package org.wso2.carbon.identity.sso.saml.ui;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.sso.saml.stub.IdentityException;
import org.wso2.carbon.identity.sso.saml.stub.types.SAMLSSOAuthnReqDTO;
import org.wso2.carbon.identity.sso.saml.stub.types.SAMLSSOReqValidationResponseDTO;
import org.wso2.carbon.identity.sso.saml.stub.types.SAMLSSORespDTO;
import org.wso2.carbon.identity.sso.saml.ui.SAMLSSOProviderConstants;
import org.wso2.carbon.identity.sso.saml.ui.client.SAMLSSOServiceClient;
import org.wso2.carbon.identity.sso.saml.ui.logout.LogoutRequestSender;
import org.wso2.carbon.ui.CarbonUIUtil;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/ui/SAMLSSOProvider.class */
public class SAMLSSOProvider extends HttpServlet {
    private static final long serialVersionUID = -5182312441482721905L;
    private static Log log = LogFactory.getLog(SAMLSSOProvider.class);
    private static final int SSO_SESSION_EXPIRE = 36000;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doPost(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter(SAMLSSOProviderConstants.USERNAME);
        String parameter2 = httpServletRequest.getParameter(SAMLSSOProviderConstants.PASSWORD);
        String parameter3 = httpServletRequest.getParameter(SAMLSSOProviderConstants.FEDERATED_IDP);
        if (parameter3 == null) {
            parameter3 = httpServletRequest.getHeader(SAMLSSOProviderConstants.FEDERATED_IDP);
        }
        String id = httpServletRequest.getSession().getId();
        Cookie sSOTokenCookie = getSSOTokenCookie(httpServletRequest);
        if (sSOTokenCookie != null) {
            id = sSOTokenCookie.getValue();
        }
        try {
            if (parameter3 != null) {
                handleFederatedLogin(httpServletRequest, httpServletResponse);
            } else if (parameter == null && parameter2 == null) {
                String parameter4 = httpServletRequest.getParameter("authMode");
                if (!SAMLSSOProviderConstants.AuthnModes.OPENID.equals(parameter4)) {
                    parameter4 = SAMLSSOProviderConstants.AuthnModes.USERNAME_PASSWORD;
                }
                String parameter5 = httpServletRequest.getParameter(SAMLSSOProviderConstants.RELAY_STATE);
                if (parameter5 == null) {
                    log.debug("RelayState is not present in the request.");
                    sendNotification(SAMLSSOProviderConstants.Notification.NORELAY_STATUS, SAMLSSOProviderConstants.Notification.NORELAY_MESSAGE, httpServletRequest, httpServletResponse);
                    return;
                }
                String parameter6 = httpServletRequest.getParameter(SAMLSSOProviderConstants.AUTH_REQ_SAML_ASSRTN);
                if (parameter6 == null) {
                    log.debug("Invalid request message " + parameter6);
                    sendNotification(SAMLSSOProviderConstants.Notification.INVALID_MESSAGE_STATUS, SAMLSSOProviderConstants.Notification.INVALID_MESSAGE_MESSAGE, httpServletRequest, httpServletResponse);
                    return;
                }
                handleSAMLRequest(httpServletRequest, httpServletResponse, id, parameter6, parameter5, parameter4);
            } else {
                handleRequestFromLoginPage(httpServletRequest, httpServletResponse, id);
            }
        } catch (IdentityException e) {
            log.error(SAMLSSOProviderConstants.Notification.EXCEPTION_STATUS, e);
            sendNotification(SAMLSSOProviderConstants.Notification.EXCEPTION_STATUS, SAMLSSOProviderConstants.Notification.EXCEPTION_MESSAGE, httpServletRequest, httpServletResponse);
        }
    }

    private void handleFederatedLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        log.debug("Federated Login Request Received. Redirecting..");
        httpServletRequest.getRequestDispatcher("/carbon/sso-saml/federation_ajaxprocessor.jsp").forward(httpServletRequest, httpServletResponse);
    }

    private void sendNotification(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.STATUS, str);
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.STATUS_MSG, str2);
        getServletContext().getRequestDispatcher("/carbon/sso-saml/notification_ajaxprocessor.jsp").forward(httpServletRequest, httpServletResponse);
    }

    private void handleSAMLRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4) throws IdentityException, IOException, ServletException {
        String queryString = httpServletRequest.getQueryString();
        if (log.isDebugEnabled()) {
            log.debug("Query string : " + queryString);
        }
        SAMLSSOReqValidationResponseDTO validate = getSAMLSSOServiceClient(httpServletRequest).validate(str2, queryString, str, httpServletRequest.getParameter("SSOAuthSessionID"), str4);
        if (validate.getLogOutReq()) {
            LogoutRequestSender.getInstance().sendLogoutRequests(validate.getLogoutRespDTO());
            sendResponse(httpServletRequest, httpServletResponse, str3, validate.getLogoutResponse(), validate.getAssertionConsumerURL(), validate.getSubject());
        } else if (validate.getValid() && validate.getResponse() == null) {
            sendToAuthenticate(httpServletRequest, httpServletResponse, validate, str3);
        } else if (validate.getResponse() != null) {
            if (SAMLSSOProviderConstants.AuthnModes.OPENID.equals(str4)) {
                storeSSOTokenCookie(str, httpServletRequest, httpServletResponse);
            }
            sendResponse(httpServletRequest, httpServletResponse, str3, validate.getResponse(), validate.getAssertionConsumerURL(), validate.getSubject());
        }
    }

    private SAMLSSOServiceClient getSAMLSSOServiceClient(HttpServletRequest httpServletRequest) throws AxisFault {
        HttpSession session = httpServletRequest.getSession();
        if (session.getAttribute(SAMLSSOProviderConstants.SAMLSSOServiceClient) == null) {
            session.setAttribute(SAMLSSOProviderConstants.SAMLSSOServiceClient, new SAMLSSOServiceClient(CarbonUIUtil.getServerURL(session.getServletContext(), session), (ConfigurationContext) session.getServletContext().getAttribute("ConfigurationContext")));
        }
        return (SAMLSSOServiceClient) session.getAttribute(SAMLSSOProviderConstants.SAMLSSOServiceClient);
    }

    private void sendToAuthenticate(HttpServletRequest httpServletRequest, ServletResponse servletResponse, SAMLSSOReqValidationResponseDTO sAMLSSOReqValidationResponseDTO, String str) throws ServletException, IOException {
        httpServletRequest.getSession().setAttribute(SAMLSSOProviderConstants.HTTP_QUERY_STRING, httpServletRequest.getQueryString());
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.RELAY_STATE, str);
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.REQ_MSG_STR, sAMLSSOReqValidationResponseDTO.getRequestMessageString());
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.ISSUER, sAMLSSOReqValidationResponseDTO.getIssuer());
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.REQ_ID, sAMLSSOReqValidationResponseDTO.getId());
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.SUBJECT, sAMLSSOReqValidationResponseDTO.getSubject());
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.RP_SESSION_ID, sAMLSSOReqValidationResponseDTO.getRpSessionId());
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.ASSRTN_CONSUMER_URL, sAMLSSOReqValidationResponseDTO.getAssertionConsumerURL());
        getServletContext().getRequestDispatcher(getLoginPage(sAMLSSOReqValidationResponseDTO.getLoginPageURL())).forward(httpServletRequest, servletResponse);
    }

    private void sendResponse(ServletRequest servletRequest, ServletResponse servletResponse, String str, String str2, String str3, String str4) throws ServletException, IOException {
        servletRequest.setAttribute(SAMLSSOProviderConstants.RELAY_STATE, str);
        servletRequest.setAttribute(SAMLSSOProviderConstants.SAML_RESP, str2);
        servletRequest.setAttribute(SAMLSSOProviderConstants.ASSRTN_CONSUMER_URL, str3);
        servletRequest.setAttribute(SAMLSSOProviderConstants.SUBJECT, str4);
        getServletContext().getRequestDispatcher("/carbon/sso-saml/redirect_ajaxprocessor.jsp").forward(servletRequest, servletResponse);
    }

    private void handleRequestFromLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IdentityException, IOException, ServletException {
        String parameter = httpServletRequest.getParameter(SAMLSSOProviderConstants.RELAY_STATE);
        SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO = new SAMLSSOAuthnReqDTO();
        populateAuthnReqDTO(httpServletRequest, sAMLSSOAuthnReqDTO);
        SAMLSSORespDTO authenticate = getSAMLSSOServiceClient(httpServletRequest).authenticate(sAMLSSOAuthnReqDTO, str);
        if (authenticate.getSessionEstablished()) {
            storeSSOTokenCookie(str, httpServletRequest, httpServletResponse);
            sendResponse(httpServletRequest, httpServletResponse, parameter, authenticate.getRespString(), authenticate.getAssertionConsumerURL(), authenticate.getSubject());
            return;
        }
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.AUTH_FAILURE, Boolean.valueOf(Boolean.parseBoolean("true")));
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.AUTH_FAILURE_MSG, authenticate.getErrorMsg());
        populateReAuthenticationRequest(httpServletRequest);
        getServletContext().getRequestDispatcher(getLoginPage(authenticate.getLoginPageURL())).forward(httpServletRequest, httpServletResponse);
    }

    private void populateAuthnReqDTO(HttpServletRequest httpServletRequest, SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO) {
        sAMLSSOAuthnReqDTO.setAssertionConsumerURL(getRequestParameter(httpServletRequest, SAMLSSOProviderConstants.ASSRTN_CONSUMER_URL));
        sAMLSSOAuthnReqDTO.setId(getRequestParameter(httpServletRequest, SAMLSSOProviderConstants.REQ_ID));
        sAMLSSOAuthnReqDTO.setIssuer(getRequestParameter(httpServletRequest, SAMLSSOProviderConstants.ISSUER));
        sAMLSSOAuthnReqDTO.setUsername(getRequestParameter(httpServletRequest, SAMLSSOProviderConstants.USERNAME));
        sAMLSSOAuthnReqDTO.setPassword(getRequestParameter(httpServletRequest, SAMLSSOProviderConstants.PASSWORD));
        sAMLSSOAuthnReqDTO.setSubject(getRequestParameter(httpServletRequest, SAMLSSOProviderConstants.SUBJECT));
        sAMLSSOAuthnReqDTO.setRpSessionId(getRequestParameter(httpServletRequest, SAMLSSOProviderConstants.RP_SESSION_ID));
        sAMLSSOAuthnReqDTO.setRequestMessageString(getRequestParameter(httpServletRequest, SAMLSSOProviderConstants.REQ_MSG_STR));
        sAMLSSOAuthnReqDTO.setQueryString((String) httpServletRequest.getAttribute(SAMLSSOProviderConstants.HTTP_QUERY_STRING));
        httpServletRequest.removeAttribute(SAMLSSOProviderConstants.HTTP_QUERY_STRING);
    }

    private void populateReAuthenticationRequest(HttpServletRequest httpServletRequest) {
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.ISSUER, httpServletRequest.getParameter(SAMLSSOProviderConstants.ISSUER));
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.ASSRTN_CONSUMER_URL, httpServletRequest.getParameter(SAMLSSOProviderConstants.ASSRTN_CONSUMER_URL));
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.REQ_ID, httpServletRequest.getParameter(SAMLSSOProviderConstants.REQ_ID));
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.SUBJECT, httpServletRequest.getParameter(SAMLSSOProviderConstants.SUBJECT));
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.RP_SESSION_ID, httpServletRequest.getParameter(SAMLSSOProviderConstants.RP_SESSION_ID));
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.REQ_MSG_STR, httpServletRequest.getParameter(SAMLSSOProviderConstants.REQ_MSG_STR));
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.RELAY_STATE, httpServletRequest.getParameter(SAMLSSOProviderConstants.RELAY_STATE));
    }

    private Cookie getSSOTokenCookie(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(SAMLSSOProviderConstants.SSO_TOKEN_ID)) {
                return cookie;
            }
        }
        return null;
    }

    private void storeSSOTokenCookie(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie sSOTokenCookie = getSSOTokenCookie(httpServletRequest);
        if (sSOTokenCookie == null) {
            sSOTokenCookie = new Cookie(SAMLSSOProviderConstants.SSO_TOKEN_ID, str);
        }
        sSOTokenCookie.setMaxAge(SSO_SESSION_EXPIRE);
        httpServletResponse.addCookie(sSOTokenCookie);
    }

    private String getLoginPage(String str) {
        return str != null ? "/carbon/" + str.trim() : "/carbon/sso-saml/login_ajaxprocessor.jsp";
    }

    private String getRequestParameter(HttpServletRequest httpServletRequest, String str) {
        if (httpServletRequest.getParameter(str) == null || !httpServletRequest.getParameter(str).equals("null")) {
            return httpServletRequest.getParameter(str);
        }
        return null;
    }
}
