package no.kantega.security.api.impl.saml;

import com.onelogin.saml2.Auth;
import com.onelogin.saml2.exception.Error;
import com.onelogin.saml2.exception.SettingsException;
import com.onelogin.saml2.exception.XMLEntityException;
import com.onelogin.saml2.servlet.ServletUtils;
import com.onelogin.saml2.settings.Saml2Settings;
import com.onelogin.saml2.settings.SettingsBuilder;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import no.kantega.commons.configuration.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/kantega/security/api/impl/saml/SamlServlet.class */
public class SamlServlet extends HttpServlet {
    private static final Logger log = LoggerFactory.getLogger(SamlServlet.class);
    static final String AUTORIZED_PRINCIPAL_SESSION_ATTRIBUTE = "SAML_AUTORIZED_PRINCIPAL_SESSION_ATTRIBUTE";
    private Saml2Settings samlConfig;
    private String identAttribute;
    private Map<String, String> nameIdToIdentMapping;

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        this.samlConfig = config(getInitParameter("saml.config.file"));
        this.identAttribute = (String) Optional.ofNullable(servletConfig.getInitParameter("identAttribute")).orElse("Ident");
        this.nameIdToIdentMapping = mapNameIdToIdent(servletConfig.getInitParameter("nameIdToIdentMapping"));
    }

    private Map<String, String> mapNameIdToIdent(String str) {
        return str == null ? Collections.emptyMap() : (Map) Stream.of((Object[]) str.split(",")).collect(Collectors.toMap(str2 -> {
            return str2.split("->")[0];
        }, str3 -> {
            return str3.split("->")[1];
        }));
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            String pathInfo = httpServletRequest.getPathInfo();
            log.debug("service {}", pathInfo);
            if ("/login".equals(pathInfo)) {
                handleLogin(httpServletRequest, httpServletResponse);
            } else if ("/metadata".equals(pathInfo)) {
                handleMetadata(httpServletRequest, httpServletResponse);
            } else if ("/logout".equals(pathInfo)) {
                handleLogout(httpServletRequest, httpServletResponse);
            } else if ("/sls".equals(pathInfo)) {
                handleLogout(httpServletRequest, httpServletResponse);
            } else if ("/acs".equals(pathInfo)) {
                handleACS(httpServletRequest, httpServletResponse);
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void handleACS(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String str;
        String lastErrorReason;
        Auth auth = new Auth(this.samlConfig, httpServletRequest, httpServletResponse);
        auth.processResponse();
        if (auth.isAuthenticated()) {
            Map attributes = auth.getAttributes();
            log.debug("handleACS: Attributes: {}", attributes);
            List list = (List) attributes.get(this.identAttribute);
            log.debug("handleACS: Ident: {}", list);
            if ((list == null || list.isEmpty()) && (str = this.nameIdToIdentMapping.get(auth.getNameId())) != null) {
                list = Collections.singletonList(str);
                log.debug("Mapping {} to {}", auth.getNameId(), str);
            }
            if (list == null || list.isEmpty()) {
                log.error("handleACS ident missing!");
                httpServletResponse.sendError(403, "SAML Response missing field «Ident»");
                return;
            }
            httpServletRequest.getSession().setAttribute(AUTORIZED_PRINCIPAL_SESSION_ATTRIBUTE, list.get(0));
            String parameter = httpServletRequest.getParameter("RelayState");
            log.debug("handleACS: RelayState: {}", parameter);
            if (parameter != null && !parameter.isEmpty() && !parameter.equals(ServletUtils.getSelfRoutedURLNoQuery(httpServletRequest)) && !parameter.contains("/login")) {
                httpServletResponse.sendRedirect(httpServletRequest.getParameter("RelayState"));
            }
        } else {
            log.debug("handleACS: Not authenticated");
            httpServletResponse.sendError(403, "Not authenticated");
        }
        List errors = auth.getErrors();
        if (errors.isEmpty()) {
            return;
        }
        log.error("{}", errors);
        if (!auth.isDebugActive().booleanValue() || (lastErrorReason = auth.getLastErrorReason()) == null || lastErrorReason.isEmpty()) {
            return;
        }
        log.debug(lastErrorReason);
    }

    private void handleLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SettingsException, Error, IOException, XMLEntityException {
        Auth auth = new Auth(this.samlConfig, httpServletRequest, httpServletResponse);
        HttpSession session = httpServletRequest.getSession();
        String str = null;
        if (session.getAttribute("nameId") != null) {
            str = session.getAttribute("nameId").toString();
        }
        String str2 = null;
        if (session.getAttribute("nameIdFormat") != null) {
            str2 = session.getAttribute("nameIdFormat").toString();
        }
        String str3 = null;
        if (session.getAttribute("nameidNameQualifier") != null) {
            str3 = session.getAttribute("nameidNameQualifier").toString();
        }
        String str4 = null;
        if (session.getAttribute("nameidSPNameQualifier") != null) {
            str4 = session.getAttribute("nameidSPNameQualifier").toString();
        }
        String str5 = null;
        if (session.getAttribute("sessionIndex") != null) {
            str5 = session.getAttribute("sessionIndex").toString();
        }
        log.debug("handleLogout: nameId: {}, nameIdFormat: {}, nameidNameQualifier: {}, nameidSPNameQualifier: {}, sessionIndex: {}", new Object[]{str, str5, str2, str3, str4});
        auth.logout((String) null, str, str5, str2, str3, str4);
    }

    private void handleMetadata(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        Saml2Settings settings = new Auth().getSettings();
        settings.setSPValidationOnly(true);
        String sPMetadata = settings.getSPMetadata();
        List validateMetadata = Saml2Settings.validateMetadata(sPMetadata);
        if (validateMetadata.isEmpty()) {
            httpServletResponse.getWriter().println(sPMetadata);
            return;
        }
        httpServletResponse.setContentType("text/html; charset=UTF-8");
        Iterator it = validateMetadata.iterator();
        while (it.hasNext()) {
            httpServletResponse.getWriter().println("<p>" + ((String) it.next()) + "</p>");
        }
    }

    private void handleLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SettingsException, Error, IOException {
        Auth auth = new Auth(this.samlConfig, httpServletRequest, httpServletResponse);
        if (httpServletRequest.getParameter("attrs") != null) {
            auth.login(httpServletRequest.getContextPath() + "/attrs.jsp");
            return;
        }
        String parameter = httpServletRequest.getParameter("redirect");
        if (parameter == null) {
            parameter = "/";
        }
        auth.login(parameter);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Saml2Settings config(String str) {
        try {
            FileInputStream fileInputStream = new FileInputStream(configFile(str));
            Throwable th = null;
            try {
                try {
                    Properties properties = new Properties();
                    properties.load(fileInputStream);
                    Saml2Settings build = new SettingsBuilder().fromProperties(properties).build();
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    return build;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private static String configFile(String str) {
        return new File(new File(Configuration.getApplicationDirectory()), "security/" + str).getAbsolutePath();
    }
}
