package blackboard.platform.servlet;

import blackboard.data.registry.SystemRegistryUtil;
import blackboard.persist.KeyNotFoundException;
import blackboard.persist.PersistenceException;
import blackboard.persist.user.UserDbLoader;
import blackboard.platform.config.BbConfig;
import blackboard.platform.config.ConfigurationServiceFactory;
import blackboard.platform.forms.Field;
import blackboard.platform.log.LogServiceFactory;
import blackboard.platform.security.NonceUtil;
import blackboard.platform.session.BbSession;
import blackboard.platform.session.BbSessionManagerServiceEx;
import blackboard.platform.session.BbSessionManagerServiceExFactory;
import blackboard.platform.session.impl.BbSessionImpl;
import blackboard.platform.session.impl.BbSessionManagerServiceImpl;
import blackboard.platform.session.impl.SessionDAO;
import blackboard.platform.session.impl.SessionInvalidationTask;
import blackboard.platform.user.MyPlacesUtil;
import blackboard.util.Hex;
import blackboard.util.StringUtil;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import org.apache.commons.collections.map.CaseInsensitiveMap;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:blackboard/platform/servlet/CloudSessionFilter.class */
public class CloudSessionFilter implements Filter {
    public static final String SESSION_ID_HEADER = "X-Blackboard-Session-Id";
    public static final String USER_ID_HEADER = "X-Blackboard-Session-User";
    public static final String SITE_ID_HEADER = "X-Blackboard-Session-Site";
    public static final String XSRF_HEADER = "X-Blackboard-Session-XSRF";
    public static final String SIGNATURE_HEADER = "X-Blackboard-Session-Signature";
    public static final String TIMEOUT_HEADER = "X-Blackboard-Session-Timeout";
    public static final String REMOVE_SESSION_HEADER = "X-Blackboard-Remove-Session";
    private String _sharedSecret;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:blackboard/platform/servlet/CloudSessionFilter$CloudSessionServletRequest.class */
    public class CloudSessionServletRequest extends HttpServletRequestWrapper {
        private final HttpServletRequest _request;
        private Cookie _sessionCookie;

        public CloudSessionServletRequest(HttpServletRequest httpServletRequest) {
            super(httpServletRequest);
            this._request = httpServletRequest;
        }

        public void attachValidatedSession() {
            BbSessionImpl bbSession = getBbSession();
            if (bbSession != null) {
                this._request.setAttribute("int-session-id", String.valueOf(bbSession.getBbSessionKey()));
                BbSessionManagerServiceExFactory.getInstance().setSession(this._request, bbSession);
                this._sessionCookie = SessionCookieUtil.buildSessionCookie(bbSession.getBbSecureSessionIdMd5(), true);
            }
        }

        public Cookie[] getCookies() {
            Cookie[] cookies = super.getCookies();
            if (this._sessionCookie == null) {
                return cookies;
            }
            if (cookies == null) {
                cookies = new Cookie[0];
            }
            ArrayList arrayList = new ArrayList(Arrays.asList(cookies));
            arrayList.add(this._sessionCookie);
            return (Cookie[]) arrayList.toArray(new Cookie[arrayList.size()]);
        }

        Map<String, String> extractSessionHeaders() {
            CaseInsensitiveMap caseInsensitiveMap = new CaseInsensitiveMap();
            Iterator it = Collections.list(getHeaderNames()).iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                if (StringUtils.startsWithIgnoreCase(str, "X-Blackboard-Session-")) {
                    caseInsensitiveMap.put(str, getHeader(str));
                }
            }
            return caseInsensitiveMap;
        }

        String signHeaders(Map<String, String> map) {
            ArrayList<String> arrayList = new ArrayList(map.keySet());
            Collections.sort(arrayList);
            ArrayList arrayList2 = new ArrayList();
            for (String str : arrayList) {
                arrayList2.add(str.toLowerCase() + ":" + map.get(str));
            }
            String join = StringUtil.join(arrayList2, MyPlacesUtil.DELIMITER);
            try {
                Mac mac = Mac.getInstance("HmacSHA1");
                mac.init(new SecretKeySpec(CloudSessionFilter.this._sharedSecret.getBytes("UTF-8"), mac.getAlgorithm()));
                return new Hex(mac.doFinal(join.getBytes("UTF-8"))).toString();
            } catch (UnsupportedEncodingException | InvalidKeyException | NoSuchAlgorithmException e) {
                LogServiceFactory.getInstance().logError("Failed to sign", e);
                return null;
            }
        }

        Map<String, String> getValidatedHeaders() {
            Map<String, String> extractSessionHeaders = extractSessionHeaders();
            String remove = extractSessionHeaders.remove(CloudSessionFilter.SIGNATURE_HEADER);
            if (remove == null) {
                return null;
            }
            if (remove.equals(signHeaders(extractSessionHeaders))) {
                return extractSessionHeaders;
            }
            LogServiceFactory.getInstance().logError("Invalid cloud session signature");
            return null;
        }

        BbSessionImpl getBbSession() {
            try {
                Map<String, String> validatedHeaders = getValidatedHeaders();
                if (validatedHeaders == null) {
                    return null;
                }
                String str = validatedHeaders.get(CloudSessionFilter.SESSION_ID_HEADER);
                if (str == null) {
                    LogServiceFactory.getInstance().logError("Signed cloud session headers are missing session id");
                    return null;
                }
                BbSessionImpl loadSession = BbSessionManagerServiceExFactory.getInstance().loadSession(str, true, !Boolean.valueOf(this._request.getHeader(BbSessionManagerServiceImpl.SUPPRESS_SESSION_TIMESTAMP_UPDATE_HEADER)).booleanValue());
                if (loadSession == null) {
                    loadSession = resurrectBbSession(validatedHeaders);
                }
                return loadSession;
            } catch (Exception e) {
                LogServiceFactory.getInstance().logError("Failed to build session", e);
                return null;
            }
        }

        BbSessionImpl resurrectBbSession(Map<String, String> map) throws Exception {
            BbSessionImpl bbSessionImpl = new BbSessionImpl();
            SessionDAO.Factory.getInstance().insertSession(bbSessionImpl);
            bbSessionImpl.setBbSecureSessionIdMd5(map.get(CloudSessionFilter.SESSION_ID_HEADER));
            BbSessionManagerServiceEx bbSessionManagerServiceExFactory = BbSessionManagerServiceExFactory.getInstance();
            bbSessionImpl.setBbSessionIdMd5(bbSessionManagerServiceExFactory.generateSessionHash(bbSessionImpl));
            bbSessionImpl.setBbFileServerSessionIdMd5(bbSessionManagerServiceExFactory.generateSessionHash(bbSessionImpl));
            bbSessionImpl.setBbFileOneTimeSessionIdMd5(bbSessionManagerServiceExFactory.generateSessionHash(bbSessionImpl));
            SessionDAO.Factory.getInstance().updateSession(bbSessionImpl);
            bbSessionManagerServiceExFactory.generateSessionFingerprint(this._request, bbSessionImpl);
            String str = map.get(CloudSessionFilter.USER_ID_HEADER);
            if (StringUtil.notEmpty(str)) {
                bbSessionManagerServiceExFactory.authenticateSession(UserDbLoader.Default.getInstance().loadByUuid(str), bbSessionImpl);
            }
            String str2 = map.get(CloudSessionFilter.XSRF_HEADER);
            if (StringUtil.notEmpty(str2)) {
                bbSessionImpl.setGlobalKey(NonceUtil.AJAX_NONCE_KEY, str2);
            }
            return bbSessionImpl;
        }

        @VisibleForTesting
        void setSessionCookie(Cookie cookie) {
            this._sessionCookie = cookie;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:blackboard/platform/servlet/CloudSessionFilter$CloudSessionServletResponse.class */
    public class CloudSessionServletResponse extends HttpServletResponseWrapper {
        private final HttpServletRequest _request;
        private final HttpServletResponse _response;

        public CloudSessionServletResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            super(httpServletResponse);
            this._request = httpServletRequest;
            this._response = httpServletResponse;
        }

        public void addCookie(Cookie cookie) {
            String name = cookie.getName();
            boolean z = -1;
            switch (name.hashCode()) {
                case 414809776:
                    if (name.equals(RequestSessionFilter.SECURED_SESSION_COOKIE)) {
                        z = true;
                        break;
                    }
                    break;
                case 1661853540:
                    if (name.equals("session_id")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return;
                case true:
                    transformSessionCookie(cookie);
                    return;
                default:
                    super.addCookie(cookie);
                    return;
            }
        }

        void transformSessionCookie(Cookie cookie) {
            try {
                if (cookie.getMaxAge() == 0) {
                    removeSession();
                } else {
                    sendSession(cookie.getValue());
                }
            } catch (Exception e) {
                LogServiceFactory.getInstance().logError("Failed to process the outgoing cookie", e);
            }
        }

        void sendSession(String str) throws PersistenceException {
            this._response.setHeader(CloudSessionFilter.SESSION_ID_HEADER, str);
            this._response.setHeader(CloudSessionFilter.XSRF_HEADER, NonceUtil.getAjaxNonce(this._request));
            this._response.setHeader(CloudSessionFilter.SITE_ID_HEADER, SystemRegistryUtil.getString("bb_cloud_site_id", null));
            this._response.setHeader(CloudSessionFilter.TIMEOUT_HEADER, String.valueOf(SessionInvalidationTask.getSessionTimeout().intValue() / Field.LONG_STRING_MAX));
            BbSession session = BbSessionManagerServiceExFactory.getInstance().getSession(this._request);
            if (session instanceof BbSessionImpl) {
                try {
                    this._response.setHeader(CloudSessionFilter.USER_ID_HEADER, UserDbLoader.Default.getInstance().loadById(session.getUserId()).getUuid());
                } catch (KeyNotFoundException e) {
                }
            }
        }

        void removeSession() {
            this._response.setHeader(CloudSessionFilter.REMOVE_SESSION_HEADER, "true");
        }
    }

    public void init(FilterConfig filterConfig) {
        this._sharedSecret = ConfigurationServiceFactory.getInstance().getBbProperty(BbConfig.CLOUD_ROUTER_SECRET);
        if (StringUtil.isEmpty(this._sharedSecret)) {
            throw new IllegalArgumentException("bbconfig.cloud.router.secret not set");
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if ((servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse)) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            ServletRequest wrapRequest = wrapRequest(httpServletRequest);
            wrapRequest.attachValidatedSession();
            servletRequest = wrapRequest;
            servletResponse = wrapResponse(httpServletRequest, (HttpServletResponse) servletResponse);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }

    CloudSessionServletRequest wrapRequest(HttpServletRequest httpServletRequest) {
        return new CloudSessionServletRequest(httpServletRequest);
    }

    CloudSessionServletResponse wrapResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return new CloudSessionServletResponse(httpServletRequest, httpServletResponse);
    }

    @VisibleForTesting
    String getSharedSecret() {
        return this._sharedSecret;
    }
}
