package com.ibm.ws.security.saml.sso20.rs;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.saml.Constants;
import com.ibm.ws.security.saml.SsoConfig;
import com.ibm.ws.security.saml.SsoRequest;
import com.ibm.ws.security.saml.SsoSamlService;
import com.ibm.ws.security.saml.error.SamlException;
import com.ibm.ws.security.saml.sso20.internal.Authenticator;
import com.ibm.ws.security.saml.sso20.internal.utils.UserData;
import com.ibm.ws.security.saml.sso20.token.Saml20TokenImpl;
import com.ibm.wsspi.security.tai.TAIResult;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.saml2.core.Assertion;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/saml/sso20/rs/RsSamlHandler.class */
public class RsSamlHandler {
    private static TraceComponent tc = Tr.register(RsSamlHandler.class, "SAML20", "com.ibm.ws.security.saml.sso20.internal.resources.SamlSso20Messages");
    String strHeaderName = null;
    HttpServletRequest request;
    HttpServletResponse response;
    SsoSamlService ssoSamlService;
    static final long serialVersionUID = -8595336360299759123L;

    public RsSamlHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SsoSamlService ssoSamlService) {
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.ssoSamlService = ssoSamlService;
    }

    public Constants.SamlSsoVersion getSamlVersion() {
        return Constants.SamlSsoVersion.SAMLSSO20;
    }

    public Map<String, Object> handleRequest() throws SamlException {
        HashMap hashMap = new HashMap();
        TAIResult badResult = badResult(401);
        try {
            if (this.request == null || this.response == null || this.ssoSamlService == null) {
                throw new Exception("Missing Parameter: request:" + this.request + " response:" + this.response + " ssoSamlService:" + this.ssoSamlService);
            }
            SsoRequest ssoRequest = new SsoRequest(this.ssoSamlService.getProviderId(), Constants.EndpointType.ACS, this.request, Constants.SamlSsoVersion.SAMLSSO20, this.ssoSamlService);
            this.request.setAttribute(Constants.ATTRIBUTE_SAML20_REQUEST, ssoRequest);
            return handleRequest(this.request, this.response, ssoRequest);
        } catch (SamlException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.saml.sso20.rs.RsSamlHandler", "83", this, new Object[0]);
            hashMap.put(SamlException.class.getName(), e.getErrorMessage());
            hashMap.put(TAIResult.class.getName(), badResult);
            return hashMap;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.saml.sso20.rs.RsSamlHandler", "86", this, new Object[0]);
            hashMap.put(Exception.class.getName(), e2);
            hashMap.put(TAIResult.class.getName(), badResult);
            return hashMap;
        }
    }

    public Map<String, Object> handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SsoRequest ssoRequest) throws SamlException {
        HashMap hashMap = new HashMap();
        SsoSamlService ssoSamlService = ssoRequest.getSsoSamlService();
        SsoConfig ssoConfig = ssoRequest.getSsoConfig();
        ArrayList<String> headerNames = ssoConfig.getHeaderNames();
        this.strHeaderName = ssoConfig.getHeaderName();
        String headerContent = getHeaderContent(httpServletRequest, headerNames);
        if (headerContent == null || headerContent.isEmpty()) {
            throw new SamlException("RS_EMPTY_SAML_ASSERTION", (Exception) null, new Object[]{this.strHeaderName});
        }
        Assertion validatedAssertion = RsSamlConsumer.getInstance().handleSAMLResponse(httpServletRequest, httpServletResponse, ssoSamlService, ssoRequest, headerContent).getValidatedAssertion();
        TAIResult authenticateRS = new Authenticator(ssoSamlService, new UserData(validatedAssertion, new Saml20TokenImpl(validatedAssertion))).authenticateRS(httpServletRequest, httpServletResponse, ssoRequest);
        hashMap.put(TAIResult.class.getName(), authenticateRS);
        if (authenticateRS.getStatus() == 200) {
            hashMap.put(Subject.class.getName(), authenticateRS.getSubject());
        }
        return hashMap;
    }

    String getHeaderContent(HttpServletRequest httpServletRequest, ArrayList<String> arrayList) {
        String hdrNameContent = getHdrNameContent(httpServletRequest, arrayList);
        if (hdrNameContent == null) {
            hdrNameContent = getAuthorizationContent(httpServletRequest, arrayList);
        }
        return hdrNameContent;
    }

    protected String getAuthorizationContent(HttpServletRequest httpServletRequest, ArrayList<String> arrayList) {
        String str = null;
        String header = httpServletRequest.getHeader(Constants.HDR_NAME_Authorization);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "header content of Authorization: " + header, new Object[0]);
        }
        if (header != null) {
            String trim = header.trim();
            if (!trim.isEmpty()) {
                Iterator<String> it = arrayList.iterator();
                while (it.hasNext()) {
                    String next = it.next();
                    int length = next.length();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "headerName '" + next + "'", new Object[0]);
                    }
                    if (trim.startsWith(next) && trim.length() > length + 1) {
                        Character valueOf = Character.valueOf(trim.charAt(length));
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "separator '" + valueOf + "'", new Object[0]);
                        }
                        if (valueOf.charValue() == '=' || valueOf.charValue() == ' ') {
                            this.strHeaderName = next;
                            str = trim.substring(length + 1);
                            if (str != null && str.startsWith("\"")) {
                                str = str.substring(1, str.length() - 1);
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "[" + str + "]", new Object[0]);
                            }
                        }
                    }
                }
            }
        }
        return str;
    }

    protected String getHdrNameContent(HttpServletRequest httpServletRequest, ArrayList<String> arrayList) {
        String str = null;
        int i = 0;
        Iterator<String> it = arrayList.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (tc.isDebugEnabled()) {
                int i2 = i;
                i++;
                Tr.debug(tc, "headerName(" + i2 + "): '" + next + "'", new Object[0]);
            }
            String header = httpServletRequest.getHeader(next);
            str = header;
            if (header != null) {
                this.strHeaderName = next;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Header name found in request: " + next, new Object[0]);
                }
            }
        }
        return str;
    }

    TAIResult badResult(int i) throws SamlException {
        try {
            return TAIResult.create(i);
        } catch (WebTrustAssociationFailedException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.saml.sso20.rs.RsSamlHandler", "244", this, new Object[]{Integer.valueOf(i)});
            throw new SamlException((Exception) e);
        }
    }
}
