package org.wso2.carbon.identity.authenticator.saml2.sso.ui.authenticator;

import java.util.List;
import java.util.Map;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Response;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.common.AuthenticationException;
import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
import org.wso2.carbon.identity.authenticator.saml2.sso.common.SAML2SSOUIAuthenticatorException;
import org.wso2.carbon.identity.authenticator.saml2.sso.common.Util;
import org.wso2.carbon.identity.authenticator.saml2.sso.common.client.SAML2SSOAuthenticationClient;
import org.wso2.carbon.identity.authenticator.saml2.sso.ui.internal.SAML2SSOAuthFEDataHolder;
import org.wso2.carbon.ui.AbstractCarbonUIAuthenticator;
import org.wso2.carbon.ui.CarbonSSOSessionManager;
import org.wso2.carbon.ui.CarbonUIUtil;

/* loaded from: input_file:org/wso2/carbon/identity/authenticator/saml2/sso/ui/authenticator/SAML2SSOUIAuthenticator.class */
public class SAML2SSOUIAuthenticator extends AbstractCarbonUIAuthenticator {
    private static final int DEFAULT_PRIORITY_LEVEL = 50;
    public static final Log log = LogFactory.getLog(SAML2SSOUIAuthenticator.class);

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("RelayState");
        Object attribute = httpServletRequest.getAttribute("SAML2ResponseToken");
        if (httpServletRequest.getRequestURI().indexOf("/carbon/admin/logout_action.jsp") > -1) {
            return true;
        }
        return (attribute == null || !(attribute instanceof Response) || parameter == null) ? false : true;
    }

    public void authenticate(HttpServletRequest httpServletRequest) throws AuthenticationException {
        HttpSession session = httpServletRequest.getSession();
        Response response = (Response) httpServletRequest.getAttribute("SAML2ResponseToken");
        String parameter = httpServletRequest.getParameter("SAMLResponse");
        String usernameFromResponse = Util.getUsernameFromResponse(response);
        ServletContext servletContext = httpServletRequest.getSession().getServletContext();
        ConfigurationContext configurationContext = (ConfigurationContext) servletContext.getAttribute("ConfigurationContext");
        String parameter2 = httpServletRequest.getParameter("backendURL");
        if (parameter2 == null) {
            parameter2 = CarbonUIUtil.getServerURL(servletContext, session);
        }
        session.setAttribute("ServerURL", parameter2);
        String str = (String) session.getAttribute("wso2carbon.admin.service.cookie");
        try {
            if (log.isDebugEnabled()) {
                log.debug("Invoking the SAML2 SSO Authenticator BE for the Response : " + parameter);
            }
            boolean login = new SAML2SSOAuthenticationClient(configurationContext, parameter2, str, session).login(parameter, usernameFromResponse);
            if (login) {
                CarbonSSOSessionManager carbonSSOSessionManager = SAML2SSOAuthFEDataHolder.getInstance().getCarbonSSOSessionManager();
                String sessionIndexFromResponse = getSessionIndexFromResponse(response);
                if (sessionIndexFromResponse != null) {
                    carbonSSOSessionManager.addSessionMapping(getSessionIndexFromResponse(response), session.getId());
                    httpServletRequest.getSession().setAttribute("idpSessionIndex", sessionIndexFromResponse);
                }
                onSuccessAdminLogin(httpServletRequest, usernameFromResponse);
            } else {
                log.error("Authentication failed.");
            }
            if (!login) {
                throw new AuthenticationException("Authentication failure " + usernameFromResponse);
            }
        } catch (SAML2SSOUIAuthenticatorException e) {
            log.error("Error when authenticating the user : " + usernameFromResponse, e);
            throw new AuthenticationException("Error when authenticating the user : " + usernameFromResponse, e);
        } catch (Exception e2) {
            log.error("Error when creating SAML2SSOAuthenticationClient.", e2);
            throw new AuthenticationException("Error when creating SAML2SSOAuthenticationClient.", e2);
        }
    }

    public void unauthenticate(Object obj) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) obj;
        HttpSession session = httpServletRequest.getSession();
        String str = (String) session.getAttribute("logged-user");
        ServletContext servletContext = session.getServletContext();
        try {
            new SAML2SSOAuthenticationClient((ConfigurationContext) servletContext.getAttribute("ConfigurationContext"), CarbonUIUtil.getServerURL(servletContext, session), (String) session.getAttribute("wso2carbon.admin.service.cookie"), session).logout(session);
            log.info(str + "@" + PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain() + " successfully logged out");
            httpServletRequest.setAttribute("logoutRequest", true);
            httpServletRequest.setAttribute("loggedInUser", session.getAttribute("logged-user"));
            httpServletRequest.setAttribute("ExternalLogoutPage", Util.getExternalLogoutPage());
        } catch (Exception e) {
            log.error("Configuration context is null.");
            throw new Exception("Configuration context is null.");
        }
    }

    public int getPriority() {
        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = AuthenticatorsConfiguration.getInstance().getAuthenticatorConfig("SAML2SSOAuthenticator");
        return (authenticatorConfig == null || authenticatorConfig.getPriority() <= 0) ? DEFAULT_PRIORITY_LEVEL : authenticatorConfig.getPriority();
    }

    public String getAuthenticatorName() {
        return "SAML2SSOAuthenticator";
    }

    public boolean isDisabled() {
        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = AuthenticatorsConfiguration.getInstance().getAuthenticatorConfig("SAML2SSOAuthenticator");
        if (authenticatorConfig != null) {
            return authenticatorConfig.isDisabled();
        }
        return false;
    }

    private String getUsernameFromResponse(Response response) {
        List assertions = response.getAssertions();
        if (assertions == null || assertions.size() <= 0) {
            return null;
        }
        return ((Assertion) assertions.get(0)).getSubject().getNameID().getValue();
    }

    private String getSessionIndexFromResponse(Response response) {
        List authnStatements;
        List assertions = response.getAssertions();
        String str = null;
        if (assertions != null && assertions.size() > 0 && (authnStatements = ((Assertion) assertions.get(0)).getAuthnStatements()) != null && authnStatements.size() > 0) {
            str = ((AuthnStatement) authnStatements.get(0)).getSessionIndex();
        }
        return str;
    }

    public boolean reAuthenticateOnSessionExpire(Object obj) throws AuthenticationException {
        return false;
    }

    public void authenticateWithCookie(HttpServletRequest httpServletRequest) throws AuthenticationException {
    }

    public String doAuthentication(Object obj, boolean z, ServiceClient serviceClient, HttpServletRequest httpServletRequest) throws AuthenticationException {
        return null;
    }

    public void handleRememberMe(Map map, HttpServletRequest httpServletRequest) throws AuthenticationException {
    }
}
