package edu.internet2.middleware.shibboleth.idp;

import edu.internet2.middleware.shibboleth.aa.arp.ArpEngine;
import edu.internet2.middleware.shibboleth.aa.arp.ArpException;
import edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver;
import edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolverException;
import edu.internet2.middleware.shibboleth.artifact.ArtifactMapperFactory;
import edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper;
import edu.internet2.middleware.shibboleth.common.Credentials;
import edu.internet2.middleware.shibboleth.common.NameIdentifierMapping;
import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
import edu.internet2.middleware.shibboleth.common.NameMapper;
import edu.internet2.middleware.shibboleth.common.ServiceProviderMapper;
import edu.internet2.middleware.shibboleth.common.ServiceProviderMapperException;
import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
import edu.internet2.middleware.shibboleth.log.LoggingInitializer;
import java.io.IOException;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Random;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.UnavailableException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.log4j.Logger;
import org.apache.log4j.MDC;
import org.opensaml.SAMLBinding;
import org.opensaml.SAMLBindingFactory;
import org.opensaml.SAMLException;
import org.opensaml.SAMLRequest;
import org.opensaml.SAMLResponse;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/idp/IdPResponder.class */
public class IdPResponder extends HttpServlet {
    private static Logger transactionLog;
    private static Logger log;
    private static Random idgen = new Random();
    private SAMLBinding binding;
    private IdPConfig configuration;
    private HashMap protocolHandlers = new HashMap();
    private IdPProtocolSupport protocolSupport;
    static Class class$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v113, types: [edu.internet2.middleware.shibboleth.artifact.ArtifactMapper] */
    /* JADX WARN: Type inference failed for: r1v17, types: [java.lang.Throwable] */
    public void init(ServletConfig servletConfig) throws ServletException {
        MemoryArtifactMapper memoryArtifactMapper;
        super.init(servletConfig);
        try {
            this.binding = SAMLBindingFactory.getInstance("urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding");
            Document idPConfig = IdPConfigLoader.getIdPConfig(getServletContext());
            NodeList elementsByTagNameNS = idPConfig.getDocumentElement().getElementsByTagNameNS(IdPConfig.configNameSpace, "Logging");
            if (elementsByTagNameNS.getLength() <= 0) {
                LoggingInitializer.initializeLogging();
            } else if (elementsByTagNameNS.getLength() > 1) {
                System.err.println("WARNING: More than one Logging element in IdP configuration, using the first one.");
            } else {
                LoggingInitializer.initializeLogging((Element) elementsByTagNameNS.item(0));
            }
            transactionLog = Logger.getLogger("Shibboleth-TRANSACTION");
            Class<?> cls = class$0;
            if (cls == null) {
                try {
                    cls = Class.forName("edu.internet2.middleware.shibboleth.idp.IdPResponder");
                    class$0 = cls;
                } catch (ClassNotFoundException unused) {
                    throw new NoClassDefFoundError(cls.getMessage());
                }
            }
            log = Logger.getLogger(cls);
            MDC.put("serviceId", "[IdP] Core");
            log.info("Initializing Identity Provider.");
            this.configuration = new IdPConfig(idPConfig.getDocumentElement());
            NameMapper nameMapper = new NameMapper();
            NodeList elementsByTagNameNS2 = idPConfig.getDocumentElement().getElementsByTagNameNS(NameIdentifierMapping.mappingNamespace, "NameMapping");
            for (int i = 0; i < elementsByTagNameNS2.getLength(); i++) {
                try {
                    nameMapper.addNameMapping((Element) elementsByTagNameNS2.item(i));
                } catch (NameIdentifierMappingException e) {
                    log.error(new StringBuffer("Name Identifier mapping could not be loaded: ").append(e).toString());
                }
            }
            NodeList elementsByTagNameNS3 = idPConfig.getDocumentElement().getElementsByTagNameNS(Credentials.credentialsNamespace, "Credentials");
            if (elementsByTagNameNS3.getLength() < 1) {
                log.error("No credentials specified.");
            }
            if (elementsByTagNameNS3.getLength() > 1) {
                log.error("Multiple Credentials specifications found, using first.");
            }
            try {
                ServiceProviderMapper serviceProviderMapper = new ServiceProviderMapper(idPConfig.getDocumentElement(), this.configuration, new Credentials((Element) elementsByTagNameNS3.item(0)), nameMapper);
                try {
                    AttributeResolver attributeResolver = new AttributeResolver(this.configuration);
                    NodeList elementsByTagNameNS4 = idPConfig.getDocumentElement().getElementsByTagNameNS(IdPConfig.configNameSpace, "ReleasePolicyEngine");
                    if (elementsByTagNameNS4.getLength() > 1) {
                        log.warn("Encountered multiple <ReleasePolicyEngine/> configuration elements.  Using first...");
                    }
                    ArpEngine arpEngine = elementsByTagNameNS4.getLength() < 1 ? new ArpEngine() : new ArpEngine((Element) elementsByTagNameNS4.item(0));
                    NodeList elementsByTagNameNS5 = idPConfig.getDocumentElement().getElementsByTagNameNS(IdPConfig.configNameSpace, "ArtifactMapper");
                    if (elementsByTagNameNS5.getLength() > 1) {
                        log.warn("Encountered multiple <ArtifactMapper/> configuration elements.  Using first...");
                    }
                    if (elementsByTagNameNS5.getLength() > 0) {
                        memoryArtifactMapper = ArtifactMapperFactory.getInstance((Element) elementsByTagNameNS5.item(0));
                    } else {
                        log.debug("No Artifact Mapper configuration found.  Defaulting to Memory-based implementation.");
                        memoryArtifactMapper = new MemoryArtifactMapper();
                    }
                    this.protocolSupport = new IdPProtocolSupport(this.configuration, transactionLog, nameMapper, serviceProviderMapper, arpEngine, attributeResolver, memoryArtifactMapper);
                    NodeList elementsByTagNameNS6 = idPConfig.getDocumentElement().getElementsByTagNameNS(IdPConfig.configNameSpace, "ProtocolHandler");
                    if (elementsByTagNameNS6.getLength() < 1) {
                        elementsByTagNameNS6 = getDefaultHandlers();
                    }
                    for (int i2 = 0; i2 < elementsByTagNameNS6.getLength(); i2++) {
                        IdPProtocolHandler protocolHandlerFactory = ProtocolHandlerFactory.getInstance((Element) elementsByTagNameNS6.item(i2));
                        String[] locations = protocolHandlerFactory.getLocations();
                        for (int i3 = 0; i3 < locations.length; i3++) {
                            if (this.protocolHandlers.containsKey(locations[i3])) {
                                log.error(new StringBuffer("Multiple protocol handlers are registered to listen at (").append(locations[i3]).append(").  Ignoring all except (").append(((IdPProtocolHandler) this.protocolHandlers.get(locations[i3])).getHandlerName()).append(").").toString());
                            } else {
                                log.info(new StringBuffer("Registering handler (").append(protocolHandlerFactory.getHandlerName()).append(") to listen at (").append(locations[i3]).append(").").toString());
                                this.protocolHandlers.put(locations[i3].toString(), protocolHandlerFactory);
                            }
                        }
                    }
                    NodeList elementsByTagNameNS7 = idPConfig.getDocumentElement().getElementsByTagNameNS(IdPConfig.configNameSpace, "MetadataProvider");
                    for (int i4 = 0; i4 < elementsByTagNameNS7.getLength(); i4++) {
                        this.protocolSupport.addMetadataProvider((Element) elementsByTagNameNS7.item(i4));
                    }
                    if (this.protocolSupport.providerCount() < 1) {
                        log.error("No Metadata Provider metadata loaded.");
                        throw new ShibbolethConfigurationException("Could not load SAML metadata.");
                    }
                    log.info("Identity Provider initialization complete.");
                } catch (ArpException e2) {
                    log.fatal(new StringBuffer("The Identity Provider could not be initialized due to a problem with the ARP Engine configuration: ").append(e2).toString());
                    throw new ShibbolethConfigurationException("Could not load ARP Engine.");
                } catch (AttributeResolverException e3) {
                    log.fatal(new StringBuffer("The Identity Provider could not be initialized due to a problem with the Attribute Resolver configuration: ").append(e3).toString());
                    throw new ShibbolethConfigurationException("Could not load Attribute Resolver.");
                }
            } catch (ServiceProviderMapperException e4) {
                log.error(new StringBuffer("Could not load Identity Provider configuration: ").append(e4).toString());
                throw new ShibbolethConfigurationException("Could not load Identity Provider configuration.");
            }
        } catch (SAMLException e5) {
            log.fatal(new StringBuffer("SAML SOAP binding could not be loaded: ").append(e5).toString());
            throw new UnavailableException("Identity Provider failed to initialize.");
        } catch (ShibbolethConfigurationException e6) {
            servletConfig.getServletContext().log(new StringBuffer("The Identity Provider could not be initialized: ").append(e6).toString());
            if (log != null) {
                log.fatal(new StringBuffer("The Identity Provider could not be initialized: ").append(e6).toString());
            }
            throw new UnavailableException("Identity Provider failed to initialize.");
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        MDC.put("serviceId", new StringBuffer("[IdP] ").append(idgen.nextInt()).toString());
        MDC.put("remoteAddr", httpServletRequest.getRemoteAddr());
        log.debug(new StringBuffer("Received a request via GET for location (").append((Object) httpServletRequest.getRequestURL()).append(").").toString());
        try {
            IdPProtocolHandler lookupProtocolHandler = lookupProtocolHandler(httpServletRequest);
            log.info(new StringBuffer("Processing ").append(lookupProtocolHandler.getHandlerName()).append(" request.").toString());
            if (lookupProtocolHandler.processRequest(httpServletRequest, httpServletResponse, null, this.protocolSupport) != null) {
                log.error("Protocol Handler returned a SAML Response, but there is no binding to handle it.");
                throw new SAMLException(SAMLException.RESPONDER, "General error processing request.");
            }
        } catch (SAMLException e) {
            log.error(e);
            displayBrowserError(httpServletRequest, httpServletResponse, e);
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        MDC.put("serviceId", new StringBuffer("[IdP] ").append(idgen.nextInt()).toString());
        MDC.put("remoteAddr", httpServletRequest.getRemoteAddr());
        log.debug(new StringBuffer("Received a request via POST for location (").append((Object) httpServletRequest.getRequestURL()).append(").").toString());
        SAMLRequest sAMLRequest = null;
        try {
            try {
                sAMLRequest = this.binding.receive(httpServletRequest, 1);
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer("Dumping generated SAML Request:").append(System.getProperty("line.separator")).append(sAMLRequest.toString()).toString());
                }
                IdPProtocolHandler lookupProtocolHandler = lookupProtocolHandler(httpServletRequest);
                log.info(new StringBuffer("Processing ").append(lookupProtocolHandler.getHandlerName()).append(" request.").toString());
                this.binding.respond(httpServletResponse, lookupProtocolHandler.processRequest(httpServletRequest, httpServletResponse, sAMLRequest, this.protocolSupport), (SAMLException) null);
            } catch (SAMLException e) {
                log.fatal(new StringBuffer("Unable to parse request: ").append(e).toString());
                throw new SAMLException("Invalid request data.");
            }
        } catch (SAMLException e2) {
            sendFailureToSAMLBinding(httpServletResponse, sAMLRequest, e2);
        }
    }

    private IdPProtocolHandler lookupProtocolHandler(HttpServletRequest httpServletRequest) throws SAMLException {
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        IdPProtocolHandler idPProtocolHandler = null;
        Iterator it = this.protocolHandlers.keySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String str = (String) it.next();
            if (stringBuffer.matches(str)) {
                log.debug(new StringBuffer("Matched handler location: (").append(str).append(").").toString());
                idPProtocolHandler = (IdPProtocolHandler) this.protocolHandlers.get(str);
                break;
            }
        }
        if (idPProtocolHandler != null) {
            return idPProtocolHandler;
        }
        log.error(new StringBuffer("No protocol handler registered for location (").append((Object) httpServletRequest.getRequestURL()).append(").").toString());
        throw new SAMLException("Request submitted to an invalid location.");
    }

    private NodeList getDefaultHandlers() throws ShibbolethConfigurationException {
        log.debug("Loading default protocol handler configuration.");
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            Document newDocument = newInstance.newDocumentBuilder().newDocument();
            Element createElementNS = newDocument.createElementNS(IdPConfig.configNameSpace, "IdPConfig");
            Element createElementNS2 = newDocument.createElementNS(IdPConfig.configNameSpace, "ProtocolHandler");
            createElementNS2.setAttribute("implementation", "edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler");
            Element createElementNS3 = newDocument.createElementNS(IdPConfig.configNameSpace, "Location");
            createElementNS3.appendChild(newDocument.createTextNode("https?://[^/]+(:443)?/shibboleth/SSO"));
            createElementNS2.appendChild(createElementNS3);
            createElementNS.appendChild(createElementNS2);
            Element createElementNS4 = newDocument.createElementNS(IdPConfig.configNameSpace, "ProtocolHandler");
            createElementNS4.setAttribute("implementation", "edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler");
            Element createElementNS5 = newDocument.createElementNS(IdPConfig.configNameSpace, "Location");
            createElementNS5.appendChild(newDocument.createTextNode("https?://[^/]+:8443/shibboleth/AA"));
            createElementNS4.appendChild(createElementNS5);
            createElementNS.appendChild(createElementNS4);
            Element createElementNS6 = newDocument.createElementNS(IdPConfig.configNameSpace, "ProtocolHandler");
            createElementNS6.setAttribute("implementation", "edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler");
            Element createElementNS7 = newDocument.createElementNS(IdPConfig.configNameSpace, "Location");
            createElementNS7.appendChild(newDocument.createTextNode("https?://[^/]+:8443/shibboleth/Artifact"));
            createElementNS6.appendChild(createElementNS7);
            createElementNS.appendChild(createElementNS6);
            return createElementNS.getElementsByTagNameNS(IdPConfig.configNameSpace, "ProtocolHandler");
        } catch (ParserConfigurationException e) {
            log.fatal(new StringBuffer("Encoutered an error while loading default protocol handlers: ").append(e).toString());
            throw new ShibbolethConfigurationException("Could not load protocol handlers.");
        }
    }

    private void sendFailureToSAMLBinding(HttpServletResponse httpServletResponse, SAMLRequest sAMLRequest, SAMLException sAMLException) throws ServletException {
        log.error(new StringBuffer("Error while processing request: ").append(sAMLException).toString());
        try {
            SAMLResponse sAMLResponse = new SAMLResponse(sAMLRequest != null ? sAMLRequest.getId() : null, (String) null, (Collection) null, sAMLException);
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer("Dumping generated SAML Error Response:").append(System.getProperty("line.separator")).append(sAMLResponse.toString()).toString());
            }
            this.binding.respond(httpServletResponse, sAMLResponse, (SAMLException) null);
            log.debug("Returning SAML Error Response.");
        } catch (SAMLException e) {
            try {
                this.binding.respond(httpServletResponse, (SAMLResponse) null, sAMLException);
            } catch (SAMLException e2) {
                log.error(new StringBuffer("Caught exception while responding to requester: ").append(e2.getMessage()).toString());
                try {
                    httpServletResponse.sendError(500, "Error while responding.");
                } catch (IOException e3) {
                    log.fatal(new StringBuffer("Could not construct a SAML error response: ").append(e3).toString());
                    throw new ServletException("Identity Provider response failure.");
                }
            }
            log.error(new StringBuffer("Identity Provider failed to make an error message: ").append(e).toString());
        }
    }

    private static void displayBrowserError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Exception exc) throws ServletException, IOException {
        httpServletRequest.setAttribute("errorText", exc.toString());
        httpServletRequest.setAttribute("requestURL", httpServletRequest.getRequestURI().toString());
        httpServletRequest.getRequestDispatcher("/IdPError.jsp").forward(httpServletRequest, httpServletResponse);
    }
}
