package org.wso2.solutions.identity.relyingparty.servletfilter;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.util.Iterator;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.TransportOutDescription;
import org.apache.axis2.util.XMLUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSSConfig;
import org.w3c.dom.Element;
import org.wso2.solutions.identity.relyingparty.TokenVerifier;
import org.wso2.solutions.identity.relyingparty.TokenVerifierConstants;
import org.wso2.solutions.identity.relyingparty.util.CustomizedSSLTransport;

/* loaded from: input_file:org/wso2/solutions/identity/relyingparty/servletfilter/RelyingPartyFilter.class */
public class RelyingPartyFilter implements Filter {
    public static Log log;
    FilterConfig filterConfig;
    static Class class$org$wso2$solutions$identity$relyingparty$servletfilter$RelyingPartyFilter;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            String requestURI = ((HttpServletRequest) servletRequest).getRequestURI();
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("RequestURI : ").append(requestURI).toString());
            }
            RelyingPartyFilterConfiguration relyingPartyFilterConfiguration = RelyingPartyFilterConfiguration.getInstance(this.filterConfig.getInitParameter("config-file"));
            String parameter = servletRequest.getParameter("InfoCardSignin");
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("InfoCardSignin : ").append(parameter).toString());
            }
            if (parameter != null && "Log in".equals(parameter)) {
                if (log.isDebugEnabled()) {
                    log.debug("InfoCardSignin=Log in");
                }
                String parameter2 = servletRequest.getParameter("xmlToken");
                if (parameter2 != null) {
                    OMElement verifyToken = verifyToken(new TokenVerifier().decryptToken(parameter2, getPrivateKey(relyingPartyFilterConfiguration)), relyingPartyFilterConfiguration);
                    servletRequest.setAttribute(TokenVerifierConstants.SERVLET_ATTR_STATE, verifyToken.getAttribute(new QName(TokenVerifierConstants.ATTR_STATE)).getAttributeValue());
                    servletRequest.setAttribute(TokenVerifierConstants.ISSUER_INFO, verifyToken.getFirstChildWithName(new QName(TokenVerifierConstants.NS, TokenVerifierConstants.LN_ISSUER_INFO)).getFirstElement().toString());
                    Iterator childrenWithName = verifyToken.getFirstChildWithName(new QName(TokenVerifierConstants.NS, TokenVerifierConstants.LN_PROPERTIES)).getChildrenWithName(new QName(TokenVerifierConstants.NS, TokenVerifierConstants.LN_PROPERTY, TokenVerifierConstants.PREFIX));
                    while (childrenWithName.hasNext()) {
                        OMElement oMElement = (OMElement) childrenWithName.next();
                        servletRequest.setAttribute(oMElement.getAttribute(new QName(TokenVerifierConstants.ATTR_NAME)).getAttributeValue(), oMElement.getText());
                    }
                } else {
                    servletRequest.setAttribute(TokenVerifierConstants.ATTR_STATE, TokenVerifierConstants.STATE_FAILURE);
                    servletRequest.setAttribute(TokenVerifierConstants.FAILURE_REASON, TokenVerifierConstants.REASON_TOKEN_MISSING);
                }
            }
        } catch (Exception e) {
            servletRequest.setAttribute(TokenVerifierConstants.ATTR_STATE, TokenVerifierConstants.STATE_FAILURE);
            log.error("Error in token verification", e);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    protected OMElement verifyToken(Element element, RelyingPartyFilterConfiguration relyingPartyFilterConfiguration) throws Exception {
        OMElement om = XMLUtils.toOM(element);
        OMFactory oMFactory = om.getOMFactory();
        OMElement createOMElement = oMFactory.createOMElement(new QName(TokenVerifierConstants.NS, TokenVerifierConstants.LN_REQ, TokenVerifierConstants.PREFIX));
        oMFactory.createOMElement(new QName(TokenVerifierConstants.NS, TokenVerifierConstants.LN_TOKEN, TokenVerifierConstants.PREFIX), createOMElement).addChild(om);
        oMFactory.createOMElement(new QName(TokenVerifierConstants.NS, TokenVerifierConstants.LN_ISSUER, TokenVerifierConstants.PREFIX), createOMElement).setText("self");
        ServiceClient serviceClient = new ServiceClient(ConfigurationContextFactory.createDefaultConfigurationContext(), (AxisService) null);
        Options options = new Options();
        options.setAction("urn:verify");
        options.setTo(new EndpointReference(relyingPartyFilterConfiguration.getVerifierURL()));
        if (relyingPartyFilterConfiguration.getDoCustomizeSSL()) {
            CustomizedSSLTransport customizedSSLTransport = new CustomizedSSLTransport();
            customizedSSLTransport.setTrustStoreFileName(relyingPartyFilterConfiguration.getTrustStoreFileName());
            customizedSSLTransport.setTrustStorePass(relyingPartyFilterConfiguration.getTrustStorePass());
            TransportOutDescription transportOutDescription = new TransportOutDescription("https");
            transportOutDescription.setSender(customizedSSLTransport);
            options.setTransportOut(transportOutDescription);
        }
        serviceClient.setOptions(options);
        OMElement sendReceive = serviceClient.sendReceive(createOMElement);
        log.debug(sendReceive);
        return sendReceive;
    }

    private PrivateKey getPrivateKey(RelyingPartyFilterConfiguration relyingPartyFilterConfiguration) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(relyingPartyFilterConfiguration.getServiceStoreType());
        keyStore.load(new FileInputStream(relyingPartyFilterConfiguration.getServiceKeystore()), relyingPartyFilterConfiguration.getServiceStorePass().toCharArray());
        return (PrivateKey) keyStore.getKey(relyingPartyFilterConfiguration.getServiceKeyAlias(), relyingPartyFilterConfiguration.getServiceKeyPass().toCharArray());
    }

    public void destroy() {
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$wso2$solutions$identity$relyingparty$servletfilter$RelyingPartyFilter == null) {
            cls = class$("org.wso2.solutions.identity.relyingparty.servletfilter.RelyingPartyFilter");
            class$org$wso2$solutions$identity$relyingparty$servletfilter$RelyingPartyFilter = cls;
        } else {
            cls = class$org$wso2$solutions$identity$relyingparty$servletfilter$RelyingPartyFilter;
        }
        log = LogFactory.getLog(cls);
        WSSConfig.getDefaultWSConfig();
    }
}
