package org.wso2.carbon.identity.sts.passive.ui;

import java.io.IOException;
import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.sts.passive.stub.types.RequestToken;
import org.wso2.carbon.identity.sts.passive.stub.types.ResponseToken;
import org.wso2.carbon.identity.sts.passive.ui.client.IdentityPassiveSTSClient;
import org.wso2.carbon.ui.CarbonUIUtil;

/* loaded from: input_file:org/wso2/carbon/identity/sts/passive/ui/PassiveSTS.class */
public class PassiveSTS extends HttpServlet {
    private static final Log log = LogFactory.getLog(PassiveSTS.class);
    private static final long serialVersionUID = 1927253892844132565L;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Map parameterMap = httpServletRequest.getParameterMap();
        String adminConsoleURL = getAdminConsoleURL(httpServletRequest);
        HttpSession session = httpServletRequest.getSession();
        if (PassiveRequestorConstants.REQUESTOR_ACTION_SIGNOUT_10.equals(getAttribute(parameterMap, PassiveRequestorConstants.ACTION))) {
            Set set = (Set) session.getAttribute("realms");
            if (set != null && set.size() > 0) {
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    openURLWithNoTrust(((String) it.next()) + "?wa=wsignoutcleanup1.0");
                }
            }
            session.invalidate();
            httpServletResponse.sendRedirect(getAttribute(parameterMap, PassiveRequestorConstants.REPLY_TO));
            return;
        }
        String parameter = httpServletRequest.getParameter(PassiveRequestorConstants.USER_NAME);
        String parameter2 = httpServletRequest.getParameter(PassiveRequestorConstants.PASSWORD);
        if (parameter == null && parameter2 == null) {
            session.setAttribute(PassiveRequestorConstants.ACTION, getAttribute(parameterMap, PassiveRequestorConstants.ACTION));
            session.setAttribute(PassiveRequestorConstants.ATTRIBUTE, getAttribute(parameterMap, PassiveRequestorConstants.ATTRIBUTE));
            session.setAttribute(PassiveRequestorConstants.CONTEXT, getAttribute(parameterMap, PassiveRequestorConstants.CONTEXT));
            session.setAttribute(PassiveRequestorConstants.REPLY_TO, getAttribute(parameterMap, PassiveRequestorConstants.REPLY_TO));
            session.setAttribute(PassiveRequestorConstants.PSEUDO, getAttribute(parameterMap, PassiveRequestorConstants.PSEUDO));
            session.setAttribute(PassiveRequestorConstants.REALM, getAttribute(parameterMap, PassiveRequestorConstants.REALM));
            session.setAttribute(PassiveRequestorConstants.REQUEST, getAttribute(parameterMap, PassiveRequestorConstants.REQUEST));
            session.setAttribute(PassiveRequestorConstants.REQUEST_POINTER, getAttribute(parameterMap, PassiveRequestorConstants.REQUEST_POINTER));
            session.setAttribute(PassiveRequestorConstants.POLCY, getAttribute(parameterMap, PassiveRequestorConstants.POLCY));
            parameter = (String) session.getAttribute(PassiveRequestorConstants.USER_NAME);
            if (parameter == null) {
                httpServletResponse.sendRedirect(adminConsoleURL + "passive-sts/login.jsp");
                return;
            }
        }
        session.removeAttribute(PassiveRequestorConstants.PASSIVE_REQ_ATTR_MAP);
        RequestToken requestToken = new RequestToken();
        requestToken.setAction((String) session.getAttribute(PassiveRequestorConstants.ACTION));
        requestToken.setAttributes((String) session.getAttribute(PassiveRequestorConstants.ATTRIBUTE));
        requestToken.setContext((String) session.getAttribute(PassiveRequestorConstants.CONTEXT));
        requestToken.setReplyTo((String) session.getAttribute(PassiveRequestorConstants.REPLY_TO));
        requestToken.setPseudo((String) session.getAttribute(PassiveRequestorConstants.PSEUDO));
        requestToken.setRealm((String) session.getAttribute(PassiveRequestorConstants.REALM));
        requestToken.setRequest((String) session.getAttribute(PassiveRequestorConstants.REQUEST));
        requestToken.setRequestPointer((String) session.getAttribute(PassiveRequestorConstants.REQUEST_POINTER));
        requestToken.setPolicy((String) session.getAttribute(PassiveRequestorConstants.POLCY));
        requestToken.setUserName(parameter);
        requestToken.setPassword(parameter2);
        requestToken.setPseudo(session.getId());
        ResponseToken response = new IdentityPassiveSTSClient(CarbonUIUtil.getServerURL(session.getServletContext(), session), (ConfigurationContext) session.getServletContext().getAttribute("ConfigurationContext")).getResponse(requestToken);
        if (response == null || !response.getAuthenticated()) {
            httpServletResponse.sendRedirect(adminConsoleURL + "passive-sts/login.jsp");
            return;
        }
        session.setAttribute(PassiveRequestorConstants.USER_NAME, parameter);
        persistRealms(requestToken, session);
        sendData(httpServletRequest, httpServletResponse, response, adminConsoleURL, requestToken.getAction());
    }

    private void sendData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ResponseToken responseToken, String str, String str2) throws ServletException, IOException {
        String str3 = str + "passive-sts/redirect.jsp";
        HttpSession session = httpServletRequest.getSession();
        String results = responseToken.getResults();
        if (results == null) {
            httpServletResponse.sendRedirect(str + "passive-sts/login.jsp");
            return;
        }
        responseToken.setResults(results.replace("<", "&lt;").replace(">", "&gt;").replace("\"", "'"));
        session.setAttribute("replyTo", responseToken.getReplyTo());
        session.setAttribute("results", responseToken.getResults());
        session.setAttribute("context", responseToken.getContext());
        session.setAttribute("action", str2);
        httpServletResponse.sendRedirect(str3);
    }

    private String getAttribute(Map map, String str) {
        if (map.get(str) == null || !(map.get(str) instanceof String[])) {
            return null;
        }
        return ((String[]) map.get(str))[0];
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGet(httpServletRequest, httpServletResponse);
    }

    private String getAdminConsoleURL(HttpServletRequest httpServletRequest) {
        String adminConsoleURL = CarbonUIUtil.getAdminConsoleURL(httpServletRequest);
        if (adminConsoleURL.indexOf("/passivests/") != -1) {
            adminConsoleURL = adminConsoleURL.replace("/passivests", "");
        }
        return adminConsoleURL;
    }

    private void openURLWithNoTrust(String str) throws IOException {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: org.wso2.carbon.identity.sts.passive.ui.PassiveSTS.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) {
            }
        }};
        HostnameVerifier hostnameVerifier = new HostnameVerifier() { // from class: org.wso2.carbon.identity.sts.passive.ui.PassiveSTS.2
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str2, SSLSession sSLSession) {
                return true;
            }
        };
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            SSLSocketFactory defaultSSLSocketFactory = HttpsURLConnection.getDefaultSSLSocketFactory();
            HostnameVerifier defaultHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
            String property = System.getProperty("sun.security.ssl.allowUnsafeRenegotiation");
            try {
                HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
                HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
                System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
                new URL(str).getContent();
                HttpsURLConnection.setDefaultSSLSocketFactory(defaultSSLSocketFactory);
                HttpsURLConnection.setDefaultHostnameVerifier(defaultHostnameVerifier);
                System.getProperty("sun.security.ssl.allowUnsafeRenegotiation", property);
            } catch (Throwable th) {
                HttpsURLConnection.setDefaultSSLSocketFactory(defaultSSLSocketFactory);
                HttpsURLConnection.setDefaultHostnameVerifier(defaultHostnameVerifier);
                System.getProperty("sun.security.ssl.allowUnsafeRenegotiation", property);
                throw th;
            }
        } catch (Exception e) {
        }
    }

    private void persistRealms(RequestToken requestToken, HttpSession httpSession) {
        Set set = (Set) httpSession.getAttribute("realms");
        if (set == null) {
            set = new HashSet();
            httpSession.setAttribute("realms", set);
        }
        set.add(requestToken.getRealm());
    }
}
