package org.picketlink.identity.federation.bindings.jetty.sp;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.security.auth.Subject;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionListener;
import org.eclipse.jetty.http.HttpMethod;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.http.MimeTypes;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.DefaultUserIdentity;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.UserAuthentication;
import org.eclipse.jetty.security.authentication.FormAuthenticator;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.HttpChannel;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.util.MultiMap;
import org.picketlink.common.PicketLinkLogger;
import org.picketlink.common.PicketLinkLoggerFactory;
import org.picketlink.common.exceptions.ConfigurationException;
import org.picketlink.common.exceptions.ParsingException;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.common.exceptions.fed.AssertionExpiredException;
import org.picketlink.common.util.DocumentUtil;
import org.picketlink.common.util.StringUtil;
import org.picketlink.common.util.SystemPropertiesUtil;
import org.picketlink.config.federation.AuthPropertyType;
import org.picketlink.config.federation.KeyProviderType;
import org.picketlink.config.federation.PicketLinkType;
import org.picketlink.config.federation.SPType;
import org.picketlink.config.federation.handler.Handlers;
import org.picketlink.identity.federation.api.saml.v2.metadata.MetaDataExtractor;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditEvent;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditEventType;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
import org.picketlink.identity.federation.core.saml.v2.factories.SAML2HandlerChainFactory;
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
import org.picketlink.identity.federation.core.saml.workflow.ServiceProviderSAMLWorkflow;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.saml.v2.metadata.EndpointType;
import org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.core.SessionManager;
import org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor;
import org.picketlink.identity.federation.web.process.ServiceProviderSAMLRequestProcessor;
import org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor;
import org.picketlink.identity.federation.web.util.ConfigurationUtil;
import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider;
import org.w3c.dom.Document;

/* loaded from: input_file:org/picketlink/identity/federation/bindings/jetty/sp/SPFormAuthenticator.class */
public class SPFormAuthenticator extends FormAuthenticator {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
    protected transient String samlHandlerChainClass;
    protected ServletContext theServletContext;
    protected Map<String, Object> chainConfigOptions;
    protected SAMLConfigurationProvider configProvider;
    protected transient X509Certificate idpCertificate;
    protected int timerInterval;
    protected Timer timer;
    public static final String EMPTY_PASSWORD = "EMPTY_STR";
    protected boolean enableAudit;
    public static final String FORM_PRINCIPAL_NOTE = "picketlink.form.principal";
    public static final String FORM_ROLES_NOTE = "picketlink.form.roles";
    public static final String FORM_REQUEST_NOTE = "picketlink.REQUEST";
    public static final String logoutPage = "/logout.html";
    protected transient SAML2HandlerChain chain;
    protected SPType spConfiguration;
    protected PicketLinkType picketLinkConfiguration;
    protected String serviceURL;
    protected String identityURL;
    protected String issuerID;
    protected String configFile;
    protected boolean saveRestoreRequest;
    protected Lock chainLock;
    protected String canonicalizationMethod;
    protected PicketLinkAuditHelper auditHelper;
    protected TrustKeyManager keyManager;

    /* loaded from: input_file:org/picketlink/identity/federation/bindings/jetty/sp/SPFormAuthenticator$JettyRedirectionHandler.class */
    public class JettyRedirectionHandler extends ServiceProviderSAMLWorkflow.RedirectionHandler {
        public JettyRedirectionHandler() {
        }

        public void sendRedirectForRequestor(String str, HttpServletResponse httpServletResponse) throws IOException {
            common(str, httpServletResponse);
            httpServletResponse.setHeader("Cache-Control", "no-cache, no-store");
            sendRedirect(httpServletResponse, str);
        }

        public void sendRedirectForResponder(String str, HttpServletResponse httpServletResponse) throws IOException {
            common(str, httpServletResponse);
            httpServletResponse.setHeader("Cache-Control", "no-cache, no-store, must-revalidate,private");
            sendRedirect(httpServletResponse, str);
        }

        private void common(String str, HttpServletResponse httpServletResponse) {
            httpServletResponse.setCharacterEncoding("UTF-8");
            httpServletResponse.setHeader("Location", str);
            httpServletResponse.setHeader("Pragma", "no-cache");
        }

        private void sendRedirect(HttpServletResponse httpServletResponse, String str) throws IOException {
            httpServletResponse.setStatus(302);
            httpServletResponse.sendRedirect(str);
        }
    }

    public SPFormAuthenticator() {
        this.samlHandlerChainClass = null;
        this.theServletContext = null;
        this.chainConfigOptions = new HashMap();
        this.configProvider = null;
        this.idpCertificate = null;
        this.timerInterval = -1;
        this.timer = null;
        this.enableAudit = false;
        this.chain = null;
        this.spConfiguration = null;
        this.picketLinkConfiguration = null;
        this.serviceURL = null;
        this.identityURL = null;
        this.issuerID = null;
        this.saveRestoreRequest = true;
        this.chainLock = new ReentrantLock();
        this.canonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
        this.auditHelper = null;
    }

    public SPFormAuthenticator(String str, String str2, boolean z) {
        super(str, str2, z);
        this.samlHandlerChainClass = null;
        this.theServletContext = null;
        this.chainConfigOptions = new HashMap();
        this.configProvider = null;
        this.idpCertificate = null;
        this.timerInterval = -1;
        this.timer = null;
        this.enableAudit = false;
        this.chain = null;
        this.spConfiguration = null;
        this.picketLinkConfiguration = null;
        this.serviceURL = null;
        this.identityURL = null;
        this.issuerID = null;
        this.saveRestoreRequest = true;
        this.chainLock = new ReentrantLock();
        this.canonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
        this.auditHelper = null;
    }

    public void setConfiguration(Authenticator.AuthConfiguration authConfiguration) {
        super.setConfiguration(authConfiguration);
        this.theServletContext = ContextHandler.getCurrentContext().getContext(ContextHandler.getCurrentContext().getContextPath());
        startPicketLink();
    }

    public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        this.theServletContext = ContextHandler.getCurrentContext().getContext(ContextHandler.getCurrentContext().getContextPath());
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession();
        System.out.println("Request ID=" + servletRequest.toString());
        System.out.println("Session ID=" + session.getId());
        if (this.saveRestoreRequest && matchRequest(httpServletRequest)) {
            return restoreRequest(httpServletRequest, session) ? register(httpServletRequest, (Principal) session.getAttribute(FORM_PRINCIPAL_NOTE), (List) session.getAttribute(FORM_ROLES_NOTE)) : Authentication.UNAUTHENTICATED;
        }
        ServiceProviderSAMLWorkflow serviceProviderSAMLWorkflow = new ServiceProviderSAMLWorkflow();
        serviceProviderSAMLWorkflow.setRedirectionHandler(new JettyRedirectionHandler());
        if (serviceProviderSAMLWorkflow.isLocalLogoutRequest(httpServletRequest)) {
            try {
                serviceProviderSAMLWorkflow.sendToLogoutPage(httpServletRequest, httpServletResponse, session, this.theServletContext, logoutPage);
                return Authentication.UNAUTHENTICATED;
            } catch (ServletException e) {
                logger.samlLogoutError(e);
                throw new RuntimeException((Throwable) e);
            } catch (IOException e2) {
                logger.samlLogoutError(e2);
                throw new RuntimeException(e2);
            }
        }
        String parameter = httpServletRequest.getParameter("SAMLRequest");
        String parameter2 = httpServletRequest.getParameter("SAMLResponse");
        if (httpServletRequest.getUserPrincipal() != null) {
            try {
                if (!serviceProviderSAMLWorkflow.isLocalLogoutRequest(httpServletRequest) && !StringUtil.isNotNull(parameter) && !StringUtil.isNotNull(parameter2)) {
                    return Authentication.SEND_SUCCESS;
                }
            } catch (IOException e3) {
                if (!StringUtil.isNotNull(this.spConfiguration.getErrorPage())) {
                    throw new RuntimeException(e3);
                }
                try {
                    httpServletRequest.getRequestDispatcher(this.spConfiguration.getErrorPage()).forward(httpServletRequest, httpServletResponse);
                } catch (IOException e4) {
                    logger.samlErrorPageForwardError(this.spConfiguration.getErrorPage(), e4);
                } catch (ServletException e5) {
                    logger.samlErrorPageForwardError(this.spConfiguration.getErrorPage(), e5);
                }
                return Authentication.UNAUTHENTICATED;
            }
        }
        return (StringUtil.isNotNull(parameter) || StringUtil.isNotNull(parameter2)) ? StringUtil.isNotNull(parameter2) ? handleSAMLResponse(servletRequest, servletResponse, z) : StringUtil.isNotNull(parameter) ? handleSAMLRequest(servletRequest, servletResponse, z) : localAuthentication(servletRequest, servletResponse, z) : generalUserRequest(servletRequest, servletResponse, z);
    }

    private Authentication generalUserRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws IOException, ServerAuthException {
        if (!z) {
            return ((Request) servletRequest).getAuthentication();
        }
        ServiceProviderSAMLWorkflow serviceProviderSAMLWorkflow = new ServiceProviderSAMLWorkflow();
        serviceProviderSAMLWorkflow.setRedirectionHandler(new JettyRedirectionHandler());
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession(false);
        HTTPContext hTTPContext = new HTTPContext(httpServletRequest, httpServletResponse, this.theServletContext);
        Set handlers = this.chain.handlers();
        try {
            ServiceProviderBaseProcessor serviceProviderBaseProcessor = new ServiceProviderBaseProcessor(this.spConfiguration.getBindingType().equals("POST"), this.serviceURL, this.picketLinkConfiguration);
            if (this.issuerID != null) {
                serviceProviderBaseProcessor.setIssuer(this.issuerID);
            }
            serviceProviderBaseProcessor.setIdentityURL(this.identityURL);
            serviceProviderBaseProcessor.setAuditHelper(this.auditHelper);
            SAML2HandlerResponse process = serviceProviderBaseProcessor.process(hTTPContext, handlers, this.chainLock);
            boolean sendRequest = process.getSendRequest();
            Document resultingDocument = process.getResultingDocument();
            String relayState = process.getRelayState();
            String destination = process.getDestination();
            String destinationQueryStringWithSignature = process.getDestinationQueryStringWithSignature();
            if (destination == null || resultingDocument == null) {
                return localAuthentication(servletRequest, servletResponse, z);
            }
            try {
                if (this.saveRestoreRequest) {
                    saveRequest(httpServletRequest, session);
                }
                if (this.enableAudit) {
                    PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent("Info");
                    picketLinkAuditEvent.setType(PicketLinkAuditEventType.REQUEST_TO_IDP);
                    picketLinkAuditEvent.setWhoIsAuditing(this.theServletContext.getContextPath());
                    this.auditHelper.audit(picketLinkAuditEvent);
                }
                serviceProviderSAMLWorkflow.sendRequestToIDP(destination, resultingDocument, relayState, httpServletResponse, sendRequest, destinationQueryStringWithSignature, isHttpPostBinding());
                return Authentication.SEND_CONTINUE;
            } catch (Exception e) {
                logger.samlSPHandleRequestError(e);
                throw logger.samlSPProcessingExceptionError(e);
            }
        } catch (ProcessingException e2) {
            logger.samlSPHandleRequestError(e2);
            throw new RuntimeException((Throwable) e2);
        } catch (ConfigurationException e3) {
            logger.samlSPHandleRequestError(e3);
            throw new RuntimeException((Throwable) e3);
        } catch (ParsingException e4) {
            logger.samlSPHandleRequestError(e4);
            throw new RuntimeException((Throwable) e4);
        }
    }

    protected boolean matchRequest(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        synchronized (session) {
            String str = (String) session.getAttribute("org.eclipse.jetty.security.form_URI");
            if (str != null) {
                StringBuffer requestURL = httpServletRequest.getRequestURL();
                if (httpServletRequest.getQueryString() != null) {
                    requestURL.append("?").append(httpServletRequest.getQueryString());
                }
                if (str.equals(requestURL.toString())) {
                    return true;
                }
            }
            return false;
        }
    }

    protected Authentication register(HttpServletRequest httpServletRequest, Principal principal, List<String> list) {
        if (list == null) {
            list = new ArrayList();
        }
        HttpSession session = httpServletRequest.getSession(false);
        session.setAttribute(FORM_PRINCIPAL_NOTE, principal);
        session.setAttribute(FORM_ROLES_NOTE, list);
        Request request = (Request) httpServletRequest;
        Authentication authentication = request.getAuthentication();
        if (!(authentication instanceof UserAuthentication)) {
            Subject subject = new Subject();
            String[] strArr = new String[list.size()];
            list.toArray(strArr);
            authentication = new UserAuthentication(getAuthMethod(), new DefaultUserIdentity(subject, principal, strArr));
            request.setAuthentication(authentication);
        }
        return authentication;
    }

    protected boolean restoreRequest(HttpServletRequest httpServletRequest, HttpSession httpSession) {
        synchronized (httpSession) {
            if (((String) httpSession.getAttribute("org.eclipse.jetty.security.form_URI")) == null) {
                return false;
            }
            StringBuffer requestURL = httpServletRequest.getRequestURL();
            if (httpServletRequest.getQueryString() != null) {
                requestURL.append("?").append(httpServletRequest.getQueryString());
            }
            MultiMap multiMap = (MultiMap) httpSession.getAttribute("org.eclipse.jetty.security.form_POST");
            if (multiMap != null) {
                HttpChannel.getCurrentHttpChannel().getRequest().setParameters(multiMap);
            }
            httpSession.removeAttribute("org.eclipse.jetty.security.form_URI");
            httpSession.removeAttribute("org.eclipse.jetty.security.form_METHOD");
            httpSession.removeAttribute("org.eclipse.jetty.security.form_POST");
            return true;
        }
    }

    protected void saveRequest(HttpServletRequest httpServletRequest, HttpSession httpSession) {
        synchronized (httpSession) {
            if (httpSession.getAttribute("org.eclipse.jetty.security.form_URI") == null) {
                StringBuffer requestURL = httpServletRequest.getRequestURL();
                if (httpServletRequest.getQueryString() != null) {
                    requestURL.append("?").append(httpServletRequest.getQueryString());
                }
                httpSession.setAttribute("org.eclipse.jetty.security.form_URI", requestURL.toString());
                httpSession.setAttribute("org.eclipse.jetty.security.form_METHOD", httpServletRequest.getMethod());
                if (MimeTypes.Type.FORM_ENCODED.is(httpServletRequest.getContentType()) && HttpMethod.POST.is(httpServletRequest.getMethod())) {
                    Request request = httpServletRequest instanceof Request ? (Request) httpServletRequest : HttpChannel.getCurrentHttpChannel().getRequest();
                    request.extractParameters();
                    httpSession.setAttribute("org.eclipse.jetty.security.form_POST", new MultiMap(request.getParameters()));
                }
            }
        }
    }

    protected Authentication localAuthentication(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws IOException, ServerAuthException {
        if (((HttpServletRequest) servletRequest).getUserPrincipal() != null) {
            return Authentication.SEND_SUCCESS;
        }
        logger.samlSPFallingBackToLocalFormAuthentication();
        try {
            return super.validateRequest(servletRequest, servletResponse, z);
        } catch (NoSuchMethodError e) {
            return Authentication.UNAUTHENTICATED;
        }
    }

    private Authentication handleSAMLRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws IOException, ServerAuthException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String parameter = httpServletRequest.getParameter("SAMLRequest");
        HTTPContext hTTPContext = new HTTPContext(httpServletRequest, httpServletResponse, this.theServletContext);
        Set handlers = this.chain.handlers();
        try {
            ServiceProviderSAMLRequestProcessor serviceProviderSAMLRequestProcessor = new ServiceProviderSAMLRequestProcessor(httpServletRequest.getMethod().equals("POST"), this.serviceURL, this.picketLinkConfiguration);
            serviceProviderSAMLRequestProcessor.setTrustKeyManager(this.keyManager);
            boolean process = serviceProviderSAMLRequestProcessor.process(parameter, hTTPContext, handlers, this.chainLock);
            if (this.enableAudit) {
                PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent("Info");
                picketLinkAuditEvent.setType(PicketLinkAuditEventType.REQUEST_FROM_IDP);
                picketLinkAuditEvent.setWhoIsAuditing(this.theServletContext.getContextPath());
                this.auditHelper.audit(picketLinkAuditEvent);
            }
            return httpServletResponse.isCommitted() ? Authentication.UNAUTHENTICATED : process ? Authentication.SEND_SUCCESS : localAuthentication(servletRequest, servletResponse, z);
        } catch (Exception e) {
            logger.samlSPHandleRequestError(e);
            throw logger.samlSPProcessingExceptionError(e);
        }
    }

    private Authentication handleSAMLResponse(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws IOException, ServerAuthException {
        String str;
        ServiceProviderSAMLWorkflow serviceProviderSAMLWorkflow = new ServiceProviderSAMLWorkflow();
        serviceProviderSAMLWorkflow.setRedirectionHandler(new JettyRedirectionHandler());
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession(false);
        String parameter = httpServletRequest.getParameter("SAMLResponse");
        HTTPContext hTTPContext = new HTTPContext(httpServletRequest, httpServletResponse, this.theServletContext);
        Set handlers = this.chain.handlers();
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        if (!serviceProviderSAMLWorkflow.validate(httpServletRequest)) {
            throw new IOException("PL00019: Validation check failed");
        }
        try {
            ServiceProviderSAMLResponseProcessor serviceProviderSAMLResponseProcessor = new ServiceProviderSAMLResponseProcessor(httpServletRequest.getMethod().equals("POST"), this.serviceURL, this.picketLinkConfiguration);
            if (this.auditHelper != null) {
                serviceProviderSAMLResponseProcessor.setAuditHelper(this.auditHelper);
            }
            serviceProviderSAMLResponseProcessor.setTrustKeyManager(this.keyManager);
            SAML2HandlerResponse process = serviceProviderSAMLResponseProcessor.process(parameter, hTTPContext, handlers, this.chainLock);
            Document resultingDocument = process.getResultingDocument();
            String relayState = process.getRelayState();
            String destination = process.getDestination();
            boolean sendRequest = process.getSendRequest();
            String destinationQueryStringWithSignature = process.getDestinationQueryStringWithSignature();
            if (destination != null && resultingDocument != null) {
                serviceProviderSAMLWorkflow.sendRequestToIDP(destination, resultingDocument, relayState, httpServletResponse, sendRequest, destinationQueryStringWithSignature, this.spConfiguration.getBindingType().equalsIgnoreCase("POST"));
                return localAuthentication(servletRequest, servletResponse, z);
            }
            if (!sessionIsValid(session)) {
                serviceProviderSAMLWorkflow.sendToLogoutPage(httpServletRequest, httpServletResponse, session, this.theServletContext, logoutPage);
                return Authentication.UNAUTHENTICATED;
            }
            List<String> roles = process.getRoles();
            if (userPrincipal == null) {
                userPrincipal = (Principal) session.getAttribute("picketlink.principal");
            }
            String name = userPrincipal.getName();
            if (logger.isTraceEnabled()) {
                logger.trace("Roles determined for username=" + name + "=" + Arrays.toString(roles.toArray()));
            }
            Authentication register = register(httpServletRequest, userPrincipal, roles);
            if (this.enableAudit) {
                PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent("Info");
                picketLinkAuditEvent.setType(PicketLinkAuditEventType.RESPONSE_FROM_IDP);
                picketLinkAuditEvent.setSubjectName(name);
                picketLinkAuditEvent.setWhoIsAuditing(this.theServletContext.getContextPath());
                this.auditHelper.audit(picketLinkAuditEvent);
            }
            if (!this.saveRestoreRequest) {
                return register;
            }
            synchronized (session) {
                str = (String) session.getAttribute("org.eclipse.jetty.security.form_URI");
                if (str == null || str.length() == 0) {
                    str = httpServletRequest.getContextPath();
                    if (str.length() == 0) {
                        str = "/";
                    }
                }
            }
            httpServletResponse.setContentLength(0);
            HttpChannel.getCurrentHttpChannel().getResponse().sendRedirect(HttpChannel.getCurrentHttpChannel().getRequest().getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? 302 : 303, httpServletResponse.encodeRedirectURL(str));
            return Authentication.SEND_SUCCESS;
        } catch (Exception e) {
            logger.samlSPHandleRequestError(e);
            throw logger.samlSPProcessingExceptionError(e);
        } catch (ProcessingException e2) {
            AssertionExpiredException cause = e2.getCause();
            if (cause == null || !(cause instanceof AssertionExpiredException)) {
                logger.samlSPHandleRequestError(e2);
                throw logger.samlSPProcessingExceptionError(e2);
            }
            logger.error("Assertion has expired. Asking IDP for reissue");
            if (this.enableAudit) {
                PicketLinkAuditEvent picketLinkAuditEvent2 = new PicketLinkAuditEvent("Info");
                picketLinkAuditEvent2.setType(PicketLinkAuditEventType.EXPIRED_ASSERTION);
                picketLinkAuditEvent2.setAssertionID(cause.getId());
                this.auditHelper.audit(picketLinkAuditEvent2);
            }
            return generalUserRequest(servletRequest, servletResponse, z);
        }
    }

    protected boolean isHttpPostBinding() {
        return this.spConfiguration.getBindingType().equalsIgnoreCase("POST");
    }

    protected boolean sessionIsValid(HttpSession httpSession) {
        try {
            httpSession.getCreationTime();
            return true;
        } catch (IllegalStateException e) {
            return false;
        }
    }

    protected String savedRequestURL(HttpSession httpSession) {
        StringBuilder sb = new StringBuilder();
        HttpServletRequest httpServletRequest = (HttpServletRequest) httpSession.getAttribute(FORM_REQUEST_NOTE);
        if (httpServletRequest != null) {
            sb.append(httpServletRequest.getRequestURI());
            if (httpServletRequest.getQueryString() != null) {
                sb.append("?").append(httpServletRequest.getQueryString());
            }
        }
        return sb.toString();
    }

    protected void startPicketLink() {
        SystemPropertiesUtil.ensure();
        if (this.timerInterval > 0) {
            if (this.timer == null) {
                this.timer = new Timer();
            }
            this.timer.scheduleAtFixedRate(new TimerTask() { // from class: org.picketlink.identity.federation.bindings.jetty.sp.SPFormAuthenticator.1
                @Override // java.util.TimerTask, java.lang.Runnable
                public void run() {
                    SPFormAuthenticator.this.processConfiguration();
                    SPFormAuthenticator.this.initKeyProvider(SPFormAuthenticator.this.theServletContext);
                }
            }, this.timerInterval, this.timerInterval);
        }
        if (StringUtil.isNullOrEmpty(this.samlHandlerChainClass)) {
            this.chain = SAML2HandlerChainFactory.createChain();
        } else {
            try {
                this.chain = SAML2HandlerChainFactory.createChain(this.samlHandlerChainClass);
            } catch (ProcessingException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
        processConfiguration();
        try {
            Handlers handlers = this.picketLinkConfiguration != null ? this.picketLinkConfiguration.getHandlers() : ConfigurationUtil.getHandlers(this.theServletContext.getResourceAsStream("/WEB-INF/picketlink-handlers.xml"));
            this.chain.addAll(HandlerUtil.getHandlers(handlers));
            initKeyProvider(this.theServletContext);
            populateChainConfig();
            initializeHandlerChain();
            if (this.picketLinkConfiguration == null) {
                this.picketLinkConfiguration = new PicketLinkType();
                this.picketLinkConfiguration.setIdpOrSP(this.spConfiguration);
                this.picketLinkConfiguration.setHandlers(handlers);
            }
            new SessionManager(this.theServletContext, new SessionManager.InitializationCallback() { // from class: org.picketlink.identity.federation.bindings.jetty.sp.SPFormAuthenticator.2
                public void registerSessionListener(Class<? extends HttpSessionListener> cls) {
                    SPFormAuthenticator.this.theServletContext.addListener(cls);
                }
            });
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    protected void initKeyProvider(ServletContext servletContext) {
        if (doSupportSignature()) {
            KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
            if (keyProvider == null && doSupportSignature()) {
                throw new RuntimeException("PL00092: Null Value:KeyProvider is null for context=" + servletContext.getContextPath());
            }
            try {
                String className = keyProvider.getClassName();
                if (className == null) {
                    throw new RuntimeException("PL00092: Null Value:KeyManager class name");
                }
                Class<?> loadClass = SecurityActions.loadClass(getClass(), className);
                if (loadClass == null) {
                    throw new ClassNotFoundException("PL00085: Class Not Loaded:" + className);
                }
                this.keyManager = (TrustKeyManager) loadClass.newInstance();
                List keyProviderProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider);
                this.keyManager.setAuthProperties(keyProviderProperties);
                this.keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
                String identityURL = this.spConfiguration.getIdentityURL();
                if (keyProviderProperties != null) {
                    Iterator it = keyProviderProperties.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        AuthPropertyType authPropertyType = (AuthPropertyType) it.next();
                        if ("X509CERTIFICATE".equals(authPropertyType.getKey())) {
                            this.keyManager.addAdditionalOption("X509CERTIFICATE", authPropertyType.getValue());
                            break;
                        }
                    }
                }
                this.keyManager.addAdditionalOption("idp.key", new URL(identityURL).getHost());
                logger.trace("Key Provider=" + keyProvider.getClassName());
            } catch (Exception e) {
                logger.trustKeyManagerCreationError(e);
                throw new RuntimeException(e.getLocalizedMessage());
            }
        }
    }

    protected boolean doSupportSignature() {
        if (this.spConfiguration != null) {
            return this.spConfiguration.isSupportsSignature();
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:18:0x011c A[Catch: Exception -> 0x01dd, TryCatch #0 {Exception -> 0x01dd, blocks: (B:5:0x003e, B:10:0x0049, B:12:0x005a, B:14:0x0064, B:15:0x008b, B:16:0x0115, B:18:0x011c, B:20:0x012e, B:22:0x0142, B:23:0x014a, B:25:0x0151, B:27:0x0158, B:28:0x016c, B:30:0x0179, B:31:0x0192, B:34:0x0187, B:38:0x0076, B:40:0x0080, B:55:0x00c2, B:49:0x00ef, B:51:0x0100, B:52:0x010c, B:53:0x010d, B:58:0x00dc, B:59:0x00ee, B:42:0x00a9, B:43:0x00b2, B:45:0x00b4, B:46:0x00bd), top: B:4:0x003e, inners: #2, #3, #4 }] */
    /* JADX WARN: Removed duplicated region for block: B:30:0x0179 A[Catch: Exception -> 0x01dd, TryCatch #0 {Exception -> 0x01dd, blocks: (B:5:0x003e, B:10:0x0049, B:12:0x005a, B:14:0x0064, B:15:0x008b, B:16:0x0115, B:18:0x011c, B:20:0x012e, B:22:0x0142, B:23:0x014a, B:25:0x0151, B:27:0x0158, B:28:0x016c, B:30:0x0179, B:31:0x0192, B:34:0x0187, B:38:0x0076, B:40:0x0080, B:55:0x00c2, B:49:0x00ef, B:51:0x0100, B:52:0x010c, B:53:0x010d, B:58:0x00dc, B:59:0x00ee, B:42:0x00a9, B:43:0x00b2, B:45:0x00b4, B:46:0x00bd), top: B:4:0x003e, inners: #2, #3, #4 }] */
    /* JADX WARN: Removed duplicated region for block: B:34:0x0187 A[Catch: Exception -> 0x01dd, TryCatch #0 {Exception -> 0x01dd, blocks: (B:5:0x003e, B:10:0x0049, B:12:0x005a, B:14:0x0064, B:15:0x008b, B:16:0x0115, B:18:0x011c, B:20:0x012e, B:22:0x0142, B:23:0x014a, B:25:0x0151, B:27:0x0158, B:28:0x016c, B:30:0x0179, B:31:0x0192, B:34:0x0187, B:38:0x0076, B:40:0x0080, B:55:0x00c2, B:49:0x00ef, B:51:0x0100, B:52:0x010c, B:53:0x010d, B:58:0x00dc, B:59:0x00ee, B:42:0x00a9, B:43:0x00b2, B:45:0x00b4, B:46:0x00bd), top: B:4:0x003e, inners: #2, #3, #4 }] */
    /* JADX WARN: Type inference failed for: r0v80, types: [java.io.InputStream] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void processConfiguration() {
        /*
            Method dump skipped, instructions count: 488
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.picketlink.identity.federation.bindings.jetty.sp.SPFormAuthenticator.processConfiguration():void");
    }

    protected void processIDPMetadataFile(String str) {
        InputStream resourceAsStream = this.theServletContext.getResourceAsStream(str);
        if (resourceAsStream == null) {
            return;
        }
        try {
            Object parse = new SAMLParser().parse(DocumentUtil.getNodeAsStream(DocumentUtil.getDocument(resourceAsStream)));
            IDPSSODescriptorType handleMetadata = parse instanceof EntitiesDescriptorType ? handleMetadata((EntitiesDescriptorType) parse) : handleMetadata((EntityDescriptorType) parse);
            if (handleMetadata == null) {
                logger.samlSPUnableToGetIDPDescriptorFromMetadata();
                return;
            }
            Iterator it = handleMetadata.getSingleSignOnService().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                EndpointType endpointType = (EndpointType) it.next();
                String uri = endpointType.getBinding().toString();
                if (uri.contains("HTTP-POST")) {
                    uri = "POST";
                } else if (uri.contains("HTTP-Redirect")) {
                    uri = "REDIRECT";
                }
                if (this.spConfiguration.getBindingType().equals(uri)) {
                    this.identityURL = endpointType.getLocation().toString();
                    break;
                }
            }
            List keyDescriptor = handleMetadata.getKeyDescriptor();
            if (keyDescriptor.size() > 0) {
                this.idpCertificate = MetaDataExtractor.getCertificate((KeyDescriptorType) keyDescriptor.get(0));
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected IDPSSODescriptorType handleMetadata(EntitiesDescriptorType entitiesDescriptorType) {
        IDPSSODescriptorType iDPSSODescriptorType = null;
        for (Object obj : entitiesDescriptorType.getEntityDescriptor()) {
            iDPSSODescriptorType = obj instanceof EntitiesDescriptorType ? getIDPSSODescriptor(entitiesDescriptorType) : handleMetadata((EntityDescriptorType) obj);
            if (iDPSSODescriptorType != null) {
                break;
            }
        }
        return iDPSSODescriptorType;
    }

    protected IDPSSODescriptorType handleMetadata(EntityDescriptorType entityDescriptorType) {
        return CoreConfigUtil.getIDPDescriptor(entityDescriptorType);
    }

    protected IDPSSODescriptorType getIDPSSODescriptor(EntitiesDescriptorType entitiesDescriptorType) {
        Iterator it = entitiesDescriptorType.getEntityDescriptor().iterator();
        if (!it.hasNext()) {
            return null;
        }
        Object next = it.next();
        return next instanceof EntitiesDescriptorType ? getIDPSSODescriptor((EntitiesDescriptorType) next) : CoreConfigUtil.getIDPDescriptor((EntityDescriptorType) next);
    }

    protected void initializeHandlerChain() throws ConfigurationException, ProcessingException {
        populateChainConfig();
        DefaultSAML2HandlerChainConfig defaultSAML2HandlerChainConfig = new DefaultSAML2HandlerChainConfig(this.chainConfigOptions);
        Iterator it = this.chain.handlers().iterator();
        while (it.hasNext()) {
            ((SAML2Handler) it.next()).initChainConfig(defaultSAML2HandlerChainConfig);
        }
    }

    protected void populateChainConfig() throws ConfigurationException, ProcessingException {
        this.chainConfigOptions.put("CONFIGURATION", this.spConfiguration);
        this.chainConfigOptions.put("ROLE_VALIDATOR_IGNORE", "false");
        if (doSupportSignature()) {
            this.chainConfigOptions.put("KEYPAIR", this.keyManager.getSigningKeyPair());
            String str = (String) this.keyManager.getAdditionalOption("X509CERTIFICATE");
            if (str != null) {
                this.chainConfigOptions.put("X509CERTIFICATE", this.keyManager.getCertificate(str));
            }
        }
    }
}
