package org.n52.security.apps.wscweb.struts;

import java.util.HashSet;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionRedirect;

/* loaded from: input_file:org/n52/security/apps/wscweb/struts/PortalIntegrationAction.class */
public class PortalIntegrationAction extends FacadeAction {
    private static final String PROTECTED_SERVICE_PARAM_NAME = "wms_url";

    public ActionForward execute(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        ActionRedirect actionRedirect = new ActionRedirect(actionMapping.findForward("facadeStartDirect"));
        String parameter = httpServletRequest.getParameter("returnUrl");
        ReturnUrl returnUrl = new ReturnUrl(parameter);
        if (!returnUrl.hasQuerystring() || !returnUrl.hasParameter(PROTECTED_SERVICE_PARAM_NAME)) {
            httpServletResponse.sendError(400, "returnUrl <" + parameter + "> does not contain a required query string or wms_url parameter.");
            return null;
        }
        if (!isInWhitelist(returnUrl)) {
            httpServletResponse.sendError(400, "returnUrl <" + parameter + "> is not accepted.");
            return null;
        }
        if (!isWssUrl(returnUrl)) {
            httpServletResponse.sendRedirect(returnUrl.toString());
            return null;
        }
        actionRedirect.addParameter("clientIP", httpServletRequest.getRemoteAddr());
        actionRedirect.addParameter("facadeName", UUID.randomUUID().toString());
        actionRedirect.addParameter("extended", "false");
        actionRedirect.addParameter("ipFilterenabled", "false");
        actionRedirect.addParameter("referrerAcceptPattern", "");
        actionRedirect.addParameter("prependUsername", "false");
        actionRedirect.addParameter("wssURL", returnUrl.getParameter(PROTECTED_SERVICE_PARAM_NAME));
        httpServletRequest.getSession(true).setAttribute("returnUrl", returnUrl);
        return actionRedirect;
    }

    private boolean isWssUrl(ReturnUrl returnUrl) {
        return returnUrl.getParameter(PROTECTED_SERVICE_PARAM_NAME).contains("/WSS");
    }

    private boolean isInWhitelist(ReturnUrl returnUrl) {
        String[] split = ((String) getSecurityConfig().getPreConfiguredInstance("redirectionHostWhitelist")).split(",");
        HashSet hashSet = new HashSet();
        for (String str : split) {
            hashSet.add(str.trim());
        }
        return hashSet.contains(returnUrl.getHostName());
    }
}
