package com.appiancorp.security.auth.saml.redirecter;

import com.appiancorp.common.CastUtil;
import com.appiancorp.common.monitoring.WebApiAggregatedData;
import com.appiancorp.core.expr.portable.string.Strings;
import com.appiancorp.process.rdbms.ActivitySqlFactory;
import com.appiancorp.security.auth.ProxyUrlRepairUtil;
import com.appiancorp.security.auth.mobile.MobileAuthContext;
import com.appiancorp.security.auth.mobile.MobileAuthContextUtils;
import com.appiancorp.security.auth.saml.IdentityProviderManager;
import com.appiancorp.security.auth.saml.SamlFilter;
import com.appiancorp.security.auth.saml.SamlSessionTracker;
import com.appiancorp.security.cors.CorsUtil;
import com.appiancorp.suite.cfg.SamlConfiguration;
import com.google.common.base.Preconditions;
import com.google.common.collect.Maps;
import java.io.IOException;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.opensaml.saml.saml2.core.AuthnRequest;

/* loaded from: input_file:com/appiancorp/security/auth/saml/redirecter/IdpRedirectHandler.class */
public class IdpRedirectHandler implements SamlRedirectHandler {
    private static final Logger LOG = Logger.getLogger(IdpRedirectHandler.class);
    private final IdentityProviderManager identityProviderManager;
    private final ProxyUrlRepairUtil proxyUrlRepairUtil;
    private final SamlSessionTracker samlSessionTracker;
    private final SamlConfiguration samlConfig;

    public IdpRedirectHandler(IdentityProviderManager identityProviderManager, ProxyUrlRepairUtil proxyUrlRepairUtil, SamlSessionTracker samlSessionTracker, SamlConfiguration samlConfiguration) {
        this.identityProviderManager = (IdentityProviderManager) Preconditions.checkNotNull(identityProviderManager);
        this.proxyUrlRepairUtil = (ProxyUrlRepairUtil) Preconditions.checkNotNull(proxyUrlRepairUtil);
        this.samlSessionTracker = (SamlSessionTracker) Preconditions.checkNotNull(samlSessionTracker);
        this.samlConfig = (SamlConfiguration) Preconditions.checkNotNull(samlConfiguration);
    }

    @Override // com.appiancorp.security.auth.saml.redirecter.SamlRedirectHandler
    public boolean redirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Optional<String> optional) throws IOException {
        try {
            if (!this.samlSessionTracker.isIdpEntityIdSet()) {
                if (Strings.isNullOrEmpty(this.samlConfig.getDefaultIdpEntityId())) {
                    LOG.info("No default Idp configured");
                    return false;
                }
                this.samlSessionTracker.setCurrentIdpEntityIdForRequest(httpServletRequest, this.samlConfig.getDefaultIdpEntityId());
            }
            boolean z = false;
            MobileAuthContext mobileAuthContext = MobileAuthContextUtils.getMobileAuthContext(httpServletRequest.getSession(false));
            if (mobileAuthContext != null) {
                z = mobileAuthContext.isForceAuth();
            }
            AuthnRequest generateAuthnRequest = this.identityProviderManager.generateAuthnRequest(z);
            saveReturnUrl(httpServletRequest, generateAuthnRequest.getID());
            LOG.debug("Redirecting to " + generateAuthnRequest.getDestination());
            if (!CorsUtil.isAllowedOriginOrReferrer(httpServletRequest)) {
                httpServletResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
            }
            this.identityProviderManager.sendSingleSignOnRequest(httpServletResponse, generateAuthnRequest, optional);
            return true;
        } catch (Exception e) {
            LOG.error("Error redirecting to IdP", e);
            httpServletResponse.sendError(WebApiAggregatedData.STATUS_CODE_RANGE_5XX_KEY);
            return true;
        }
    }

    private void saveReturnUrl(HttpServletRequest httpServletRequest, String str) {
        StringBuffer requestURL = this.proxyUrlRepairUtil.getRequestURL(httpServletRequest);
        LOG.debug("Saving return url: " + ((Object) requestURL) + " for message id: " + str);
        if (StringUtils.isNotBlank(httpServletRequest.getQueryString())) {
            requestURL.append(ActivitySqlFactory.AC_SUBSTITUTE_CONST).append(httpServletRequest.getQueryString());
        }
        Map map = (Map) CastUtil.cast(httpServletRequest.getSession().getAttribute(SamlFilter.SAML_RETURN_URL_MAP_KEY));
        if (Objects.isNull(map)) {
            map = Maps.newConcurrentMap();
        }
        map.put(str, requestURL.toString());
        httpServletRequest.getSession().setAttribute(SamlFilter.SAML_RETURN_URL_MAP_KEY, map);
    }
}
