package org.wso2.carbon.identity.authenticator.saml2.sso.ui;

import java.io.IOException;
import java.net.URLEncoder;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.SessionIndex;
import org.opensaml.xml.XMLObject;
import org.wso2.carbon.identity.authenticator.saml2.sso.ui.SAML2SSOAuthenticatorConstants;
import org.wso2.carbon.identity.authenticator.saml2.sso.ui.internal.SAML2SSOAuthFEDataHolder;
import org.wso2.carbon.ui.CarbonSSOSessionManager;
import org.wso2.carbon.ui.CarbonUIUtil;

/* loaded from: input_file:org/wso2/carbon/identity/authenticator/saml2/sso/ui/SSOAssertionConsumerService.class */
public class SSOAssertionConsumerService extends HttpServlet {
    public static final Log log = LogFactory.getLog(SSOAssertionConsumerService.class);

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doPost(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter(SAML2SSOAuthenticatorConstants.HTTP_POST_PARAM_SAML2_RESP);
        httpServletRequest.getParameter(SAML2SSOAuthenticatorConstants.HTTP_POST_PARAM_RELAY_STATE);
        if (log.isDebugEnabled()) {
            log.debug("SAML Response Received. : " + parameter);
        }
        if (httpServletRequest.getParameter(SAML2SSOAuthenticatorConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ) != null) {
            handleSingleLogoutRequest(httpServletRequest, httpServletResponse);
            return;
        }
        if (parameter == null) {
            log.error("SAML Response is not present in the request.");
            handleMalformedResponses(httpServletRequest, httpServletResponse, SAML2SSOAuthenticatorConstants.ErrorMessageConstants.RESPONSE_NOT_PRESENT);
            return;
        }
        try {
            XMLObject unmarshall = Util.unmarshall(parameter);
            if (unmarshall instanceof LogoutResponse) {
                httpServletResponse.sendRedirect(getAdminConsoleURL(httpServletRequest) + "admin/logout_action.jsp?logoutcomplete=true");
            } else if (unmarshall instanceof Response) {
                handleSAMLResponses(httpServletRequest, httpServletResponse, unmarshall);
            }
        } catch (SAML2SSOUIAuthenticatorException e) {
            log.error("Error when processing the SAML Assertion in the request.", e);
            handleMalformedResponses(httpServletRequest, httpServletResponse, SAML2SSOAuthenticatorConstants.ErrorMessageConstants.RESPONSE_MALFORMED);
        }
    }

    private void handleSAMLResponses(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, XMLObject xMLObject) throws ServletException, IOException, SAML2SSOUIAuthenticatorException {
        Response response = (Response) xMLObject;
        List assertions = response.getAssertions();
        Assertion assertion = null;
        if (assertions != null && assertions.size() > 0) {
            assertion = (Assertion) assertions.get(0);
        }
        if (assertion == null) {
            log.error("SAMLResponse does not contain Assertions.");
            throw new SAML2SSOUIAuthenticatorException("SAMLResponse does not contain Assertions.");
        }
        String str = null;
        if (assertion.getSubject() != null && assertion.getSubject().getNameID() != null) {
            str = assertion.getSubject().getNameID().getValue();
        }
        if (log.isDebugEnabled()) {
            log.debug("A username is extracted from the response. : " + str);
        }
        if (str == null) {
            log.error("SAMLResponse does not contain the name of the subject");
            throw new SAML2SSOUIAuthenticatorException("SAMLResponse does not contain the name of the subject");
        }
        httpServletRequest.setAttribute(SAML2SSOAuthenticatorConstants.HTTP_ATTR_SAML2_RESP_TOKEN, response);
        httpServletRequest.getRequestDispatcher(httpServletRequest.getRequestURI().replace("acs", "carbon/admin/login_action.jsp?username=" + URLEncoder.encode(str))).forward(httpServletRequest, httpServletResponse);
    }

    private void handleMalformedResponses(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletRequest.getSession().setAttribute(SAML2SSOAuthenticatorConstants.NOTIFICATIONS_ERROR_MSG, str);
        httpServletResponse.sendRedirect(getAdminConsoleURL(httpServletRequest) + "sso-acs/notifications.jsp");
    }

    private void handleSingleLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String decodeHTMLCharacters = decodeHTMLCharacters(httpServletRequest.getParameter(SAML2SSOAuthenticatorConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ));
        CarbonSSOSessionManager carbonSSOSessionManager = null;
        XMLObject xMLObject = null;
        try {
            carbonSSOSessionManager = SAML2SSOAuthFEDataHolder.getInstance().getCarbonSSOSessionManager();
            xMLObject = Util.unmarshall(decodeHTMLCharacters);
        } catch (SAML2SSOUIAuthenticatorException e) {
            log.error("Error handling the single logout request", e);
        }
        if (xMLObject instanceof LogoutRequest) {
            List sessionIndexes = ((LogoutRequest) xMLObject).getSessionIndexes();
            if (sessionIndexes.size() > 0) {
                carbonSSOSessionManager.makeSessionInvalid(((SessionIndex) sessionIndexes.get(0)).getSessionIndex());
            }
        }
    }

    private String getAdminConsoleURL(HttpServletRequest httpServletRequest) {
        String adminConsoleURL = CarbonUIUtil.getAdminConsoleURL(httpServletRequest);
        if (!adminConsoleURL.endsWith("/")) {
            adminConsoleURL = adminConsoleURL + "/";
        }
        if (adminConsoleURL.indexOf("/acs") != -1) {
            adminConsoleURL = adminConsoleURL.replace("/acs", "");
        }
        return adminConsoleURL;
    }

    private String decodeHTMLCharacters(String str) {
        return str.replaceAll("&amp;", "&").replaceAll("&lt;", "<").replaceAll("&gt;", ">").replaceAll("&quot;", "\"").replaceAll("&apos;", "'");
    }
}
