package edu.internet2.middleware.shibboleth.serviceprovider;

import edu.internet2.middleware.shibboleth.common.ShibBrowserProfile;
import edu.internet2.middleware.shibboleth.metadata.MetadataException;
import edu.internet2.middleware.shibboleth.resource.AuthenticationFilter;
import edu.internet2.middleware.shibboleth.resource.FilterSupport;
import edu.internet2.middleware.shibboleth.resource.FilterUtil;
import edu.internet2.middleware.shibboleth.serviceprovider.ServiceProviderConfig;
import java.io.IOException;
import java.util.Iterator;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAttributeStatement;
import org.opensaml.SAMLAudienceRestrictionCondition;
import org.opensaml.SAMLBrowserProfile;
import org.opensaml.SAMLCondition;
import org.opensaml.SAMLException;
import org.opensaml.SAMLResponse;
import org.opensaml.SAMLStatement;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/serviceprovider/AssertionConsumerServlet.class */
public class AssertionConsumerServlet extends HttpServlet {
    private static Logger log;
    private static ServiceProviderContext context;
    public static final String SESSIONPARM = "ShibbolethSessionId";
    static Class class$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("edu.internet2.middleware.shibboleth.serviceprovider.AssertionConsumerServlet");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        log = Logger.getLogger(cls.getName());
        context = ServiceProviderContext.getInstance();
    }

    public void init() throws ServletException {
        super.init();
        ServletContextInitializer.initServiceProvider(getServletContext());
        AuthenticationFilter.setFilterSupport(new FilterSupportImpl());
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String savedTargetURL;
        ServletContextInitializer.beginService(httpServletRequest, httpServletResponse);
        String contextPath = httpServletRequest.getContextPath();
        ServiceProviderConfig serviceProviderConfig = context.getServiceProviderConfig();
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String parameter = httpServletRequest.getParameter("TARGET");
        String mapRequest = serviceProviderConfig.mapRequest(parameter);
        ServiceProviderConfig.ApplicationInfo application = serviceProviderConfig.getApplication(mapRequest);
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        String providerId = application.getProviderId();
        log.debug(new StringBuffer("Authentication received from ").append(remoteAddr).append(" for ").append(parameter).append("(application:").append(mapRequest).append(") (Provider:").append(providerId).append(")").toString());
        try {
            try {
                FilterSupport.NewSessionData newSessionData = new FilterSupport.NewSessionData();
                FilterUtil.sessionDataFromRequest(newSessionData, httpServletRequest);
                newSessionData.applicationId = mapRequest;
                newSessionData.handlerURL = stringBuffer;
                newSessionData.providerId = providerId;
                String createSessionFromData = createSessionFromData(newSessionData);
                try {
                    if (parameter.equals("SendAttributesBackToMe")) {
                        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
                        httpServletResponse.setContentType("text/xml");
                        outputStream.print(context.getSessionManager().findSession(createSessionFromData, mapRequest).getAttributeResponse().toString());
                    } else if (parameter.contains(":")) {
                        httpServletResponse.sendRedirect(new StringBuffer(String.valueOf(parameter)).append("?").append(SESSIONPARM).append("=").append(createSessionFromData).toString());
                    } else {
                        Session findSession = context.getSessionManager().findSession(createSessionFromData, mapRequest);
                        if (findSession != null && (savedTargetURL = findSession.getSavedTargetURL()) != null) {
                            parameter = savedTargetURL;
                        }
                        httpServletResponse.sendRedirect(new StringBuffer(String.valueOf(parameter)).append("?").append(SESSIONPARM).append("=").append(createSessionFromData).toString());
                    }
                } catch (IOException e) {
                }
            } finally {
                ServletContextInitializer.finishService(httpServletRequest, httpServletResponse);
            }
        } catch (MetadataException e2) {
            log.error("Authentication Assertion source not found in Metadata.");
            try {
                String metadata = application.getErrorsConfig().getMetadata();
                if (metadata == null) {
                    metadata = application.getErrorsConfig().getSession();
                }
                if (metadata == null) {
                    metadata = application.getErrorsConfig().getShire();
                }
                if (metadata == null) {
                    metadata = "sessionError.html";
                }
                if (metadata.charAt(0) != '/') {
                    metadata = new StringBuffer(String.valueOf(contextPath)).append("/").append(metadata).toString();
                }
                httpServletResponse.sendRedirect(metadata);
            } catch (IOException e3) {
            }
        } catch (SAMLException e4) {
            log.error("Authentication Assertion had invalid format.");
            try {
                String session = application.getErrorsConfig().getSession();
                if (session == null) {
                    session = application.getErrorsConfig().getShire();
                }
                if (session == null) {
                    session = "sessionError.html";
                }
                if (session.charAt(0) != '/') {
                    session = new StringBuffer(String.valueOf(contextPath)).append("/").append(session).toString();
                }
                httpServletResponse.sendRedirect(session);
            } catch (IOException e5) {
            }
        }
    }

    public static String createSessionFromData(FilterSupport.NewSessionData newSessionData) throws SAMLException {
        Iterator audiences;
        StringBuffer stringBuffer = new StringBuffer();
        ServiceProviderConfig serviceProviderConfig = context.getServiceProviderConfig();
        ServiceProviderConfig.ApplicationInfo application = serviceProviderConfig.getApplication(newSessionData.applicationId);
        String[] audienceArray = application.getAudienceArray();
        String providerId = application.getProviderId();
        ShibBrowserProfile shibBrowserProfile = new ShibBrowserProfile(newSessionData.applicationId);
        SPArtifactMapper sPArtifactMapper = new SPArtifactMapper(application, serviceProviderConfig);
        SAMLBrowserProfile.BrowserProfileRequest browserProfileRequest = new SAMLBrowserProfile.BrowserProfileRequest();
        browserProfileRequest.SAMLArt = newSessionData.SAMLArt;
        browserProfileRequest.SAMLResponse = newSessionData.SAMLResponse;
        browserProfileRequest.TARGET = newSessionData.target;
        SAMLBrowserProfile.BrowserProfileResponse receive = shibBrowserProfile.receive(stringBuffer, browserProfileRequest, newSessionData.handlerURL, context.getReplayCache(), sPArtifactMapper, 1);
        Iterator conditions = receive.assertion.getConditions();
        while (conditions.hasNext()) {
            SAMLAudienceRestrictionCondition sAMLAudienceRestrictionCondition = (SAMLCondition) conditions.next();
            if ((sAMLAudienceRestrictionCondition instanceof SAMLAudienceRestrictionCondition) && (audiences = sAMLAudienceRestrictionCondition.getAudiences()) != null) {
                boolean z = false;
                StringBuffer stringBuffer2 = new StringBuffer();
                while (!z && audiences.hasNext()) {
                    String str = (String) audiences.next();
                    stringBuffer2.append(str);
                    stringBuffer2.append(' ');
                    if (str.equals(providerId)) {
                        z = true;
                    }
                    if (audienceArray != null) {
                        int i = 0;
                        while (true) {
                            if (i < audienceArray.length) {
                                if (str.equals(audienceArray[i])) {
                                    z = true;
                                    break;
                                }
                                i++;
                            }
                        }
                    }
                }
                if (!z) {
                    log.error(new StringBuffer("Assertion restricted to ").append(stringBuffer2.toString()).toString());
                    StringBuffer stringBuffer3 = new StringBuffer("Did not match ");
                    stringBuffer3.append(providerId);
                    if (audienceArray != null && audienceArray.length > 0) {
                        stringBuffer3.append(" or ");
                        for (String str2 : audienceArray) {
                            stringBuffer3.append(str2);
                            stringBuffer3.append(' ');
                        }
                    }
                    log.error(stringBuffer3.toString());
                    throw new SAMLException("Assertion failed audience restriction test.");
                }
            }
        }
        SessionManager sessionManager = context.getSessionManager();
        String newSession = sessionManager.newSession(newSessionData.applicationId, newSessionData.ipaddr, stringBuffer.toString(), receive.assertion, receive.authnStatement, newSessionData.target.contains(":") ? null : newSessionData.target);
        Session findSession = sessionManager.findSession(newSession, newSessionData.applicationId);
        checkForAttributePush(receive, findSession);
        AttributeRequestor.fetchAttributes(findSession);
        return newSession;
    }

    private static void checkForAttributePush(SAMLBrowserProfile.BrowserProfileResponse browserProfileResponse, Session session) {
        SAMLResponse sAMLResponse = browserProfileResponse.response;
        Iterator assertions = sAMLResponse.getAssertions();
        while (assertions.hasNext()) {
            Iterator statements = ((SAMLAssertion) assertions.next()).getStatements();
            while (statements.hasNext()) {
                if (((SAMLStatement) statements.next()) instanceof SAMLAttributeStatement) {
                    log.info("Found Attributes with Authenticaiton data (Attribute Push).");
                    session.setAttributeResponse(sAMLResponse);
                    return;
                }
            }
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        log.debug(new StringBuffer("Received GET: ").append(httpServletRequest.getQueryString()).toString());
        doPost(httpServletRequest, httpServletResponse);
    }
}
