package com.ibm.ws.security.web;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.config.SingleSignonConfig;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import java.util.ArrayList;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/ibm/ws/security/web/ReferrerURLCookieHandler.class */
public class ReferrerURLCookieHandler extends URLHandler {
    private static final TraceComponent tc = Tr.register((Class<?>) ReferrerURLCookieHandler.class, (String) null, AdminConstants.MSG_BUNDLE_NAME);
    public static final String REFERRER_URL_COOKIENAME = "WASReqURL";

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getReferrerURLFromCookies(HttpServletRequest httpServletRequest) {
        String cookieValue = CookieHelper.getCookieValue(httpServletRequest.getCookies(), "WASReqURL");
        if (cookieValue != null) {
            cookieValue = restoreHostNameToURL(decodeURL(cookieValue), httpServletRequest.getRequestURL().toString());
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "WASReqURL value: " + cookieValue);
        }
        return cookieValue;
    }

    private void setReferrerURLCookie(HttpServletRequest httpServletRequest, AuthenticationResult authenticationResult, String str) {
        Cookie cookie = new Cookie("WASReqURL", str);
        cookie.setPath(getPathName(httpServletRequest));
        cookie.setMaxAge(-1);
        cookie.setSecure(isSecure());
        authenticationResult.setCookie(cookie);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "set WASReqURL cookie into AuthenticationResult.");
        }
    }

    private void invalidateReferrerURLCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie("WASReqURL", "");
        cookie.setPath(getPathName(httpServletRequest));
        cookie.setMaxAge(0);
        cookie.setSecure(isSecure());
        ArrayList arrayList = new ArrayList();
        arrayList.add(cookie);
        WebAttributes.addCookiesToResponse(arrayList, httpServletResponse);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "invalidated WASReqURL cookie.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setReferrerURLCookie(HttpServletRequest httpServletRequest, AuthenticationResult authenticationResult, String str, SecurityConfig securityConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setReferrerURLCookie", new Object[]{authenticationResult, str});
        }
        if (!str.contains("/favicon.ico") || CookieHelper.getCookieValue(httpServletRequest.getCookies(), "WASReqURL") == null) {
            if (!securityConfig.getPropertyBool(SecurityConfig.PRESERVE_FULLY_QUALIFIED_REFERRER_URL)) {
                str = removeHostNameFromURL(str);
            }
            String encodeURL = encodeURL(str);
            setReferrerURLCookie(httpServletRequest, authenticationResult, encodeURL);
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "setReferrerURLCookie", "Referrer URL cookie set " + encodeURL);
            }
        } else if (tc.isEntryEnabled()) {
            Tr.debug(tc, "Will not update the WASReqURL cookie");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setReferrerURLCookie");
        }
    }

    public void clearReferrerURLCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clearWASReqURLCookie");
        }
        String cookieValue = CookieHelper.getCookieValue(httpServletRequest.getCookies(), "WASReqURL");
        if (cookieValue != null && cookieValue.length() > 0) {
            invalidateReferrerURLCookie(httpServletRequest, httpServletResponse);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "cleared REFERER_URL cookie. Original value was " + cookieValue);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "clearWASReqURLCookie");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationResult shouldRedirectToReferrerURL(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return shouldRedirectToReferrerURL(httpServletRequest, httpServletResponse, SecurityObjectLocator.getSecurityConfig());
    }

    AuthenticationResult shouldRedirectToReferrerURL(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityConfig securityConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "shouldRedirectToReferrerURL");
        }
        AuthenticationResult authenticationResult = null;
        if (!securityConfig.getPropertyBool(SecurityConfig.ALWAYS_REDIRECT_TO_REFERRER_URL)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "skip redirecting to the original URL, since com.ibm.websphere.security.alwaysRestoreOriginalURL is set to false.");
            }
            return null;
        }
        String referrerURLFromCookies = getReferrerURLFromCookies(httpServletRequest);
        if (referrerURLFromCookies != null && referrerURLFromCookies.trim().length() > 0) {
            StringBuffer requestURL = httpServletRequest.getRequestURL();
            if (httpServletRequest.getQueryString() != null) {
                requestURL.append("?");
                requestURL.append(httpServletRequest.getQueryString());
            }
            String stringBuffer = requestURL.toString();
            String servletURI = getServletURI(httpServletRequest);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "\nCurrentURL: " + stringBuffer + "\nCurrentURI: " + servletURI + "\nWasReqURL: " + referrerURLFromCookies);
            }
            if (stringBuffer != null && servletURI != null && referrerURLFromCookies.toLowerCase().indexOf(servletURI.toLowerCase()) > 0 && !referrerURLFromCookies.equalsIgnoreCase(stringBuffer)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Redirect the request to the original URL: " + referrerURLFromCookies);
                }
                authenticationResult = new AuthenticationResult(4, referrerURLFromCookies);
                invalidateReferrerURLCookie(httpServletRequest, httpServletResponse);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "shouldRedirectToReferrerURL result: " + authenticationResult);
        }
        return authenticationResult;
    }

    String getPathName(HttpServletRequest httpServletRequest) {
        return getPathName(httpServletRequest, SecurityObjectLocator.getSecurityConfig());
    }

    String getPathName(HttpServletRequest httpServletRequest, SecurityConfig securityConfig) {
        Boolean valueOf;
        String str = "/";
        if (httpServletRequest != null && securityConfig != null && (valueOf = Boolean.valueOf(securityConfig.getPropertyBool(SecurityConfig.SET_CONTEXTROOT_TO_WASREQURL))) != null && valueOf.booleanValue()) {
            str = httpServletRequest.getContextPath();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getPathName value: " + str);
        }
        return str;
    }

    protected boolean isSecure() {
        return isSecure(SecurityObjectLocator.getSecurityConfig().getActiveAuthMechanism().getSingleSignon());
    }

    protected boolean isSecure(SingleSignonConfig singleSignonConfig) {
        boolean z = false;
        if (singleSignonConfig != null) {
            z = singleSignonConfig.getBoolean(SingleSignonConfig.REQUIRES_SSL);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isSecure SingleSignonConfig object : " + singleSignonConfig + " return : " + z);
        }
        return z;
    }
}
