package org.picketlink.identity.federation.bindings.tomcat.sp;

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.picketlink.common.util.StringUtil;
import org.picketlink.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthenticationStatementType;
import org.picketlink.identity.federation.saml.v1.protocol.SAML11ResponseType;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
import org.picketlink.identity.federation.web.util.ServerDetector;

/* loaded from: input_file:org/picketlink/identity/federation/bindings/tomcat/sp/AbstractSAML11SPRedirectFormAuthenticator.class */
public abstract class AbstractSAML11SPRedirectFormAuthenticator extends AbstractSPFormAuthenticator {
    @Override // org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator
    public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException {
        if (handleSAML11UnsolicitedResponse(request, response, loginConfig, this)) {
            return true;
        }
        logger.trace("Falling back on local Form Authentication if available");
        return super.authenticate(request, response, loginConfig);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v63, types: [java.util.List] */
    public static boolean handleSAML11UnsolicitedResponse(Request request, Response response, LoginConfig loginConfig, AbstractSPFormAuthenticator abstractSPFormAuthenticator) throws IOException {
        Principal authenticate;
        String parameter = request.getParameter("SAMLResponse");
        if (request.getUserPrincipal() != null) {
            return true;
        }
        Session sessionInternal = request.getSessionInternal(true);
        if (!StringUtil.isNotNull(parameter)) {
            return false;
        }
        try {
            if (!abstractSPFormAuthenticator.validate(request)) {
                throw new IOException("PL00019: Validation check failed");
            }
            try {
                List list = ((SAML11ResponseType) new SAMLParser().parse(RedirectBindingUtil.base64DeflateDecode(parameter))).get();
                if (list.size() > 1) {
                    logger.trace("More than one assertion from IDP. Considering the first one.");
                }
                String str = null;
                ArrayList arrayList = new ArrayList();
                SAML11AssertionType sAML11AssertionType = (SAML11AssertionType) list.get(0);
                if (sAML11AssertionType != null) {
                    for (SAML11AuthenticationStatementType sAML11AuthenticationStatementType : sAML11AssertionType.getStatements()) {
                        if (sAML11AuthenticationStatementType instanceof SAML11AuthenticationStatementType) {
                            str = sAML11AuthenticationStatementType.getSubject().getChoice().getNameID().getValue();
                        }
                    }
                    arrayList = AssertionUtil.getRoles(sAML11AssertionType, (List) null);
                }
                if (new ServerDetector().isJboss() || abstractSPFormAuthenticator.jbossEnv) {
                    ServiceProviderSAMLContext.push(str, arrayList);
                    authenticate = abstractSPFormAuthenticator.getContext().getRealm().authenticate(str, ServiceProviderSAMLContext.EMPTY_PASSWORD);
                    ServiceProviderSAMLContext.clear();
                } else {
                    authenticate = new SPUtil().createGenericPrincipal(request, str, arrayList);
                }
                sessionInternal.setNote("org.apache.catalina.session.USERNAME", str);
                sessionInternal.setNote("org.apache.catalina.session.PASSWORD", ServiceProviderSAMLContext.EMPTY_PASSWORD);
                request.setUserPrincipal(authenticate);
                if (abstractSPFormAuthenticator.saveRestoreRequest) {
                    abstractSPFormAuthenticator.restoreRequest(request, sessionInternal);
                }
                abstractSPFormAuthenticator.register(request, response, authenticate, "FORM", str, ServiceProviderSAMLContext.EMPTY_PASSWORD);
                return true;
            } catch (Exception e) {
                logger.samlSPHandleRequestError(e);
                return false;
            }
        } catch (Exception e2) {
            logger.samlSPHandleRequestError(e2);
            throw new IOException();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator, org.picketlink.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator
    public void startPicketLink() throws LifecycleException {
        super.startPicketLink();
        this.spConfiguration.setBindingType("REDIRECT");
    }
}
