package com.sun.identity.saml.servlet;

import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.saml.AssertionManager;
import com.sun.identity.saml.assertion.Assertion;
import com.sun.identity.saml.common.LogUtils;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLServiceManager;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.protocol.Response;
import com.sun.identity.saml.protocol.Status;
import com.sun.identity.saml.protocol.StatusCode;
import com.sun.identity.shared.encode.Base64;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URL;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.logging.Level;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.esapi.ESAPI;

/* loaded from: input_file:com/sun/identity/saml/servlet/SAMLPOSTProfileServlet.class */
public class SAMLPOSTProfileServlet extends HttpServlet {
    /* JADX WARN: Type inference failed for: r18v1, types: [java.lang.Throwable, com.sun.identity.saml.common.SAMLException] */
    /* JADX WARN: Type inference failed for: r18v2, types: [java.lang.Throwable, com.sun.identity.plugin.session.SessionException] */
    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String pOSTUrl;
        if (httpServletRequest == null || httpServletResponse == null) {
            LogUtils.error(Level.INFO, LogUtils.NULL_PARAMETER, new String[]{SAMLUtils.bundle.getString("nullInputParameter")});
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "nullInputParameter", SAMLUtils.bundle.getString("nullInputParameter"));
            return;
        }
        SAMLUtils.checkHTTPContentLength(httpServletRequest);
        Object session = getSession(httpServletRequest);
        if (session == null) {
            httpServletResponse.sendRedirect(SAMLUtils.getLoginRedirectURL(httpServletRequest));
            return;
        }
        String parameter = httpServletRequest.getParameter("TARGET");
        if (parameter == null || parameter.length() == 0) {
            LogUtils.error(Level.INFO, LogUtils.MISSING_TARGET, new String[]{SAMLUtils.bundle.getString("missingTargetSite")}, session);
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "missingTargetSite", SAMLUtils.bundle.getString("missingTargetSite"));
            return;
        }
        SAMLServiceManager.SiteEntry destSite = getDestSite(parameter);
        if (destSite == null || (pOSTUrl = destSite.getPOSTUrl()) == null) {
            LogUtils.error(Level.INFO, LogUtils.TARGET_FORBIDDEN, new String[]{SAMLUtils.bundle.getString("targetForbidden"), parameter}, session);
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "targetForbidden", SAMLUtils.bundle.getString("targetForbidden") + " " + parameter);
            return;
        }
        try {
            String version = destSite.getVersion();
            int i = 1;
            int i2 = SAMLConstants.PROTOCOL_MINOR_VERSION;
            if (version != null) {
                StringTokenizer stringTokenizer = new StringTokenizer(version, ".");
                if (stringTokenizer.countTokens() == 2) {
                    i = Integer.parseInt(stringTokenizer.nextToken().trim());
                    i2 = Integer.parseInt(stringTokenizer.nextToken().trim());
                }
            }
            Assertion createSSOAssertion = AssertionManager.getInstance().createSSOAssertion(SessionManager.getProvider().getSessionID(session), null, httpServletRequest, httpServletResponse, destSite.getSourceID(), parameter, i + "." + i2);
            Status status = new Status(new StatusCode("samlp:Success"));
            ArrayList arrayList = new ArrayList();
            arrayList.add(createSSOAssertion);
            Response response = new Response((String) null, status, pOSTUrl, arrayList);
            response.setMajorVersion(i);
            response.setMinorVersion(i2);
            try {
                response.signXML();
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("SAMLPOSTProfileServlet.doGet: signed samlResponse is" + response.toString(true, true, true));
                }
                byte[] responseBytes = SAMLUtils.getResponseBytes(response);
                try {
                    String trim = Base64.encode(responseBytes, true).trim();
                    if (LogUtils.isAccessLoggable(Level.FINE)) {
                        LogUtils.access(Level.FINE, LogUtils.REDIRECT_TO_URL, new String[]{SAMLUtils.bundle.getString("redirectTo"), parameter, pOSTUrl, new String(responseBytes, "UTF-8")}, session);
                    } else {
                        LogUtils.access(Level.INFO, LogUtils.REDIRECT_TO_URL, new String[]{SAMLUtils.bundle.getString("redirectTo"), parameter, pOSTUrl}, session);
                    }
                    httpServletResponse.setContentType("text/html; charset=UTF-8");
                    PrintWriter writer = httpServletResponse.getWriter();
                    Throwable th = null;
                    try {
                        try {
                            writer.println("<HTML>");
                            writer.println("<BODY Onload=\"document.forms[0].submit()\">");
                            writer.println("<FORM METHOD=\"POST\" ACTION=\"" + ESAPI.encoder().encodeForHTMLAttribute(pOSTUrl) + "\">");
                            writer.println("<INPUT TYPE=\"HIDDEN\" NAME=\"SAMLResponse\" ");
                            writer.println("VALUE=\"" + ESAPI.encoder().encodeForHTMLAttribute(trim) + "\">");
                            writer.println("<INPUT TYPE=\"HIDDEN\" NAME=\"TARGET\" VALUE=\"" + ESAPI.encoder().encodeForHTMLAttribute(parameter) + "\"> </FORM>");
                            writer.println("</BODY></HTML>");
                            if (writer != null) {
                                if (0 == 0) {
                                    writer.close();
                                    return;
                                }
                                try {
                                    writer.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            }
                        } catch (Throwable th3) {
                            th = th3;
                            throw th3;
                        }
                    } catch (Throwable th4) {
                        if (writer != null) {
                            if (th != null) {
                                try {
                                    writer.close();
                                } catch (Throwable th5) {
                                    th.addSuppressed(th5);
                                }
                            } else {
                                writer.close();
                            }
                        }
                        throw th4;
                    }
                } catch (Exception e) {
                    SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception when encoding the response:", e);
                    SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "errorEncodeResponse", SAMLUtils.bundle.getString("errorEncodeResponse"));
                }
            } catch (Exception e2) {
                SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception when signing the response:", e2);
                SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "errorSigningResponse", SAMLUtils.bundle.getString("errorSigningResponse"));
            }
        } catch (SessionException e3) {
            SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception Couldn't get SessionProvider:", (Throwable) e3);
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "couldNotCreateResponse", e3.getMessage());
        } catch (SAMLException e4) {
            SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception when creating Response: ", (Throwable) e4);
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "couldNotCreateResponse", e4.getMessage());
        } catch (NumberFormatException e5) {
            SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception when creating Response: ", e5);
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "couldNotCreateResponse", e5.getMessage());
        }
    }

    private SAMLServiceManager.SiteEntry getDestSite(String str) {
        SAMLServiceManager.SiteEntry siteEntry = null;
        try {
            URL url = new URL(str);
            String host = url.getHost();
            int port = url.getPort();
            if (host == null) {
                SAMLUtils.debug.error("SAMLPOSTProfileServlet.getDestSite: missing host in target.");
                return null;
            }
            Iterator it = ((Set) SAMLServiceManager.getAttribute(SAMLConstants.TRUSTED_SERVER_LIST)).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SAMLServiceManager.SiteEntry siteEntry2 = (SAMLServiceManager.SiteEntry) it.next();
                String hostName = siteEntry2.getHostName();
                int port2 = siteEntry2.getPort();
                if (hostName != null && host.indexOf(hostName) != -1) {
                    if (port2 == -1) {
                        siteEntry = siteEntry2;
                    } else if (port2 == port) {
                        siteEntry = siteEntry2;
                        break;
                    }
                }
            }
            if (siteEntry != null) {
                return siteEntry;
            }
            SAMLUtils.debug.error("SAMLPOSTProfileServlet.getDestSite:  No destSite found from the target.");
            return null;
        } catch (Exception e) {
            SAMLUtils.debug.error("SAMLPOSTProfileServlet.getDestSite: ", e);
            return null;
        }
    }

    private Object getSession(HttpServletRequest httpServletRequest) {
        try {
            SessionProvider provider = SessionManager.getProvider();
            Object session = provider.getSession(httpServletRequest);
            if (session == null) {
                SAMLUtils.debug.error("SAMLPOSTProfileServlet.getSession: Session is null.");
                return null;
            }
            if (provider.isValid(session)) {
                return session;
            }
            SAMLUtils.debug.error("SAMLPOSTProfileServlet.getSession: Session is invalid.");
            return null;
        } catch (SessionException e) {
            SAMLUtils.debug.error("SAMLPOSTProfileServlet.getSession: Exception when getting Session:", e);
            return null;
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.setContentType("text/html; charset=UTF-8");
        if (httpServletRequest == null || httpServletResponse == null) {
            LogUtils.error(Level.INFO, LogUtils.NULL_PARAMETER, new String[]{SAMLUtils.bundle.getString("nullInputParameter")});
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "nullInputParameter", SAMLUtils.bundle.getString("nullInputParameter"));
            return;
        }
        SAMLUtils.checkHTTPContentLength(httpServletRequest);
        String parameter = httpServletRequest.getParameter("TARGET");
        if (parameter == null || parameter.length() == 0) {
            LogUtils.error(Level.INFO, LogUtils.MISSING_TARGET, new String[]{SAMLUtils.bundle.getString("missingTargetSite")});
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "missingTargetSite", SAMLUtils.bundle.getString("missingTargetSite"));
            return;
        }
        String parameter2 = httpServletRequest.getParameter("SAMLResponse");
        if (parameter2 == null) {
            LogUtils.error(Level.INFO, "MISSING_RESPONSE", new String[]{SAMLUtils.bundle.getString("missingSAMLResponse")});
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "missingSAMLResponse", SAMLUtils.bundle.getString("missingSAMLResponse"));
            return;
        }
        try {
            byte[] decode = Base64.decode(parameter2);
            Response response = SAMLUtils.getResponse(decode);
            if (response == null) {
                LogUtils.error(Level.INFO, LogUtils.RESPONSE_MESSAGE_ERROR, new String[]{SAMLUtils.bundle.getString("errorObtainResponse")});
                SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "errorObtainResponse", SAMLUtils.bundle.getString("errorObtainResponse"));
                return;
            }
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SAMLPOSTProfileServlet.doPost: Received " + response.toString());
            }
            StringBuffer requestURL = httpServletRequest.getRequestURL();
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SAMLPOSTProfileServlet.doPost: requestUrl=" + ((Object) requestURL));
            }
            if (!SAMLUtils.verifyResponse(response, requestURL.toString(), httpServletRequest)) {
                LogUtils.error(Level.INFO, "INVALID_RESPONSE", new String[]{SAMLUtils.bundle.getString("invalidResponse")});
                SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "invalidResponse", SAMLUtils.bundle.getString("invalidResponse"));
                return;
            }
            try {
                SAMLUtils.generateSession(httpServletRequest, httpServletResponse, SAMLUtils.processResponse(response, parameter));
                if (LogUtils.isAccessLoggable(Level.FINE)) {
                    LogUtils.access(Level.FINE, LogUtils.ACCESS_GRANTED, new String[]{SAMLUtils.bundle.getString("accessGranted"), new String(decode, "UTF-8")});
                } else {
                    LogUtils.access(Level.INFO, LogUtils.ACCESS_GRANTED, new String[]{SAMLUtils.bundle.getString("accessGranted")});
                }
                if (!SAMLUtils.postYN(parameter)) {
                    httpServletResponse.setHeader("Location", parameter);
                    httpServletResponse.sendRedirect(parameter);
                } else {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("POST to target:" + parameter);
                    }
                    SAMLUtils.postToTarget(httpServletResponse, httpServletResponse.getWriter(), null, parameter, null);
                }
            } catch (Exception e) {
                SAMLUtils.debug.error("generateSession: ", e);
                LogUtils.error(Level.INFO, LogUtils.FAILED_TO_CREATE_SSO_TOKEN, new String[]{SAMLUtils.bundle.getString("failedCreateSSOToken")});
                SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "failedCreateSSOToken", e.getMessage());
            }
        } catch (Exception e2) {
            SAMLUtils.debug.error("SAMLPOSTProfileServlet.doPost: Exception when decoding SAMLResponse:", e2);
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "errorDecodeResponse", SAMLUtils.bundle.getString("errorDecodeResponse"));
        }
    }
}
