package com.sun.identity.federation.services.fednsso;

import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.common.LogUtil;
import com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.federation.key.KeyUtil;
import com.sun.identity.federation.message.FSAssertionArtifact;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.federation.message.FSAuthnResponse;
import com.sun.identity.federation.message.FSRequest;
import com.sun.identity.federation.message.common.FSMsgException;
import com.sun.identity.federation.meta.IDFFMetaManager;
import com.sun.identity.federation.meta.IDFFMetaUtils;
import com.sun.identity.federation.services.FSServiceManager;
import com.sun.identity.federation.services.FSSessionManager;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType;
import com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import com.sun.identity.shared.encode.Base64;
import com.sun.identity.shared.xml.XMLUtils;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.logging.Level;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.w3c.dom.Document;

/* loaded from: input_file:com/sun/identity/federation/services/fednsso/FSAssertionConsumerService.class */
public class FSAssertionConsumerService extends HttpServlet {
    private IDFFMetaManager metaManager = null;

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        this.metaManager = FSUtils.getIDFFMetaManager();
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (httpServletRequest == null || httpServletResponse == null) {
            httpServletResponse.sendError(IFSConstants.MAX_CACHING_TIME, FSUtils.bundle.getString("nullInputParameter"));
            return;
        }
        FSUtils.debug.message("FSAssertionConsumerService.doGet(): called");
        String parameter = httpServletRequest.getParameter("RelayState");
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionConsumerService.doGet():Resource URL: " + parameter);
        }
        String metaAlias = FSServiceUtils.getMetaAlias(httpServletRequest);
        String realmByMetaAlias = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
        String commonLoginPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, parameter, null, httpServletRequest, FSServiceUtils.getBaseURL(httpServletRequest));
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionConsumerService: CommonLoginPage: " + commonLoginPageURL);
        }
        try {
            String entityIDByMetaAlias = this.metaManager.getEntityIDByMetaAlias(metaAlias);
            SPDescriptorType sPDescriptor = this.metaManager.getSPDescriptor(realmByMetaAlias, entityIDByMetaAlias);
            BaseConfigType sPDescriptorConfig = this.metaManager.getSPDescriptorConfig(realmByMetaAlias, entityIDByMetaAlias);
            String[] parameterValues = httpServletRequest.getParameterValues("SAMLart");
            if (parameterValues == null || parameterValues.length < 0 || parameterValues[0] == null) {
                FSUtils.debug.error("FSAssertionConsumerService.doGet: AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
            }
            ArrayList arrayList = new ArrayList();
            try {
                FSAssertionArtifact fSAssertionArtifact = new FSAssertionArtifact(parameterValues[0]);
                String sourceID = fSAssertionArtifact.getSourceID();
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionConsumerService.doGet: SourceID within the Artifact is " + sourceID);
                }
                arrayList.add(fSAssertionArtifact);
                for (int i = 1; i < parameterValues.length; i++) {
                    FSAssertionArtifact fSAssertionArtifact2 = new FSAssertionArtifact(parameterValues[i]);
                    String sourceID2 = fSAssertionArtifact2.getSourceID();
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionConsumerService.doGet: SourceID within the Artifact is " + sourceID2);
                    }
                    if (!sourceID2.equals(sourceID)) {
                        FSUtils.debug.error("FSAssertionConsumerService.doGet: Received multiple artifacts have different source id");
                        FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
                        return;
                    }
                    arrayList.add(fSAssertionArtifact2);
                }
                FSRequest fSRequest = new FSRequest((String) null, arrayList);
                try {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionConsumerService.doGet: Trying to get BrowserArtifactHandler");
                    }
                    FSAssertionArtifactHandler browserArtifactHandler = FSServiceManager.getInstance().getBrowserArtifactHandler(httpServletRequest, httpServletResponse, realmByMetaAlias, sourceID, fSRequest, parameter);
                    if (browserArtifactHandler == null) {
                        FSUtils.debug.error("FSAssertionConsumerService.doGet: " + FSUtils.bundle.getString(IFSConstants.INTERNAL_ERROR));
                        FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
                        return;
                    }
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionConsumerService.doGet: BrowserArtifactHandler created");
                    }
                    browserArtifactHandler.setRealm(realmByMetaAlias);
                    browserArtifactHandler.setHostEntityId(entityIDByMetaAlias);
                    browserArtifactHandler.setMetaAlias(metaAlias);
                    browserArtifactHandler.setHostDescriptor(sPDescriptor);
                    browserArtifactHandler.setHostDescriptorConfig(sPDescriptorConfig);
                    browserArtifactHandler.processSAMLRequest();
                } catch (Exception e) {
                    FSUtils.debug.error("FSAssertionConsumerService.doGet: Exception occurred :", e);
                    FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
                }
            } catch (FSMsgException e2) {
                FSUtils.debug.error("FSAssertionConsumerService.doGet: ", e2);
                FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
            } catch (SAMLException e3) {
                FSUtils.debug.error("FSAssertionConsumerService.doGet: ", e3);
                FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
            }
        } catch (Exception e4) {
            FSUtils.debug.error("FSAssertionConsumerService.doGet: ", e4);
            FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String providerId;
        IDPDescriptorType iDPDescriptor;
        FSUtils.debug.message("FSAssertionConsumerService.doPost : called");
        if (httpServletRequest == null || httpServletResponse == null) {
            httpServletResponse.sendError(IFSConstants.MAX_CACHING_TIME, FSUtils.bundle.getString("nullInputParameter"));
            return;
        }
        String metaAlias = FSServiceUtils.getMetaAlias(httpServletRequest);
        String realmByMetaAlias = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
        String baseURL = FSServiceUtils.getBaseURL(httpServletRequest);
        String commonLoginPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, null, null, httpServletRequest, baseURL);
        try {
            String entityIDByMetaAlias = this.metaManager.getEntityIDByMetaAlias(metaAlias);
            SPDescriptorType sPDescriptor = this.metaManager.getSPDescriptor(realmByMetaAlias, entityIDByMetaAlias);
            BaseConfigType sPDescriptorConfig = this.metaManager.getSPDescriptorConfig(realmByMetaAlias, entityIDByMetaAlias);
            String parameter = httpServletRequest.getParameter(IFSConstants.POST_AUTHN_RESPONSE_PARAM);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionConsumerService.doPost: Base64 encoded AuthnResponse: " + parameter);
            }
            if (parameter == null) {
                LogUtil.error(Level.INFO, LogUtil.MISSING_AUTHN_RESPONSE, new String[]{FSUtils.bundle.getString("missingAuthnResponse")});
                FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("missingAuthnResponse") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
                return;
            }
            String replace = parameter.replace(' ', '\n');
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionConsumerService.doPost: Base64 encoded AuthnResponse2: " + replace);
            }
            try {
                String str = new String(Base64.decode(replace));
                FSUtils.debug.message("Decoded authnResponse" + str);
                Document dOMDocument = XMLUtils.toDOMDocument(str, FSUtils.debug);
                if (dOMDocument == null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionConsumerService.doPost:Error while parsing input xml string");
                    }
                    throw new FSMsgException("parseError", (Object[]) null);
                }
                FSAuthnResponse fSAuthnResponse = new FSAuthnResponse(dOMDocument.getDocumentElement());
                if (fSAuthnResponse == null) {
                    FSUtils.debug.error("FSAssertionConsumerService.doPost: Invalid AuthnResponse. Can't parse Base64 encoded AuthnResponse");
                    LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, new String[]{FSUtils.bundle.getString("invalidAuthnResponse")});
                    FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                    FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
                    return;
                }
                try {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionConsumerService.doPost: AuthnResponse received is valid: " + fSAuthnResponse.toXMLString());
                    }
                    String inResponseTo = fSAuthnResponse.getInResponseTo();
                    if (inResponseTo == null) {
                        FSUtils.debug.error("FSAssertionConsumerService.doPost: Invalid AuthnResponse. AuthnResponse received does not have inResponseTo attribute");
                        LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, new String[]{FSUtils.bundle.getString("invalidAuthnResponse")});
                        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                        FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
                        return;
                    }
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionConsumerService.doPost: AuthnResponse received is against requestID: " + inResponseTo);
                    }
                    FSAuthnRequest inResponseToRequest = getInResponseToRequest(inResponseTo, metaAlias);
                    if (inResponseToRequest == null) {
                        FSUtils.debug.error("FSAssertionConsumerService.doPost: Invalid AuthnResponse. AuthnResponse received does not have an associated AuthnRequest");
                        LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, new String[]{FSUtils.bundle.getString("invalidAuthnResponse")});
                        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                        FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
                        return;
                    }
                    String commonLoginPageURL2 = FSServiceUtils.getCommonLoginPageURL(metaAlias, inResponseToRequest.getRelayState(), null, httpServletRequest, baseURL);
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionConsumerService.doPost: inResponseTo validation is successful");
                    }
                    try {
                        if (inResponseToRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_LECP)) {
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("FSAssertionConsumerService.doPost: LECP Profile identified. IDP info is unknown so farGet providerId from the response");
                            }
                            providerId = fSAuthnResponse.getProviderId();
                            iDPDescriptor = this.metaManager.getIDPDescriptor(realmByMetaAlias, providerId);
                        } else {
                            providerId = getProvider(fSAuthnResponse.getInResponseTo(), metaAlias);
                            iDPDescriptor = this.metaManager.getIDPDescriptor(realmByMetaAlias, providerId);
                            if (providerId == null || iDPDescriptor == null) {
                                FSUtils.debug.error("FSAssertionConsumerService.doPost: Invalid AuthnResponse. Sender information not found for the received AuthnResponse");
                                LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, new String[]{FSUtils.bundle.getString("invalidAuthnResponse")});
                                FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                                FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL2);
                                return;
                            }
                            if ((FSServiceUtils.isSigningOn() || (FSServiceUtils.isSigningOptional() && inResponseToRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_POST))) && !verifyAuthnResponseSignature(dOMDocument, iDPDescriptor, providerId)) {
                                FSUtils.debug.error("FSAssertionConsumerService.doPost: Signature verification failed");
                                FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL2);
                                return;
                            }
                        }
                        FSAssertionArtifactHandler assertionArtifactHandler = FSServiceManager.getInstance().getAssertionArtifactHandler(httpServletRequest, httpServletResponse, inResponseToRequest, fSAuthnResponse, iDPDescriptor, providerId);
                        if (assertionArtifactHandler == null) {
                            FSUtils.debug.error("FSAssertionConsumerService.doPost: could not create AssertionArtifactHandler");
                            LogUtil.error(Level.INFO, LogUtil.AUTHN_REQUEST_PROCESSING_FAILED, new String[]{FSUtils.bundle.getString("requestProcessingFailed")});
                            FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("requestProcessingFailed") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                            FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL2);
                            return;
                        }
                        assertionArtifactHandler.setHostEntityId(entityIDByMetaAlias);
                        assertionArtifactHandler.setHostDescriptor(sPDescriptor);
                        assertionArtifactHandler.setHostDescriptorConfig(sPDescriptorConfig);
                        assertionArtifactHandler.setMetaAlias(metaAlias);
                        assertionArtifactHandler.setRealm(realmByMetaAlias);
                        assertionArtifactHandler.processAuthnResponse(fSAuthnResponse);
                    } catch (Exception e) {
                        FSUtils.debug.error("FSAssertionConsumerService.doPost: Exception: ", e);
                        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("requestProcessingFailed") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                        FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL2);
                    }
                } catch (FSException e2) {
                    FSUtils.debug.error("FSAssertionConsumerService.doPost: Invalid AuthnResponse. FSException occurred while calling AuthnResponse.toXMLString(): ", e2);
                    LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, new String[]{FSUtils.bundle.getString("invalidAuthnResponse")});
                    FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                    FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
                }
            } catch (FSException e3) {
                FSUtils.debug.error("FSAssertionConsumerService.doPost: Invalid AuthnResponse. FSException occured while parsing Base64 encoded AuthnResponse: ", e3);
                LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, new String[]{FSUtils.bundle.getString("invalidAuthnResponse")});
                FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
            } catch (SAMLException e4) {
                FSUtils.debug.error("FSAssertionConsumerService.doPost: Invalid AuthnResponse. SAMLException occurred while parsing Base64 encoded AuthnResponse: ", e4);
                LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, new String[]{FSUtils.bundle.getString("invalidAuthnResponse")});
                FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
            }
        } catch (Exception e5) {
            FSUtils.debug.error("FSAssertionConsumerService.doPost: Exception when obtain host meta data:", e5);
            FSUtils.forwardRequest(httpServletRequest, httpServletResponse, commonLoginPageURL);
        }
    }

    private FSAuthnRequest getInResponseToRequest(String str, String str2) {
        FSUtils.debug.message("FSAssertionConsumerService::getInResponseToRequest: Called");
        return FSSessionManager.getInstance(str2).getAuthnRequest(str);
    }

    private String getProvider(String str, String str2) {
        FSUtils.debug.message("FSAssertionConsumerService.getProvider: Called");
        return FSSessionManager.getInstance(str2).getIDPEntityID(str);
    }

    private boolean verifyAuthnResponseSignature(Document document, IDPDescriptorType iDPDescriptorType, String str) {
        FSUtils.debug.message("FSAssertionConsumerService.verifyAuthnResponseSignature: Called");
        try {
            X509Certificate verificationCert = KeyUtil.getVerificationCert(iDPDescriptorType, str, true);
            if (verificationCert != null) {
                return XMLSignatureManager.getInstance().verifyXMLSignature(document, verificationCert);
            }
            FSUtils.debug.error("FSAssertionConsumerService.verifyAuthnResponseSignature: couldn't obtain this site's cert.");
            return false;
        } catch (Exception e) {
            FSUtils.debug.error("FSAssertionConsumerService.verifyAuthnResponseSignature: Exception occurred while verifying signature: ", e);
            return false;
        }
    }
}
