package com.ibm.ws.security.web.saml.sp;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLDecoder;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:WebSphereSamlSPWeb.war:WEB-INF/classes/com/ibm/ws/security/web/saml/sp/IBMWebSphereSamlACSListenerServlet.class */
public class IBMWebSphereSamlACSListenerServlet extends HttpServlet {
    private static final TraceComponent tc = Tr.register(IBMWebSphereSamlACSListenerServlet.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.samlmessages");
    private static final String comp = "security.wssecurity";
    private static final long serialVersionUID = 1;
    private static final String TARGET_URL = "com.ibm.ws.security.web.saml.redirectTo";
    private static final String TARGET_URL_NO_SET = "NO_TARGET";
    private static final String SAML_Response = "SAMLResponse";
    private static final String errorMsg = "INTERNAL ERROR: Please contact your support.";
    private static final String DISABLE_DECODE_URL = "com.ibm.ws.security.web.saml.disableDecodeURL";

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doPost(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        handleRedirect(httpServletRequest, httpServletResponse);
    }

    protected static void handleRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleRedirect");
        }
        String parameter = httpServletRequest.getParameter(SAML_Response);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "samlres[" + (parameter == null ? "null" : "not null") + "]");
        }
        String str = null;
        if (parameter != null && !parameter.isEmpty()) {
            str = (String) httpServletRequest.getAttribute(TARGET_URL);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "target[" + str + "]");
            }
            httpServletRequest.removeAttribute(TARGET_URL);
            boolean z = true;
            String str2 = (String) httpServletRequest.getAttribute(DISABLE_DECODE_URL);
            if (str2 != null && str2.equals("true")) {
                z = false;
            }
            if (str == null || str.isEmpty()) {
                str = httpServletRequest.getParameter("RelayState");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "RelayState[" + str + "]");
                }
                if (str != null) {
                    String stringBuffer = httpServletRequest.getRequestURL().toString();
                    if (z) {
                        str = URLDecoder.decode(str, "UTF-8");
                    }
                    httpServletResponse.setHeader("Cache-Control", "no-cache, no-store, must-revalidate, private, max-age=0");
                    httpServletResponse.setHeader("Pragma", "no-cache");
                    httpServletResponse.setDateHeader("Expires", 0L);
                    httpServletResponse.setContentType("text/html");
                    PrintWriter writer = httpServletResponse.getWriter();
                    writer.println("<html>");
                    writer.println("<BODY Onload=\"document.forms[0].submit()\">");
                    writer.println("<FORM METHOD=\"POST\" ACTION=\"" + str + "\">");
                    writer.println("<INPUT TYPE=\"HIDDEN\" NAME=\"SAMLResponse\" VALUE=\"" + parameter + "\">");
                    writer.println("<INPUT TYPE=\"HIDDEN\" NAME=\"Referer\" VALUE=\"" + stringBuffer + "\">");
                    writer.println("</form>");
                    writer.println("</body>");
                    writer.println("</html>");
                    writer.close();
                }
            } else if (!str.equals(TARGET_URL_NO_SET)) {
                if (z) {
                    try {
                        str = URLDecoder.decode(str, "UTF-8");
                    } catch (Exception e) {
                        throw new ServletException(e.getMessage());
                    }
                }
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(str));
            }
        }
        if (str == null || str.equals(TARGET_URL_NO_SET)) {
            httpServletResponse.getWriter().println(errorMsg);
            Tr.error(tc, "A request was sent directly to the SAML Web SSO IBMWebSphereSamlACSListenerServlet at [" + httpServletRequest.getRequestURI() + "]. This URL is only meant to receive SAMLResponses from identity providers.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleRedirect");
        }
    }
}
