package com.imcode.saml2;

import com.imcode.entities.User;
import com.imcode.saml2.store.SAMLSessionManager;
import com.imcode.saml2.utils.OpenSamlBootstrap;
import com.imcode.saml2.utils.SAMLUtils;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:com/imcode/saml2/SAMLSPFilter.class */
public class SAMLSPFilter implements Filter {
    private static final String SAML_AUTHN_RESPONSE_PARAMETER_NAME = "SAMLResponse";
    private static Logger log = LoggerFactory.getLogger(SAMLSPFilter.class);
    private FilterConfig filterConfig;
    private SAMLResponseVerifier checkSAMLResponse;
    private SAMLRequestSender samlRequestSender;
    private ApplicationContext context;

    public void init(javax.servlet.FilterConfig filterConfig) {
        OpenSamlBootstrap.init();
        this.filterConfig = new FilterConfig(filterConfig);
        this.checkSAMLResponse = new SAMLResponseVerifier();
        this.samlRequestSender = new SAMLRequestSender();
        this.context = WebApplicationContextUtils.getWebApplicationContext(filterConfig.getServletContext());
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!isFilteredRequest(httpServletRequest) || !this.filterConfig.isEnabled().booleanValue()) {
            log.debug("According to {} configuration parameter request is ignored + {}", new Object[]{FilterConfig.EXCLUDED_URL_PATTERN_PARAMETER, httpServletRequest.getRequestURI()});
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (getCurrentUser() != null) {
            return;
        }
        log.debug("Attempt to secure resource  is intercepted : {}", ((HttpServletRequest) servletRequest).getRequestURL().toString());
        if (servletRequest.getParameter(SAML_AUTHN_RESPONSE_PARAMETER_NAME) != null) {
            log.debug("Response from Identity Provider is received");
            try {
                log.debug("Decoding of SAML message");
                SAMLMessageContext<Response, SAMLObject, NameID> decodeSamlMessage = SAMLUtils.decodeSamlMessage((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse);
                log.debug("SAML message has been decoded successfully");
                decodeSamlMessage.setLocalEntityId(this.filterConfig.getSpProviderId());
                this.checkSAMLResponse.verify(decodeSamlMessage);
                log.debug("Starting and store SAML session..");
                SAMLSessionManager.getInstance().createSAMLSession(httpServletRequest, httpServletResponse, decodeSamlMessage);
                SAMLSessionManager.getInstance().loginUser(SAMLSessionManager.getInstance().getSAMLSession(httpServletRequest.getSession()), httpServletRequest, httpServletResponse);
                return;
            } catch (Exception e) {
                throw new ServletException(e);
            }
        }
        if (getCorrectURL(httpServletRequest).equals(this.filterConfig.getLogoutUrl())) {
            log.debug("Logout action: destroying SAML session.");
            SAMLSessionManager.getInstance().destroySAMLSession(httpServletRequest.getSession());
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else if (SAMLSessionManager.getInstance().isSAMLSessionValid(httpServletRequest.getSession())) {
            SAMLSessionManager.getInstance().loginUser(SAMLSessionManager.getInstance().getSAMLSession(httpServletRequest.getSession()), httpServletRequest, httpServletResponse);
            log.debug("SAML session exists and valid: grant access to secure resource");
        } else {
            log.debug("Sending authentication request to idP");
            try {
                this.samlRequestSender.sendSAMLAuthRequest(httpServletRequest, httpServletResponse, this.filterConfig.getSpProviderId(), this.filterConfig.getAcsUrl(), this.filterConfig.getIdpSSOUrl());
            } catch (Exception e2) {
                throw new ServletException(e2);
            }
        }
    }

    private boolean isFilteredRequest(HttpServletRequest httpServletRequest) {
        return this.filterConfig.getExcludedUrlPattern() == null || !getCorrectURL(httpServletRequest).matches(this.filterConfig.getExcludedUrlPattern());
    }

    private String getCorrectURL(HttpServletRequest httpServletRequest) {
        String contextPath = httpServletRequest.getContextPath();
        String requestURI = httpServletRequest.getRequestURI();
        int indexOf = requestURI.indexOf(contextPath);
        int length = indexOf + contextPath.length();
        String substring = (indexOf < 0 || length == requestURI.length() - 1) ? requestURI : requestURI.substring(length);
        if (!substring.startsWith("/")) {
            substring = "/" + substring;
        }
        return substring;
    }

    public void destroy() {
        log = null;
    }

    public static User getCurrentUser() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return null;
        }
        Object principal = authentication.getPrincipal();
        if (principal instanceof User) {
            return (User) principal;
        }
        return null;
    }
}
