package org.picketlink.identity.seam.federation;

import java.io.IOException;
import javax.security.auth.login.LoginException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
import org.jboss.seam.annotations.web.Filter;
import org.jboss.seam.log.Log;
import org.jboss.seam.security.Identity;
import org.jboss.seam.servlet.ContextualHttpServletRequest;
import org.jboss.seam.web.AbstractFilter;
import org.picketlink.identity.seam.federation.configuration.Configuration;
import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider;

@Name("org.picketlink.identity.seam.federation.externalAuthenticationFilter")
@Scope(ScopeType.APPLICATION)
@Filter(within = {"org.jboss.seam.web.exceptionFilter"})
@BypassInterceptors
@Install(true)
/* loaded from: input_file:org/picketlink/identity/seam/federation/ExternalAuthenticationFilter.class */
public class ExternalAuthenticationFilter extends AbstractFilter {
    public static final String IDP_ENTITY_ID_PARAMETER = "idpEntityId";
    public static final String RETURN_URL_PARAMETER = "returnUrl";
    public static final String OPEN_ID_PARAMETER = "openId";

    @Logger
    private Log log;

    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        Configuration.instance().setContextRoot(filterConfig.getServletContext().getContextPath());
    }

    /* JADX WARN: Type inference failed for: r0v11, types: [org.picketlink.identity.seam.federation.ExternalAuthenticationFilter$1] */
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            throw new ServletException("This filter can only process HttpServletRequest requests");
        }
        final HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        final HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        final ExternalAuthenticationService determineService = determineService(httpServletRequest);
        if (determineService == null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            new ContextualHttpServletRequest(httpServletRequest) { // from class: org.picketlink.identity.seam.federation.ExternalAuthenticationFilter.1
                public void process() throws ServletException, IOException, LoginException {
                    try {
                        ExternalAuthenticationFilter.this.doFilter(httpServletRequest, httpServletResponse, determineService);
                    } catch (InvalidRequestException e) {
                        httpServletResponse.setStatus(400);
                        if (ExternalAuthenticationFilter.this.log.isInfoEnabled()) {
                            ExternalAuthenticationFilter.this.log.info("Bad request received from {0} ({1})", e.getCause(), new Object[]{httpServletRequest.getRemoteHost(), e.getDescription()});
                        }
                    }
                }
            }.run();
        } catch (ServletException e) {
            throw new RuntimeException((Throwable) e);
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ExternalAuthenticationService externalAuthenticationService) throws InvalidRequestException, IOException, ServletException {
        SamlMessageReceiver samlMessageReceiver = (SamlMessageReceiver) Component.getInstance(SamlMessageReceiver.class);
        OpenIdSingleLoginReceiver openIdSingleLoginReceiver = (OpenIdSingleLoginReceiver) Component.getInstance(OpenIdSingleLoginReceiver.class);
        switch (externalAuthenticationService) {
            case OPEN_ID_SERVICE:
                openIdSingleLoginReceiver.handleIncomingMessage(httpServletRequest, httpServletResponse);
                return;
            case SAML_SINGLE_LOGOUT_SERVICE:
                samlMessageReceiver.handleIncomingSamlMessage(SamlProfile.SINGLE_LOGOUT, httpServletRequest, httpServletResponse);
                return;
            case SAML_ASSERTION_CONSUMER_SERVICE:
                samlMessageReceiver.handleIncomingSamlMessage(SamlProfile.SINGLE_SIGN_ON, httpServletRequest, httpServletResponse);
                return;
            case AUTHENTICATION_SERVICE:
                String parameter = httpServletRequest.getParameter(RETURN_URL_PARAMETER);
                String parameter2 = httpServletRequest.getParameter(IDP_ENTITY_ID_PARAMETER);
                if (parameter2 == null) {
                    ((OpenIdSingleLoginSender) Component.getInstance(OpenIdSingleLoginSender.class)).sendAuthRequest(httpServletRequest.getParameter(OPEN_ID_PARAMETER), parameter, httpServletResponse);
                    return;
                }
                SamlIdentityProvider samlIdentityProviderByEntityId = Configuration.instance().getServiceProvider().getSamlConfiguration().getSamlIdentityProviderByEntityId(parameter2);
                if (!(samlIdentityProviderByEntityId instanceof SamlIdentityProvider)) {
                    throw new RuntimeException("Only SAML identity providers are supported in this version");
                }
                ((SamlSingleSignOnSender) Component.getInstance(SamlSingleSignOnSender.class)).sendAuthenticationRequestToIDP(httpServletRequest, httpServletResponse, samlIdentityProviderByEntityId, parameter);
                return;
            case LOGOUT_SERVICE:
                Identity identity = (Identity) Component.getInstance(Identity.class);
                if (!identity.isLoggedIn()) {
                    throw new RuntimeException("User not logged in.");
                }
                if (!(((SeamSamlPrincipal) identity.getPrincipal()).getIdentityProvider() instanceof SamlIdentityProvider)) {
                    throw new RuntimeException("Only SAML identity providers are supported in this version");
                }
                ((SamlSingleLogoutSender) Component.getInstance(SamlSingleLogoutSender.class)).sendSingleLogoutRequestToIDP(httpServletRequest, httpServletResponse, identity);
                return;
            case SAML_META_DATA_SERVICE:
                ((SamlMetaDataProvider) Component.getInstance(SamlMetaDataProvider.class)).writeMetaData(httpServletResponse.getOutputStream());
                httpServletResponse.setCharacterEncoding("UTF-8");
                httpServletResponse.setContentType("application/xml");
                httpServletResponse.flushBuffer();
                return;
            default:
                throw new RuntimeException("Unsupported service " + externalAuthenticationService);
        }
    }

    private ExternalAuthenticationService determineService(HttpServletRequest httpServletRequest) {
        String replace = httpServletRequest.getRequestURI().replace(".seam", "");
        for (ExternalAuthenticationService externalAuthenticationService : ExternalAuthenticationService.values()) {
            if (replace.endsWith("/" + externalAuthenticationService.getName())) {
                return externalAuthenticationService;
            }
        }
        return null;
    }
}
