package de.docware.util.j2ee.filter.a;

import com.onelogin.saml2.Auth;
import com.onelogin.saml2.authn.AuthnRequestParams;
import com.onelogin.saml2.authn.SamlResponse;
import com.onelogin.saml2.http.HttpRequest;
import com.onelogin.saml2.servlet.ServletUtils;
import com.onelogin.saml2.settings.Saml2Settings;
import com.onelogin.saml2.settings.SettingsBuilder;
import com.onelogin.saml2.util.Constants;
import de.docware.apps.etk.base.project.docu.EtkDataDocument;
import de.docware.framework.modules.config.defaultconfig.security.d;
import de.docware.framework.modules.config.defaultconfig.security.h;
import de.docware.framework.modules.gui.app.AbstractApplication;
import de.docware.framework.modules.gui.misc.h.c;
import de.docware.framework.modules.gui.misc.js.FrameworkJsFileCollection;
import de.docware.framework.modules.gui.misc.logger.LogType;
import de.docware.framework.modules.gui.session.f;
import de.docware.framework.utils.k;
import de.docware.util.e;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.joda.time.Instant;

/* loaded from: input_file:de/docware/util/j2ee/filter/a/a.class */
public class a {
    private static a qLg;
    private h qLh = h.cQC();
    private Saml2Settings qLi;
    private String qLj;
    private String qLk;
    private String qLl;
    private String qLm;

    /* renamed from: de.docware.util.j2ee.filter.a.a$a, reason: collision with other inner class name */
    /* loaded from: input_file:de/docware/util/j2ee/filter/a/a$a.class */
    public static class C0113a {
        private String qLn;
        private Map<String, List<String>> axC;
        private long qLo;

        public C0113a(String str, Map<String, List<String>> map, long j) {
            this.qLn = str;
            this.axC = map;
            this.qLo = j;
        }

        public String dSG() {
            return this.qLn;
        }

        public Map<String, List<String>> bEO() {
            return Collections.unmodifiableMap(this.axC);
        }

        public long dSH() {
            return this.qLo;
        }
    }

    private a() {
        this.qLh.a(this::cIg);
        cIg();
    }

    public static a dSD() {
        if (qLg == null) {
            qLg = new a();
        }
        return qLg;
    }

    public boolean b(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException {
        if (httpServletRequest.getRequestURI().endsWith(this.qLj)) {
            e(httpServletRequest, httpServletResponse);
            return false;
        }
        if (httpServletRequest.getRequestURI().endsWith(this.qLl)) {
            e(httpServletResponse);
            return false;
        }
        if (v(httpServletRequest)) {
            g(httpServletRequest, httpServletResponse);
            return true;
        }
        if (!a(httpServletRequest, z, httpServletResponse)) {
            return true;
        }
        try {
            boolean d = d(httpServletRequest, httpServletResponse);
            if (d && this.qLh.cQO()) {
                httpServletRequest.setAttribute("__pre_session_secure_start_inactive", Boolean.TRUE);
            }
            return d;
        } catch (ServletException e) {
            throw new IOException(e.getMessage(), e);
        }
    }

    private void cIg() {
        d cQT = this.qLh.cQT();
        if (cQT == null) {
            dSE();
            return;
        }
        Properties properties = new Properties();
        this.qLm = cQT.getUrlPrefixSP();
        String entityIdUrlIdP = cQT.getEntityIdUrlIdP();
        String x509certIdP = cQT.getX509certIdP();
        String ssoUrlIdP = cQT.getSsoUrlIdP();
        String sloUrlIdp = cQT.getSloUrlIdp();
        properties.setProperty("onelogin.saml2.idp.entityid", entityIdUrlIdP);
        properties.setProperty("onelogin.saml2.idp.x509cert", x509certIdP);
        properties.setProperty("onelogin.saml2.idp.single_sign_on_service.url", ssoUrlIdP);
        properties.setProperty("onelogin.saml2.idp.single_logout_service.url", sloUrlIdp);
        properties.setProperty("onelogin.saml2.strict", Boolean.toString(cQT.getStrict()));
        properties.setProperty("onelogin.saml2.debug", Boolean.toString(cQT.getDebug()));
        this.qLl = cQT.getEntityIdUrlSP();
        this.qLj = cQT.getAcsUrlSP();
        this.qLk = cQT.getSlsUrlSP();
        if (cQT.getCustomIssuerSP().isEmpty()) {
            properties.setProperty("onelogin.saml2.sp.entityid", this.qLm + cQT.getEntityIdUrlSP());
        } else {
            properties.setProperty("onelogin.saml2.sp.entityid", cQT.getCustomIssuerSP());
        }
        properties.setProperty("onelogin.saml2.sp.assertion_consumer_service.url", this.qLm + cQT.getAcsUrlSP());
        properties.setProperty("onelogin.saml2.sp.single_logout_service.url", this.qLm + cQT.getSlsUrlSP());
        properties.setProperty("onelogin.saml2.sp.assertion_consumer_service.binding", cQT.getAcsBindingSP());
        properties.setProperty("onelogin.saml2.sp.single_logout_service.binding", cQT.getSlsBindingSP());
        properties.setProperty("onelogin.saml2.sp.nameidformat", cQT.getNameIdFormatSP());
        properties.setProperty("onelogin.saml2.sp.x509cert", cQT.getX509CertSP());
        properties.setProperty("onelogin.saml2.sp.privatekey", cQT.getPrivateKeySP());
        properties.setProperty("onelogin.saml2.idp.single_sign_on_service.binding", cQT.getSsoBindingIdP());
        properties.setProperty("onelogin.saml2.idp.single_logout_service.response.url", cQT.getSloResponseUrlIdP());
        properties.setProperty("onelogin.saml2.idp.single_logout_service.binding", cQT.getSloBindingIdP());
        properties.setProperty("onelogin.saml2.security.want_nameid_encrypted", cQT.getPrivateKeySP());
        properties.setProperty("onelogin.saml2.security.authnrequest_signed", Boolean.toString(cQT.getAuthnRequestsSigned()));
        properties.setProperty("onelogin.saml2.security.logoutrequest_signed", Boolean.toString(cQT.getLogoutRequestsSigned()));
        properties.setProperty("onelogin.saml2.security.logoutresponse_signed", Boolean.toString(cQT.getLogoutResponseSigned()));
        properties.setProperty("onelogin.saml2.security.want_messages_signed", Boolean.toString(cQT.getWantMessagesSigned()));
        properties.setProperty("onelogin.saml2.security.want_assertions_signed", Boolean.toString(cQT.getWantAssertionsSigned()));
        properties.setProperty("onelogin.saml2.security.sign_metadata", Boolean.toString(cQT.getSignMetaData()));
        properties.setProperty("onelogin.saml2.security.want_assertions_encrypted", Boolean.toString(cQT.getWantAssertionsEncrypted()));
        properties.setProperty("onelogin.saml2.security.want_nameid_encrypted", Boolean.toString(cQT.getWantNameIdEncrypted()));
        properties.setProperty("onelogin.saml2.security.requested_authncontext", cQT.getRequestedAuthnContext());
        properties.setProperty("onelogin.saml2.security.requested_authncontextcomparison", cQT.getRequestedAuthnContextComparison());
        properties.setProperty("onelogin.saml2.security.want_xml_validation", Boolean.toString(cQT.getWantXmlValidation()));
        properties.setProperty("onelogin.saml2.security.signature_algorithm", cQT.getSignatureAlgorithm());
        properties.setProperty("onelogin.saml2.organization.name", de.docware.util.h.d.amg(cQT.getOrganizationName()));
        properties.setProperty("onelogin.saml2.organization.displayname", de.docware.util.h.d.amg(cQT.getOrganizationDisplayName()));
        properties.setProperty("onelogin.saml2.organization.url", cQT.getOrganizationUrl());
        properties.setProperty("onelogin.saml2.organization.lang", cQT.getOrganizationLang());
        properties.setProperty("onelogin.saml2.contacts.technical.given_name", de.docware.util.h.d.amg(cQT.getTechnicalGivenName()));
        properties.setProperty("onelogin.saml2.contacts.technical.email_address", cQT.getTechnicalEmailAddress());
        properties.setProperty("onelogin.saml2.contacts.support.given_name", de.docware.util.h.d.amg(cQT.getSupportGivenName()));
        properties.setProperty("onelogin.saml2.contacts.support.email_address", cQT.getSupportEmailAddress());
        this.qLi = new SettingsBuilder().fromProperties(properties).build();
    }

    private void dSE() {
        this.qLm = "";
        this.qLl = "";
        this.qLj = "";
        this.qLk = "";
        this.qLi = new SettingsBuilder().fromProperties(new Properties()).build();
    }

    private boolean d(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        boolean z;
        if (1 == 0) {
            return true;
        }
        de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, "SAML: handleStartRequest");
        HttpSession session = httpServletRequest.getSession(true);
        C0113a c0113a = (C0113a) session.getAttribute("samlv2Auth");
        if (c0113a == null) {
            String h = de.docware.framework.modules.plugins.a.h(e.cG(httpServletRequest.getParameterMap()));
            if (de.docware.util.h.af(h)) {
                c0113a = alS(h);
                session.setAttribute("samlv2Auth", c0113a);
            }
        }
        if (c0113a == null) {
            de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, "SAML: no auth in session found");
            z = true;
        } else {
            de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, "SAML: auth in session found");
            if (c0113a.dSH() > 0) {
                z = c0113a.dSH() + ((long) (Constants.ALOWED_CLOCK_DRIFT.intValue() * 1000)) <= System.currentTimeMillis();
            } else {
                z = false;
            }
        }
        boolean a = AbstractApplication.cVH().a(httpServletRequest, httpServletResponse, z);
        if (!z || a) {
            de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, "SAML: still authenticated");
            return true;
        }
        de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, "SAML: IdP auth required");
        if (httpServletRequest.getMethod().equals("POST")) {
            session.setAttribute("SAMLPostRequestParams", new HashMap(httpServletRequest.getParameterMap()));
        }
        try {
            String cl = cl(httpServletRequest.getRequestURI(), this.qLm, httpServletRequest.getQueryString());
            de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, "SAML: spUrlPrefix=" + this.qLm + ", returnTo=" + cl);
            Auth auth = new Auth(this.qLi, httpServletRequest, httpServletResponse);
            if (!de.docware.framework.modules.gui.misc.logger.b.dxD().f(de.docware.framework.modules.gui.misc.logger.a.pMa)) {
                de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, "SAML: Log Channel EXTERNAL_LIBRARIES must be activated in order so see the redirect URL to IdP and other log messages from SAML Lib");
            }
            auth.login(cl, new AuthnRequestParams(false, false, true), false, dSF());
            de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, "SAML: Next expected SAML log message is about received authentication response from IdP. If this message is missing, this may have the following reasons:\n- the redirect response has been rewritten by webserver or proxy and is no longer valid. Check the requests inside browser developer tool or similar! \n  To verify that the redirect response has been correctly sent by our application, a request filter could be setup in the app server (see RequestDumper for Tomcat). \n- the redirect request has arrived at the IdP, but the IdP did not answer it for any reason. Check the IdP logs!");
            return false;
        } catch (Throwable th) {
            b(httpServletResponse, th);
            return false;
        }
    }

    private HashMap<String, String> dSF() {
        Properties aiP;
        HashMap<String, String> hashMap = new HashMap<>();
        String additionalParametersForLogin = this.qLh.cQT().getAdditionalParametersForLogin();
        if (!de.docware.util.h.ae(additionalParametersForLogin) && (aiP = e.aiP(additionalParametersForLogin)) != null) {
            aiP.forEach((obj, obj2) -> {
                hashMap.put((String) obj, (String) obj2);
            });
        }
        return hashMap;
    }

    static String cl(String str, String str2, String str3) {
        if (str2.endsWith("/")) {
            str2 = str2.substring(0, str2.length() - 1);
        }
        String substring = str.substring(1);
        if (substring.contains("/")) {
            substring = de.docware.util.h.lu(substring, "/");
        }
        if (str3 != null) {
            substring = substring + "?" + str3;
        }
        return str2 + "/" + substring;
    }

    private void e(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, "SAML: handleAuthResponse");
        try {
            Auth auth = new Auth(this.qLi, httpServletRequest, httpServletResponse);
            auth.processResponse();
            if (!auth.isAuthenticated()) {
                de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, "SAML: handleAuthResponse: not authenticated");
                f(httpServletResponse);
            }
            if (auth.getErrors().isEmpty()) {
                de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, "SAML: handleAuthResponse: success");
                List lastAssertionNotOnOrAfter = auth.getLastAssertionNotOnOrAfter();
                C0113a c0113a = new C0113a(auth.getNameId(), auth.getAttributes(), (lastAssertionNotOnOrAfter == null || lastAssertionNotOnOrAfter.isEmpty()) ? -1L : ((Instant) lastAssertionNotOnOrAfter.get(0)).getMillis());
                HttpSession session = httpServletRequest.getSession(true);
                session.setAttribute("samlv2Auth", c0113a);
                if (session.getAttribute("SAMLPostRequestParams") != null) {
                    de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, "SAML: handleAuthResponse: POST redirect");
                    f(httpServletRequest, httpServletResponse);
                } else {
                    de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, "SAML: handleAuthResponse: GET redirect");
                    String parameter = httpServletRequest.getParameter("RelayState");
                    if (parameter == null || parameter.equals(ServletUtils.getSelfRoutedURLNoQuery(httpServletRequest))) {
                        c(httpServletResponse, "SAML2Filter: relayState URL missing");
                    } else {
                        session.setAttribute("samlv2RelayState", parameter);
                        httpServletResponse.sendRedirect(parameter);
                    }
                }
            } else {
                de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, "SAML: handleAuthResponse: with errors");
                c(httpServletResponse, auth.getLastErrorReason());
            }
        } catch (Exception e) {
            b(httpServletResponse, e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v18, types: [java.util.List] */
    private void e(HttpServletResponse httpServletResponse) throws IOException {
        ArrayList arrayList;
        try {
            String sPMetadata = this.qLi.getSPMetadata();
            if (0 != 0) {
                this.qLi.setSPValidationOnly(true);
                arrayList = Saml2Settings.validateMetadata(sPMetadata);
            } else {
                arrayList = new ArrayList();
            }
            if (arrayList.isEmpty()) {
                PrintWriter writer = httpServletResponse.getWriter();
                writer.write(sPMetadata);
                writer.flush();
                writer.close();
            } else {
                a(httpServletResponse, null, de.docware.util.h.i(arrayList, ","), EtkDataDocument.DOCUMENT_TIMEOUT_ON_CHECKICON, "Internal server error");
            }
        } catch (Exception e) {
            a(httpServletResponse, e, null, EtkDataDocument.DOCUMENT_TIMEOUT_ON_CHECKICON, "Internal server error");
        }
    }

    private void f(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            httpServletResponse.setStatus(403);
            return;
        }
        FrameworkJsFileCollection.bw(FrameworkJsFileCollection.J2EE_SAML_REDIRECT.dxv(), false);
        c abD = de.docware.framework.modules.gui.misc.js.a.abD(FrameworkJsFileCollection.J2EE_SAML_REDIRECT.dxv());
        PrintWriter writer = httpServletResponse.getWriter();
        writer.write("<!DOCTYPE html><html style='height:100%;width:100%;'><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/><meta http-equiv=\"X-UA-Compatible\" content=\"IE=100\"><meta name=\"viewport\" content=\"width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, target-densityDpi=160dpi\"><script type=\"text/javascript\">");
        writer.write(new String(abD.b(null)));
        writer.write("</script>");
        writer.write("</head>");
        writer.write("<body id=\"body\" onload='redirectSamlRequest(" + k.wG(false).serialize(session.getAttribute("SAMLPostRequestParams")) + ")' style='height:100%;width:100%;overflow:hidden;font-size:" + de.docware.framework.modules.gui.misc.g.a.duu().getSize() + "px; background-color:" + de.docware.framework.modules.gui.misc.d.a.pkr.dtc() + "'>");
        writer.write("</body></html>");
        writer.flush();
        writer.close();
    }

    private boolean a(HttpServletRequest httpServletRequest, boolean z, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter("forcerestart");
        String parameter2 = httpServletRequest.getParameter("doAction");
        HttpSession session = httpServletRequest.getSession(false);
        de.docware.framework.modules.gui.session.b ahv = session != null ? f.dMl().ahv(session.getId()) : null;
        if (ahv == null) {
            de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, "No framework session found");
        }
        return !(ahv != null) || (parameter != null && parameter.equals("true")) || ((parameter2 != null && parameter2.equalsIgnoreCase("start")) && z);
    }

    private boolean v(HttpServletRequest httpServletRequest) {
        return de.docware.util.h.ae(httpServletRequest.getPathInfo()) || httpServletRequest.getPathInfo().equals("/") || httpServletRequest.getPathInfo().equals("/index.html");
    }

    private void g(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            String alR = alR(httpServletRequest.getRequestURL().toString());
            de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, String.format("send redirect to %s)", alR));
            httpServletResponse.sendRedirect(alR);
        } catch (IOException e) {
            de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.ERROR, e);
        }
    }

    static String alR(String str) {
        if (de.docware.util.h.lx(str, "index.html")) {
            str = de.docware.util.h.lr(str, "/index.html");
        }
        return de.docware.util.h.lA(str, "/") + "/app?forcerestart=true";
    }

    private void f(HttpServletResponse httpServletResponse) throws IOException {
        a(httpServletResponse, (Throwable) null, (String) null);
    }

    private void b(HttpServletResponse httpServletResponse, Throwable th) throws IOException {
        a(httpServletResponse, th, (String) null);
    }

    private void c(HttpServletResponse httpServletResponse, String str) throws IOException {
        a(httpServletResponse, (Throwable) null, str);
    }

    private void a(HttpServletResponse httpServletResponse, Throwable th, String str) throws IOException {
        a(httpServletResponse, th, str, 401, "Not authenticated");
    }

    private void a(HttpServletResponse httpServletResponse, Throwable th, String str, int i, String str2) throws IOException {
        httpServletResponse.setStatus(i);
        PrintWriter writer = httpServletResponse.getWriter();
        writer.write(str2);
        writer.flush();
        writer.close();
        if (th != null) {
            de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.ERROR, th);
        }
        if (str != null) {
            de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.ERROR, "SAML2Filter Error: " + str);
        }
    }

    private C0113a alS(String str) {
        try {
            SamlResponse samlResponse = new SamlResponse(this.qLi, (HttpRequest) null);
            samlResponse.loadXmlFromBase64(Base64.getEncoder().encodeToString(str.getBytes()));
            return new C0113a(samlResponse.getNameId(), samlResponse.getAttributes(), -1L);
        } catch (Throwable th) {
            de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pMn, LogType.DEBUG, th);
            return null;
        }
    }
}
