package org.picketlink.identity.federation.web.filters;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.jboss.security.audit.AuditLevel;
import org.keycloak.protocol.saml.SamlProtocol;
import org.picketlink.common.ErrorCodes;
import org.picketlink.common.PicketLinkLogger;
import org.picketlink.common.PicketLinkLoggerFactory;
import org.picketlink.common.constants.GeneralConstants;
import org.picketlink.common.constants.JBossSAMLConstants;
import org.picketlink.common.exceptions.ConfigurationException;
import org.picketlink.common.exceptions.ParsingException;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.common.exceptions.fed.AssertionExpiredException;
import org.picketlink.common.util.DocumentUtil;
import org.picketlink.common.util.StringUtil;
import org.picketlink.config.federation.AuthPropertyType;
import org.picketlink.config.federation.KeyProviderType;
import org.picketlink.config.federation.PicketLinkType;
import org.picketlink.config.federation.SPType;
import org.picketlink.config.federation.handler.Handlers;
import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditEvent;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditEventType;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
import org.picketlink.identity.federation.core.saml.v1.SAML11Constants;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.factories.SAML2HandlerChainFactory;
import org.picketlink.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthenticationStatementType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11StatementAbstractType;
import org.picketlink.identity.federation.saml.v1.protocol.SAML11ResponseType;
import org.picketlink.identity.federation.saml.v2.metadata.EndpointType;
import org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType;
import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.interfaces.IRoleValidator;
import org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor;
import org.picketlink.identity.federation.web.process.ServiceProviderSAMLRequestProcessor;
import org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor;
import org.picketlink.identity.federation.web.roles.DefaultRoleValidator;
import org.picketlink.identity.federation.web.util.ConfigurationUtil;
import org.picketlink.identity.federation.web.util.HTTPRedirectUtil;
import org.picketlink.identity.federation.web.util.PostBindingUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;
import twitter4j.internal.http.HttpResponseCode;

/* loaded from: input_file:WEB-INF/lib/picketlink-federation-2.7.0.CR2.jar:org/picketlink/identity/federation/web/filters/SPFilter.class */
public class SPFilter implements Filter {
    protected static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
    public static final String ISSUER_ID = "ISSUER_ID";
    public static final String DESIRED_IDP = "picketlink.desired.idp";
    public static final String CHARACTER_ENCODING = "CHARACTER_ENCODING";
    public static final String CONFIGURATION_PROVIDER = "CONFIGURATION_PROVIDER";
    public static final String SAML_HANDLER_CHAIN_CLASS = "SAML_HANDLER_CHAIN_CLASS";
    protected String configFile;
    private TrustKeyManager keyManager;
    protected IDPSSODescriptorType idpMetadata;
    private String characterEncoding;
    private Map<String, Object> chainConfigOptions;
    private final boolean trace = logger.isTraceEnabled();
    protected SPType spConfiguration = null;
    protected PicketLinkType picketLinkConfiguration = null;
    protected String serviceURL = null;
    protected String identityURL = null;
    protected transient String samlHandlerChainClass = null;
    private ServletContext servletContext = null;
    private transient SAML2HandlerChain chain = null;
    protected boolean ignoreSignatures = false;
    private IRoleValidator roleValidator = new DefaultRoleValidator();
    private String logOutPage = GeneralConstants.LOGOUT_PAGE_NAME;
    protected String canonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
    protected volatile PicketLinkAuditHelper auditHelper = null;
    protected volatile String issuerID = null;
    protected Lock chainLock = new ReentrantLock();
    protected SAMLConfigurationProvider configProvider = null;

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest createHttpServletRequestWrapper = createHttpServletRequestWrapper((HttpServletRequest) servletRequest);
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            String characterEncoding = getCharacterEncoding();
            if (characterEncoding != null) {
                createHttpServletRequestWrapper.setCharacterEncoding(characterEncoding);
            }
            HttpSession session = createHttpServletRequestWrapper.getSession(true);
            if (isLocalLogout(createHttpServletRequestWrapper)) {
                try {
                    sendToLogoutPage(createHttpServletRequestWrapper, httpServletResponse, session);
                    return;
                } catch (ServletException e) {
                    logger.samlLogoutError(e);
                    throw new IOException(e);
                }
            }
            String parameter = createHttpServletRequestWrapper.getParameter(GeneralConstants.SAML_REQUEST_KEY);
            String parameter2 = createHttpServletRequestWrapper.getParameter(GeneralConstants.SAML_RESPONSE_KEY);
            if (createHttpServletRequestWrapper.getUserPrincipal() == null || isGlobalLogout(createHttpServletRequestWrapper) || StringUtil.isNotNull(parameter) || StringUtil.isNotNull(parameter2)) {
                if (!StringUtil.isNotNull(parameter) && !StringUtil.isNotNull(parameter2)) {
                    generalUserRequest(createHttpServletRequestWrapper, httpServletResponse);
                }
                if (StringUtil.isNotNull(parameter2)) {
                    handleSAMLResponse(createHttpServletRequestWrapper, httpServletResponse);
                }
                if (StringUtil.isNotNull(parameter)) {
                    handleSAMLRequest(createHttpServletRequestWrapper, httpServletResponse);
                }
                HttpServletRequest createHttpServletRequestWrapper2 = createHttpServletRequestWrapper((HttpServletRequest) servletRequest);
                if (createHttpServletRequestWrapper2.getUserPrincipal() == null || httpServletResponse.isCommitted()) {
                    localAuthentication(createHttpServletRequestWrapper2, httpServletResponse);
                } else {
                    filterChain.doFilter(createHttpServletRequestWrapper2, httpServletResponse);
                }
            } else {
                filterChain.doFilter(createHttpServletRequestWrapper, httpServletResponse);
            }
        } catch (IOException e2) {
            SPType configuration = getConfiguration();
            if (!StringUtil.isNotNull(configuration.getErrorPage())) {
                throw e2;
            }
            try {
                createHttpServletRequestWrapper.getRequestDispatcher(configuration.getErrorPage()).forward(createHttpServletRequestWrapper, httpServletResponse);
            } catch (ServletException e3) {
                logger.samlErrorPageForwardError(configuration.getErrorPage(), e3);
            }
            httpServletResponse.setStatus(HttpResponseCode.INTERNAL_SERVER_ERROR);
        }
    }

    private HttpServletRequest createHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        return new HttpServletRequestWrapper(httpServletRequest) { // from class: org.picketlink.identity.federation.web.filters.SPFilter.1
            public Principal getUserPrincipal() {
                HttpSession session = getSession(false);
                return session != null ? (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID) : super.getUserPrincipal();
            }
        };
    }

    private String getCharacterEncoding() {
        return this.characterEncoding;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.servletContext = filterConfig.getServletContext();
        processConfiguration(filterConfig);
    }

    private AuthnRequestType createSAMLRequest(String str, String str2) throws ConfigurationException {
        if (str == null) {
            throw new IllegalArgumentException("PL00078: Null Parameter:serviceURL");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("PL00078: Null Parameter:identityURL");
        }
        return new SAML2Request().createAuthnRequestType(IDGenerator.create("ID_"), str, str2, str);
    }

    protected void sendToDestination(Document document, String str, String str2, HttpServletResponse httpServletResponse, boolean z) throws IOException, SAXException, GeneralSecurityException {
        if (!this.ignoreSignatures) {
            SAML2Signature sAML2Signature = new SAML2Signature();
            Node nextSiblingOfIssuer = sAML2Signature.getNextSiblingOfIssuer(document);
            if (nextSiblingOfIssuer != null) {
                sAML2Signature.setNextSibling(nextSiblingOfIssuer);
            }
            sAML2Signature.signSAMLDocument(document, this.keyManager.getSigningKeyPair());
        }
        PostBindingUtil.sendPost(new DestinationInfoHolder(str2, PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(document)), str), httpServletResponse, z);
    }

    private boolean handleSAMLResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (validate(httpServletRequest)) {
            return !JBossSAMLConstants.VERSION_2_0.get().equals(getSAMLVersion(httpServletRequest)) ? handleSAML11UnsolicitedResponse(httpServletRequest, httpServletResponse) : handleSAML2Response(httpServletRequest, httpServletResponse);
        }
        throw new IOException(ErrorCodes.VALIDATION_CHECK_FAILED);
    }

    private boolean isLocalLogout(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(GeneralConstants.LOCAL_LOGOUT);
        return StringUtil.isNotNull(parameter) && SamlProtocol.ATTRIBUTE_TRUE_VALUE.equalsIgnoreCase(parameter);
    }

    protected void sendToLogoutPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession) throws IOException, ServletException {
        RequestDispatcher requestDispatcher = this.servletContext.getRequestDispatcher(getConfiguration().getLogOutPage());
        if (requestDispatcher == null) {
            logger.samlSPCouldNotDispatchToLogoutPage(getConfiguration().getLogOutPage());
            return;
        }
        logger.trace("Forwarding request to logOutPage: " + getConfiguration().getLogOutPage());
        try {
            httpSession.invalidate();
        } catch (IllegalStateException e) {
        }
        try {
            requestDispatcher.forward(httpServletRequest, httpServletResponse);
        } catch (Exception e2) {
            requestDispatcher.forward(httpServletRequest, httpServletResponse);
        }
    }

    private SPType getConfiguration() {
        return (SPType) this.picketLinkConfiguration.getIdpOrSP();
    }

    private boolean isGlobalLogout(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(GeneralConstants.GLOBAL_LOGOUT);
        return StringUtil.isNotNull(parameter) && SamlProtocol.ATTRIBUTE_TRUE_VALUE.equalsIgnoreCase(parameter);
    }

    private boolean generalUserRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletRequest.getSession(true);
        HTTPContext hTTPContext = new HTTPContext(httpServletRequest, httpServletResponse, this.servletContext);
        Set<SAML2Handler> handlers = this.chain.handlers();
        try {
            ServiceProviderBaseProcessor serviceProviderBaseProcessor = new ServiceProviderBaseProcessor(getConfiguration().getBindingType().equals("POST"), this.serviceURL, this.picketLinkConfiguration, this.idpMetadata);
            if (this.issuerID != null) {
                serviceProviderBaseProcessor.setIssuer(this.issuerID);
            }
            String str = (String) httpServletRequest.getAttribute(DESIRED_IDP);
            if (StringUtil.isNotNull(str)) {
                serviceProviderBaseProcessor.setIdentityURL(str);
            } else {
                serviceProviderBaseProcessor.setIdentityURL(getIdentityURL());
            }
            serviceProviderBaseProcessor.setAuditHelper(this.auditHelper);
            SAML2HandlerResponse process = serviceProviderBaseProcessor.process(hTTPContext, handlers, this.chainLock);
            boolean sendRequest = process.getSendRequest();
            Document resultingDocument = process.getResultingDocument();
            String relayState = process.getRelayState();
            String destination = process.getDestination();
            String destinationQueryStringWithSignature = process.getDestinationQueryStringWithSignature();
            if (destination == null || resultingDocument == null) {
                return localAuthentication(httpServletRequest, httpServletResponse);
            }
            try {
                if (isEnableAudit()) {
                    PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                    picketLinkAuditEvent.setType(PicketLinkAuditEventType.REQUEST_TO_IDP);
                    picketLinkAuditEvent.setWhoIsAuditing(getContextPath());
                    this.auditHelper.audit(picketLinkAuditEvent);
                }
                sendRequestToIDP(destination, resultingDocument, relayState, httpServletRequest, httpServletResponse, sendRequest, destinationQueryStringWithSignature);
                return false;
            } catch (Exception e) {
                logger.samlSPHandleRequestError(e);
                throw logger.samlSPProcessingExceptionError(e);
            }
        } catch (ConfigurationException e2) {
            logger.samlSPHandleRequestError(e2);
            throw new RuntimeException(e2);
        } catch (ParsingException e3) {
            logger.samlSPHandleRequestError(e3);
            throw new RuntimeException(e3);
        } catch (ProcessingException e4) {
            logger.samlSPHandleRequestError(e4);
            throw new RuntimeException(e4);
        }
    }

    private String getContextPath() {
        return this.servletContext.getContextPath();
    }

    public String getIdentityURL() {
        return getConfiguration().getIdentityURL();
    }

    private boolean isEnableAudit() {
        return this.picketLinkConfiguration.isEnableAudit();
    }

    protected void sendRequestToIDP(String str, Document document, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, String str3) throws ProcessingException, ConfigurationException, IOException {
        if (isAjaxRequest(httpServletRequest) && httpServletRequest.getUserPrincipal() == null) {
            httpServletResponse.sendError(HttpResponseCode.FORBIDDEN);
        } else if (isHttpPostBinding()) {
            sendHttpPostBindingRequest(str, document, str2, httpServletResponse, z);
        } else {
            sendHttpRedirectRequest(str, document, str2, httpServletResponse, z, str3);
        }
    }

    private boolean isAjaxRequest(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(GeneralConstants.HTTP_HEADER_X_REQUESTED_WITH);
        return header != null && "XMLHttpRequest".equalsIgnoreCase(header);
    }

    protected boolean isHttpPostBinding() {
        return getBinding().equalsIgnoreCase("POST");
    }

    protected void sendHttpPostBindingRequest(String str, Document document, String str2, HttpServletResponse httpServletResponse, boolean z) throws ProcessingException, IOException, ConfigurationException {
        PostBindingUtil.sendPost(new DestinationInfoHolder(str, PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(document)), str2), httpServletResponse, z);
    }

    protected void sendHttpRedirectRequest(String str, Document document, String str2, HttpServletResponse httpServletResponse, boolean z, String str3) throws IOException, ProcessingException, ConfigurationException {
        String destinationQueryString = str3 != null ? str3 : RedirectBindingUtil.getDestinationQueryString(RedirectBindingUtil.deflateBase64URLEncode(DocumentUtil.getDocumentAsString(document).getBytes("UTF-8")), str2, z);
        RedirectBindingUtil.RedirectBindingUtilDestHolder redirectBindingUtilDestHolder = new RedirectBindingUtil.RedirectBindingUtilDestHolder();
        redirectBindingUtilDestHolder.setDestination(str).setDestinationQueryString(destinationQueryString);
        HTTPRedirectUtil.sendRedirectForRequestor(RedirectBindingUtil.getDestinationURL(redirectBindingUtilDestHolder), httpServletResponse);
    }

    protected String getBinding() {
        return getConfiguration().getBindingType();
    }

    protected boolean localAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        return true;
    }

    protected boolean validate(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(GeneralConstants.SAML_RESPONSE_KEY) != null;
    }

    private String getSAMLVersion(HttpServletRequest httpServletRequest) {
        try {
            Element documentElement = toSAMLResponseDocument(httpServletRequest.getParameter(GeneralConstants.SAML_RESPONSE_KEY), "POST".equalsIgnoreCase(httpServletRequest.getMethod())).getDocumentElement();
            String attribute = documentElement.getAttribute("Version");
            if (StringUtil.isNullOrEmpty(attribute)) {
                attribute = documentElement.getAttribute(SAML11Constants.MINOR_VERSION) + "." + documentElement.getAttribute(SAML11Constants.MAJOR_VERSION);
            }
            return attribute;
        } catch (Exception e) {
            throw new RuntimeException("Could not extract version from SAML Response.", e);
        }
    }

    private Document toSAMLResponseDocument(String str, boolean z) throws ParsingException {
        try {
            return DocumentUtil.getDocument(z ? PostBindingUtil.base64DecodeAsStream(str) : RedirectBindingUtil.base64DeflateDecode(str));
        } catch (Exception e) {
            logger.samlResponseFromIDPParsingFailed();
            throw new ParsingException("", e);
        }
    }

    public boolean handleSAML11UnsolicitedResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter(GeneralConstants.SAML_RESPONSE_KEY);
        if (httpServletRequest.getUserPrincipal() != null) {
            return true;
        }
        httpServletRequest.getSession(true);
        if (!StringUtil.isNotNull(parameter)) {
            return false;
        }
        try {
            if (!validate(httpServletRequest)) {
                throw new IOException(ErrorCodes.VALIDATION_CHECK_FAILED);
            }
            try {
                List<SAML11AssertionType> list = ((SAML11ResponseType) new SAMLParser().parse("GET".equalsIgnoreCase(httpServletRequest.getMethod()) ? RedirectBindingUtil.base64DeflateDecode(parameter) : PostBindingUtil.base64DecodeAsStream(parameter))).get();
                if (list.size() > 1) {
                    logger.trace("More than one assertion from IDP. Considering the first one.");
                }
                new ArrayList();
                SAML11AssertionType sAML11AssertionType = list.get(0);
                if (sAML11AssertionType == null) {
                    return true;
                }
                for (SAML11StatementAbstractType sAML11StatementAbstractType : sAML11AssertionType.getStatements()) {
                    if (sAML11StatementAbstractType instanceof SAML11AuthenticationStatementType) {
                        ((SAML11AuthenticationStatementType) sAML11StatementAbstractType).getSubject().getChoice().getNameID().getValue();
                    }
                }
                AssertionUtil.getRoles(sAML11AssertionType, (List<String>) null);
                return true;
            } catch (Exception e) {
                logger.samlSPHandleRequestError(e);
                return false;
            }
        } catch (Exception e2) {
            logger.samlSPHandleRequestError(e2);
            throw new IOException();
        }
    }

    private boolean handleSAML2Response(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        HttpSession session = httpServletRequest.getSession(true);
        String parameter = httpServletRequest.getParameter(GeneralConstants.SAML_RESPONSE_KEY);
        HTTPContext hTTPContext = new HTTPContext(httpServletRequest, httpServletResponse, this.servletContext);
        Set<SAML2Handler> handlers = this.chain.handlers();
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        try {
            ServiceProviderSAMLResponseProcessor serviceProviderSAMLResponseProcessor = new ServiceProviderSAMLResponseProcessor(httpServletRequest.getMethod().equals("POST"), this.serviceURL, this.picketLinkConfiguration, this.idpMetadata);
            if (this.auditHelper != null) {
                serviceProviderSAMLResponseProcessor.setAuditHelper(this.auditHelper);
            }
            serviceProviderSAMLResponseProcessor.setTrustKeyManager(this.keyManager);
            SAML2HandlerResponse process = serviceProviderSAMLResponseProcessor.process(parameter, hTTPContext, handlers, this.chainLock);
            Document resultingDocument = process.getResultingDocument();
            String relayState = process.getRelayState();
            String destination = process.getDestination();
            boolean sendRequest = process.getSendRequest();
            String destinationQueryStringWithSignature = process.getDestinationQueryStringWithSignature();
            if (destination != null && resultingDocument != null) {
                sendRequestToIDP(destination, resultingDocument, relayState, httpServletRequest, httpServletResponse, sendRequest, destinationQueryStringWithSignature);
                return localAuthentication(httpServletRequest, httpServletResponse);
            }
            if (!(httpServletRequest.getUserPrincipal() != null)) {
                sendToLogoutPage(httpServletRequest, httpServletResponse, session);
                return false;
            }
            process.getRoles();
            if (userPrincipal == null) {
                userPrincipal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID);
            }
            if (userPrincipal == null) {
                throw new RuntimeException("PL00092: Null Value: principal");
            }
            if (!isEnableAudit()) {
                return true;
            }
            PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
            picketLinkAuditEvent.setType(PicketLinkAuditEventType.RESPONSE_FROM_IDP);
            picketLinkAuditEvent.setSubjectName(userPrincipal.getName());
            picketLinkAuditEvent.setWhoIsAuditing(getContextPath());
            this.auditHelper.audit(picketLinkAuditEvent);
            return true;
        } catch (ProcessingException e) {
            Throwable cause = e.getCause();
            if (cause == null || !(cause instanceof AssertionExpiredException)) {
                logger.samlSPHandleRequestError(e);
                throw logger.samlSPProcessingExceptionError(e);
            }
            logger.error("Assertion has expired. Asking IDP for reissue");
            if (isEnableAudit()) {
                PicketLinkAuditEvent picketLinkAuditEvent2 = new PicketLinkAuditEvent(AuditLevel.INFO);
                picketLinkAuditEvent2.setType(PicketLinkAuditEventType.EXPIRED_ASSERTION);
                picketLinkAuditEvent2.setAssertionID(((AssertionExpiredException) cause).getId());
                this.auditHelper.audit(picketLinkAuditEvent2);
            }
            return generalUserRequest(httpServletRequest, httpServletResponse);
        } catch (Exception e2) {
            logger.samlSPHandleRequestError(e2);
            throw logger.samlSPProcessingExceptionError(e2);
        }
    }

    private void processIdPMetadata(SPType sPType) {
        IDPSSODescriptorType idpMetadataFromFile = StringUtil.isNotNull(sPType.getIdpMetadataFile()) ? getIdpMetadataFromFile(sPType) : getIdpMetadataFromProvider(sPType);
        if (idpMetadataFromFile != null) {
            Iterator<EndpointType> it = idpMetadataFromFile.getSingleSignOnService().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                EndpointType next = it.next();
                String uri = next.getBinding().toString();
                if (uri.contains("HTTP-POST")) {
                    uri = "POST";
                } else if (uri.contains("HTTP-Redirect")) {
                    uri = "REDIRECT";
                }
                if (sPType.getBindingType().equals(uri)) {
                    sPType.setIdentityURL(next.getLocation().toString());
                    break;
                }
            }
            this.idpMetadata = idpMetadataFromFile;
        }
    }

    private IDPSSODescriptorType getIdpMetadataFromProvider(SPType sPType) {
        List<EntityDescriptorType> metadataConfiguration = CoreConfigUtil.getMetadataConfiguration(sPType, this.servletContext);
        if (metadataConfiguration == null) {
            return null;
        }
        Iterator<EntityDescriptorType> it = metadataConfiguration.iterator();
        while (it.hasNext()) {
            IDPSSODescriptorType handleMetadata = handleMetadata(it.next());
            if (handleMetadata != null) {
                return handleMetadata;
            }
        }
        return null;
    }

    protected IDPSSODescriptorType handleMetadata(EntitiesDescriptorType entitiesDescriptorType) {
        IDPSSODescriptorType iDPSSODescriptorType = null;
        for (Object obj : entitiesDescriptorType.getEntityDescriptor()) {
            iDPSSODescriptorType = obj instanceof EntitiesDescriptorType ? getIDPSSODescriptor(entitiesDescriptorType) : handleMetadata((EntityDescriptorType) obj);
            if (iDPSSODescriptorType != null) {
                break;
            }
        }
        return iDPSSODescriptorType;
    }

    protected IDPSSODescriptorType handleMetadata(EntityDescriptorType entityDescriptorType) {
        return CoreConfigUtil.getIDPDescriptor(entityDescriptorType);
    }

    protected IDPSSODescriptorType getIDPSSODescriptor(EntitiesDescriptorType entitiesDescriptorType) {
        Iterator<Object> it = entitiesDescriptorType.getEntityDescriptor().iterator();
        if (!it.hasNext()) {
            return null;
        }
        Object next = it.next();
        return next instanceof EntitiesDescriptorType ? getIDPSSODescriptor((EntitiesDescriptorType) next) : CoreConfigUtil.getIDPDescriptor((EntityDescriptorType) next);
    }

    protected IDPSSODescriptorType getIdpMetadataFromFile(SPType sPType) {
        InputStream resourceAsStream = this.servletContext.getResourceAsStream(sPType.getIdpMetadataFile());
        if (resourceAsStream == null) {
            return null;
        }
        try {
            Object parse = new SAMLParser().parse(DocumentUtil.getNodeAsStream(DocumentUtil.getDocument(resourceAsStream)));
            IDPSSODescriptorType handleMetadata = parse instanceof EntitiesDescriptorType ? handleMetadata((EntitiesDescriptorType) parse) : handleMetadata((EntityDescriptorType) parse);
            if (handleMetadata != null) {
                return handleMetadata;
            }
            logger.samlSPUnableToGetIDPDescriptorFromMetadata();
            return handleMetadata;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private boolean handleSAMLRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter(GeneralConstants.SAML_REQUEST_KEY);
        HTTPContext hTTPContext = new HTTPContext(httpServletRequest, httpServletResponse, this.servletContext);
        Set<SAML2Handler> handlers = this.chain.handlers();
        try {
            ServiceProviderSAMLRequestProcessor serviceProviderSAMLRequestProcessor = new ServiceProviderSAMLRequestProcessor(httpServletRequest.getMethod().equals("POST"), this.serviceURL, this.picketLinkConfiguration, this.idpMetadata);
            serviceProviderSAMLRequestProcessor.setTrustKeyManager(this.keyManager);
            boolean process = serviceProviderSAMLRequestProcessor.process(parameter, hTTPContext, handlers, this.chainLock);
            if (isEnableAudit()) {
                PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                picketLinkAuditEvent.setType(PicketLinkAuditEventType.REQUEST_FROM_IDP);
                picketLinkAuditEvent.setWhoIsAuditing(getContextPath());
                this.auditHelper.audit(picketLinkAuditEvent);
            }
            if (httpServletResponse.isCommitted()) {
                return false;
            }
            return process ? process : localAuthentication(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            logger.samlSPHandleRequestError(e);
            throw logger.samlSPProcessingExceptionError(e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:32:0x0197 A[Catch: Exception -> 0x0279, TryCatch #4 {Exception -> 0x0279, blocks: (B:17:0x00a7, B:22:0x00b2, B:24:0x00c3, B:26:0x00cd, B:27:0x00f4, B:50:0x017d, B:30:0x0186, B:32:0x0197, B:34:0x01ad, B:35:0x01b7, B:37:0x01bf, B:39:0x01c6, B:40:0x01dc, B:42:0x023c, B:43:0x0254, B:47:0x024a, B:48:0x0253, B:56:0x00df, B:58:0x00e9, B:73:0x012c, B:67:0x014b, B:69:0x015c, B:70:0x0168, B:71:0x0169, B:76:0x0136, B:77:0x014a, B:63:0x0110, B:64:0x011a, B:60:0x011d, B:61:0x0127), top: B:16:0x00a7, inners: #5, #7, #8 }] */
    /* JADX WARN: Removed duplicated region for block: B:49:0x017d A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Type inference failed for: r0v100, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r0v20, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r0v83, types: [java.io.InputStream] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void processConfiguration(javax.servlet.FilterConfig r6) {
        /*
            Method dump skipped, instructions count: 646
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.picketlink.identity.federation.web.filters.SPFilter.processConfiguration(javax.servlet.FilterConfig):void");
    }

    protected void initKeyProvider() {
        if (doSupportSignature()) {
            SPType configuration = getConfiguration();
            KeyProviderType keyProvider = configuration.getKeyProvider();
            if (keyProvider == null && doSupportSignature()) {
                throw new RuntimeException("PL00092: Null Value:KeyProvider is null for context=" + getContextPath());
            }
            try {
                String className = keyProvider.getClassName();
                if (className == null) {
                    throw new RuntimeException("PL00092: Null Value:KeyManager class name");
                }
                Class<?> loadClass = SecurityActions.loadClass(getClass(), className);
                if (loadClass == null) {
                    throw new ClassNotFoundException(ErrorCodes.CLASS_NOT_LOADED + className);
                }
                TrustKeyManager trustKeyManager = (TrustKeyManager) loadClass.newInstance();
                List<AuthPropertyType> keyProviderProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider);
                trustKeyManager.setAuthProperties(keyProviderProperties);
                trustKeyManager.setValidatingAlias(keyProvider.getValidatingAlias());
                String identityURL = configuration.getIdentityURL();
                if (keyProviderProperties != null) {
                    Iterator<AuthPropertyType> it = keyProviderProperties.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        AuthPropertyType next = it.next();
                        if (GeneralConstants.X509CERTIFICATE.equals(next.getKey())) {
                            trustKeyManager.addAdditionalOption(GeneralConstants.X509CERTIFICATE, next.getValue());
                            break;
                        }
                    }
                }
                trustKeyManager.addAdditionalOption(ServiceProviderBaseProcessor.IDP_KEY, new URL(identityURL).getHost());
                this.keyManager = trustKeyManager;
                logger.trace("Key Provider=" + keyProvider.getClassName());
            } catch (Exception e) {
                logger.trustKeyManagerCreationError(e);
                throw new RuntimeException(e.getLocalizedMessage());
            }
        }
    }

    protected boolean doSupportSignature() {
        return getConfiguration().isSupportsSignature();
    }

    protected void initializeHandlerChain(PicketLinkType picketLinkType) throws Exception {
        SAML2HandlerChain createChain;
        if (StringUtil.isNullOrEmpty(this.samlHandlerChainClass)) {
            createChain = SAML2HandlerChainFactory.createChain();
        } else {
            try {
                createChain = SAML2HandlerChainFactory.createChain(this.samlHandlerChainClass);
            } catch (ProcessingException e) {
                throw new RuntimeException(e);
            }
        }
        Handlers handlers = picketLinkType.getHandlers();
        if (handlers == null) {
            handlers = ConfigurationUtil.getHandlers(this.servletContext.getResourceAsStream(GeneralConstants.HANDLER_CONFIG_FILE_LOCATION));
        }
        picketLinkType.setHandlers(handlers);
        createChain.addAll(HandlerUtil.getHandlers(handlers));
        populateChainConfig(picketLinkType);
        DefaultSAML2HandlerChainConfig defaultSAML2HandlerChainConfig = new DefaultSAML2HandlerChainConfig(this.chainConfigOptions);
        Iterator<SAML2Handler> it = createChain.handlers().iterator();
        while (it.hasNext()) {
            it.next().initChainConfig(defaultSAML2HandlerChainConfig);
        }
        this.chain = createChain;
    }

    protected void populateChainConfig(PicketLinkType picketLinkType) throws ConfigurationException, ProcessingException {
        HashMap hashMap = new HashMap();
        hashMap.put(GeneralConstants.CONFIGURATION, picketLinkType.getIdpOrSP());
        hashMap.put(GeneralConstants.ROLE_VALIDATOR_IGNORE, SamlProtocol.ATTRIBUTE_FALSE_VALUE);
        if (doSupportSignature()) {
            hashMap.put(GeneralConstants.KEYPAIR, this.keyManager.getSigningKeyPair());
            String str = (String) this.keyManager.getAdditionalOption(GeneralConstants.X509CERTIFICATE);
            if (str != null) {
                hashMap.put(GeneralConstants.X509CERTIFICATE, this.keyManager.getCertificate(str));
            }
        }
        this.chainConfigOptions = hashMap;
    }
}
