package org.wso2.identity.passivests.sample;

import java.io.IOException;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Iterator;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.util.AXIOMUtil;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.ws.secpolicy.Constants;
import org.opensaml.saml1.core.AttributeDesignator;

/* loaded from: input_file:WEB-INF/lib/org.wso2.identity.passivests.filter-5.11.0-m17.jar:org/wso2/identity/passivests/sample/AuthFilter.class */
public class AuthFilter implements Filter {
    private String idpUrl;
    private String loginAction;
    private String logoutAction;
    private String replyUrl;
    private String realm;
    private String displayFullResponse;
    private String additionalRequestParams;

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String str = null;
        String parameter = httpServletRequest.getParameter("samlv");
        OMElement createOMElement = OMAbstractFactory.getOMFactory().createOMElement(Constants.RST_TEMPLATE);
        if (parameter != null) {
            if (parameter.equalsIgnoreCase("1-1")) {
                try {
                    createOMElement = TrustUtil.createRequestSecurityTokenElement(2);
                    TrustUtil.createTokenTypeElement(2, createOMElement).setText(RahasConstants.TOK_TYPE_SAML_10);
                } catch (TrustException e) {
                    e.printStackTrace();
                }
                str = URLEncoder.encode(createOMElement.toString(), "UTF-8");
            } else if (parameter.equalsIgnoreCase("2-0")) {
                try {
                    createOMElement = TrustUtil.createRequestSecurityTokenElement(2);
                    TrustUtil.createTokenTypeElement(2, createOMElement).setText(RahasConstants.TOK_TYPE_SAML_20);
                } catch (TrustException e2) {
                    e2.printStackTrace();
                }
                str = URLEncoder.encode(createOMElement.toString(), "UTF-8");
            } else {
                str = "";
            }
        }
        if (httpServletRequest.getParameter("wresult") == null || httpServletRequest.getParameter("wresult").isEmpty()) {
            httpServletResponse.sendRedirect((this.idpUrl + "?wa=" + this.loginAction + "&wreply=" + this.replyUrl + "&wtrealm=" + this.realm + (str != null ? "&wreq=" + str : "")) + "&" + this.additionalRequestParams);
            return;
        }
        String replaceAll = httpServletRequest.getParameter("wresult").replaceAll("(\\r|\\n)", "");
        handleResponse(httpServletRequest, replaceAll);
        if ("true".equals(this.displayFullResponse)) {
            httpServletRequest.getSession().setAttribute("RSTR", StringEscapeUtils.escapeHtml(Utils.prettyFormat(replaceAll, 2)));
            httpServletRequest.getSession().setAttribute("displayFullResponse", "true");
        } else {
            httpServletRequest.getSession().setAttribute("displayFullResponse", "false");
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private void handleResponse(HttpServletRequest httpServletRequest, String str) {
        OMElement oMElement = null;
        HashMap hashMap = new HashMap();
        try {
            oMElement = AXIOMUtil.stringToOM(str);
        } catch (XMLStreamException e) {
            e.printStackTrace();
        }
        OMElement firstChildWithName = oMElement.getFirstChildWithName(new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "RequestSecurityTokenResponse"));
        OMElement firstChildWithName2 = firstChildWithName.getFirstChildWithName(new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "TokenType"));
        OMElement firstChildWithName3 = firstChildWithName.getFirstChildWithName(new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "RequestedSecurityToken"));
        if (RahasConstants.TOK_TYPE_SAML_10.equalsIgnoreCase(firstChildWithName2.getText())) {
            OMElement firstChildWithName4 = firstChildWithName3.getFirstChildWithName(new QName("urn:oasis:names:tc:SAML:1.0:assertion", "Assertion")).getFirstChildWithName(new QName("urn:oasis:names:tc:SAML:1.0:assertion", "AttributeStatement"));
            if (firstChildWithName4 != null) {
                String text = firstChildWithName4.getFirstChildWithName(new QName("urn:oasis:names:tc:SAML:1.0:assertion", "Subject")).getFirstElement().getText();
                Iterator childrenWithName = firstChildWithName4.getChildrenWithName(new QName("Attribute"));
                while (childrenWithName.hasNext()) {
                    OMElement oMElement2 = (OMElement) childrenWithName.next();
                    hashMap.put(oMElement2.getAttribute(new QName(AttributeDesignator.ATTRIBUTENAMESPACE_ATTRIB_NAME)).getAttributeValue(), oMElement2.getFirstElement().getText());
                }
                httpServletRequest.getSession().setAttribute("message", "Response from the Passive STS for User: " + text);
                httpServletRequest.getSession().setAttribute("claimMap", hashMap);
            } else {
                httpServletRequest.getSession().setAttribute("message", "No claims received! Verify RP is registered at Passive STS");
                httpServletRequest.getSession().setAttribute("claimMap", (Object) null);
            }
        } else if (RahasConstants.TOK_TYPE_SAML_20.equalsIgnoreCase(firstChildWithName2.getText())) {
            OMElement firstChildWithName5 = firstChildWithName3.getFirstChildWithName(new QName("urn:oasis:names:tc:SAML:2.0:assertion", "Assertion"));
            String text2 = firstChildWithName5.getFirstChildWithName(new QName("urn:oasis:names:tc:SAML:2.0:assertion", "Subject")).getFirstChildWithName(new QName("urn:oasis:names:tc:SAML:2.0:assertion", "NameID")).getText();
            OMElement firstChildWithName6 = firstChildWithName5.getFirstChildWithName(new QName("urn:oasis:names:tc:SAML:2.0:assertion", "AttributeStatement"));
            if (firstChildWithName6 != null) {
                Iterator childrenWithName2 = firstChildWithName6.getChildrenWithName(new QName("urn:oasis:names:tc:SAML:2.0:assertion", "Attribute"));
                while (childrenWithName2.hasNext()) {
                    OMElement oMElement3 = (OMElement) childrenWithName2.next();
                    hashMap.put(oMElement3.getAttribute(new QName("Name")).getAttributeValue(), oMElement3.getFirstElement().getText());
                }
                httpServletRequest.getSession().setAttribute("message", "Response from the Passive STS for User: " + text2);
                httpServletRequest.getSession().setAttribute("claimMap", hashMap);
            } else {
                httpServletRequest.getSession().setAttribute("message", "No claims received! Verify RP is registered at Passive STS");
                httpServletRequest.getSession().setAttribute("claimMap", (Object) null);
            }
        }
        httpServletRequest.getSession().setAttribute("logouturl", (this.idpUrl + "?wa=" + this.logoutAction + "&wreply=" + this.replyUrl + "&wtrealm=" + this.realm) + "&" + this.additionalRequestParams);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.idpUrl = filterConfig.getInitParameter("idpUrl");
        this.loginAction = filterConfig.getInitParameter("loginaction");
        this.logoutAction = filterConfig.getInitParameter("logoutaction");
        this.replyUrl = filterConfig.getInitParameter("replyUrl");
        this.realm = filterConfig.getInitParameter("realm");
        this.displayFullResponse = filterConfig.getInitParameter("displayFullResponse");
        this.additionalRequestParams = filterConfig.getInitParameter("requestParams");
    }
}
