package no.kantega.security.api.impl.identity;

import java.io.IOException;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import no.kantega.security.api.identity.AuthenticatedIdentity;
import no.kantega.security.api.identity.DefaultAuthenticatedIdentity;
import no.kantega.security.api.identity.IdentificationFailedException;
import no.kantega.security.api.identity.Identity;
import no.kantega.security.api.identity.IdentityResolver;
import no.kantega.security.api.identity.LoginContext;
import no.kantega.security.api.identity.LogoutContext;
import no.ntnu.it.fw.saml2api.IDPConf;
import no.ntnu.it.fw.saml2api.SAML2Util;
import no.ntnu.it.fw.saml2api.SPConf;
import no.ntnu.it.fw.saml2api.http.Common;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:no/kantega/security/api/impl/identity/FeideSAML2IdentityResolver.class */
public class FeideSAML2IdentityResolver extends AbstractFeideConfigurable implements IdentityResolver {
    private String authenticationContext = "Feide";
    private String authenticationContextDescription = "FeideID";
    private String authenticationContextIconUrl = "";
    private UrlJumpTokenManager tokenManager = new UrlJumpTokenManager();
    private UserSessionManager sessionManager = new UserSessionManager();
    private static Logger log = LoggerFactory.getLogger(FeideSAML2IdentityResolver.class);
    public static String SESSION_IDENTITY_NAME = "KANTEGA_HTTPSESSION_IDENTITY";
    public static String SESSION_IDENTITY_DOMAIN = "KANTEGA_HTTPSESSION_IDENTITY_DOMAIN";
    public static String URL_JUMP_TOKEN = "jumpToken";

    public AuthenticatedIdentity getIdentity(HttpServletRequest httpServletRequest) throws IdentificationFailedException {
        HttpSession session = httpServletRequest.getSession();
        String parameter = httpServletRequest.getParameter(URL_JUMP_TOKEN);
        if (parameter != null) {
            log.debug("Found jumpToken: {}", parameter);
            Identity resolveJumpToken = this.tokenManager.resolveJumpToken(parameter);
            if (resolveJumpToken != null) {
                session.setAttribute(this.authenticationContext + SESSION_IDENTITY_NAME, resolveJumpToken.getUserId());
                session.setAttribute(this.authenticationContext + SESSION_IDENTITY_DOMAIN, resolveJumpToken.getDomain());
            }
        }
        Identity identityFromSession = getIdentityFromSession(session);
        if (identityFromSession == null || this.sessionManager.userHasValidSession(identityFromSession)) {
            return identityFromSession;
        }
        log.debug("Session has expired for:{}", identityFromSession.getUserId());
        this.sessionManager.removeUserSession(identityFromSession);
        return null;
    }

    private DefaultAuthenticatedIdentity getIdentityFromSession(HttpSession httpSession) {
        DefaultAuthenticatedIdentity defaultAuthenticatedIdentity = null;
        String str = (String) httpSession.getAttribute(this.authenticationContext + SESSION_IDENTITY_NAME);
        if (str != null && str.length() > 0) {
            int indexOf = str.indexOf("\\");
            if (indexOf != -1) {
                str = str.substring(indexOf + 1, str.length()).toLowerCase();
            }
            defaultAuthenticatedIdentity = new DefaultAuthenticatedIdentity(this);
            String str2 = (String) httpSession.getAttribute(this.authenticationContext + SESSION_IDENTITY_DOMAIN);
            if (str2 != null) {
                defaultAuthenticatedIdentity.setDomain(str2);
            } else {
                defaultAuthenticatedIdentity.setDomain(this.authenticationContext);
            }
            defaultAuthenticatedIdentity.setUserId(str);
        }
        return defaultAuthenticatedIdentity;
    }

    public void initateLogin(LoginContext loginContext) {
        HttpServletResponse response = loginContext.getResponse();
        HttpServletRequest request = loginContext.getRequest();
        init(request.getSession());
        avoidCaching(response);
        try {
            String str = null;
            if (loginContext.getTargetUri() != null) {
                str = loginContext.getTargetUri().toString();
            }
            ServletContext servletContext = request.getSession().getServletContext();
            IDPConf configIDP = Common.getConfigIDP(servletContext);
            SPConf configSP = Common.getConfigSP(servletContext);
            log.debug("Starting a logon procedure");
            String createSAMLAuthnRequest = SAML2Util.createSAMLAuthnRequest(configIDP, configSP, str);
            log.debug("Redirect to: {}.", createSAMLAuthnRequest);
            response.sendRedirect(createSAMLAuthnRequest);
        } catch (Exception e) {
            try {
                response.sendError(401, "Ikke autentisert - SAMLResponseStatusCode:");
            } catch (IOException e2) {
                log.error("error", e2);
            }
        }
    }

    public void initiateLogout(LogoutContext logoutContext) {
        HttpSession session = logoutContext.getRequest().getSession();
        if (session != null) {
            try {
                Identity identity = getIdentity(logoutContext.getRequest());
                if (identity != null) {
                    this.sessionManager.removeUserSession(identity);
                }
            } catch (IdentificationFailedException e) {
            }
            session.removeAttribute(this.authenticationContext + SESSION_IDENTITY_NAME);
        }
        try {
            logoutContext.getResponse().sendRedirect(logoutContext.getTargetUri() != null ? logoutContext.getTargetUri().toASCIIString().replaceAll("<", "").replaceAll(">", "") : "/");
        } catch (IOException e2) {
        }
    }

    private void avoidCaching(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setHeader("Cache-Control", "no-cache, no-store");
        httpServletResponse.setDateHeader("Expires", 0L);
    }

    public String getAuthenticationContext() {
        return this.authenticationContext;
    }

    @Required
    public void setAuthenticationContext(String str) {
        this.authenticationContext = str;
    }

    public String getAuthenticationContextDescription() {
        return this.authenticationContextDescription;
    }

    public void setAuthenticationContextDescription(String str) {
        this.authenticationContextDescription = str;
    }

    public String getAuthenticationContextIconUrl() {
        return this.authenticationContextIconUrl;
    }

    public void setAuthenticationContextIconUrl(String str) {
        this.authenticationContextIconUrl = str;
    }
}
