package org.picketlink.identity.federation.bindings.tomcat.sp;

import java.io.IOException;
import java.net.URL;
import java.security.Principal;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext;
import org.picketlink.identity.federation.core.config.KeyProviderType;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor;
import org.picketlink.identity.federation.web.process.ServiceProviderSAMLRequestProcessor;
import org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor;
import org.picketlink.identity.federation.web.util.ServerDetector;
import org.w3c.dom.Document;

/* loaded from: input_file:org/picketlink/identity/federation/bindings/tomcat/sp/AbstractSPFormAuthenticator.class */
public abstract class AbstractSPFormAuthenticator extends BaseFormAuthenticator {
    protected Logger log = Logger.getLogger(getClass());
    protected final boolean trace = this.log.isTraceEnabled();
    protected boolean jbossEnv;

    public AbstractSPFormAuthenticator() {
        this.jbossEnv = false;
        this.jbossEnv = new ServerDetector().isJboss();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator
    public void processStart() throws LifecycleException {
        super.processStart();
        initKeyProvider(this.context);
    }

    @Override // org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator
    protected void initKeyProvider(Context context) throws LifecycleException {
        if (doSupportSignature()) {
            KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
            if (keyProvider == null && doSupportSignature()) {
                throw new LifecycleException("PL00092: Null Value:KeyProvider is null for context=" + context.getName());
            }
            try {
                String className = keyProvider.getClassName();
                if (className == null) {
                    throw new RuntimeException("PL00092: Null Value:KeyManager class name");
                }
                Class<?> loadClass = SecurityActions.loadClass(getClass(), className);
                if (loadClass == null) {
                    throw new ClassNotFoundException("PL00085: Class Not Loaded:" + className);
                }
                this.keyManager = (TrustKeyManager) loadClass.newInstance();
                this.keyManager.setAuthProperties(CoreConfigUtil.getKeyProviderProperties(keyProvider));
                this.keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
                this.keyManager.addAdditionalOption("idp.key", new URL(this.spConfiguration.getIdentityURL()).getHost());
                if (this.trace) {
                    this.log.trace("Key Provider=" + keyProvider.getClassName());
                }
            } catch (Exception e) {
                this.log.error("Exception reading configuration:", e);
                throw new LifecycleException(e.getLocalizedMessage());
            }
        }
    }

    public boolean authenticate(Request request, HttpServletResponse httpServletResponse, LoginConfig loginConfig) throws IOException {
        if (httpServletResponse instanceof Response) {
            return authenticate(request, (Response) httpServletResponse, loginConfig);
        }
        throw new RuntimeException("PL00026: Response was not of type catalina response");
    }

    public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException {
        try {
            Session sessionInternal = request.getSessionInternal(true);
            if (isLocalLogout(request)) {
                try {
                    sendToLogoutPage(request, response, sessionInternal);
                    return false;
                } catch (ServletException e) {
                    this.log.error("Exception in logout::", e);
                    throw new IOException((Throwable) e);
                }
            }
            String parameter = request.getParameter("SAMLRequest");
            String parameter2 = request.getParameter("SAMLResponse");
            if (request.getUserPrincipal() == null || isGlobalLogout(request) || StringUtil.isNotNull(parameter) || StringUtil.isNotNull(parameter2)) {
                return (StringUtil.isNotNull(parameter) || StringUtil.isNotNull(parameter2)) ? StringUtil.isNotNull(parameter2) ? handleSAMLResponse(request, response, loginConfig) : StringUtil.isNotNull(parameter) ? handleSAMLRequest(request, response, loginConfig) : localAuthentication(request, response, loginConfig) : generalUserRequest(request, response, loginConfig);
            }
            return true;
        } catch (IOException e2) {
            if (!StringUtil.isNotNull(this.spConfiguration.getErrorPage())) {
                throw e2;
            }
            try {
                request.getRequestDispatcher(this.spConfiguration.getErrorPage()).forward(request.getRequest(), response);
                return false;
            } catch (ServletException e3) {
                this.log.error("PL00075: File could not be located :", e3);
                return false;
            }
        }
    }

    private boolean isGlobalLogout(Request request) {
        String parameter = request.getParameter("GLO");
        return StringUtil.isNotNull(parameter) && "true".equalsIgnoreCase(parameter);
    }

    private boolean isLocalLogout(Request request) {
        String parameter = request.getParameter("LLO");
        return StringUtil.isNotNull(parameter) && "true".equalsIgnoreCase(parameter);
    }

    private boolean handleSAMLRequest(Request request, Response response, LoginConfig loginConfig) throws IOException {
        String parameter = request.getParameter("SAMLRequest");
        HTTPContext hTTPContext = new HTTPContext(request, response, this.context.getServletContext());
        Set handlers = this.chain.handlers();
        try {
            ServiceProviderSAMLRequestProcessor serviceProviderSAMLRequestProcessor = new ServiceProviderSAMLRequestProcessor(isPOSTBindingResponse(), this.serviceURL);
            serviceProviderSAMLRequestProcessor.setTrustKeyManager(this.keyManager);
            serviceProviderSAMLRequestProcessor.setSupportSignatures(doSupportSignature());
            boolean process = serviceProviderSAMLRequestProcessor.process(parameter, hTTPContext, handlers, this.chainLock);
            if (response.isCommitted()) {
                return false;
            }
            if (response.isAppCommitted()) {
                return false;
            }
            return process ? process : localAuthentication(request, response, loginConfig);
        } catch (Exception e) {
            this.log.error("Server Exception:", e);
            throw new IOException("PL00032: Service Provider :: Server Exception");
        }
    }

    private boolean handleSAMLResponse(Request request, Response response, LoginConfig loginConfig) throws IOException {
        Principal authenticate;
        SPUtil sPUtil = new SPUtil();
        Session sessionInternal = request.getSessionInternal(true);
        String parameter = request.getParameter("SAMLResponse");
        request.getParameter("RelayState");
        HTTPContext hTTPContext = new HTTPContext(request, response, this.context.getServletContext());
        Set handlers = this.chain.handlers();
        Principal userPrincipal = request.getUserPrincipal();
        if (!super.validate(request)) {
            throw new IOException("PL00019: Validation check failed");
        }
        try {
            ServiceProviderSAMLResponseProcessor serviceProviderSAMLResponseProcessor = new ServiceProviderSAMLResponseProcessor(isPOSTBindingResponse(), this.serviceURL);
            serviceProviderSAMLResponseProcessor.setConfiguration(this.spConfiguration);
            serviceProviderSAMLResponseProcessor.setValidateSignature(doSupportSignature());
            serviceProviderSAMLResponseProcessor.setTrustKeyManager(this.keyManager);
            SAML2HandlerResponse process = serviceProviderSAMLResponseProcessor.process(parameter, hTTPContext, handlers, this.chainLock);
            Document resultingDocument = process.getResultingDocument();
            String relayState = process.getRelayState();
            String destination = process.getDestination();
            boolean sendRequest = process.getSendRequest();
            if (destination != null && resultingDocument != null) {
                sendRequestToIDP(destination, resultingDocument, relayState, response, sendRequest);
                return localAuthentication(request, response, loginConfig);
            }
            if (!sessionInternal.isValid()) {
                sendToLogoutPage(request, response, sessionInternal);
                return false;
            }
            List<String> roles = process.getRoles();
            if (userPrincipal == null) {
                userPrincipal = (Principal) sessionInternal.getSession().getAttribute("picketlink.principal");
            }
            String name = userPrincipal.getName();
            if (this.trace) {
                this.log.trace("Roles determined for username=" + name + "=" + Arrays.toString(roles.toArray()));
            }
            if (new ServerDetector().isJboss() || this.jbossEnv) {
                ServiceProviderSAMLContext.push(name, roles);
                authenticate = this.context.getRealm().authenticate(name, ServiceProviderSAMLContext.EMPTY_PASSWORD);
                ServiceProviderSAMLContext.clear();
            } else {
                authenticate = sPUtil.createGenericPrincipal(request, name, roles);
            }
            sessionInternal.setNote("org.apache.catalina.session.USERNAME", name);
            sessionInternal.setNote("org.apache.catalina.session.PASSWORD", ServiceProviderSAMLContext.EMPTY_PASSWORD);
            request.setUserPrincipal(authenticate);
            if (this.saveRestoreRequest) {
                restoreRequest(request, sessionInternal);
            }
            register(request, response, authenticate, "FORM", name, ServiceProviderSAMLContext.EMPTY_PASSWORD);
            return true;
        } catch (Exception e) {
            this.log.error("Server Exception:", e);
            throw new IOException("PL00032: Service Provider :: Server Exception");
        } catch (ProcessingException e2) {
            Throwable cause = e2.getCause();
            if (cause == null || !(cause instanceof AssertionExpiredException)) {
                this.log.error("Server Exception:", e2);
                throw new IOException("PL00032: Service Provider :: Server Exception" + e2.getLocalizedMessage());
            }
            this.log.error("Assertion has expired. Asking IDP for reissue");
            return generalUserRequest(request, response, loginConfig);
        }
    }

    protected boolean isPOSTBindingResponse() {
        return this.spConfiguration.isIdpUsesPostBinding();
    }

    protected abstract void sendRequestToIDP(String str, Document document, String str2, Response response, boolean z) throws ProcessingException, ConfigurationException, IOException;

    @Override // org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator
    protected String getBinding() {
        return this.spConfiguration.getBindingType();
    }

    private boolean generalUserRequest(Request request, Response response, LoginConfig loginConfig) throws IOException {
        Session sessionInternal = request.getSessionInternal(true);
        HTTPContext hTTPContext = new HTTPContext(request, response, this.context.getServletContext());
        Set handlers = this.chain.handlers();
        if (StringUtil.isNotNull(request.getParameter("RelayState"))) {
            this.spConfiguration.getRelayState();
        }
        try {
            ServiceProviderBaseProcessor serviceProviderBaseProcessor = new ServiceProviderBaseProcessor(this.spConfiguration.getBindingType().equals("POST"), this.serviceURL);
            if (this.issuerID != null) {
                serviceProviderBaseProcessor.setIssuer(this.issuerID);
            }
            serviceProviderBaseProcessor.setIdentityURL(this.identityURL);
            SAML2HandlerResponse process = serviceProviderBaseProcessor.process(hTTPContext, handlers, this.chainLock);
            boolean sendRequest = process.getSendRequest();
            Document resultingDocument = process.getResultingDocument();
            String relayState = process.getRelayState();
            String destination = process.getDestination();
            if (destination == null || resultingDocument == null) {
                return localAuthentication(request, response, loginConfig);
            }
            try {
                if (this.saveRestoreRequest) {
                    saveRequest(request, sessionInternal);
                }
                sendRequestToIDP(destination, resultingDocument, relayState, response, sendRequest);
                return false;
            } catch (Exception e) {
                this.log.error("Server Exception:", e);
                throw new IOException("PL00032: Service Provider :: Server Exception");
            }
        } catch (ProcessingException e2) {
            this.log.error("Processing Exception:", e2);
            throw new RuntimeException((Throwable) e2);
        } catch (ParsingException e3) {
            this.log.error("Parsing Exception:", e3);
            throw new RuntimeException((Throwable) e3);
        } catch (ConfigurationException e4) {
            this.log.error("Config Exception:", e4);
            throw new RuntimeException((Throwable) e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isHttpPostBinding() {
        return getBinding().equalsIgnoreCase("POST");
    }
}
