package org.wso2.appserver.webapp.security.saml;

import java.io.IOException;
import java.util.Map;
import java.util.Optional;
import javax.servlet.ServletException;
import org.apache.catalina.authenticator.SingleSignOn;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.wso2.appserver.configuration.context.AppServerWebAppConfiguration;
import org.wso2.appserver.configuration.context.WebAppSingleSignOn;
import org.wso2.appserver.configuration.listeners.ContextConfigurationLoader;
import org.wso2.appserver.webapp.security.Constants;
import org.wso2.appserver.webapp.security.agent.SSORequestResolver;
import org.wso2.appserver.webapp.security.utils.SSOUtils;
import org.wso2.appserver.webapp.security.utils.exception.SSOException;

/* loaded from: input_file:org/wso2/appserver/webapp/security/saml/SAML2SSOValve.class */
public class SAML2SSOValve extends SingleSignOn {
    private WebAppSingleSignOn contextConfiguration;
    private SSORequestResolver requestResolver;

    public void invoke(Request request, Response response) throws IOException, ServletException {
        this.containerLog.debug("Invoking SAML 2.0 single-sign-on valve. Request URI : " + request.getRequestURI());
        Optional contextConfiguration = ContextConfigurationLoader.getContextConfiguration(request.getContext());
        if (!contextConfiguration.isPresent()) {
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug("No context level configuration found for " + request.getContext() + ", skipping SAML 2.0 based single-sign-on/single-logout...");
            }
            getNext().invoke(request, response);
            return;
        }
        this.contextConfiguration = ((AppServerWebAppConfiguration) contextConfiguration.get()).getSingleSignOnConfiguration();
        if (this.contextConfiguration == null) {
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug("No context level, single-sign-on configuration found for " + request.getContext() + ", skipping SAML 2.0 based single-sign-on/single-logout...");
            }
            getNext().invoke(request, response);
            return;
        }
        if (!((Boolean) Optional.ofNullable(this.contextConfiguration.isSSOEnabled()).orElse(false)).booleanValue()) {
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug("SAML 2.0 single-sign-on not enabled in web app " + request.getContext().getName() + ", skipping SAML 2.0 based single-sign-on...");
            }
            getNext().invoke(request, response);
            return;
        }
        this.requestResolver = new SSORequestResolver(request, this.contextConfiguration);
        if (this.requestResolver.isURLToSkip()) {
            if (this.containerLog.isDebugEnabled()) {
                this.containerLog.debug("Request matched a URL to skip. Skipping...");
            }
            getNext().invoke(request, response);
            return;
        }
        try {
            if (this.requestResolver.isSAML2SSOResponse()) {
                if (this.containerLog.isDebugEnabled()) {
                    this.containerLog.debug("Processing a SAML 2.0 Response...");
                }
                handleResponse(request);
                if (request.getSession(false) != null) {
                    Map map = (Map) request.getSession(false).getAttribute((String) request.getSession(false).getAttribute(Constants.RELAY_STATE_ID));
                    String str = (String) map.get(Constants.REQUEST_URL);
                    String str2 = (String) map.get(Constants.REQUEST_QUERY_STRING);
                    Map map2 = (Map) map.get(Constants.REQUEST_PARAMETERS);
                    StringBuilder sb = new StringBuilder(str);
                    Optional.ofNullable(str2).ifPresent(str3 -> {
                        sb.append("?").append(str3);
                    });
                    Optional.ofNullable(map2).ifPresent(map3 -> {
                        request.getSession(false).setAttribute(Constants.REQUEST_PARAM_MAP, map3);
                    });
                    response.sendRedirect(sb.toString());
                    return;
                }
            } else if (this.requestResolver.isSLOURL()) {
                if (this.containerLog.isDebugEnabled()) {
                    this.containerLog.debug("Processing SAML 2.0 Single Logout URL...");
                }
                handleLogoutRequest(request, response);
                return;
            } else if (request.getSession(false) == null || request.getSession(false).getAttribute(Constants.SESSION_BEAN) == null) {
                if (this.containerLog.isDebugEnabled()) {
                    this.containerLog.debug("Processing an SAML 2.0 Authentication Request...");
                }
                handleUnauthenticatedRequest(request, response);
                return;
            }
        } catch (SSOException e) {
            this.containerLog.error("An error has occurred when processing the request", e);
            getNext().invoke(request, response);
        }
        getNext().invoke(request, response);
    }

    private void handleUnauthenticatedRequest(Request request, Response response) throws SSOException {
        if (this.contextConfiguration == null) {
            throw new SSOException("Context level configurations may not be initialized");
        }
        if (this.requestResolver == null) {
            throw new SSOException("SSO Agent request resolver has not been initialized");
        }
        SAML2SSOManager sAML2SSOManager = new SAML2SSOManager(this.contextConfiguration);
        String createID = SSOUtils.createID();
        request.getSession(true).setAttribute(Constants.RELAY_STATE_ID, createID);
        request.getSession(false).setAttribute(createID, SSOUtils.generateRelayState(request));
        this.contextConfiguration.enableRequestSigning((Boolean) Optional.ofNullable(this.contextConfiguration.isRequestSigningEnabled()).orElse(false));
        if (this.requestResolver.isHttpPOSTBinding()) {
            this.containerLog.debug("Handling the SAML 2.0 Authentication Request for HTTP-POST binding...");
            String handleAuthenticationRequestForPOSTBinding = sAML2SSOManager.handleAuthenticationRequestForPOSTBinding(request);
            response.setContentType(Constants.CONTENT_TYPE_HTML);
            SSOUtils.sendCharacterData(response, handleAuthenticationRequestForPOSTBinding);
            return;
        }
        this.containerLog.debug("Handling the SAML 2.0 Authentication Request for " + this.contextConfiguration.getHttpBinding() + "...");
        try {
            response.sendRedirect(sAML2SSOManager.handleAuthenticationRequestForRedirectBinding(request));
        } catch (IOException e) {
            throw new SSOException("Error when handling SAML 2.0 HTTP-Redirect binding", e);
        }
    }

    private void handleResponse(Request request) throws SSOException {
        if (this.contextConfiguration == null) {
            throw new SSOException("Context level configurations may not be initialized");
        }
        this.contextConfiguration.enableResponseSigning((Boolean) Optional.ofNullable(this.contextConfiguration.isResponseSigningEnabled()).orElse(false));
        this.contextConfiguration.enableAssertionSigning((Boolean) Optional.ofNullable(this.contextConfiguration.isAssertionSigningEnabled()).orElse(true));
        this.contextConfiguration.enableAssertionEncryption((Boolean) Optional.ofNullable(this.contextConfiguration.isAssertionEncryptionEnabled()).orElse(false));
        new SAML2SSOManager(this.contextConfiguration).processResponse(request);
    }

    private void handleLogoutRequest(Request request, Response response) throws SSOException {
        if (this.requestResolver == null) {
            throw new SSOException("SSO Agent request resolver has not been initialized");
        }
        SAML2SSOManager sAML2SSOManager = new SAML2SSOManager(this.contextConfiguration);
        try {
            if (!this.requestResolver.isHttpPOSTBinding()) {
                response.sendRedirect(sAML2SSOManager.handleLogoutRequestForRedirectBinding(request));
            } else if (request.getSession(false).getAttribute(Constants.SESSION_BEAN) != null) {
                String handleLogoutRequestForPOSTBinding = sAML2SSOManager.handleLogoutRequestForPOSTBinding(request);
                response.setContentType(Constants.CONTENT_TYPE_HTML);
                SSOUtils.sendCharacterData(response, handleLogoutRequestForPOSTBinding);
            } else {
                this.containerLog.warn("Attempt to logout from an already logged out session");
                response.sendRedirect(request.getContext().getPath());
            }
        } catch (IOException e) {
            throw new SSOException("Error when handling logout request", e);
        }
    }
}
