package com.resolution.atlasplugins.samlsso;

import com.atlassian.templaterenderer.TemplateRenderer;
import com.resolution.samlprocessor.SAMLProcessor;
import com.resolution.samlprocessor.SAMLProcessorException;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.saml2.ecp.RelayState;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/resolution/atlasplugins/samlsso/SamlSsoServlet.class */
public class SamlSsoServlet extends HttpServlet {
    private static final Logger logger = LoggerFactory.getLogger(SamlSsoServlet.class);
    SamlSsoComponent samlSsoComponent;
    TemplateRenderer renderer;
    private static final long serialVersionUID = 1;

    public SamlSsoServlet(SamlSsoComponent samlSsoComponent, TemplateRenderer templateRenderer) {
        this.samlSsoComponent = samlSsoComponent;
        this.renderer = templateRenderer;
    }

    protected void processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        boolean equals = "success".equals(httpServletRequest.getAttribute("os_authstatus"));
        if (logger.isDebugEnabled()) {
            if (equals) {
                logger.debug("Request is already authenticated");
            } else {
                logger.debug("Request is NOT authenticated");
            }
        }
        if (!this.samlSsoComponent.isInitialized()) {
            logger.error("SAMLSsoComponent is not initialized!");
            sendError(httpServletResponse, "SAMLSsoComponent is not initialized. Check logs for details.");
            return;
        }
        LicenseCheckResult checkLicense = this.samlSsoComponent.checkLicense();
        if (!checkLicense.isLicensed()) {
            sendError(httpServletResponse, checkLicense.getMessage());
            return;
        }
        String defaultRedirectUrl = this.samlSsoComponent.getDefaultRedirectUrl();
        String absoluteBaseUrl = this.samlSsoComponent.getAbsoluteBaseUrl();
        String idpUrl = this.samlSsoComponent.getIdpUrl();
        SAMLProcessor samlProcessor = this.samlSsoComponent.getSamlProcessor();
        String parameter = httpServletRequest.getParameter("SAMLResponse");
        if (parameter == null) {
            logger.debug("We have no SAML Response, so this request comes from the Client");
            String parameter2 = httpServletRequest.getParameter("redirectTo");
            if (parameter2 == null) {
                logger.debug("No original URL in request, using " + defaultRedirectUrl);
                parameter2 = defaultRedirectUrl;
            }
            logger.debug("Original url is " + parameter2);
            String str = absoluteBaseUrl + httpServletRequest.getServletPath();
            logger.debug("Consumer url is " + str);
            try {
                boolean isOmitRequestedAuthnContext = this.samlSsoComponent.isOmitRequestedAuthnContext();
                String relayStateParameterName = this.samlSsoComponent.getRelayStateParameterName();
                if (this.samlSsoComponent.isRedirectWithPOST()) {
                    logger.debug("redirectWithPOST is active, rendering the auto-submitting form to redirect to the IdP:");
                    String buildPOSTtoIdPFormHtml = samlProcessor.buildPOSTtoIdPFormHtml(str, relayStateParameterName, parameter2, idpUrl, isOmitRequestedAuthnContext);
                    logger.debug(buildPOSTtoIdPFormHtml);
                    httpServletResponse.setContentType("text/html;charset=utf-8");
                    PrintWriter writer = httpServletResponse.getWriter();
                    writer.write(buildPOSTtoIdPFormHtml);
                    writer.close();
                } else {
                    String buildRedirectToIdPurl = samlProcessor.buildRedirectToIdPurl(httpServletRequest, str, relayStateParameterName, parameter2, idpUrl, isOmitRequestedAuthnContext);
                    logger.debug("Redirecting to: " + buildRedirectToIdPurl);
                    httpServletResponse.sendRedirect(buildRedirectToIdPurl);
                }
                return;
            } catch (SAMLProcessorException e) {
                logger.error("SAML Processor threw exception", e);
                sendError(httpServletResponse, "Processing saml failed: " + e.getMessage());
                return;
            }
        }
        logger.debug("We have a SAML Response, so this request comes from the IdP");
        try {
            String processSAMLResponseMessage = samlProcessor.processSAMLResponseMessage(parameter);
            if (processSAMLResponseMessage == null) {
                logger.warn("No user in SAML Response");
                httpServletResponse.sendError(401, "There is no user in the SAML Response.");
            } else {
                String transformUserid = this.samlSsoComponent.transformUserid(processSAMLResponseMessage);
                String parameter3 = httpServletRequest.getParameter(RelayState.DEFAULT_ELEMENT_LOCAL_NAME);
                logger.debug("RelayState parameter is " + parameter3);
                if (parameter3 == null || parameter3.length() == 0) {
                    parameter3 = defaultRedirectUrl;
                    logger.warn("No original URL found in the request, redirecting to " + parameter3);
                }
                String str2 = parameter3.startsWith("/") ? absoluteBaseUrl + parameter3 : parameter3;
                try {
                    logger.debug("Trying to authorize user " + transformUserid);
                    if (this.samlSsoComponent.getAuthenticatorHook().authoriseUserAndEstablishSession(httpServletRequest, httpServletResponse, transformUserid)) {
                        logger.debug("Redirecting to " + str2);
                        httpServletResponse.sendRedirect(str2);
                    } else {
                        sendError(httpServletResponse, "User " + transformUserid + " could not be authorized.");
                    }
                } catch (AuthenticatorHookException e2) {
                    String message = e2.getMessage();
                    if (message == null) {
                        message = e2.getCause().getClass().getName() + ": " + e2.getCause().getMessage();
                    }
                    logger.error("Authenticating user failed: ", e2);
                    sendError(httpServletResponse, message);
                }
            }
        } catch (SAMLProcessorException e3) {
            logger.error("SAML Processor threw exception", e3);
            sendError(httpServletResponse, "Processing saml failed: " + e3.getMessage());
        }
    }

    protected void sendError(HttpServletResponse httpServletResponse, String str) throws ServletException, IOException {
        HashMap hashMap = new HashMap();
        hashMap.put("ssoMessage", str);
        hashMap.put("loginPageUrl", this.samlSsoComponent.getAbsoluteBaseUrl() + this.samlSsoComponent.getLoginPageUrl());
        httpServletResponse.setContentType("text/html;charset=utf-8");
        this.renderer.render("error.vm", hashMap, httpServletResponse.getWriter());
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }
}
