package com.sun.identity.wsfederation.servlet;

import com.sun.identity.multiprotocol.MultiProtocolUtils;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.encode.URLEncDec;
import com.sun.identity.wsfederation.common.WSFederationConstants;
import com.sun.identity.wsfederation.common.WSFederationException;
import com.sun.identity.wsfederation.common.WSFederationUtils;
import com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.wsfederation.logging.LogUtil;
import com.sun.identity.wsfederation.meta.WSFederationMetaManager;
import com.sun.identity.wsfederation.meta.WSFederationMetaUtils;
import com.sun.identity.wsfederation.profile.IDPSSOUtil;
import com.sun.identity.wsfederation.profile.RequestSecurityTokenResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.logging.Level;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.esapi.ESAPI;

/* loaded from: input_file:com/sun/identity/wsfederation/servlet/IPSigninRequest.class */
public class IPSigninRequest extends WSFederationAction {
    private static Debug debug = WSFederationUtils.debug;
    String wtrealm;
    String whr;
    String wct;
    String wctx;
    String wreply;

    public IPSigninRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4, String str5) {
        super(httpServletRequest, httpServletResponse);
        this.whr = str;
        this.wtrealm = str2;
        this.wct = str3;
        this.wctx = str4;
        this.wreply = str5;
    }

    @Override // com.sun.identity.wsfederation.servlet.WSFederationAction
    public void process() throws IOException, WSFederationException {
        Object obj;
        String metaAliasByUri = WSFederationMetaUtils.getMetaAliasByUri(this.request.getRequestURI());
        if (metaAliasByUri == null || metaAliasByUri.trim().length() == 0) {
            debug.error("IPSigninRequest.process: unable to get IDP meta alias from request.");
            throw new WSFederationException(WSFederationUtils.bundle.getString("IDPMetaAliasNotFound"));
        }
        WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
        String entityByMetaAlias = metaManager.getEntityByMetaAlias(metaAliasByUri);
        if (entityByMetaAlias == null || entityByMetaAlias.trim().length() == 0) {
            debug.error("IPSigninRequest.process: Unable to get IDP Entity ID from metaAlias");
            throw new WSFederationException(WSFederationUtils.bundle.getString("nullIDPEntityID"));
        }
        String realmByMetaAlias = WSFederationMetaUtils.getRealmByMetaAlias(metaAliasByUri);
        String entityByTokenIssuerName = metaManager.getEntityByTokenIssuerName(realmByMetaAlias, this.wtrealm);
        if (entityByTokenIssuerName == null || entityByTokenIssuerName.trim().length() == 0) {
            debug.error("IPSigninRequest.process: Unable to get SP Entity ID from wtrealm");
            throw new WSFederationException(WSFederationUtils.bundle.getString("nullIDPEntityID"));
        }
        if (!metaManager.isTrustedProvider(realmByMetaAlias, entityByMetaAlias, entityByTokenIssuerName)) {
            debug.error("IPSigninRequest.process: The remote provider is not valid.");
            throw new WSFederationException(WSFederationUtils.bundle.getString("invalidReceiver"));
        }
        try {
            obj = WSFederationUtils.sessionProvider.getSession(this.request);
        } catch (SessionException e) {
            if (debug.messageEnabled()) {
                debug.message("IPSigninRequest.process: Unable to retrieve user session.");
            }
            obj = null;
        }
        if (obj == null) {
            redirectAuthentication(entityByMetaAlias, realmByMetaAlias);
            return;
        }
        String sessionRealm = getSessionRealm(obj);
        if (realmByMetaAlias.equalsIgnoreCase(sessionRealm)) {
            MultiProtocolUtils.addFederationProtocol(obj, "wsfed");
            sendResponse(obj, entityByMetaAlias, entityByTokenIssuerName, metaAliasByUri, realmByMetaAlias);
        } else {
            if (debug.messageEnabled()) {
                debug.message("IPSigninRequest.process: The users realm: " + sessionRealm + " was different to the IDP's realm: " + realmByMetaAlias + ", will re-authenticate to IDP: " + entityByMetaAlias);
            }
            redirectAuthentication(entityByMetaAlias, realmByMetaAlias);
        }
    }

    private void redirectAuthentication(String str, String str2) throws WSFederationException, IOException {
        StringBuffer stringBuffer = new StringBuffer(IDPSSOUtil.getAuthenticationServiceURL(str2, str, this.request));
        if (stringBuffer.indexOf("?") == -1) {
            stringBuffer.append("?goto=");
        } else {
            stringBuffer.append("&goto=");
        }
        StringBuffer append = this.request.getRequestURL().append("?").append(this.request.getQueryString());
        if (debug.messageEnabled()) {
            debug.message("IDPSSOFederate.redirectAuthentication: Target to get back here: " + append.toString());
        }
        stringBuffer.append(URLEncDec.encode(append.toString()));
        if (debug.messageEnabled()) {
            debug.message("IDPSSOFederate.redirectAuthentication: New URL for authentication: " + stringBuffer.toString());
        }
        WSFederationUtils.sessionProvider.setLoadBalancerCookie(this.request, this.response);
        this.response.sendRedirect(stringBuffer.toString());
    }

    private void sendResponse(Object obj, String str, String str2, String str3, String str4) throws WSFederationException, IOException {
        String aCSurl = IDPSSOUtil.getACSurl(str2, str4, this.wreply);
        if (aCSurl == null || aCSurl.trim().length() == 0) {
            debug.error("IDPSSOFederate.sendResponse: no ACS URL found.");
            LogUtil.error(Level.INFO, "NO_ACS_URL", new String[]{str4, str2, this.wreply}, null);
            throw new WSFederationException(WSFederationUtils.bundle.getString("unableTofindACSURL"));
        }
        SPSSOConfigElement sPSSOConfig = WSFederationUtils.getMetaManager().getSPSSOConfig(str4, str2);
        if (sPSSOConfig == null) {
            debug.error("Cannot find configuration for SP " + str2);
            throw new WSFederationException(WSFederationUtils.bundle.getString("unableToFindSPConfiguration"));
        }
        try {
            String str5 = WSFederationUtils.sessionProvider.getProperty(obj, SessionProvider.AUTH_METHOD)[0];
            String attribute = WSFederationMetaUtils.getAttribute(sPSSOConfig, WSFederationConstants.WANT_ASSERTION_SIGNED);
            RequestSecurityTokenResponse requestSecurityTokenResponse = new RequestSecurityTokenResponse(WSFederationUtils.createSAML11Token(str4, str, str2, obj, WSFederationUtils.getMetaManager().getTokenIssuerName(WSFederationUtils.getMetaManager().getEntityDescriptor(str4, str2)), str5, attribute != null ? Boolean.parseBoolean(attribute) : true), this.wtrealm);
            if (requestSecurityTokenResponse == null) {
                debug.error("IDPSSOFederate.sendResponse: response is null");
                WSFederationUtils.bundle.getString("UnableToCreateAssertion");
                return;
            }
            try {
                new String[1][0] = str3;
                String[] property = WSFederationUtils.sessionProvider.getProperty(obj, WSFederationConstants.SESSION_SP_LIST);
                ArrayList arrayList = property != null ? new ArrayList(Arrays.asList(property)) : new ArrayList();
                if (!arrayList.contains(str2)) {
                    arrayList.add(str2);
                    WSFederationUtils.sessionProvider.setProperty(obj, WSFederationConstants.SESSION_SP_LIST, (String[]) arrayList.toArray(new String[0]));
                }
            } catch (SessionException e) {
                debug.error("IDPSSOFederate.sendResponse: error setting idpMetaAlias into the session: ", e);
            }
            try {
                postToTarget(requestSecurityTokenResponse, aCSurl);
            } catch (ServletException e2) {
                throw new WSFederationException((Throwable) e2);
            }
        } catch (SessionException e3) {
            throw new WSFederationException((Throwable) e3);
        }
    }

    private void postToTarget(RequestSecurityTokenResponse requestSecurityTokenResponse, String str) throws IOException, ServletException {
        String requestSecurityTokenResponse2 = requestSecurityTokenResponse.toString();
        if (debug.messageEnabled()) {
            debug.message("IDPSSOUtil.postToTarget: wresult before encoding: " + requestSecurityTokenResponse2);
        }
        this.request.setAttribute(WSFederationConstants.POST_ACTION, ESAPI.encoder().encodeForHTML(str));
        this.request.setAttribute(WSFederationConstants.POST_WA, WSFederationConstants.WSIGNIN10);
        this.request.setAttribute(WSFederationConstants.POST_WCTX, ESAPI.encoder().encodeForHTML(this.wctx));
        this.request.setAttribute(WSFederationConstants.POST_WRESULT, ESAPI.encoder().encodeForHTML(requestSecurityTokenResponse2));
        this.request.getRequestDispatcher("/wsfederation/jsp/post.jsp").forward(this.request, this.response);
    }

    private static String getSessionRealm(Object obj) {
        String str = null;
        try {
            str = WSFederationUtils.sessionProvider.getProperty(obj, SAML2Constants.ORGANIZATION)[0];
        } catch (SessionException e) {
            debug.error("IPSigninRequest.getSessionRealm: Could not retrieve the session information", e);
        }
        return str;
    }
}
