu.cec.digit.ecas.client.resolver.service.ReverseProxyAwareServiceResolver.getWysiwygServiceFormFile(java.lang.String):java.lang.String");
    }

    String getWysiwygServiceFormHtml(String str, Map map, boolean z, String str2, String str3) {
        String replace = EcasUtil.replace(EcasUtil.replace(EcasUtil.replace(WYSIWYG_SERVICE_FORM_HTML_TEMPLATE, SERVICE_URL_PLACE_HOLDER, str, -1), JS_URL_PLACE_HOLDER, str2, -1), TX_ID_PLACE_HOLDER, str3, -1);
        if (map.isEmpty()) {
            return EcasUtil.replace(replace, CLONED_PARAMS_PLACE_HOLDER, "", -1);
        }
        StringBuffer stringBuffer = new StringBuffer(128);
        for (Map.Entry entry : map.entrySet()) {
            String str4 = (String) entry.getKey();
            for (String str5 : (String[]) entry.getValue()) {
                stringBuffer.append("<input type=\"hidden\" name=\"");
                stringBuffer.append(EcasUtil.filterHtml(str4));
                stringBuffer.append("\" value=\"");
                stringBuffer.append(EcasUtil.filterHtml(str5));
                stringBuffer.append("\" />").append("\r\n");
            }
        }
        if (z) {
            stringBuffer.append("<input type=\"hidden\" name=\"").append(RequestConstant.TICKET.toString()).append("\" value=\"\" />\r\n");
        }
        return EcasUtil.replace(replace, CLONED_PARAMS_PLACE_HOLDER, stringBuffer.toString(), -1);
    }

    public static String invertAntiProxyHtmlRewrite(String str) {
        if (!str.startsWith(APHRW_PREFIX)) {
            return str;
        }
        int length = APHRW_PREFIX.length();
        int length2 = str.length();
        if (length2 <= length) {
            return "";
        }
        char[] cArr = new char[length2];
        int i = 0;
        for (int i2 = length; i2 < length2; i2++) {
            char charAt = str.charAt(i2);
            if (!Character.isWhitespace(charAt)) {
                int i3 = i;
                i++;
                cArr[i3] = charAt;
            }
        }
        return String.valueOf(cArr, 0, i);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        ClientFactory clientFactory = ClientFactory.getInstance();
        if (class$eu$cec$digit$ecas$client$resolver$service$ReverseProxyAwareServiceResolver == null) {
            cls = class$("eu.cec.digit.ecas.client.resolver.service.ReverseProxyAwareServiceResolver");
            class$eu$cec$digit$ecas$client$resolver$service$ReverseProxyAwareServiceResolver = cls;
        } else {
            cls = class$eu$cec$digit$ecas$client$resolver$service$ReverseProxyAwareServiceResolver;
        }
        LOG = clientFactory.getLogger(cls);
    }
}
