package org.apache.shiro.spring.boot.utils;

import java.io.FileInputStream;
import java.io.IOException;
import java.util.Properties;
import javax.net.ssl.HttpsURLConnection;
import org.apache.shiro.spring.boot.ShiroCasProperties;
import org.apache.shiro.spring.boot.cas.exception.CasAuthenticationException;
import org.jasig.cas.client.Protocol;
import org.jasig.cas.client.proxy.Cas20ProxyRetriever;
import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
import org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl;
import org.jasig.cas.client.ssl.HttpsURLConnectionFactory;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.ReflectUtils;
import org.jasig.cas.client.validation.Cas10TicketValidator;
import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.jasig.cas.client.validation.Cas30ProxyTicketValidator;
import org.jasig.cas.client.validation.Cas30ServiceTicketValidator;
import org.jasig.cas.client.validation.Saml11TicketValidator;
import org.jasig.cas.client.validation.TicketValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/shiro/spring/boot/utils/CasTicketValidatorUtils.class */
public class CasTicketValidatorUtils {
    protected static final Logger logger = LoggerFactory.getLogger(CasTicketValidatorUtils.class);
    protected static final ProxyGrantingTicketStorage proxyGrantingTicketStorage = new ProxyGrantingTicketStorageImpl();

    public static final TicketValidator createTicketValidator(ShiroCasProperties shiroCasProperties) {
        if (Protocol.CAS1 == shiroCasProperties.getProtocol()) {
            return buildCas10TicketValidator(shiroCasProperties);
        }
        if (Protocol.CAS2 == shiroCasProperties.getProtocol()) {
            return buildCas20TicketValidator(shiroCasProperties);
        }
        if (Protocol.CAS3 == shiroCasProperties.getProtocol()) {
            return buildCas30TicketValidator(shiroCasProperties);
        }
        if (Protocol.SAML11 == shiroCasProperties.getProtocol()) {
            return buildSAMLTicketValidator(shiroCasProperties);
        }
        throw new CasAuthenticationException("Unable to initialize the TicketValidator for protocol: " + shiroCasProperties.getProtocol().name());
    }

    protected static TicketValidator buildSAMLTicketValidator(ShiroCasProperties shiroCasProperties) {
        Saml11TicketValidator saml11TicketValidator = new Saml11TicketValidator(shiroCasProperties.getCasServerUrlPrefix());
        saml11TicketValidator.setTolerance(shiroCasProperties.getTolerance());
        saml11TicketValidator.setEncoding(shiroCasProperties.getEncoding());
        return saml11TicketValidator;
    }

    protected static TicketValidator buildCas30TicketValidator(ShiroCasProperties shiroCasProperties) {
        Cas20ServiceTicketValidator cas20ServiceTicketValidator;
        boolean isAcceptAnyProxy = shiroCasProperties.isAcceptAnyProxy();
        String allowedProxyChains = shiroCasProperties.getAllowedProxyChains();
        String casServerUrlPrefix = shiroCasProperties.getCasServerUrlPrefix();
        Class loadClass = StringUtils.hasText(shiroCasProperties.getTicketValidatorClass()) ? ReflectUtils.loadClass(shiroCasProperties.getTicketValidatorClass()) : null;
        if (isAcceptAnyProxy || CommonUtils.isNotBlank(allowedProxyChains)) {
            Cas20ServiceTicketValidator cas20ServiceTicketValidator2 = (Cas20ProxyTicketValidator) createNewTicketValidator(loadClass, casServerUrlPrefix, Cas30ProxyTicketValidator.class);
            cas20ServiceTicketValidator2.setAcceptAnyProxy(isAcceptAnyProxy);
            cas20ServiceTicketValidator2.setAllowedProxyChains(CommonUtils.createProxyList(allowedProxyChains));
            cas20ServiceTicketValidator = cas20ServiceTicketValidator2;
        } else {
            cas20ServiceTicketValidator = (Cas20ServiceTicketValidator) createNewTicketValidator(loadClass, casServerUrlPrefix, Cas30ServiceTicketValidator.class);
        }
        cas20ServiceTicketValidator.setProxyCallbackUrl(shiroCasProperties.getProxyCallbackUrl());
        cas20ServiceTicketValidator.setProxyGrantingTicketStorage(proxyGrantingTicketStorage);
        HttpsURLConnectionFactory httpsURLConnectionFactory = new HttpsURLConnectionFactory(HttpsURLConnection.getDefaultHostnameVerifier(), getSSLConfig(shiroCasProperties));
        cas20ServiceTicketValidator.setURLConnectionFactory(httpsURLConnectionFactory);
        cas20ServiceTicketValidator.setProxyRetriever(new Cas20ProxyRetriever(casServerUrlPrefix, shiroCasProperties.getEncoding(), httpsURLConnectionFactory));
        cas20ServiceTicketValidator.setRenew(shiroCasProperties.isRenew());
        cas20ServiceTicketValidator.setEncoding(shiroCasProperties.getEncoding());
        return cas20ServiceTicketValidator;
    }

    protected static TicketValidator buildCas20TicketValidator(ShiroCasProperties shiroCasProperties) {
        Cas20ServiceTicketValidator cas20ServiceTicketValidator;
        boolean isAcceptAnyProxy = shiroCasProperties.isAcceptAnyProxy();
        String allowedProxyChains = shiroCasProperties.getAllowedProxyChains();
        String casServerUrlPrefix = shiroCasProperties.getCasServerUrlPrefix();
        Class loadClass = StringUtils.hasText(shiroCasProperties.getTicketValidatorClass()) ? ReflectUtils.loadClass(shiroCasProperties.getTicketValidatorClass()) : null;
        if (isAcceptAnyProxy || CommonUtils.isNotBlank(allowedProxyChains)) {
            Cas20ServiceTicketValidator cas20ServiceTicketValidator2 = (Cas20ProxyTicketValidator) createNewTicketValidator(loadClass, casServerUrlPrefix, Cas20ProxyTicketValidator.class);
            cas20ServiceTicketValidator2.setAcceptAnyProxy(isAcceptAnyProxy);
            cas20ServiceTicketValidator2.setAllowedProxyChains(CommonUtils.createProxyList(allowedProxyChains));
            cas20ServiceTicketValidator = cas20ServiceTicketValidator2;
        } else {
            cas20ServiceTicketValidator = (Cas20ServiceTicketValidator) createNewTicketValidator(loadClass, casServerUrlPrefix, Cas20ServiceTicketValidator.class);
        }
        cas20ServiceTicketValidator.setProxyCallbackUrl(shiroCasProperties.getProxyCallbackUrl());
        cas20ServiceTicketValidator.setProxyGrantingTicketStorage(proxyGrantingTicketStorage);
        HttpsURLConnectionFactory httpsURLConnectionFactory = new HttpsURLConnectionFactory(HttpsURLConnection.getDefaultHostnameVerifier(), getSSLConfig(shiroCasProperties));
        cas20ServiceTicketValidator.setURLConnectionFactory(httpsURLConnectionFactory);
        cas20ServiceTicketValidator.setProxyRetriever(new Cas20ProxyRetriever(casServerUrlPrefix, shiroCasProperties.getEncoding(), httpsURLConnectionFactory));
        cas20ServiceTicketValidator.setRenew(shiroCasProperties.isRenew());
        cas20ServiceTicketValidator.setEncoding(shiroCasProperties.getEncoding());
        return cas20ServiceTicketValidator;
    }

    protected static TicketValidator buildCas10TicketValidator(ShiroCasProperties shiroCasProperties) {
        Cas10TicketValidator cas10TicketValidator = new Cas10TicketValidator(shiroCasProperties.getCasServerUrlPrefix());
        cas10TicketValidator.setEncoding(shiroCasProperties.getEncoding());
        return cas10TicketValidator;
    }

    protected static <T> T createNewTicketValidator(Class<? extends Cas20ServiceTicketValidator> cls, String str, Class<T> cls2) {
        return cls == null ? (T) ReflectUtils.newInstance(cls2, new Object[]{str}) : (T) ReflectUtils.newInstance(cls, new Object[]{str});
    }

    protected static Properties getSSLConfig(ShiroCasProperties shiroCasProperties) {
        Properties properties = new Properties();
        String sslConfigFile = shiroCasProperties.getSslConfigFile();
        if (sslConfigFile != null) {
            FileInputStream fileInputStream = null;
            try {
                try {
                    fileInputStream = new FileInputStream(sslConfigFile);
                    properties.load(fileInputStream);
                    logger.trace("Loaded {} entries from {}", Integer.valueOf(properties.size()), sslConfigFile);
                    CommonUtils.closeQuietly(fileInputStream);
                } catch (IOException e) {
                    logger.error(e.getMessage(), e);
                    CommonUtils.closeQuietly(fileInputStream);
                }
            } catch (Throwable th) {
                CommonUtils.closeQuietly(fileInputStream);
                throw th;
            }
        }
        return properties;
    }
}
