package dk.gov.oio.saml.filter;

import dk.gov.oio.saml.model.NSISLevel;
import dk.gov.oio.saml.service.AuthnRequestService;
import dk.gov.oio.saml.session.AssertionWrapper;
import dk.gov.oio.saml.session.AssertionWrapperHolder;
import dk.gov.oio.saml.session.AuthnRequestWrapper;
import dk.gov.oio.saml.util.Constants;
import dk.gov.oio.saml.util.InternalException;
import dk.gov.oio.saml.util.LoggingUtil;
import java.io.IOException;
import java.util.Enumeration;
import java.util.HashMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.apache.log4j.Logger;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.encoder.MessageEncodingException;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder;
import org.opensaml.saml.saml2.core.AuthnRequest;

/* loaded from: input_file:dk/gov/oio/saml/filter/AuthenticatedFilter.class */
public class AuthenticatedFilter implements Filter {
    private static final Logger log = Logger.getLogger(AuthenticatedFilter.class);
    private boolean isPassive;
    private boolean forceAuthn;
    private String attributeProfile;
    private NSISLevel requiredNsisLevel = NSISLevel.NONE;

    public void init(FilterConfig filterConfig) throws ServletException {
        HashMap<String, String> config = getConfig(filterConfig);
        String str = config.get(Constants.IS_PASSIVE);
        String str2 = config.get(Constants.FORCE_AUTHN);
        this.isPassive = str != null ? Boolean.parseBoolean(str) : false;
        this.forceAuthn = str2 != null ? Boolean.parseBoolean(str2) : false;
        if (this.isPassive && this.forceAuthn) {
            log.warn("IsPassive and forceAuthn Cannot both be true");
        }
        try {
            String str3 = config.get(Constants.REQUIRED_NSIS_LEVEL);
            if (str3 != null) {
                this.requiredNsisLevel = NSISLevel.valueOf(str3);
            }
        } catch (Exception e) {
            log.warn("Unknown required NSIS level in configuration: " + this.requiredNsisLevel);
        }
        this.attributeProfile = config.get(Constants.ATTRIBUTE_PROFILE);
        if (this.attributeProfile == null || Constants.ATTRIBUTE_PROFILE_PERSON.equals(this.attributeProfile) || Constants.ATTRIBUTE_PROFILE_PROFESSIONAL.equals(this.attributeProfile)) {
            return;
        }
        log.warn("AttributeProfile should be either null, https://data.gov.dk/eid/Person or https://data.gov.dk/eid/Professional");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (log.isDebugEnabled()) {
            log.debug("AuthenticatedFilter invoked by endpoint: '" + httpServletRequest.getContextPath() + httpServletRequest.getServletPath() + "'");
        }
        HttpSession session = httpServletRequest.getSession();
        try {
            boolean z = false;
            NSISLevel nSISLevel = NSISLevel.NONE;
            Object attribute = session.getAttribute(Constants.SESSION_AUTHENTICATED);
            if (attribute != null && "true".equals(attribute)) {
                z = true;
            }
            Object attribute2 = session.getAttribute(Constants.SESSION_NSIS_LEVEL);
            if (attribute2 != null) {
                try {
                    nSISLevel = (NSISLevel) attribute2;
                } catch (Exception e) {
                    log.warn("Unknown NSIS level on session: " + attribute2);
                }
            }
            if (log.isDebugEnabled()) {
                log.debug("Current NSIS Level on session: " + nSISLevel + ", Required NSIS Level: " + this.requiredNsisLevel);
            }
            if (!z || this.requiredNsisLevel.isGreater(nSISLevel)) {
                if (log.isDebugEnabled()) {
                    log.debug("Filter config: isPassive: " + this.isPassive + ", forceAuthn: " + this.forceAuthn);
                }
                AuthnRequestService authnRequestService = AuthnRequestService.getInstance();
                httpServletRequest.getSession().setAttribute(Constants.SESSION_REQUESTED_PATH, httpServletRequest.getRequestURI());
                sendAuthnRequest(httpServletRequest, httpServletResponse, authnRequestService.createMessageWithAuthnRequest(this.isPassive, this.forceAuthn, this.requiredNsisLevel, this.attributeProfile));
            } else {
                try {
                    putAssertionOnThreadLocal(session);
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    removeAssertionFromThreadLocal();
                } catch (Throwable th) {
                    removeAssertionFromThreadLocal();
                    throw th;
                }
            }
        } catch (Exception e2) {
            log.warn("Unexpected error in authentication filter", e2);
            throw new ServletException(e2);
        }
    }

    public void destroy() {
    }

    private void removeAssertionFromThreadLocal() {
        AssertionWrapperHolder.clear();
    }

    private void putAssertionOnThreadLocal(HttpSession httpSession) {
        Object attribute = httpSession.getAttribute(Constants.SESSION_ASSERTION);
        if (attribute == null || !(attribute instanceof AssertionWrapper)) {
            log.warn("No assertion available on session");
            return;
        }
        AssertionWrapperHolder.set((AssertionWrapper) attribute);
        if (log.isDebugEnabled()) {
            log.debug("Saved Wrapped Assertion to ThreadLocal");
        }
    }

    private void sendAuthnRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, MessageContext<SAMLObject> messageContext) throws InternalException {
        if (log.isDebugEnabled()) {
            LoggingUtil.logAuthnRequest((AuthnRequest) messageContext.getMessage());
        }
        httpServletRequest.getSession().setAttribute(Constants.SESSION_AUTHN_REQUEST, new AuthnRequestWrapper((AuthnRequest) messageContext.getMessage()));
        HTTPRedirectDeflateEncoder hTTPRedirectDeflateEncoder = new HTTPRedirectDeflateEncoder();
        hTTPRedirectDeflateEncoder.setMessageContext(messageContext);
        hTTPRedirectDeflateEncoder.setHttpServletResponse(httpServletResponse);
        try {
            hTTPRedirectDeflateEncoder.initialize();
            hTTPRedirectDeflateEncoder.encode();
        } catch (ComponentInitializationException | MessageEncodingException e) {
            throw new InternalException("Failed sending AuthnRequest", e);
        }
    }

    private HashMap<String, String> getConfig(FilterConfig filterConfig) {
        HashMap<String, String> hashMap = new HashMap<>();
        Enumeration initParameterNames = filterConfig.getInitParameterNames();
        while (initParameterNames.hasMoreElements()) {
            String str = (String) initParameterNames.nextElement();
            hashMap.put(str, filterConfig.getInitParameter(str));
        }
        return hashMap;
    }
}
