package com.sun.identity.saml2.profile;

import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.plugins.SAML2IdentityProviderAdapter;
import com.sun.identity.saml2.protocol.AuthnRequest;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.forgerock.openam.saml2.IDPRequestValidator;
import org.forgerock.openam.saml2.IDPSSOFederateRequest;
import org.forgerock.openam.saml2.SAML2ActorFactory;
import org.forgerock.openam.saml2.UtilProxyCookieRedirector;
import org.forgerock.openam.saml2.audit.SAML2EventLogger;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.util.annotations.VisibleForTesting;

/* loaded from: input_file:com/sun/identity/saml2/profile/IDPSSOFederate.class */
public class IDPSSOFederate {
    private static final String REQ_ID = "ReqID";
    private final boolean isFromECP;
    private final FederateCookieRedirector cookieRedirector;
    private final SAML2ActorFactory saml2ActorFactory;
    private SAML2EventLogger auditor;

    private IDPSSOFederate(boolean z) throws ServerFaultException, ClientFaultException {
        this.isFromECP = z;
        this.cookieRedirector = new UtilProxyCookieRedirector();
        this.saml2ActorFactory = new SAML2ActorFactory();
    }

    @VisibleForTesting
    IDPSSOFederate(boolean z, FederateCookieRedirector federateCookieRedirector, SAML2ActorFactory sAML2ActorFactory) throws ServerFaultException, ClientFaultException {
        this.isFromECP = z;
        this.cookieRedirector = federateCookieRedirector;
        this.saml2ActorFactory = sAML2ActorFactory;
    }

    public static void doSSOFederate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, String str, SAML2EventLogger sAML2EventLogger) {
        try {
            doSSOFederate(httpServletRequest, httpServletResponse, printWriter, false, str, sAML2EventLogger);
            sAML2EventLogger.auditAccessSuccess();
        } catch (FederatedSSOException e) {
            sAML2EventLogger.auditAccessFailure(e.getFaultCode(), e.getLocalizedMessage());
            try {
                SAML2Utils.debug.message("Invoking IDP adapter preSendFailureResponse hook");
                SAML2IdentityProviderAdapter idpAdapter = e.getIdpAdapter();
                if (idpAdapter != null) {
                    idpAdapter.preSendFailureResponse(httpServletRequest, httpServletResponse, e.getFaultCode(), e.getDetail());
                }
            } catch (SAML2Exception e2) {
                SAML2Utils.debug.error("Error invoking the IDP Adapter", e2);
            }
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, e.getMessageCode(), SAML2Utils.bundle.getString(e.getMessageCode()));
        }
    }

    public static void doSSOFederate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, boolean z, String str, SAML2EventLogger sAML2EventLogger) throws FederatedSSOException {
        try {
            IDPSSOFederate iDPSSOFederate = new IDPSSOFederate(z);
            iDPSSOFederate.withEventAuditor(sAML2EventLogger);
            iDPSSOFederate.process(httpServletRequest, httpServletResponse, printWriter, str);
        } catch (SessionException e) {
            SAML2Utils.debug.error("SSOException : ", e);
        } catch (IOException e2) {
            SAML2Utils.debug.error("IDPSSOFederate.doSSOFederate: I/O error", e2);
        }
    }

    private IDPSSOFederate withEventAuditor(SAML2EventLogger sAML2EventLogger) {
        this.auditor = sAML2EventLogger;
        return this;
    }

    private boolean idpProxyCase(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServerFaultException {
        String preferredIDP;
        Map map = (Map) SPCache.reqParamHash.get(str);
        if (str == null || (preferredIDP = SAML2Utils.getPreferredIDP(httpServletRequest)) == null) {
            return false;
        }
        SAML2Utils.debug.message("{} IDP to be proxied {}", new Object[]{"IDPSSOFederate.idpProxyCase:", preferredIDP});
        try {
            IDPProxyUtil.sendProxyAuthnRequest((AuthnRequest) map.get("authnReq"), preferredIDP, (SPSSODescriptorElement) map.get("spSSODescriptor"), (String) map.get("idpEntityID"), httpServletRequest, httpServletResponse, (String) map.get("realm"), (String) map.get("relayState"), (String) map.get(SAML2Constants.BINDING));
            SPCache.reqParamHash.remove(str);
            return true;
        } catch (SAML2Exception | IOException e) {
            SAML2Utils.debug.message("IDPSSOFederate.idpProxyCase:{} Redirecting for the proxy handling error: {}", new Object[]{"IDPSSOFederate.idpProxyCase:", e.getMessage()});
            throw new ServerFaultException("UnableToRedirectToPreferredIDP", e.getMessage());
        }
    }

    @VisibleForTesting
    void process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PrintWriter printWriter, String str) throws FederatedSSOException, IOException, SessionException {
        if (this.cookieRedirector.needSetLBCookieAndRedirect(httpServletRequest, httpServletResponse, true)) {
            return;
        }
        IDPRequestValidator iDPRequestValidator = this.saml2ActorFactory.getIDPRequestValidator(str, this.isFromECP);
        if (idpProxyCase(httpServletRequest.getParameter("requestID"), httpServletRequest, httpServletResponse)) {
            return;
        }
        String metaAlias = iDPRequestValidator.getMetaAlias(httpServletRequest);
        String realmByMetaAlias = iDPRequestValidator.getRealmByMetaAlias(metaAlias);
        String iDPEntity = iDPRequestValidator.getIDPEntity(metaAlias, realmByMetaAlias);
        SAML2IdentityProviderAdapter iDPAdapter = iDPRequestValidator.getIDPAdapter(realmByMetaAlias, iDPEntity);
        String parameter = httpServletRequest.getParameter(REQ_ID);
        if (null != this.auditor) {
            if (StringUtils.isNotEmpty(parameter)) {
                this.auditor.setRequestId(parameter);
            }
            this.auditor.setRealm(realmByMetaAlias);
        }
        IDPSSOFederateRequest iDPSSOFederateRequest = new IDPSSOFederateRequest(parameter, realmByMetaAlias, iDPAdapter, metaAlias, iDPEntity);
        iDPSSOFederateRequest.setEventAuditor(this.auditor);
        if (StringUtils.isEmpty(iDPSSOFederateRequest.getRequestID())) {
            this.saml2ActorFactory.getSAMLAuthenticator(iDPSSOFederateRequest, httpServletRequest, httpServletResponse, printWriter, this.isFromECP).authenticate();
        } else {
            this.saml2ActorFactory.getSAMLAuthenticatorLookup(iDPSSOFederateRequest, httpServletRequest, httpServletResponse, printWriter).retrieveAuthenticationFromCache();
        }
    }
}
