package org.wso2.carbon.identity.sso.saml.ui;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.sso.saml.stub.IdentityException;
import org.wso2.carbon.identity.sso.saml.stub.types.SAMLSSOAuthnReqDTO;
import org.wso2.carbon.identity.sso.saml.stub.types.SAMLSSOReqValidationResponseDTO;
import org.wso2.carbon.identity.sso.saml.stub.types.SAMLSSORespDTO;
import org.wso2.carbon.identity.sso.saml.ui.SAMLSSOProviderConstants;
import org.wso2.carbon.identity.sso.saml.ui.client.SAMLSSOServiceClient;
import org.wso2.carbon.identity.sso.saml.ui.logout.LogoutRequestSender;
import org.wso2.carbon.ui.CarbonUIUtil;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/ui/SAMLSSOProvider.class */
public class SAMLSSOProvider extends HttpServlet {
    private static Log log = LogFactory.getLog(SAMLSSOProvider.class);
    private static final int SSO_SESSION_EXPIRE = 36000;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doPost(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter(SAMLSSOProviderConstants.USERNAME);
        String parameter2 = httpServletRequest.getParameter(SAMLSSOProviderConstants.PASSWORD);
        String id = httpServletRequest.getSession().getId();
        Cookie sSOTokenCookie = getSSOTokenCookie(httpServletRequest);
        if (sSOTokenCookie != null) {
            id = sSOTokenCookie.getValue();
        }
        try {
            if (parameter == null && parameter2 == null) {
                String parameter3 = httpServletRequest.getParameter(SAMLSSOProviderConstants.AUTH_REQ_SAML_ASSRTN);
                String str = SAMLSSOProviderConstants.AuthnModes.USERNAME_PASSWORD;
                if (httpServletRequest.getParameter("authMode") != null && SAMLSSOProviderConstants.AuthnModes.OPENID.equals(httpServletRequest.getParameter("authMode"))) {
                    str = SAMLSSOProviderConstants.AuthnModes.OPENID;
                }
                String parameter4 = httpServletRequest.getParameter(SAMLSSOProviderConstants.RELAY_STATE);
                if (parameter3 != null) {
                    handleSAMLRequest(httpServletRequest, httpServletResponse, id, parameter3, parameter4, str);
                } else {
                    handleLogout(httpServletRequest, httpServletResponse);
                }
            } else {
                handleRequestFromLoginPage(httpServletRequest, httpServletResponse, id);
            }
        } catch (IdentityException e) {
            log.error("Error when processing the authentication request!", e);
            httpServletRequest.setAttribute(SAMLSSOProviderConstants.STATUS, "Error when processing the authentication request!");
            httpServletRequest.setAttribute(SAMLSSOProviderConstants.STATUS_MSG, "Please try login again.");
            getServletContext().getRequestDispatcher("/carbon/sso-saml/notification_ajaxprocessor.jsp").forward(httpServletRequest, httpServletResponse);
        }
    }

    private void handleRequestFromLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IdentityException, IOException, ServletException {
        String parameter = httpServletRequest.getParameter(SAMLSSOProviderConstants.RELAY_STATE);
        HttpSession session = httpServletRequest.getSession();
        SAMLSSOServiceClient sAMLSSOServiceClient = new SAMLSSOServiceClient(CarbonUIUtil.getServerURL(session.getServletContext(), session), (ConfigurationContext) session.getServletContext().getAttribute("ConfigurationContext"));
        SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO = new SAMLSSOAuthnReqDTO();
        populateAuthnReqDTO(httpServletRequest, sAMLSSOAuthnReqDTO);
        SAMLSSORespDTO authenticate = sAMLSSOServiceClient.authenticate(sAMLSSOAuthnReqDTO, str);
        if (authenticate.getSessionEstablished()) {
            storeSSOTokenCookie(str, httpServletRequest, httpServletResponse);
            httpServletRequest.setAttribute(SAMLSSOProviderConstants.RELAY_STATE, parameter);
            httpServletRequest.setAttribute(SAMLSSOProviderConstants.ASSERTION_STR, authenticate.getRespString());
            httpServletRequest.setAttribute(SAMLSSOProviderConstants.ASSRTN_CONSUMER_URL, authenticate.getAssertionConsumerURL());
            getServletContext().getRequestDispatcher("/carbon/sso-saml/redirect_ajaxprocessor.jsp").forward(httpServletRequest, httpServletResponse);
            return;
        }
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.AUTH_FAILURE, Boolean.valueOf(Boolean.parseBoolean("true")));
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.AUTH_FAILURE_MSG, authenticate.getErrorMsg());
        populateReAuthenticationRequest(httpServletRequest);
        getServletContext().getRequestDispatcher(getLoginPage(authenticate.getLoginPageURL())).forward(httpServletRequest, httpServletResponse);
    }

    private void populateAuthnReqDTO(HttpServletRequest httpServletRequest, SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO) {
        sAMLSSOAuthnReqDTO.setAssertionConsumerURL(getRequestParameter(httpServletRequest, SAMLSSOProviderConstants.ASSRTN_CONSUMER_URL));
        sAMLSSOAuthnReqDTO.setId(getRequestParameter(httpServletRequest, SAMLSSOProviderConstants.REQ_ID));
        sAMLSSOAuthnReqDTO.setIssuer(getRequestParameter(httpServletRequest, SAMLSSOProviderConstants.ISSUER));
        sAMLSSOAuthnReqDTO.setUsername(getRequestParameter(httpServletRequest, SAMLSSOProviderConstants.USERNAME));
        sAMLSSOAuthnReqDTO.setPassword(getRequestParameter(httpServletRequest, SAMLSSOProviderConstants.PASSWORD));
        sAMLSSOAuthnReqDTO.setSubject(getRequestParameter(httpServletRequest, SAMLSSOProviderConstants.SUBJECT));
        sAMLSSOAuthnReqDTO.setRpSessionId(getRequestParameter(httpServletRequest, SAMLSSOProviderConstants.RP_SESSION_ID));
        sAMLSSOAuthnReqDTO.setAssertionString(getRequestParameter(httpServletRequest, SAMLSSOProviderConstants.ASSERTION_STR));
    }

    private void handleLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IdentityException, IOException, ServletException {
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.STATUS, "You have been successfully signed out.");
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.STATUS_MSG, "All the other authenticated sessions are terminated.");
        getServletContext().getRequestDispatcher("/carbon/sso-saml/notification_ajaxprocessor.jsp").forward(httpServletRequest, httpServletResponse);
    }

    private void handleSAMLRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4) throws IdentityException, IOException, ServletException {
        String parameter = httpServletRequest.getParameter("SSOAuthSessionID");
        HttpSession session = httpServletRequest.getSession();
        SAMLSSOReqValidationResponseDTO validate = new SAMLSSOServiceClient(CarbonUIUtil.getServerURL(session.getServletContext(), session), (ConfigurationContext) session.getServletContext().getAttribute("ConfigurationContext")).validate(str2, str, parameter, str4);
        if (validate.getLogOutReq()) {
            LogoutRequestSender.getInstance().sendLogoutRequests(validate.getLogoutRespDTO());
            httpServletRequest.setAttribute(SAMLSSOProviderConstants.RELAY_STATE, str3);
            httpServletRequest.setAttribute(SAMLSSOProviderConstants.ASSERTION_STR, validate.getLogoutResponse());
            httpServletRequest.setAttribute(SAMLSSOProviderConstants.ASSRTN_CONSUMER_URL, validate.getAssertionConsumerURL());
            getServletContext().getRequestDispatcher("/carbon/sso-saml/redirect_ajaxprocessor.jsp").forward(httpServletRequest, httpServletResponse);
            return;
        }
        if (validate.getValid() && validate.getResponse() == null) {
            populateLoginPageRequest(httpServletRequest, validate);
            httpServletRequest.setAttribute(SAMLSSOProviderConstants.RELAY_STATE, str3);
            getServletContext().getRequestDispatcher(getLoginPage(validate.getLoginPageURL())).forward(httpServletRequest, httpServletResponse);
            return;
        }
        if (validate.getResponse() != null) {
            httpServletRequest.setAttribute(SAMLSSOProviderConstants.RELAY_STATE, str3);
            httpServletRequest.setAttribute(SAMLSSOProviderConstants.ASSERTION_STR, validate.getResponse());
            httpServletRequest.setAttribute(SAMLSSOProviderConstants.ASSRTN_CONSUMER_URL, validate.getAssertionConsumerURL());
            if (SAMLSSOProviderConstants.AuthnModes.OPENID.equals(str4)) {
                storeSSOTokenCookie(str, httpServletRequest, httpServletResponse);
            }
            getServletContext().getRequestDispatcher("/carbon/sso-saml/redirect_ajaxprocessor.jsp").forward(httpServletRequest, httpServletResponse);
        }
    }

    private void populateLoginPageRequest(HttpServletRequest httpServletRequest, SAMLSSOReqValidationResponseDTO sAMLSSOReqValidationResponseDTO) {
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.ISSUER, sAMLSSOReqValidationResponseDTO.getIssuer());
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.ASSRTN_CONSUMER_URL, sAMLSSOReqValidationResponseDTO.getAssertionConsumerURL());
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.REQ_ID, sAMLSSOReqValidationResponseDTO.getId());
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.SUBJECT, sAMLSSOReqValidationResponseDTO.getSubject());
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.RP_SESSION_ID, sAMLSSOReqValidationResponseDTO.getRpSessionId());
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.ASSERTION_STR, sAMLSSOReqValidationResponseDTO.getAssertionString());
    }

    private void populateReAuthenticationRequest(HttpServletRequest httpServletRequest) {
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.ISSUER, httpServletRequest.getParameter(SAMLSSOProviderConstants.ISSUER));
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.ASSRTN_CONSUMER_URL, httpServletRequest.getParameter(SAMLSSOProviderConstants.ASSRTN_CONSUMER_URL));
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.REQ_ID, httpServletRequest.getParameter(SAMLSSOProviderConstants.REQ_ID));
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.SUBJECT, httpServletRequest.getParameter(SAMLSSOProviderConstants.SUBJECT));
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.RP_SESSION_ID, httpServletRequest.getParameter(SAMLSSOProviderConstants.RP_SESSION_ID));
        httpServletRequest.setAttribute(SAMLSSOProviderConstants.ASSERTION_STR, httpServletRequest.getParameter(SAMLSSOProviderConstants.ASSERTION_STR));
    }

    private String getAdminConsoleURL(HttpServletRequest httpServletRequest) {
        String adminConsoleURL = CarbonUIUtil.getAdminConsoleURL(httpServletRequest);
        if (adminConsoleURL.contains("/samlsso")) {
            adminConsoleURL = adminConsoleURL.replace("/samlsso", "");
        }
        return adminConsoleURL;
    }

    private Cookie getSSOTokenCookie(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(SAMLSSOProviderConstants.SSO_TOKEN_ID)) {
                return cookie;
            }
        }
        return null;
    }

    private void storeSSOTokenCookie(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie sSOTokenCookie = getSSOTokenCookie(httpServletRequest);
        if (sSOTokenCookie == null) {
            sSOTokenCookie = new Cookie(SAMLSSOProviderConstants.SSO_TOKEN_ID, str);
        }
        sSOTokenCookie.setMaxAge(SSO_SESSION_EXPIRE);
        httpServletResponse.addCookie(sSOTokenCookie);
    }

    private String getLoginPage(String str) {
        return str != null ? "/carbon/" + str.trim() : "/carbon/sso-saml/login_ajaxprocessor.jsp";
    }

    private String getRequestParameter(HttpServletRequest httpServletRequest, String str) {
        if (httpServletRequest.getParameter(str) == null || !httpServletRequest.getParameter(str).equals("null")) {
            return httpServletRequest.getParameter(str);
        }
        return null;
    }
}
