package org.openmetadata.service.security.saml;

import com.onelogin.saml2.Auth;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.openmetadata.schema.auth.ServiceTokenType;
import org.openmetadata.service.security.jwt.JWTTokenGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@WebServlet({"/api/v1/saml/acs"})
/* loaded from: input_file:org/openmetadata/service/security/saml/SamlAssertionConsumerServlet.class */
public class SamlAssertionConsumerServlet extends HttpServlet {
    private static final Logger LOG = LoggerFactory.getLogger(SamlAssertionConsumerServlet.class);

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            handleResponse(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            LOG.error("[SamlAssertionConsumerServlet] Exception :" + e.getMessage());
        }
    }

    private void handleResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String str;
        Auth auth = new Auth(SamlSettingsHolder.getInstance().getSaml2Settings(), httpServletRequest, httpServletResponse);
        auth.processResponse();
        if (!auth.isAuthenticated()) {
            LOG.error("[SAML ACS] Not Authenticated");
            httpServletResponse.sendError(403, "UnAuthenticated");
        }
        if (!auth.getErrors().isEmpty()) {
            String lastErrorReason = auth.getLastErrorReason();
            if (lastErrorReason == null || lastErrorReason.isEmpty()) {
                return;
            }
            LOG.error("[SAML ACS]" + lastErrorReason);
            httpServletResponse.sendError(500, lastErrorReason);
            return;
        }
        String nameId = auth.getNameId();
        String str2 = nameId;
        if (nameId.contains("@")) {
            str = nameId.split("@")[0];
        } else {
            str = nameId;
            str2 = String.format("%s@%s", str, SamlSettingsHolder.getInstance().getDomain());
        }
        httpServletResponse.sendRedirect(SamlSettingsHolder.getInstance().getRelayState() + "?id_token=" + JWTTokenGenerator.getInstance().generateJWTToken(str, str2, SamlSettingsHolder.getInstance().getTokenValidity(), false, ServiceTokenType.OM_USER).getJWTToken() + "&email=" + nameId + "&name=" + str);
    }
}
