package org.jboss.identity.federation.bindings.tomcat.sp;

import java.io.IOException;
import java.security.Principal;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import javax.servlet.RequestDispatcher;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.config.TrustType;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.util.StringUtil;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.jboss.identity.federation.web.core.HTTPContext;
import org.jboss.identity.federation.web.process.ServiceProviderBaseProcessor;
import org.jboss.identity.federation.web.process.ServiceProviderSAMLRequestProcessor;
import org.jboss.identity.federation.web.process.ServiceProviderSAMLResponseProcessor;
import org.jboss.identity.federation.web.util.PostBindingUtil;
import org.jboss.identity.federation.web.util.ServerDetector;
import org.w3c.dom.Document;

/* loaded from: input_file:org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.class */
public class SPPostFormAuthenticator extends BaseFormAuthenticator {
    private static Logger log = Logger.getLogger(SPPostFormAuthenticator.class);
    private boolean jbossEnv;
    private boolean trace = log.isTraceEnabled();
    private String logOutPage = "/logout.jsp";

    public SPPostFormAuthenticator() {
        this.jbossEnv = false;
        this.jbossEnv = new ServerDetector().isJboss();
    }

    public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException {
        Principal authenticate;
        SPUtil sPUtil = new SPUtil();
        String parameter = request.getParameter("GLO");
        boolean z = StringUtil.isNotNull(parameter) && "true".equalsIgnoreCase(parameter);
        String parameter2 = request.getParameter("SAMLRequest");
        String parameter3 = request.getParameter("SAMLResponse");
        Principal userPrincipal = request.getUserPrincipal();
        if (userPrincipal != null && !z && !StringUtil.isNotNull(parameter2) && !StringUtil.isNotNull(parameter3)) {
            return true;
        }
        Session sessionInternal = request.getSessionInternal(true);
        request.getParameter("RelayState");
        HTTPContext hTTPContext = new HTTPContext(request, response, this.context.getServletContext());
        Set handlers = this.chain.handlers();
        if (!StringUtil.isNotNull(parameter2) && !StringUtil.isNotNull(parameter3)) {
            try {
                SAML2HandlerResponse process = new ServiceProviderBaseProcessor(true, this.serviceURL).process(hTTPContext, handlers);
                process.setDestination(this.identityURL);
                boolean sendRequest = process.getSendRequest();
                Document resultingDocument = process.getResultingDocument();
                String relayState = process.getRelayState();
                String destination = process.getDestination();
                if (destination != null && resultingDocument != null) {
                    try {
                        sendRequestToIDP(destination, resultingDocument, relayState, response, sendRequest);
                        return false;
                    } catch (Exception e) {
                        if (this.trace) {
                            log.trace("Exception:", e);
                        }
                        throw new IOException("Server Error");
                    }
                }
            } catch (ConfigurationException e2) {
                log.error("Config Exception:", e2);
                throw new RuntimeException((Throwable) e2);
            } catch (ProcessingException e3) {
                log.error("Processing Exception:", e3);
                throw new RuntimeException((Throwable) e3);
            } catch (ParsingException e4) {
                log.error("Parsing Exception:", e4);
                throw new RuntimeException((Throwable) e4);
            }
        }
        if (StringUtil.isNotNull(parameter3)) {
            try {
                if (!validate(request)) {
                    throw new IOException("Validity check failed");
                }
                try {
                    SAML2HandlerResponse process2 = new ServiceProviderSAMLResponseProcessor(true, this.serviceURL).process(parameter3, hTTPContext, handlers);
                    Document resultingDocument2 = process2.getResultingDocument();
                    String relayState2 = process2.getRelayState();
                    String destination2 = process2.getDestination();
                    boolean sendRequest2 = process2.getSendRequest();
                    if (destination2 == null || resultingDocument2 == null) {
                        if (!sessionInternal.isValid()) {
                            RequestDispatcher requestDispatcher = this.context.getServletContext().getRequestDispatcher(this.logOutPage);
                            if (requestDispatcher == null) {
                                log.error("Cannot dispatch to the logout page: no request dispatcher:" + this.logOutPage);
                                return false;
                            }
                            requestDispatcher.forward(request, response);
                            return false;
                        }
                        List<String> roles = process2.getRoles();
                        if (userPrincipal == null) {
                            userPrincipal = (Principal) sessionInternal.getSession().getAttribute("jboss_identity.principal");
                        }
                        String name = userPrincipal.getName();
                        if (new ServerDetector().isJboss() || this.jbossEnv) {
                            ServiceProviderSAMLContext.push(name, Arrays.asList(((GenericPrincipal) userPrincipal).getRoles()));
                            authenticate = this.context.getRealm().authenticate(name, ServiceProviderSAMLContext.EMPTY_PASSWORD);
                            ServiceProviderSAMLContext.clear();
                        } else {
                            authenticate = sPUtil.createGenericPrincipal(request, userPrincipal.getName(), roles);
                        }
                        sessionInternal.setNote("org.apache.catalina.session.USERNAME", name);
                        sessionInternal.setNote("org.apache.catalina.session.PASSWORD", ServiceProviderSAMLContext.EMPTY_PASSWORD);
                        request.setUserPrincipal(authenticate);
                        register(request, response, authenticate, "FORM", name, ServiceProviderSAMLContext.EMPTY_PASSWORD);
                        return true;
                    }
                    sendRequestToIDP(destination2, resultingDocument2, relayState2, response, sendRequest2);
                } catch (Exception e5) {
                    if (this.trace) {
                        log.trace("Server Exception:", e5);
                    }
                    throw new IOException("Server Exception");
                }
            } catch (Exception e6) {
                log.error("Exception:", e6);
                throw new IOException();
            }
        }
        if (StringUtil.isNotNull(parameter2)) {
            try {
                boolean process3 = new ServiceProviderSAMLRequestProcessor(true, this.serviceURL).process(parameter2, hTTPContext, handlers);
                if (process3) {
                    return process3;
                }
            } catch (Exception e7) {
                if (this.trace) {
                    log.trace("Server Exception:", e7);
                }
                throw new IOException("Server Exception");
            }
        }
        return super.authenticate(request, response, loginConfig);
    }

    protected void sendRequestToIDP(String str, Document document, String str2, Response response, boolean z) throws ProcessingException, ConfigurationException, IOException {
        PostBindingUtil.sendPost(new DestinationInfoHolder(str, PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(document)), str2), response, z);
    }

    protected void isTrusted(String str) throws IssuerNotTrustedException {
        try {
            String domain = ValveUtil.getDomain(str);
            TrustType trust = this.spConfiguration.getTrust();
            if (trust == null || trust.getDomains().indexOf(domain) >= 0) {
            } else {
                throw new IssuerNotTrustedException(str);
            }
        } catch (Exception e) {
            throw new IssuerNotTrustedException(e.getLocalizedMessage(), e);
        }
    }

    protected ResponseType decryptAssertion(ResponseType responseType) {
        throw new RuntimeException("This authenticator does not handle encryption");
    }

    protected boolean verifySignature(SAMLDocumentHolder sAMLDocumentHolder) throws IssuerNotTrustedException {
        return true;
    }
}
