package org.wso2.carbon.identity.sso.saml.servlet;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Iterator;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.MimeHeaders;
import javax.xml.soap.SOAPBodyElement;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.joda.time.DateTime;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml2.core.ArtifactResolve;
import org.opensaml.soap.soap11.Body;
import org.opensaml.soap.soap11.Envelope;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.sso.saml.SAMLSSOArtifactResolver;
import org.wso2.carbon.identity.sso.saml.SAMLSSOConstants;
import org.wso2.carbon.identity.sso.saml.exception.ArtifactBindingException;
import org.wso2.carbon.identity.sso.saml.exception.IdentitySAML2SSOException;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
import org.wso2.carbon.ui.CarbonUIUtil;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/servlet/SAMLArtifactResolveServlet.class */
public class SAMLArtifactResolveServlet extends HttpServlet {
    private static final long serialVersionUID = -2505199341482721905L;
    private static final Log log = LogFactory.getLog(SAMLArtifactResolveServlet.class);

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        handleRequest(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        handleRequest(httpServletRequest, httpServletResponse);
    }

    private void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        ArtifactResolve artifactResolve = null;
        try {
            try {
                try {
                    SOAPMessage createMessage = MessageFactory.newInstance().createMessage(new MimeHeaders(), httpServletRequest.getInputStream());
                    if (log.isDebugEnabled()) {
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        createMessage.writeTo(byteArrayOutputStream);
                        log.debug("SAML2 Artifact Resolve request received: " + byteArrayOutputStream.toString());
                    }
                    Iterator childElements = createMessage.getSOAPBody().getChildElements();
                    while (childElements.hasNext()) {
                        SOAPBodyElement sOAPBodyElement = (SOAPBodyElement) childElements.next();
                        if (StringUtils.equals(SAMLSSOConstants.SAML_PROTOCOL_URN, sOAPBodyElement.getNamespaceURI()) && StringUtils.equals("ArtifactResolve", sOAPBodyElement.getLocalName())) {
                            DOMSource dOMSource = new DOMSource(sOAPBodyElement);
                            StringWriter stringWriter = new StringWriter();
                            TransformerFactory.newInstance().newTransformer().transform(dOMSource, new StreamResult(stringWriter));
                            artifactResolve = (ArtifactResolve) SAMLSSOUtil.unmarshall(stringWriter.toString());
                        }
                    }
                    if (artifactResolve != null) {
                        handleArtifact(httpServletRequest, httpServletResponse, artifactResolve);
                    } else {
                        log.error("Invalid SAML Artifact Resolve request received.");
                    }
                    SAMLSSOUtil.removeSaaSApplicationThreaLocal();
                    SAMLSSOUtil.removeUserTenantDomainThreaLocal();
                    SAMLSSOUtil.removeTenantDomainFromThreadLocal();
                } catch (SOAPException e) {
                    throw new ServletException("Error while extracting SOAP body from the request.", e);
                }
            } catch (IdentityException e2) {
                throw new ServletException("Error while unmarshalling ArtifactResponse  from the request.", e2);
            } catch (TransformerException e3) {
                throw new ServletException("Error while extracting ArtifactResponse from the request.", e3);
            }
        } catch (Throwable th) {
            SAMLSSOUtil.removeSaaSApplicationThreaLocal();
            SAMLSSOUtil.removeUserTenantDomainThreaLocal();
            SAMLSSOUtil.removeTenantDomainFromThreadLocal();
            throw th;
        }
    }

    private void handleArtifact(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ArtifactResolve artifactResolve) throws IOException, ServletException {
        URLDecoder.decode(artifactResolve.getID(), StandardCharsets.UTF_8.name());
        DateTime issueInstant = artifactResolve.getIssueInstant();
        String decode = URLDecoder.decode(artifactResolve.getArtifact().getArtifact(), StandardCharsets.UTF_8.name());
        String value = artifactResolve.getIssuer().getValue();
        artifactResolve.getArtifact().setArtifact(decode);
        if (log.isDebugEnabled()) {
            log.debug("Resolving SAML2 artifact: " + decode);
        }
        try {
            try {
                String marshall = SAMLSSOUtil.marshall(buildSOAPMessage(new SAMLSSOArtifactResolver().resolveArtifact(artifactResolve)));
                if (log.isDebugEnabled()) {
                    log.debug("Artifact Response as a SOAP Message for the artifact: [" + decode + "] -> " + marshall);
                }
                httpServletResponse.getWriter().write(marshall);
            } catch (IdentitySAML2SSOException e) {
                throw new ArtifactBindingException("Encountered error marshalling SOAP message with artifact response, into its DOM representation", e);
            }
        } catch (ArtifactBindingException e2) {
            log.error("Error while creating SOAP request message for the artifact: " + decode + ", issueInstant: " + issueInstant + ", Issuer: " + value, e2);
            sendNotification(SAMLSSOConstants.Notification.EXCEPTION_STATUS_ARTIFACT_RESOLVE, "Please try login again.", httpServletRequest, httpServletResponse);
        } catch (IdentityException e3) {
            log.error("Error while resolving artifact: " + decode + ", issueInstant: " + issueInstant + ", Issuer: " + value, e3);
            sendNotification(SAMLSSOConstants.Notification.EXCEPTION_STATUS_ARTIFACT_RESOLVE, "Please try login again.", httpServletRequest, httpServletResponse);
        }
    }

    private Envelope buildSOAPMessage(SAMLObject sAMLObject) {
        XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
        Envelope buildObject = builderFactory.getBuilder(Envelope.DEFAULT_ELEMENT_NAME).buildObject();
        Body buildObject2 = builderFactory.getBuilder(Body.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject2.getUnknownXMLObjects().add(sAMLObject);
        buildObject.setBody(buildObject2);
        return buildObject;
    }

    private void sendNotification(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String replace = CarbonUIUtil.getAdminConsoleURL(httpServletRequest).replace(SAMLSSOConstants.SAML_ENDPOINT, "authenticationendpoint/samlsso_notification.do");
        HashMap hashMap = new HashMap();
        hashMap.put("status", str);
        hashMap.put("statusMsg", str2);
        httpServletResponse.sendRedirect(FrameworkUtils.appendQueryParamsToUrl(replace, hashMap));
    }
}
