package org.gatein.sso.saml.plugin.valve;

import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.PrivateKey;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.gatein.common.logging.Logger;
import org.gatein.common.logging.LoggerFactory;
import org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.web.util.ConfigurationUtil;
import org.picketlink.identity.federation.web.util.IDPWebRequestUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
import org.w3c.dom.Document;

/* loaded from: input_file:org/gatein/sso/saml/plugin/valve/PortalIDPWebBrowserSSOValve.class */
public class PortalIDPWebBrowserSSOValve extends IDPWebBrowserSSOValve {
    private static final Logger log = LoggerFactory.getLogger(PortalIDPWebBrowserSSOValve.class);
    private static final boolean trace = log.isTraceEnabled();
    private static final String REQUEST_FROM_SP_METHOD = "requestFromSPMethod";
    private static final String PRINCIPAL_NOTE = "portal-principalNote";
    private TrustKeyManager keyManager;
    private Context context = null;
    private String configFile = "/WEB-INF/picketlink.xml";
    private Boolean skipForwardingToHostedURL = true;

    public void setSkipForwardingToHostedURL(Boolean bool) {
        this.skipForwardingToHostedURL = bool;
    }

    public void setConfigFile(String str) {
        this.configFile = str;
    }

    public void invoke(Request request, Response response) throws IOException, ServletException {
        boolean z = false;
        String header = request.getHeader("Referer");
        String parameter = request.getParameter("RelayState");
        if (StringUtil.isNotNull(parameter)) {
            parameter = RedirectBindingUtil.urlDecode(parameter);
        }
        String parameter2 = request.getParameter("SAMLRequest");
        String parameter3 = request.getParameter("SAMLResponse");
        String parameter4 = request.getParameter("Signature");
        String parameter5 = request.getParameter("SigAlg");
        boolean isNotNull = StringUtil.isNotNull(parameter2);
        boolean isNotNull2 = StringUtil.isNotNull(parameter3);
        Session sessionInternal = request.getSessionInternal();
        if (isNotNull || isNotNull2) {
            if (trace) {
                log.trace("Storing the SAMLRequest/SAMLResponse and RelayState in session");
            }
            if (StringUtil.isNotNull(parameter2)) {
                sessionInternal.setNote("SAMLRequest", parameter2);
            }
            if (StringUtil.isNotNull(parameter3)) {
                sessionInternal.setNote("SAMLResponse", parameter3);
            }
            if (StringUtil.isNotNull(parameter)) {
                sessionInternal.setNote("RelayState", parameter.trim());
            }
            if (StringUtil.isNotNull(parameter4)) {
                sessionInternal.setNote("Signature", parameter4.trim());
            }
            if (StringUtil.isNotNull(parameter5)) {
                sessionInternal.setNote("SigAlg", parameter5.trim());
            }
            saveRequestInfoFromSP(request, sessionInternal);
        }
        Principal principal = request.getPrincipal();
        if (principal == null) {
            if (skipProcessingByNextValves(sessionInternal)) {
                principal = (Principal) sessionInternal.getNote(PRINCIPAL_NOTE);
                request.setUserPrincipal(principal);
                request.setAuthType("FORM");
                sessionInternal.setAuthType("FORM");
                if (trace) {
                    log.trace("Skip processing of request by next valves. Going to SAML processing");
                }
            } else {
                try {
                    getNext().invoke(request, response);
                    z = true;
                    principal = request.getPrincipal();
                    if (principal != null) {
                        sessionInternal.setNote(PRINCIPAL_NOTE, principal);
                    } else {
                        sessionInternal.removeNote(PRINCIPAL_NOTE);
                    }
                    header = request.getHeader("Referer");
                    if (trace) {
                        log.trace("Referer in finally block=" + header + ":user principal=" + principal);
                    }
                    if (response.isCommitted() || response.isAppCommitted()) {
                        if (trace) {
                            log.trace("Response is already commited. Returning");
                            return;
                        }
                        return;
                    }
                } catch (Throwable th) {
                    Principal principal2 = request.getPrincipal();
                    if (principal2 != null) {
                        sessionInternal.setNote(PRINCIPAL_NOTE, principal2);
                    } else {
                        sessionInternal.removeNote(PRINCIPAL_NOTE);
                    }
                    String header2 = request.getHeader("Referer");
                    if (trace) {
                        log.trace("Referer in finally block=" + header2 + ":user principal=" + principal2);
                    }
                    if (!response.isCommitted() && !response.isAppCommitted()) {
                        throw th;
                    }
                    if (trace) {
                        log.trace("Response is already commited. Returning");
                        return;
                    }
                    return;
                }
            }
        }
        if (sessionInternal.getNote("SAMLRequest") != null || sessionInternal.getNote("SAMLResponse") != null || isNotNull || isNotNull2) {
            request = restoreRequestInfoFromSP(request, sessionInternal);
        }
        IDPWebRequestUtil iDPWebRequestUtil = new IDPWebRequestUtil(request, this.idpConfiguration, this.keyManager);
        if (response.getStatus() == 403) {
            try {
                Document errorResponse = iDPWebRequestUtil.getErrorResponse(header, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), getIdentityURL(), this.idpConfiguration.isSupportsSignature());
                IDPWebRequestUtil.WebRequestUtilHolder holder = iDPWebRequestUtil.getHolder();
                holder.setResponseDoc(errorResponse).setDestination(header).setRelayState(parameter).setAreWeSendingRequest(false).setPrivateKey((PrivateKey) null).setSupportSignature(false).setServletResponse(response);
                holder.setPostBindingRequested(iDPWebRequestUtil.hasSAMLRequestInPostProfile());
                if (this.idpConfiguration.isSupportsSignature()) {
                    holder.setSupportSignature(true).setPrivateKey(this.keyManager.getSigningKey());
                }
                holder.setStrictPostBinding(this.idpConfiguration.isStrictPostBinding());
                iDPWebRequestUtil.send(holder);
                return;
            } catch (GeneralSecurityException e) {
                throw new ServletException(e);
            }
        }
        if (principal != null) {
            String str = (String) sessionInternal.getNote("SAMLRequest");
            String str2 = (String) sessionInternal.getNote("SAMLResponse");
            String str3 = (String) sessionInternal.getNote("RelayState");
            String str4 = (String) sessionInternal.getNote("Signature");
            String str5 = (String) sessionInternal.getNote("SigAlg");
            if (trace) {
                StringBuilder sb = new StringBuilder();
                sb.append("Retrieved saml messages and relay state from session");
                sb.append("saml Request message=").append(str);
                sb.append("::").append("SAMLResponseMessage=");
                sb.append(str2).append(":").append("relay state=").append(str3);
                sb.append("Signature=").append(str4).append("::sigAlg=").append(str5);
                log.trace(sb.toString());
            }
            if (str != null) {
                processSAMLRequestMessage(iDPWebRequestUtil, request, response);
                return;
            }
            if (StringUtil.isNotNull(str2)) {
                processSAMLResponseMessage(iDPWebRequestUtil, request, response);
                return;
            }
            if (StringUtil.isNotNull(request.getParameter("TARGET"))) {
                handleSAML11(iDPWebRequestUtil, request, response);
                return;
            }
            if (this.skipForwardingToHostedURL.booleanValue()) {
                if (trace) {
                    log.trace("Skip forwarding to Hosted URL and continue with other valves");
                }
                if (z) {
                    return;
                }
                getNext().invoke(request, response);
                return;
            }
            if (trace) {
                log.trace("SAML 1.1::Proceeding to IDP index page");
            }
            RequestDispatcher requestDispatcher = this.context.getServletContext().getRequestDispatcher("/hosted/");
            try {
                requestDispatcher.forward(request, response);
            } catch (Exception e2) {
                requestDispatcher.forward(request.getRequest(), response);
            }
        }
    }

    public void start() throws LifecycleException {
        super.start();
        this.context = getContainer();
        this.keyManager = getKeyManager();
        log.info("Valve started with identityURL=" + getIdentityURL() + ", strictPostBinding=" + this.idpConfiguration.isStrictPostBinding() + ", keyManager=" + this.keyManager + ", context=" + this.context);
    }

    protected void initIDPConfiguration() {
        InputStream resourceAsStream = getContext().getServletContext().getResourceAsStream(this.configFile);
        if (this.idpConfiguration == null) {
            if (resourceAsStream == null) {
                throw new RuntimeException("Failed to locate configuration file " + this.configFile);
            }
            try {
                this.picketLinkConfiguration = ConfigurationUtil.getConfiguration(resourceAsStream);
                this.idpConfiguration = this.picketLinkConfiguration.getIdpOrSP();
            } catch (ParsingException e) {
                log.error("Failed to initialize Picketlink IDM from config file located in " + this.configFile, e);
            }
        }
        super.initIDPConfiguration();
    }

    protected void saveRequestInfoFromSP(Request request, Session session) {
        session.setNote(REQUEST_FROM_SP_METHOD, request.getMethod());
        if (trace) {
            log.trace("Saving request info from SP. RequestUrl=" + request.getRequestURI() + ", HTTPMethod=" + request.getMethod());
        }
    }

    protected Request restoreRequestInfoFromSP(Request request, Session session) {
        Object note = session.getNote(REQUEST_FROM_SP_METHOD);
        if (note != null) {
            request.getCoyoteRequest().method().setString((String) note);
            if (trace) {
                log.trace("Restore original request info from SP. RequestUrl=" + request.getRequestURI() + ", HTTPMethod=" + request.getMethod());
            }
        }
        return request;
    }

    protected boolean skipProcessingByNextValves(Session session) {
        return (((Principal) session.getNote(PRINCIPAL_NOTE)) == null || (((String) session.getNote("SAMLRequest")) == null && ((String) session.getNote("SAMLResponse")) == null)) ? false : true;
    }
}
