package edu.upenn.isc.grouper_ui.security;

import com.mysql.cj.conf.PropertyDefinitions;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.grouper.cfg.GrouperConfig;
import edu.internet2.middleware.grouper.ui.util.GrouperUiUtils;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;

/* loaded from: input_file:WEB-INF/lib/grouper-ui-4.1.6.jar:edu/upenn/isc/grouper_ui/security/PennWebsecRequestWrapper.class */
public class PennWebsecRequestWrapper extends HttpServletRequestWrapper {
    protected static final Log LOG = GrouperUtil.getLog(PennWebsecRequestWrapper.class);
    private static final String PENN_SESSION_USER_KEY = "pennUser";
    private static final String PENN_SESSION_TOKEN_KEY = "pennToken";
    private HttpServletResponse httpServletResponse;

    private String retrievePennToken() {
        String parameter = getParameter("websec_token");
        return StringUtils.isNotBlank(parameter) ? parameter : GrouperUiUtils.cookieValue("websec_token", getCookies());
    }

    public String getRemoteUser() {
        HttpSession session = getSession();
        String str = (String) session.getAttribute(PENN_SESSION_TOKEN_KEY);
        String retrievePennToken = retrievePennToken();
        if (!StringUtils.isBlank(str) && !StringUtils.isBlank(retrievePennToken) && !StringUtils.equals(str, retrievePennToken)) {
            session.invalidate();
            GrouperUiUtils.killCookie("websec_token", getCookies(), this.httpServletResponse);
            return null;
        }
        String str2 = (String) session.getAttribute(PENN_SESSION_USER_KEY);
        if (StringUtils.isBlank(str2)) {
            if (StringUtils.isBlank(retrievePennToken)) {
                return null;
            }
            Properties propertiesFromResourceName = GrouperUiUtils.propertiesFromResourceName("resources/custom/media.properties");
            StringUtils.defaultIfEmpty((String) propertiesFromResourceName.get("pennWebsecAppName"), "StudentHome");
            StringUtils.defaultIfEmpty((String) propertiesFromResourceName.get("pennWebsecBinary"), System.getProperty(PropertyDefinitions.SYSP_os_name).contains("Windows") ? "c:\\websec\\websec_client.exe" : "/usr/local/lib/websec/websec_client");
            new StringBuffer();
            String str3 = (String) propertiesFromResourceName.get("penn.uiGroup");
            if (!StringUtils.isBlank(str3)) {
                GrouperSession grouperSession = null;
                try {
                    try {
                        grouperSession = GrouperSession.start(SubjectFinder.findById(GrouperConfig.ROOT, true));
                        if (!GroupFinder.findByName(grouperSession, str3, true).hasMember(SubjectFinder.findByIdentifier(str2, true))) {
                            throw new RuntimeException("User is not authorized");
                        }
                        GrouperSession.stopQuietly(grouperSession);
                    } catch (Exception e) {
                        LOG.error("user: '" + str2 + "' is not a member of group: '" + str3 + "', and therefore is not authorized to use the app (configured in local media.properties penn.uiGroup");
                        throw new RuntimeException("User is not authorized", e);
                    }
                } catch (Throwable th) {
                    GrouperSession.stopQuietly(grouperSession);
                    throw th;
                }
            }
            session.setAttribute(PENN_SESSION_USER_KEY, str2);
            session.setAttribute(PENN_SESSION_TOKEN_KEY, retrievePennToken);
        }
        return str2;
    }

    public PennWebsecRequestWrapper(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        super(httpServletRequest);
        this.httpServletResponse = null;
        this.httpServletResponse = httpServletResponse;
    }
}
