package com.sun.identity.federation.services.registration;

import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.common.LogUtil;
import com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement;
import com.sun.identity.federation.key.KeyUtil;
import com.sun.identity.federation.message.FSNameRegistrationRequest;
import com.sun.identity.federation.message.common.FSMsgException;
import com.sun.identity.federation.meta.IDFFMetaException;
import com.sun.identity.federation.meta.IDFFMetaManager;
import com.sun.identity.federation.meta.IDFFMetaUtils;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.federation.services.util.FSSignatureUtil;
import com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType;
import com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLResponderException;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/sun/identity/federation/services/registration/FSRegistrationRequestServlet.class */
public class FSRegistrationRequestServlet extends HttpServlet {
    private static String COMMON_ERROR_PAGE = "";
    private IDFFMetaManager metaManager = null;
    private HttpServletRequest request = null;

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        FSUtils.debug.message("Entered FSRegistrationRequestServlet Init");
        this.metaManager = FSUtils.getIDFFMetaManager();
    }

    protected void setRegistrationURL(BaseConfigType baseConfigType, String str) {
        COMMON_ERROR_PAGE = FSServiceUtils.getErrorPageURL(this.request, baseConfigType, str);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("COMMON_ERROR_PAGE : " + COMMON_ERROR_PAGE);
        }
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGetPost(httpServletRequest, httpServletResponse);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGetPost(httpServletRequest, httpServletResponse);
    }

    private void doGetPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String metaAlias = FSServiceUtils.getMetaAlias(httpServletRequest);
        if (metaAlias == null || metaAlias.length() < 1) {
            FSUtils.debug.error("Unable to retrieve alias, Hosted Provider. Cannot process request");
            httpServletResponse.sendError(IFSConstants.MAX_CACHING_TIME, FSUtils.bundle.getString("aliasNotFound"));
            return;
        }
        if (this.metaManager == null) {
            FSUtils.debug.error("Cannot retrieve hosted descriptor. Cannot process request");
            httpServletResponse.sendError(IFSConstants.MAX_CACHING_TIME, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
            return;
        }
        String realmByMetaAlias = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
        IDPDescriptorType iDPDescriptorType = null;
        IDPDescriptorConfigElement iDPDescriptorConfigElement = null;
        try {
            String providerRoleByMetaAlias = this.metaManager.getProviderRoleByMetaAlias(metaAlias);
            String entityIDByMetaAlias = this.metaManager.getEntityIDByMetaAlias(metaAlias);
            if (providerRoleByMetaAlias != null && providerRoleByMetaAlias.equalsIgnoreCase("IDP")) {
                iDPDescriptorType = this.metaManager.getIDPDescriptor(realmByMetaAlias, entityIDByMetaAlias);
                iDPDescriptorConfigElement = this.metaManager.getIDPDescriptorConfig(realmByMetaAlias, entityIDByMetaAlias);
            } else if (providerRoleByMetaAlias != null && providerRoleByMetaAlias.equalsIgnoreCase(IFSConstants.SP)) {
                iDPDescriptorType = this.metaManager.getSPDescriptor(realmByMetaAlias, entityIDByMetaAlias);
                iDPDescriptorConfigElement = this.metaManager.getSPDescriptorConfig(realmByMetaAlias, entityIDByMetaAlias);
            }
            if (iDPDescriptorType == null) {
                throw new IDFFMetaException((String) null);
            }
            this.request = httpServletRequest;
            setRegistrationURL(iDPDescriptorConfigElement, metaAlias);
            new FSNameRegistrationRequest();
            try {
                FSNameRegistrationRequest parseURLEncodedRequest = FSNameRegistrationRequest.parseURLEncodedRequest(httpServletRequest);
                if (parseURLEncodedRequest == null) {
                    FSServiceUtils.showErrorPage(httpServletResponse, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
                } else {
                    doRequestProcessing(httpServletRequest, httpServletResponse, iDPDescriptorType, iDPDescriptorConfigElement, providerRoleByMetaAlias, realmByMetaAlias, entityIDByMetaAlias, metaAlias, parseURLEncodedRequest);
                }
            } catch (FSMsgException e) {
                FSServiceUtils.showErrorPage(httpServletResponse, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
            } catch (SAMLException e2) {
                FSServiceUtils.showErrorPage(httpServletResponse, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
            }
        } catch (IDFFMetaException e3) {
            FSUtils.debug.error("Unable to find Hosted Provider. not process request");
            httpServletResponse.sendError(IFSConstants.MAX_CACHING_TIME, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
        }
    }

    private void doRequestProcessing(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ProviderDescriptorType providerDescriptorType, BaseConfigType baseConfigType, String str, String str2, String str3, String str4, FSNameRegistrationRequest fSNameRegistrationRequest) {
        IDPDescriptorType sPDescriptor;
        FSUtils.debug.message("Entered FSRegistrationRequestServlet::doRequestProcessing");
        String providerId = fSNameRegistrationRequest.getProviderId();
        String str5 = null;
        boolean z = false;
        try {
            if (str.equalsIgnoreCase(IFSConstants.SP)) {
                sPDescriptor = this.metaManager.getIDPDescriptor(str2, providerId);
                z = true;
            } else {
                sPDescriptor = this.metaManager.getSPDescriptor(str2, providerId);
            }
            str5 = sPDescriptor.getRegisterNameIdentifierServiceReturnURL();
            boolean z2 = true;
            if (FSServiceUtils.isSigningOn()) {
                try {
                    if (sPDescriptor == null) {
                        FSUtils.debug.error("Cannot retrieve provider descriptor.");
                        LogUtil.error(Level.INFO, LogUtil.INVALID_PROVIDER, new String[]{providerId, str2});
                        FSServiceUtils.returnToSource(httpServletResponse, str5, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_FAILED, IFSConstants.METADATA_ERROR);
                        return;
                    }
                    FSUtils.debug.message("Calling verifyRegistrationSignature");
                    z2 = verifyRegistrationSignature(httpServletRequest, sPDescriptor, providerId, z);
                } catch (FSException e) {
                    FSUtils.debug.error("FSRegistrationRequestServlet::processRegistrationRequest Signature on registration request is invalidCannot proceed federation registration");
                    LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, new String[]{FSUtils.bundle.getString(IFSConstants.REGISTRATION_INVALID_SIGNATURE)});
                    FSServiceUtils.returnToSource(httpServletResponse, str5, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_FAILED, IFSConstants.METADATA_ERROR);
                    return;
                } catch (SAMLException e2) {
                    FSUtils.debug.error("FSRegistrationRequestServlet::processRegistrationRequestSignature on registration request is invalidCannot proceed federation registration");
                    LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, new String[]{FSUtils.bundle.getString(IFSConstants.REGISTRATION_INVALID_SIGNATURE)});
                    FSServiceUtils.returnToSource(httpServletResponse, str5, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_FAILED, IFSConstants.METADATA_ERROR);
                    return;
                }
            }
            if (!z2) {
                FSUtils.debug.error("FSRegistrationRequestServlet::doRequestProcesing Signature on registration request is invalidCannot proceed name registration");
                LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, new String[]{FSUtils.bundle.getString(IFSConstants.REGISTRATION_INVALID_SIGNATURE)});
            } else if (this.metaManager.isTrustedProvider(str2, str3, providerId)) {
                FSNameRegistrationHandler fSNameRegistrationHandler = new FSNameRegistrationHandler();
                if (fSNameRegistrationHandler != null) {
                    fSNameRegistrationHandler.setHostedDescriptor(providerDescriptorType);
                    fSNameRegistrationHandler.setHostedDescriptorConfig(baseConfigType);
                    fSNameRegistrationHandler.setRemoteDescriptor(sPDescriptor);
                    fSNameRegistrationHandler.setRemoteEntityId(providerId);
                    fSNameRegistrationHandler.setHostedEntityId(str3);
                    fSNameRegistrationHandler.setHostedProviderRole(str);
                    fSNameRegistrationHandler.setMetaAlias(str4);
                    fSNameRegistrationHandler.setRealm(str2);
                    fSNameRegistrationHandler.processRegistrationRequest(httpServletRequest, httpServletResponse, fSNameRegistrationRequest);
                    return;
                }
                FSUtils.debug.error("Unable to get registration handler. User account Not valid");
            } else {
                FSUtils.debug.error("Remote provider not in trusted list");
            }
            FSServiceUtils.returnToSource(httpServletResponse, str5, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_FAILED, IFSConstants.METADATA_ERROR);
        } catch (IDFFMetaException e3) {
            FSUtils.debug.error("FSRegistrationRequestServlet.doRequest Processing: Can not retrieve remote provider data." + providerId);
            LogUtil.error(Level.INFO, LogUtil.INVALID_PROVIDER, new String[]{providerId, str2});
            FSServiceUtils.returnToSource(httpServletResponse, str5, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_FAILED, IFSConstants.METADATA_ERROR);
        }
    }

    private boolean verifyRegistrationSignature(HttpServletRequest httpServletRequest, ProviderDescriptorType providerDescriptorType, String str, boolean z) throws SAMLException, FSException {
        FSUtils.debug.message("Entered FSRegistrationRequestServlet::verifyRegistrationSignature");
        X509Certificate verificationCert = KeyUtil.getVerificationCert(providerDescriptorType, str, z);
        if (verificationCert == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSRegistrationRequestServlet.verifyRegistrationSignature:couldn't obtain this site's cert .");
            }
            throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT));
        }
        if (FSSignatureUtil.verifyRequestSignature(httpServletRequest, verificationCert)) {
            FSUtils.debug.message("Registration request is properly signed");
            return true;
        }
        FSUtils.debug.error("Registration request is not properly signed");
        return false;
    }
}
