package dk.itst.oiosaml.sp.service;

import dk.itst.oiosaml.common.OIOSAMLConstants;
import dk.itst.oiosaml.common.SAMLUtil;
import dk.itst.oiosaml.logging.Audit;
import dk.itst.oiosaml.logging.Logger;
import dk.itst.oiosaml.logging.LoggerFactory;
import dk.itst.oiosaml.logging.Operation;
import dk.itst.oiosaml.sp.UserAssertion;
import dk.itst.oiosaml.sp.UserAssertionHolder;
import dk.itst.oiosaml.sp.bindings.BindingHandler;
import dk.itst.oiosaml.sp.metadata.IdpMetadata;
import dk.itst.oiosaml.sp.model.OIOAuthnRequest;
import dk.itst.oiosaml.sp.service.util.Constants;
import dk.itst.oiosaml.sp.service.util.HTTPUtils;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.Arrays;
import java.util.HashMap;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.configuration.Configuration;
import org.apache.velocity.VelocityContext;
import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.xml.util.Base64;

/* loaded from: input_file:dk/itst/oiosaml/sp/service/LoginHandler.class */
public class LoginHandler implements SAMLHandler {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) LoginHandler.class);

    @Override // dk.itst.oiosaml.sp.service.SAMLHandler
    public void handleGet(RequestContext requestContext) throws ServletException, IOException {
        IdpMetadata.Metadata firstMetadata;
        if (log.isDebugEnabled()) {
            log.debug("Go to login...");
        }
        IdpMetadata idpMetadata = requestContext.getIdpMetadata();
        Configuration configuration = requestContext.getConfiguration();
        HttpServletRequest request = requestContext.getRequest();
        HttpServletResponse response = requestContext.getResponse();
        if (idpMetadata.enableDiscovery()) {
            log.debug("Discovery profile is active");
            String parameter = request.getParameter(Constants.DISCOVERY_ATTRIBUTE);
            if (parameter == null) {
                String string = configuration.getString(Constants.DISCOVERY_LOCATION);
                log.debug("No _saml_idp discovery value found, redirecting to discovery service at " + string);
                String stringBuffer = request.getRequestURL().toString();
                if (request.getQueryString() != null) {
                    stringBuffer = stringBuffer + "?" + request.getQueryString();
                }
                Audit.log(Operation.DISCOVER, true, "", string);
                HTTPUtils.sendMetaRedirect(response, string, "r=" + URLEncoder.encode(stringBuffer, OIOSAMLConstants.UTF_8), true);
                return;
            }
            if ("".equals(parameter)) {
                String string2 = configuration.getString(Constants.PROP_DISCOVERY_DEFAULT_IDP, (String) null);
                if (string2 != null) {
                    log.debug("No IdP discovered, using default IdP from configuration: " + string2);
                    firstMetadata = idpMetadata.getMetadata(string2);
                } else {
                    if (configuration.getBoolean(Constants.PROP_DISCOVERY_PROMPT, false)) {
                        String stringBuffer2 = request.getRequestURL().toString();
                        String parameter2 = request.getParameter(Constants.SAML_RELAYSTATE);
                        if (parameter2 != null) {
                            stringBuffer2 = stringBuffer2 + "?RelayState=" + parameter2;
                        }
                        promptIdp(requestContext, stringBuffer2);
                        return;
                    }
                    log.debug("No IdP discovered, using first from metadata");
                    firstMetadata = idpMetadata.getFirstMetadata();
                }
            } else {
                String[] decodeDiscoveryValue = SAMLUtil.decodeDiscoveryValue(parameter);
                Audit.log(Operation.DISCOVER, false, "", Arrays.asList(decodeDiscoveryValue).toString());
                firstMetadata = idpMetadata.findSupportedEntity(decodeDiscoveryValue);
                if (firstMetadata != null) {
                    log.debug("Discovered idp " + firstMetadata.getEntityID());
                } else {
                    log.debug("No supported IdP discovered, using first from metadata");
                    firstMetadata = idpMetadata.getFirstMetadata();
                }
            }
        } else {
            firstMetadata = idpMetadata.getFirstMetadata();
        }
        Audit.log(Operation.DISCOVER, firstMetadata.getEntityID());
        Endpoint findLoginEndpoint = firstMetadata.findLoginEndpoint(configuration.getStringArray(Constants.PROP_SUPPORTED_BINDINGS));
        if (findLoginEndpoint == null) {
            String str = "Could not find a valid IdP signon location. Supported bindings: " + configuration.getString(Constants.PROP_SUPPORTED_BINDINGS) + ", available: " + firstMetadata.getSingleSignonServices();
            log.error(str);
            throw new RuntimeException(str);
        }
        log.debug("Signing on at " + findLoginEndpoint.getLocation());
        BindingHandler bindingHandler = requestContext.getBindingHandlerFactory().getBindingHandler(findLoginEndpoint.getBinding());
        log.info("Using idp " + firstMetadata.getEntityID() + " at " + findLoginEndpoint.getLocation() + " with binding " + findLoginEndpoint.getBinding());
        HttpSession session = requestContext.getSession();
        UserAssertion userAssertion = (UserAssertion) session.getAttribute(Constants.SESSION_USER_ASSERTION);
        session.removeAttribute(Constants.SESSION_USER_ASSERTION);
        UserAssertionHolder.set(null);
        OIOAuthnRequest buildAuthnRequest = OIOAuthnRequest.buildAuthnRequest(findLoginEndpoint.getLocation(), requestContext.getSpMetadata().getEntityID(), requestContext.getSpMetadata().getDefaultAssertionConsumerService().getBinding(), requestContext.getSessionHandler(), requestContext.getRequest().getParameter(Constants.SAML_RELAYSTATE), requestContext.getSpMetadata().getDefaultAssertionConsumerService().getLocation());
        buildAuthnRequest.setNameIDPolicy(configuration.getString(Constants.PROP_NAMEID_POLICY, (String) null), configuration.getBoolean(Constants.PROP_NAMEID_POLICY_ALLOW_CREATE, false));
        buildAuthnRequest.setForceAuthn(isForceAuthnEnabled(request, configuration));
        if (userAssertion == null) {
            buildAuthnRequest.setPasive(configuration.getBoolean(Constants.PROP_PASSIVE, false));
        }
        Audit.log(Operation.AUTHNREQUEST_SEND, true, buildAuthnRequest.getID(), buildAuthnRequest.toXML());
        requestContext.getSessionHandler().registerRequest(buildAuthnRequest.getID(), firstMetadata.getEntityID());
        bindingHandler.handle(request, response, requestContext.getCredential(), buildAuthnRequest);
    }

    @Override // dk.itst.oiosaml.sp.service.SAMLHandler
    public void handlePost(RequestContext requestContext) throws ServletException, IOException {
        handleGet(requestContext);
    }

    private static boolean isForceAuthnEnabled(HttpServletRequest httpServletRequest, Configuration configuration) {
        String[] stringArray = configuration.getStringArray(Constants.PROP_FORCE_AUTHN_URLS);
        if (stringArray == null) {
            return false;
        }
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo == null) {
            pathInfo = "/";
        }
        if (log.isDebugEnabled()) {
            log.debug("ForceAuthn urls: " + Arrays.toString(stringArray) + "; path: " + pathInfo);
        }
        for (String str : stringArray) {
            if (pathInfo.matches(str.trim())) {
                if (!log.isDebugEnabled()) {
                    return true;
                }
                log.debug("Requested url " + pathInfo + " is in forceauthn list " + Arrays.toString(stringArray));
                return true;
            }
        }
        if (httpServletRequest.getParameterMap().containsKey(Constants.QUERY_STRING_FORCE_AUTHN)) {
            return httpServletRequest.getParameter(Constants.QUERY_STRING_FORCE_AUTHN).toLowerCase().equals("true");
        }
        return false;
    }

    private static void promptIdp(RequestContext requestContext, String str) throws ServletException, IOException {
        log.debug("Prompting user for IdP");
        HashMap hashMap = new HashMap();
        for (String str2 : requestContext.getIdpMetadata().getEntityIDs()) {
            StringBuilder sb = new StringBuilder(str);
            if (str.indexOf(63) > -1) {
                sb.append("&");
            } else {
                sb.append("?");
            }
            sb.append(Constants.DISCOVERY_ATTRIBUTE).append("=");
            sb.append(Base64.encodeBytes(str2.getBytes(), 8));
            hashMap.put(str2, sb.toString());
        }
        String string = requestContext.getConfiguration().getString(Constants.PROP_DISCOVERY_PROMPT_SERVLET, (String) null);
        if (string != null) {
            HttpServletRequest request = requestContext.getRequest();
            request.setAttribute("entityIds", hashMap);
            request.getRequestDispatcher(string).forward(request, requestContext.getResponse());
        } else {
            VelocityContext velocityContext = new VelocityContext();
            velocityContext.put("entityIds", hashMap);
            try {
                HTTPUtils.getEngine().mergeTemplate("idp.vm", OIOSAMLConstants.UTF_8, velocityContext, requestContext.getResponse().getWriter());
            } catch (Exception e) {
                log.error("Unable to render IdP list", e);
                throw new ServletException(e);
            }
        }
    }
}
