package org.wso2.carbon.identity.sts.passive.ui;

import java.io.IOException;
import java.io.PrintWriter;
import java.net.URL;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCacheEntry;
import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCache;
import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCacheEntry;
import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCacheKey;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.sts.passive.stub.types.RequestToken;
import org.wso2.carbon.identity.sts.passive.stub.types.ResponseToken;
import org.wso2.carbon.identity.sts.passive.ui.cache.CacheEntry;
import org.wso2.carbon.identity.sts.passive.ui.cache.SessionDataCache;
import org.wso2.carbon.identity.sts.passive.ui.cache.SessionDataCacheEntry;
import org.wso2.carbon.identity.sts.passive.ui.cache.SessionDataCacheKey;
import org.wso2.carbon.identity.sts.passive.ui.client.IdentityPassiveSTSClient;
import org.wso2.carbon.identity.sts.passive.ui.dto.SessionDTO;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;
import org.wso2.carbon.ui.CarbonUIUtil;

/* loaded from: input_file:org/wso2/carbon/identity/sts/passive/ui/PassiveSTS.class */
public class PassiveSTS extends HttpServlet {
    private static final Log log = LogFactory.getLog(PassiveSTS.class);
    private static final long serialVersionUID = 1927253892844132565L;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (httpServletRequest.getParameter("sessionDataKey") != null) {
            handleResponseFromAuthenticationFramework(httpServletRequest, httpServletResponse);
        } else if (PassiveRequestorConstants.REQUESTOR_ACTION_SIGNOUT_10.equals(getAttribute(httpServletRequest.getParameterMap(), PassiveRequestorConstants.ACTION))) {
            handleLogoutRequest(httpServletRequest, httpServletResponse);
        } else {
            handleAuthenticationRequest(httpServletRequest, httpServletResponse);
        }
    }

    private void sendData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ResponseToken responseToken, String str, String str2) throws ServletException, IOException {
        PrintWriter writer = httpServletResponse.getWriter();
        writer.println("<html>");
        writer.println("<body>");
        writer.println("<form method='post' action='" + responseToken.getReplyTo() + "'>");
        writer.println("<p>");
        writer.println("<input type='hidden' name='wa' value='" + str + "'>");
        writer.println("<input type='hidden' name='wresult' value='" + responseToken.getResults() + "'>");
        writer.println("<input type='hidden' name='wctx' value='" + responseToken.getContext() + "'>");
        if (str2 != null && !str2.isEmpty()) {
            writer.println("<input type='hidden' name='AuthenticatedIdPs' value='" + URLEncoder.encode(str2, "UTF-8") + "'>");
        }
        writer.println("<button type='submit'>POST</button>");
        writer.println("</p>");
        writer.println("</form>");
        writer.println("<script type='text/javascript'>");
        writer.println("document.forms[0].submit();");
        writer.println("</script>");
        writer.println("</body>");
        writer.println("</html>");
    }

    private String getAttribute(Map map, String str) {
        if (map.get(str) == null || !(map.get(str) instanceof String[])) {
            return null;
        }
        return ((String[]) map.get(str))[0];
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGet(httpServletRequest, httpServletResponse);
    }

    private String getAdminConsoleURL(HttpServletRequest httpServletRequest) {
        String adminConsoleURL = CarbonUIUtil.getAdminConsoleURL(httpServletRequest);
        if (adminConsoleURL.indexOf("/passivests/") != -1) {
            adminConsoleURL = adminConsoleURL.replace("/passivests", "");
        }
        return adminConsoleURL.replace("carbon/", "authenticationendpoint/");
    }

    private void openURLWithNoTrust(String str) throws IOException {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: org.wso2.carbon.identity.sts.passive.ui.PassiveSTS.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) {
            }
        }};
        HostnameVerifier hostnameVerifier = new HostnameVerifier() { // from class: org.wso2.carbon.identity.sts.passive.ui.PassiveSTS.2
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str2, SSLSession sSLSession) {
                return true;
            }
        };
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            SSLSocketFactory defaultSSLSocketFactory = HttpsURLConnection.getDefaultSSLSocketFactory();
            HostnameVerifier defaultHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
            String property = System.getProperty("sun.security.ssl.allowUnsafeRenegotiation");
            try {
                HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
                HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
                System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
                new URL(str).getContent();
                HttpsURLConnection.setDefaultSSLSocketFactory(defaultSSLSocketFactory);
                HttpsURLConnection.setDefaultHostnameVerifier(defaultHostnameVerifier);
                System.getProperty("sun.security.ssl.allowUnsafeRenegotiation", property);
            } catch (Throwable th) {
                HttpsURLConnection.setDefaultSSLSocketFactory(defaultSSLSocketFactory);
                HttpsURLConnection.setDefaultHostnameVerifier(defaultHostnameVerifier);
                System.getProperty("sun.security.ssl.allowUnsafeRenegotiation", property);
                throw th;
            }
        } catch (Exception e) {
        }
    }

    private void persistRealms(RequestToken requestToken, HttpSession httpSession) {
        Set set = (Set) httpSession.getAttribute("realms");
        if (set == null) {
            set = new HashSet();
            httpSession.setAttribute("realms", set);
        }
        set.add(requestToken.getRealm());
    }

    private void sendToAuthenticationFramework(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, SessionDTO sessionDTO) throws IOException {
        String replace = CarbonUIUtil.getAdminConsoleURL(httpServletRequest).replace("carbon/", "commonauth");
        String encode = URLEncoder.encode("/passivests", "UTF-8");
        AuthenticationRequest authenticationRequest = new AuthenticationRequest();
        authenticationRequest.setRelyingParty(sessionDTO.getRealm());
        authenticationRequest.setCommonAuthCallerPath(encode);
        authenticationRequest.setForceAuth(false);
        authenticationRequest.setRequestQueryParams(httpServletRequest.getParameterMap());
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String obj = headerNames.nextElement().toString();
            authenticationRequest.addHeader(obj, httpServletRequest.getHeader(obj));
        }
        FrameworkUtils.addAuthenticationRequestToCache(str, new AuthenticationRequestCacheEntry(authenticationRequest), httpServletRequest.getSession().getMaxInactiveInterval());
        StringBuilder sb = new StringBuilder();
        sb.append("?").append("sessionDataKey").append("=").append(str).append("&").append("type").append("=").append("passivests");
        httpServletResponse.sendRedirect(replace + sb.toString());
    }

    private void handleResponseFromAuthenticationFramework(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("sessionDataKey");
        SessionDTO sessionDataFromCache = getSessionDataFromCache(parameter);
        AuthenticationResult authenticationResultFromCache = getAuthenticationResultFromCache(parameter);
        if (sessionDataFromCache == null || authenticationResultFromCache == null) {
            sendToRetryPage(httpServletRequest, httpServletResponse);
        } else if (authenticationResultFromCache.isAuthenticated()) {
            process(httpServletRequest, httpServletResponse, sessionDataFromCache, authenticationResultFromCache);
        } else {
            sendToAuthenticationFramework(httpServletRequest, httpServletResponse, parameter, sessionDataFromCache);
        }
    }

    private void process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SessionDTO sessionDTO, AuthenticationResult authenticationResult) throws ServletException, IOException {
        HttpSession session = httpServletRequest.getSession();
        session.removeAttribute(PassiveRequestorConstants.PASSIVE_REQ_ATTR_MAP);
        RequestToken requestToken = new RequestToken();
        Map userAttributes = authenticationResult.getSubject().getUserAttributes();
        StringBuffer stringBuffer = null;
        if (userAttributes != null && userAttributes.size() > 0) {
            stringBuffer = new StringBuffer();
            for (Map.Entry entry : userAttributes.entrySet()) {
                stringBuffer.append("{" + ((ClaimMapping) entry.getKey()).getRemoteClaim().getClaimUri() + "|" + ((String) entry.getValue()) + "}#CODE#");
            }
        }
        requestToken.setAction(sessionDTO.getAction());
        if (stringBuffer != null) {
            requestToken.setAttributes(stringBuffer.toString());
        } else {
            requestToken.setAttributes(sessionDTO.getAttributes());
        }
        requestToken.setContext(sessionDTO.getContext());
        requestToken.setReplyTo(sessionDTO.getReplyTo());
        requestToken.setPseudo(sessionDTO.getPseudo());
        requestToken.setRealm(sessionDTO.getRealm());
        requestToken.setRequest(sessionDTO.getRequest());
        requestToken.setRequestPointer(sessionDTO.getRequestPointer());
        requestToken.setPolicy(sessionDTO.getPolicy());
        requestToken.setPseudo(session.getId());
        requestToken.setUserName(authenticationResult.getSubject().getAuthenticatedSubjectIdentifier());
        ResponseToken response = new IdentityPassiveSTSClient(CarbonUIUtil.getServerURL(session.getServletContext(), session), (ConfigurationContext) session.getServletContext().getAttribute("ConfigurationContext")).getResponse(requestToken);
        if (response == null || response.getResults() == null) {
            return;
        }
        persistRealms(requestToken, httpServletRequest.getSession());
        sendData(httpServletRequest, httpServletResponse, response, requestToken.getAction(), authenticationResult.getAuthenticatedIdPs());
    }

    private void handleLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Set set = (Set) httpServletRequest.getSession().getAttribute("realms");
        if (set != null && set.size() > 0) {
            Iterator it = set.iterator();
            while (it.hasNext()) {
                openURLWithNoTrust(((String) it.next()) + "?wa=wsignoutcleanup1.0");
            }
        }
        httpServletRequest.getSession().invalidate();
        httpServletResponse.sendRedirect(getAttribute(httpServletRequest.getParameterMap(), PassiveRequestorConstants.REPLY_TO));
    }

    private void handleAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        Map parameterMap = httpServletRequest.getParameterMap();
        SessionDTO sessionDTO = new SessionDTO();
        sessionDTO.setAction(getAttribute(parameterMap, PassiveRequestorConstants.ACTION));
        sessionDTO.setAttributes(getAttribute(parameterMap, PassiveRequestorConstants.ATTRIBUTE));
        sessionDTO.setContext(getAttribute(parameterMap, PassiveRequestorConstants.CONTEXT));
        sessionDTO.setReplyTo(getAttribute(parameterMap, PassiveRequestorConstants.REPLY_TO));
        sessionDTO.setPseudo(getAttribute(parameterMap, PassiveRequestorConstants.PSEUDO));
        sessionDTO.setRealm(getAttribute(parameterMap, PassiveRequestorConstants.REALM));
        sessionDTO.setRequest(getAttribute(parameterMap, PassiveRequestorConstants.REQUEST));
        sessionDTO.setRequestPointer(getAttribute(parameterMap, PassiveRequestorConstants.REQUEST_POINTER));
        sessionDTO.setPolicy(getAttribute(parameterMap, PassiveRequestorConstants.POLCY));
        sessionDTO.setReqQueryString(httpServletRequest.getQueryString());
        String generateUUID = UUIDGenerator.generateUUID();
        addSessionDataToCache(generateUUID, sessionDTO, httpServletRequest.getSession().getMaxInactiveInterval());
        sendToAuthenticationFramework(httpServletRequest, httpServletResponse, generateUUID, sessionDTO);
    }

    private void addSessionDataToCache(String str, SessionDTO sessionDTO, int i) {
        SessionDataCacheKey sessionDataCacheKey = new SessionDataCacheKey(str);
        SessionDataCacheEntry sessionDataCacheEntry = new SessionDataCacheEntry();
        sessionDataCacheEntry.setSessionDTO(sessionDTO);
        SessionDataCache.getInstance(i).addToCache(sessionDataCacheKey, sessionDataCacheEntry);
    }

    private SessionDTO getSessionDataFromCache(String str) {
        SessionDTO sessionDTO = null;
        CacheEntry valueFromCache = SessionDataCache.getInstance(0).getValueFromCache(new SessionDataCacheKey(str));
        if (valueFromCache != null) {
            sessionDTO = ((SessionDataCacheEntry) valueFromCache).getSessionDTO();
        } else {
            log.error("SessionDTO does not exist. Probably due to cache timeout");
        }
        return sessionDTO;
    }

    private void removeSessionDataFromCache(String str) {
        SessionDataCache.getInstance(0).clearCacheEntry(new SessionDataCacheKey(str));
    }

    private AuthenticationResult getAuthenticationResultFromCache(String str) {
        AuthenticationResultCacheEntry valueFromCache = AuthenticationResultCache.getInstance(0).getValueFromCache(new AuthenticationResultCacheKey(str));
        AuthenticationResult authenticationResult = null;
        if (valueFromCache != null) {
            authenticationResult = valueFromCache.getResult();
        } else {
            log.error("AuthenticationResult does not exist. Probably due to cache timeout");
        }
        return authenticationResult;
    }

    private void sendToRetryPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendRedirect(CarbonUIUtil.getAdminConsoleURL(httpServletRequest).replace("passivests/carbon/", "authenticationendpoint/retry.do"));
    }
}
