package org.wso2.carbon.identity.application.authenticator.samlsso;

import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.owasp.encoder.Encode;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorStateInfo;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException;
import org.wso2.carbon.identity.application.authenticator.samlsso.internal.SAMLSSOAuthenticatorServiceComponent;
import org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager;
import org.wso2.carbon.identity.application.authenticator.samlsso.manager.SAML2SSOManager;
import org.wso2.carbon.identity.application.authenticator.samlsso.model.StateInfo;
import org.wso2.carbon.identity.application.authenticator.samlsso.util.SSOConstants;
import org.wso2.carbon.identity.application.authenticator.samlsso.util.SSOUtils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/samlsso/SAMLSSOAuthenticator.class */
public class SAMLSSOAuthenticator extends AbstractApplicationAuthenticator implements FederatedApplicationAuthenticator {
    private static final long serialVersionUID = -8097512332218044859L;
    public static final String AS_REQUEST = "AS_REQUEST";
    private static Log log = LogFactory.getLog(SAMLSSOAuthenticator.class);

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        if (log.isTraceEnabled()) {
            log.trace("Inside canHandle()");
        }
        return httpServletRequest.getParameter(SSOConstants.HTTP_POST_PARAM_SAML2_RESP) != null;
    }

    /* JADX WARN: Type inference failed for: r16v0, types: [java.lang.Throwable, org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException] */
    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        Map<String, String> authenticatorProperties = authenticationContext.getAuthenticatorProperties();
        String str = authenticatorProperties.get("SSOUrl");
        boolean z = false;
        try {
            String str2 = authenticatorProperties.get("RequestMethod");
            if (str2 == null || str2.trim().length() == 0) {
                z = false;
            } else if ("POST".equalsIgnoreCase(str2)) {
                z = true;
            } else if (SSOConstants.REDIRECT.equalsIgnoreCase(str2)) {
                z = false;
            } else if (AS_REQUEST.equalsIgnoreCase(str2)) {
                z = authenticationContext.getAuthenticationRequest().isPost();
            }
            if (z) {
                sendPostRequest(httpServletRequest, httpServletResponse, false, false, str, authenticationContext);
                return;
            }
            SAML2SSOManager sAML2SSOManagerInstance = getSAML2SSOManagerInstance();
            sAML2SSOManagerInstance.init(authenticationContext.getTenantDomain(), authenticationContext.getAuthenticatorProperties(), authenticationContext.getExternalIdP().getIdentityProvider());
            generateAuthenticationRequest(httpServletRequest, httpServletResponse, sAML2SSOManagerInstance.buildRequest(httpServletRequest, false, false, str, authenticationContext), authenticatorProperties);
        } catch (SAMLSSOException e) {
            throw new AuthenticationFailedException(e.getMessage(), (Throwable) e);
        }
    }

    private void generateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Map<String, String> map) throws AuthenticationFailedException {
        String str2;
        try {
            String parameter = httpServletRequest.getParameter("domain");
            if (parameter != null) {
                str = str + "&fidp=" + parameter;
            }
            if (map != null && (str2 = map.get("commonAuthQueryParams")) != null) {
                str = !str2.startsWith("&") ? str + "&" + str2 : str + str2;
            }
            httpServletResponse.sendRedirect(str);
        } catch (IOException e) {
            throw new AuthenticationFailedException("Error while sending the redirect to federated SAML IdP", e);
        }
    }

    /* JADX WARN: Type inference failed for: r9v0, types: [java.lang.Throwable, org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException] */
    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        try {
            SAML2SSOManager sAML2SSOManagerInstance = getSAML2SSOManagerInstance();
            sAML2SSOManagerInstance.init(authenticationContext.getTenantDomain(), authenticationContext.getAuthenticatorProperties(), authenticationContext.getExternalIdP().getIdentityProvider());
            sAML2SSOManagerInstance.processResponse(httpServletRequest);
            Map map = (Map) httpServletRequest.getSession(false).getAttribute("samlssoAttributes");
            String str = null;
            if ("true".equalsIgnoreCase((String) authenticationContext.getAuthenticatorProperties().get("IsUserIdInClaims"))) {
                str = FrameworkUtils.getFederatedSubjectFromClaims(authenticationContext.getExternalIdP().getIdentityProvider(), map);
                if (str == null) {
                    log.warn("Subject claim could not be found amongst attribute statements. Defaulting to Name Identifier.");
                }
            }
            String str2 = (String) httpServletRequest.getSession().getAttribute("username");
            if (str == null) {
                str = str2;
            }
            if (str == null) {
                throw new SAMLSSOException("Cannot find federated User Identifier");
            }
            Object attribute = httpServletRequest.getSession(false).getAttribute(SSOConstants.IDP_SESSION);
            String str3 = (String) httpServletRequest.getSession().getAttribute(SSOConstants.NAME_QUALIFIER);
            String str4 = (String) httpServletRequest.getSession().getAttribute(SSOConstants.SP_NAME_QUALIFIER);
            String str5 = null;
            if (attribute != null) {
                str5 = (String) attribute;
            }
            StateInfo stateInfo = new StateInfo();
            stateInfo.setSessionIndex(str5);
            stateInfo.setSubject(str);
            stateInfo.setNameQualifier(str3);
            stateInfo.setSpNameQualifier(str4);
            authenticationContext.setStateInfo(stateInfo);
            AuthenticatedUser createFederateAuthenticatedUserFromSubjectIdentifier = AuthenticatedUser.createFederateAuthenticatedUserFromSubjectIdentifier(str);
            createFederateAuthenticatedUserFromSubjectIdentifier.setUserAttributes(map);
            authenticationContext.setSubject(createFederateAuthenticatedUserFromSubjectIdentifier);
        } catch (SAMLSSOException e) {
            throw new AuthenticationFailedException(e.getMessage(), (Throwable) e);
        }
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        if (log.isTraceEnabled()) {
            log.trace("Inside getContextIdentifier()");
        }
        String parameter = httpServletRequest.getParameter("sessionDataKey");
        if (parameter == null) {
            parameter = httpServletRequest.getParameter("RelayState");
            if (parameter != null) {
                try {
                    return URLDecoder.decode(parameter, "UTF-8");
                } catch (UnsupportedEncodingException e) {
                    log.error("Exception while URL decoding the Relay State", e);
                }
            }
        }
        return parameter;
    }

    public String getFriendlyName() {
        return SSOConstants.AUTHENTICATOR_FRIENDLY_NAME;
    }

    public String getName() {
        return SSOConstants.AUTHENTICATOR_NAME;
    }

    /* JADX WARN: Type inference failed for: r16v0, types: [java.lang.Throwable, org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException] */
    protected void initiateLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws LogoutFailedException {
        boolean z = false;
        String str = (String) authenticationContext.getAuthenticatorProperties().get("IsLogoutEnabled");
        if (str != null && "true".equalsIgnoreCase(str)) {
            z = true;
        }
        if (!z) {
            throw new UnsupportedOperationException();
        }
        String str2 = (String) authenticationContext.getAuthenticatorProperties().get("LogoutReqUrl");
        if (str2 == null || str2.trim().length() == 0) {
            str2 = (String) authenticationContext.getAuthenticatorProperties().get("SSOUrl");
        }
        if (str2 == null || str2.trim().length() == 0) {
            throw new LogoutFailedException("Logout is enabled for the IdP but Logout URL is not configured");
        }
        AuthenticatorStateInfo stateInfo = authenticationContext.getStateInfo();
        if (stateInfo instanceof StateInfo) {
            httpServletRequest.getSession().setAttribute(SSOConstants.LOGOUT_SESSION_INDEX, ((StateInfo) stateInfo).getSessionIndex());
            httpServletRequest.getSession().setAttribute(SSOConstants.LOGOUT_USERNAME, ((StateInfo) stateInfo).getSubject());
            httpServletRequest.getSession().setAttribute(SSOConstants.NAME_QUALIFIER, ((StateInfo) stateInfo).getNameQualifier());
            httpServletRequest.getSession().setAttribute(SSOConstants.SP_NAME_QUALIFIER, ((StateInfo) stateInfo).getSpNameQualifier());
        }
        try {
            SAML2SSOManager sAML2SSOManagerInstance = getSAML2SSOManagerInstance();
            sAML2SSOManagerInstance.init(authenticationContext.getTenantDomain(), authenticationContext.getAuthenticatorProperties(), authenticationContext.getExternalIdP().getIdentityProvider());
            boolean z2 = false;
            String str3 = (String) authenticationContext.getAuthenticatorProperties().get("RequestMethod");
            if (str3 == null || str3.trim().length() == 0) {
                z2 = false;
            } else if ("POST".equalsIgnoreCase(str3)) {
                z2 = true;
            } else if (SSOConstants.REDIRECT.equalsIgnoreCase(str3)) {
                z2 = false;
            } else if (AS_REQUEST.equalsIgnoreCase(str3)) {
                z2 = authenticationContext.getAuthenticationRequest().isPost();
            }
            if (z2) {
                sendPostRequest(httpServletRequest, httpServletResponse, true, false, str2, authenticationContext);
            } else {
                httpServletResponse.sendRedirect(sAML2SSOManagerInstance.buildRequest(httpServletRequest, true, false, str2, authenticationContext));
            }
        } catch (IOException e) {
            throw new LogoutFailedException(e.getMessage(), e);
        } catch (SAMLSSOException e2) {
            throw new LogoutFailedException(e2.getMessage(), (Throwable) e2);
        }
    }

    protected void processLogoutResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws LogoutFailedException {
        throw new UnsupportedOperationException();
    }

    private void sendPostRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, boolean z2, String str, AuthenticationContext authenticationContext) throws SAMLSSOException {
        SAML2SSOManager sAML2SSOManagerInstance = getSAML2SSOManagerInstance();
        sAML2SSOManagerInstance.init(authenticationContext.getTenantDomain(), authenticationContext.getAuthenticatorProperties(), authenticationContext.getExternalIdP().getIdentityProvider());
        if (!(sAML2SSOManagerInstance instanceof DefaultSAML2SSOManager)) {
            throw new SAMLSSOException("HTTP-POST is not supported");
        }
        printPostPage(httpServletResponse, str, buildPostPageInputs(((DefaultSAML2SSOManager) sAML2SSOManagerInstance).buildPostRequest(httpServletRequest, z, z2, str, authenticationContext), authenticationContext.getContextIdentifier(), getAdditionalRequestParams(httpServletRequest, authenticationContext)));
    }

    private SAML2SSOManager getSAML2SSOManagerInstance() throws SAMLSSOException {
        String str = (String) getAuthenticatorConfig().getParameterMap().get(SSOConstants.ServerConfig.SAML2_SSO_MANAGER);
        if (str == null) {
            return new DefaultSAML2SSOManager();
        }
        try {
            return (SAML2SSOManager) Class.forName(str).newInstance();
        } catch (ClassNotFoundException e) {
            throw new SAMLSSOException(e.getMessage(), e);
        } catch (IllegalAccessException e2) {
            throw new SAMLSSOException(e2.getMessage(), e2);
        } catch (InstantiationException e3) {
            throw new SAMLSSOException(e3.getMessage(), e3);
        }
    }

    private String buildPostPageInputs(String str, String str2, Map<String, String> map) {
        StringBuilder sb = new StringBuilder("");
        sb.append("<input type='hidden' name='SAMLRequest' value='").append(str).append("'>");
        if (str2 != null) {
            sb.append("<input type='hidden' name='RelayState' value='").append(str2).append("'>");
        }
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String key = entry.getKey();
            sb.append("<input type='hidden' name='").append(key).append("' value='").append(entry.getValue()).append("'>");
        }
        return sb.toString();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Map<String, String> getAdditionalRequestParams(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext) {
        String str;
        Map hashMap = new HashMap();
        Map authenticatorProperties = authenticationContext.getAuthenticatorProperties();
        if (authenticatorProperties != null && (str = (String) authenticatorProperties.get("commonAuthQueryParams")) != null) {
            hashMap = SSOUtils.getQueryMap(str);
        }
        String parameter = httpServletRequest.getParameter("domain");
        if (parameter != null) {
            hashMap.put("fidp", Encode.forHtmlAttribute(parameter));
        }
        return hashMap;
    }

    private void printPostPage(HttpServletResponse httpServletResponse, String str, String str2) throws SAMLSSOException {
        try {
            String postPage = SAMLSSOAuthenticatorServiceComponent.getPostPage();
            if (postPage != null) {
                String replace = postPage.replace("$url", Encode.forHtmlAttribute(str)).replace("<!--$params-->", str2);
                httpServletResponse.getWriter().print(replace);
                if (log.isDebugEnabled()) {
                    log.debug("HTTP-POST page: " + replace);
                }
            } else {
                PrintWriter writer = httpServletResponse.getWriter();
                writer.println("<html>");
                writer.println("<body>");
                writer.println("<p>You are now redirected to " + Encode.forHtml(str));
                writer.println(" If the redirection fails, please click the post button.</p>");
                writer.println("<form method='post' action='" + Encode.forHtmlAttribute(str) + "'>");
                writer.println("<p>");
                writer.println(str2);
                writer.println("<button type='submit'>POST</button>");
                writer.println("</p>");
                writer.println("</form>");
                writer.println("<script type='text/javascript'>");
                writer.println("document.forms[0].submit();");
                writer.println("</script>");
                writer.println("</body>");
                writer.println("</html>");
            }
        } catch (Exception e) {
            throw new SAMLSSOException("Error while sending POST request", e);
        }
    }
}
