package org.jboss.identity.federation.web.servlets;

import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.web.config.IDPType;
import org.jboss.identity.federation.web.config.KeyProviderType;
import org.jboss.identity.federation.web.interfaces.RoleGenerator;
import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
import org.jboss.identity.federation.web.roles.DefaultRoleGenerator;
import org.jboss.identity.federation.web.util.ConfigurationUtil;
import org.jboss.identity.federation.web.util.IDPWebRequestUtil;
import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
import org.w3c.dom.Document;

/* loaded from: input_file:org/jboss/identity/federation/web/servlets/IDPServlet.class */
public class IDPServlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    private static Logger log = Logger.getLogger(IDPServlet.class);
    public static final String PRINCIPAL_ID = "jboss_identity.principal";
    public static final String ROLES_ID = "jboss_identity.roles";
    private TrustKeyManager keyManager;
    private boolean trace = log.isTraceEnabled();
    protected IDPType idpConfiguration = null;
    private RoleGenerator rg = new DefaultRoleGenerator();
    private long assertionValidity = 5000;
    private String identityURL = null;
    private Boolean ignoreIncomingSignatures = true;
    private Boolean signOutgoingMessages = true;
    private ServletContext context = null;

    /* loaded from: input_file:org/jboss/identity/federation/web/servlets/IDPServlet$SessionHolder.class */
    protected class SessionHolder {
        String samlRequest;
        String signature;
        String sigAlg;

        public SessionHolder(String str, String str2, String str3) {
            this.samlRequest = str;
            this.signature = str2;
            this.sigAlg = str3;
        }
    }

    public Boolean getIgnoreIncomingSignatures() {
        return this.ignoreIncomingSignatures;
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        this.context = servletConfig.getServletContext();
        InputStream resourceAsStream = this.context.getResourceAsStream("/WEB-INF/jboss-idfed.xml");
        if (resourceAsStream == null) {
            throw new RuntimeException("/WEB-INF/jboss-idfed.xml missing");
        }
        try {
            this.idpConfiguration = ConfigurationUtil.getIDPConfiguration(resourceAsStream);
            this.identityURL = this.idpConfiguration.getIdentityURL();
            log.trace("Identity Provider URL=" + this.identityURL);
            this.assertionValidity = this.idpConfiguration.getAssertionValidity();
            if (this.signOutgoingMessages.booleanValue()) {
                KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
                if (keyProvider == null) {
                    throw new RuntimeException("Key Provider is null for context=" + this.context.getContextPath());
                }
                try {
                    ClassLoader contextClassLoader = SecurityActions.getContextClassLoader();
                    String className = keyProvider.getClassName();
                    if (className == null) {
                        throw new RuntimeException("KeyManager class name is null");
                    }
                    this.keyManager = (TrustKeyManager) contextClassLoader.loadClass(className).newInstance();
                    this.keyManager.setAuthProperties(keyProvider.getAuth());
                    this.keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
                    if (this.trace) {
                        log.trace("Key Provider=" + keyProvider.getClassName());
                    }
                } catch (Exception e) {
                    log.error("Exception reading configuration:", e);
                    throw new RuntimeException(e.getLocalizedMessage());
                }
            }
            String initParameter = servletConfig.getInitParameter("ROLE_GENERATOR");
            if (initParameter == null || "".equals(initParameter)) {
                return;
            }
            setRoleGenerator(initParameter);
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:40:0x02b2
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    protected void doPost(javax.servlet.http.HttpServletRequest r11, javax.servlet.http.HttpServletResponse r12) throws javax.servlet.ServletException, java.io.IOException {
        /*
            Method dump skipped, instructions count: 803
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jboss.identity.federation.web.servlets.IDPServlet.doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse):void");
    }

    protected void sendErrorResponseToSP(String str, HttpServletResponse httpServletResponse, String str2, IDPWebRequestUtil iDPWebRequestUtil) throws ServletException, IOException, ConfigurationException {
        if (this.trace) {
            log.trace("About to send error response to SP:" + str);
        }
        Document errorResponse = iDPWebRequestUtil.getErrorResponse(str, JBossSAMLURIConstants.STATUS_RESPONDER.get(), this.identityURL, this.signOutgoingMessages.booleanValue());
        try {
            if (this.signOutgoingMessages.booleanValue()) {
                iDPWebRequestUtil.send(errorResponse, str, str2, httpServletResponse, true, this.keyManager.getSigningKey());
            } else {
                iDPWebRequestUtil.send(errorResponse, str, str2, httpServletResponse, false, null);
            }
        } catch (GeneralSecurityException e) {
            throw new ServletException(e);
        } catch (ParsingException e2) {
            throw new ServletException(e2);
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.sendError(405);
    }

    protected boolean validate(String str, String str2, SessionHolder sessionHolder, boolean z) throws IOException, GeneralSecurityException {
        if (sessionHolder.samlRequest == null || sessionHolder.samlRequest.length() == 0) {
            return false;
        }
        if (this.ignoreIncomingSignatures.booleanValue() || z) {
            return true;
        }
        String str3 = sessionHolder.signature;
        if (str3 == null || str3.length() == 0) {
            log.error("Signature received from SP is null:" + str);
            return false;
        }
        byte[] signatureValueFromSignedURL = RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(str2);
        if (signatureValueFromSignedURL == null) {
            return false;
        }
        try {
            return RedirectBindingSignatureUtil.validateSignature(str2, this.keyManager.getValidatingKey(str), signatureValueFromSignedURL);
        } catch (TrustKeyConfigurationException e) {
            throw new GeneralSecurityException(e.getCause());
        } catch (TrustKeyProcessingException e2) {
            throw new GeneralSecurityException(e2.getCause());
        }
    }

    private void setRoleGenerator(String str) {
        try {
            this.rg = (RoleGenerator) SecurityActions.getContextClassLoader().loadClass(str).newInstance();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
