package org.picketlink.identity.federation.bindings.tomcat.sp;

import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Method;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.AuthenticatorBase;
import org.apache.catalina.authenticator.FormAuthenticator;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.api.saml.v2.metadata.MetaDataExtractor;
import org.picketlink.identity.federation.core.config.SPType;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
import org.picketlink.identity.federation.core.saml.v2.factories.SAML2HandlerChainFactory;
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.core.util.SystemPropertiesUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.saml.v2.metadata.EndpointType;
import org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType;
import org.picketlink.identity.federation.web.config.AbstractSAMLConfigurationProvider;
import org.picketlink.identity.federation.web.util.ConfigurationUtil;
import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider;

/* loaded from: input_file:org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.class */
public abstract class BaseFormAuthenticator extends FormAuthenticator {
    protected static Logger log = Logger.getLogger(BaseFormAuthenticator.class);
    protected final boolean trace = log.isTraceEnabled();
    protected SPType spConfiguration = null;
    protected String serviceURL = null;
    protected String identityURL = null;
    protected String issuerID = null;
    protected String configFile = "/WEB-INF/picketlink-idfed.xml";
    protected transient X509Certificate idpCertificate = null;
    protected transient SAML2HandlerChain chain = null;
    protected transient String samlHandlerChainClass = null;
    protected Map<String, Object> chainConfigOptions = new HashMap();
    protected boolean saveRestoreRequest = true;
    protected Lock chainLock = new ReentrantLock();
    protected String canonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
    protected String logOutPage = "/logout.jsp";
    protected SAMLConfigurationProvider configProvider = null;
    private Method theSuperRegisterMethod = null;
    private boolean seekSuperRegisterMethod = true;

    public String getConfigFile() {
        return this.configFile;
    }

    public void setConfigFile(String str) {
        this.configFile = str;
    }

    public void setSamlHandlerChainClass(String str) {
        this.samlHandlerChainClass = str;
    }

    public void setServiceURL(String str) {
        this.serviceURL = str;
    }

    public void setSaveRestoreRequest(boolean z) {
        this.saveRestoreRequest = z;
    }

    public void setConfigProvider(String str) {
        if (str == null) {
            throw new IllegalStateException("PL00078: Null Parameter:" + str);
        }
        Class<?> loadClass = SecurityActions.loadClass(getClass(), str);
        if (loadClass == null) {
            throw new RuntimeException("PL00085: Class Not Loaded:" + str);
        }
        try {
            this.configProvider = (SAMLConfigurationProvider) loadClass.newInstance();
        } catch (Exception e) {
            throw new RuntimeException("PL00086: Cannot create instance of:" + str + ":" + e.getMessage());
        }
    }

    public void setIssuerID(String str) {
        this.issuerID = str;
    }

    public void setLogOutPage(String str) {
        this.logOutPage = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean validate(Request request) throws IOException, GeneralSecurityException {
        return request.getParameter("SAMLResponse") != null;
    }

    public void start() throws LifecycleException {
        super.start();
        SystemPropertiesUtil.ensure();
        processStart();
    }

    public String getIdentityURL() {
        return this.identityURL;
    }

    public X509Certificate getIdpCertificate() {
        return this.idpCertificate;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void register(Request request, Response response, Principal principal, String str, String str2, String str3) {
        if (this.theSuperRegisterMethod == null && this.seekSuperRegisterMethod) {
            this.theSuperRegisterMethod = SecurityActions.getMethod(getAuthenticatorBaseClass(), "register", new Class[]{Request.class, HttpServletResponse.class, Principal.class, String.class, String.class, String.class});
        }
        try {
            if (this.theSuperRegisterMethod != null) {
                this.theSuperRegisterMethod.invoke(this, request, response, principal, str, str2, str3);
            }
            if (this.theSuperRegisterMethod == null) {
                this.seekSuperRegisterMethod = false;
                super.register(request, response, principal, str, str2, str3);
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean localAuthentication(Request request, Response response, LoginConfig loginConfig) throws IOException {
        if (request.getUserPrincipal() != null) {
            return true;
        }
        log.error("Falling back on local Form Authentication if available");
        try {
            return super.authenticate(request, response, loginConfig);
        } catch (NoSuchMethodError e) {
            try {
                return ((Boolean) super/*java.lang.Object*/.getClass().getMethod("authenticate", HttpServletRequest.class, HttpServletResponse.class, LoginConfig.class).invoke(this, request.getRequest(), response.getResponse(), loginConfig)).booleanValue();
            } catch (Exception e2) {
                throw new IOException("PL00035: Unable to fallback on local auth:", e2);
            }
        }
    }

    protected abstract String getBinding();

    protected void processIDPMetadataFile(String str) {
        InputStream resourceAsStream = this.context.getServletContext().getResourceAsStream(str);
        if (resourceAsStream == null) {
            return;
        }
        try {
            Object parse = new SAMLParser().parse(DocumentUtil.getNodeAsStream(DocumentUtil.getDocument(resourceAsStream)));
            IDPSSODescriptorType handleMetadata = parse instanceof EntitiesDescriptorType ? handleMetadata((EntitiesDescriptorType) parse) : handleMetadata((EntityDescriptorType) parse);
            if (handleMetadata == null) {
                log.error("Unable to obtain the IDP SSO Descriptor from metadata");
                return;
            }
            Iterator it = handleMetadata.getSingleSignOnService().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                EndpointType endpointType = (EndpointType) it.next();
                if (getBinding().equals(endpointType.getBinding().toString())) {
                    this.identityURL = endpointType.getLocation().toString();
                    break;
                }
            }
            List keyDescriptor = handleMetadata.getKeyDescriptor();
            if (keyDescriptor.size() > 0) {
                this.idpCertificate = MetaDataExtractor.getCertificate((KeyDescriptorType) keyDescriptor.get(0));
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected void processConfiguration() {
        InputStream resourceAsStream = this.context.getServletContext().getResourceAsStream(this.configFile);
        if (resourceAsStream == null) {
            throw new RuntimeException("PL00025: Service Provider:: Configuration File missing:" + this.configFile);
        }
        try {
            if (this.configProvider != null) {
                this.spConfiguration = this.configProvider.getSPConfiguration();
                if (this.configProvider instanceof AbstractSAMLConfigurationProvider) {
                    this.configProvider.setConfigFile(resourceAsStream);
                }
            } else {
                this.spConfiguration = ConfigurationUtil.getSPConfiguration(resourceAsStream);
            }
            if (StringUtil.isNotNull(this.spConfiguration.getIdpMetadataFile())) {
                processIDPMetadataFile(this.spConfiguration.getIdpMetadataFile());
            } else {
                this.identityURL = this.spConfiguration.getIdentityURL();
            }
            this.serviceURL = this.spConfiguration.getServiceURL();
            this.canonicalizationMethod = this.spConfiguration.getCanonicalizationMethod();
            log.info("BaseFormAuthenticator:: Setting the CanonicalizationMethod on XMLSignatureUtil::" + this.canonicalizationMethod);
            XMLSignatureUtil.setCanonicalizationMethodType(this.canonicalizationMethod);
            if (this.trace) {
                log.trace("Identity Provider URL=" + this.identityURL);
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected IDPSSODescriptorType handleMetadata(EntitiesDescriptorType entitiesDescriptorType) {
        IDPSSODescriptorType iDPSSODescriptorType = null;
        for (Object obj : entitiesDescriptorType.getEntityDescriptor()) {
            iDPSSODescriptorType = obj instanceof EntitiesDescriptorType ? getIDPSSODescriptor(entitiesDescriptorType) : handleMetadata((EntityDescriptorType) obj);
            if (iDPSSODescriptorType != null) {
                break;
            }
        }
        return iDPSSODescriptorType;
    }

    protected IDPSSODescriptorType handleMetadata(EntityDescriptorType entityDescriptorType) {
        return CoreConfigUtil.getIDPDescriptor(entityDescriptorType);
    }

    protected IDPSSODescriptorType getIDPSSODescriptor(EntitiesDescriptorType entitiesDescriptorType) {
        Iterator it = entitiesDescriptorType.getEntityDescriptor().iterator();
        if (!it.hasNext()) {
            return null;
        }
        Object next = it.next();
        return next instanceof EntitiesDescriptorType ? getIDPSSODescriptor((EntitiesDescriptorType) next) : CoreConfigUtil.getIDPDescriptor((EntityDescriptorType) next);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initializeHandlerChain() throws ConfigurationException, ProcessingException {
        populateChainConfig();
        DefaultSAML2HandlerChainConfig defaultSAML2HandlerChainConfig = new DefaultSAML2HandlerChainConfig(this.chainConfigOptions);
        Iterator it = this.chain.handlers().iterator();
        while (it.hasNext()) {
            ((SAML2Handler) it.next()).initChainConfig(defaultSAML2HandlerChainConfig);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void populateChainConfig() throws ConfigurationException, ProcessingException {
        this.chainConfigOptions.put("CONFIGURATION", this.spConfiguration);
        this.chainConfigOptions.put("CANONICALIZATION_METHOD", this.canonicalizationMethod);
        this.chainConfigOptions.put("ROLE_VALIDATOR_IGNORE", "false");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendToLogoutPage(Request request, Response response, Session session) throws IOException, ServletException {
        RequestDispatcher requestDispatcher = this.context.getServletContext().getRequestDispatcher(this.logOutPage);
        if (requestDispatcher == null) {
            log.error("Cannot dispatch to the logout page: no request dispatcher:" + this.logOutPage);
            return;
        }
        session.expire();
        try {
            requestDispatcher.forward(request, response);
        } catch (Exception e) {
            requestDispatcher.forward(request.getRequest(), response);
        }
    }

    public void testStart() throws LifecycleException {
        this.saveRestoreRequest = false;
        if (this.context == null) {
            throw new RuntimeException("Catalina Context not set up");
        }
        processStart();
    }

    private void processStart() throws LifecycleException {
        if (StringUtil.isNullOrEmpty(this.samlHandlerChainClass)) {
            this.chain = SAML2HandlerChainFactory.createChain();
        } else {
            try {
                this.chain = SAML2HandlerChainFactory.createChain(this.samlHandlerChainClass);
            } catch (ProcessingException e) {
                throw new LifecycleException(e);
            }
        }
        ServletContext servletContext = this.context.getServletContext();
        processConfiguration();
        try {
            this.chain.addAll(HandlerUtil.getHandlers(ConfigurationUtil.getHandlers(servletContext.getResourceAsStream("/WEB-INF/picketlink-handlers.xml"))));
            populateChainConfig();
            initializeHandlerChain();
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private Class<?> getAuthenticatorBaseClass() {
        Class<?> cls = getClass();
        do {
            cls = cls.getSuperclass();
        } while (cls != AuthenticatorBase.class);
        return cls;
    }
}
