package org.geoserver.security.onelogin;

import java.io.IOException;
import java.util.Timer;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.params.HttpClientParams;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geotools.util.logging.Logging;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.xml.parse.ParserPool;
import org.springframework.context.ApplicationContext;
import org.springframework.security.core.Authentication;
import org.springframework.security.saml.SAMLEntryPoint;
import org.springframework.security.saml.key.EmptyKeyManager;
import org.springframework.security.saml.metadata.ExtendedMetadata;
import org.springframework.security.saml.metadata.ExtendedMetadataDelegate;
import org.springframework.security.saml.metadata.MetadataGenerator;
import org.springframework.security.saml.metadata.MetadataGeneratorFilter;
import org.springframework.security.saml.metadata.MetadataManager;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.logout.LogoutHandler;

/* loaded from: input_file:org/geoserver/security/onelogin/OneloginAuthenticationFilter.class */
public class OneloginAuthenticationFilter extends GeoServerPreAuthenticatedCompositeUserNameFilter implements LogoutHandler {
    static final Logger LOGGER = Logging.getLogger(OneloginAuthenticationFilter.class);
    protected SAMLEntryPoint samlEntryPoint;
    private static ApplicationContext context;

    public OneloginAuthenticationFilter(ApplicationContext applicationContext) {
        context = applicationContext;
        this.samlEntryPoint = (SAMLEntryPoint) context.getBean(SAMLEntryPoint.class);
    }

    public void initializeFromConfig(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        super.initializeFromConfig(securityNamedServiceConfig);
        OneloginAuthenticationFilterConfig oneloginAuthenticationFilterConfig = (OneloginAuthenticationFilterConfig) securityNamedServiceConfig;
        try {
            if (getNestedFilters().isEmpty()) {
                MetadataGenerator metadataGenerator = new MetadataGenerator();
                metadataGenerator.setEntityId(oneloginAuthenticationFilterConfig.getEntityId());
                metadataGenerator.setIncludeDiscoveryExtension(false);
                metadataGenerator.setKeyManager(new EmptyKeyManager());
                metadataGenerator.setRequestSigned(false);
                metadataGenerator.setWantAssertionSigned(oneloginAuthenticationFilterConfig.getWantAssertionSigned().booleanValue());
                ExtendedMetadata extendedMetadata = new ExtendedMetadata();
                extendedMetadata.setRequireLogoutRequestSigned(false);
                metadataGenerator.setExtendedMetadata(extendedMetadata);
                MetadataGeneratorFilter metadataGeneratorFilter = new MetadataGeneratorFilter(metadataGenerator);
                ParserPool parserPool = (ParserPool) context.getBean(ParserPool.class);
                HttpClientParams httpClientParams = new HttpClientParams();
                httpClientParams.setSoTimeout(5000);
                HttpClient httpClient = new HttpClient(httpClientParams);
                httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(5000);
                HTTPMetadataProvider hTTPMetadataProvider = new HTTPMetadataProvider(new Timer(true), httpClient, oneloginAuthenticationFilterConfig.getMetadataURL());
                hTTPMetadataProvider.setParserPool(parserPool);
                ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(hTTPMetadataProvider, extendedMetadata);
                MetadataManager metadataManager = (MetadataManager) context.getBean(MetadataManager.class);
                metadataManager.addMetadataProvider(extendedMetadataDelegate);
                metadataManager.refreshMetadata();
                metadataGeneratorFilter.setManager(metadataManager);
                getNestedFilters().add(metadataGeneratorFilter);
            } else {
                LOGGER.log(Level.FINE, "Metadata filter already added");
            }
            SAMLUserDetailsServiceImpl sAMLUserDetailsServiceImpl = (SAMLUserDetailsServiceImpl) context.getBean(SAMLUserDetailsServiceImpl.class);
            sAMLUserDetailsServiceImpl.setConverter(getConverter());
            sAMLUserDetailsServiceImpl.setRoleServiceName(getRoleServiceName());
            sAMLUserDetailsServiceImpl.setRolesHeaderAttribute(getRolesHeaderAttribute());
            sAMLUserDetailsServiceImpl.setRoleSource(getRoleSource());
            sAMLUserDetailsServiceImpl.setSecurityManager(this.securityManager);
            sAMLUserDetailsServiceImpl.setUserGroupServiceName(getUserGroupServiceName());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public AuthenticationEntryPoint getAuthenticationEntryPoint() {
        return this.samlEntryPoint;
    }

    @Override // org.geoserver.security.onelogin.GeoServerPreAuthenticatedCompositeUserNameFilter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        servletRequest.setAttribute("_AUTHENTICATION_ENTRY_POINT_HEADER", this.samlEntryPoint);
        ((SAMLUserDetailsServiceImpl) context.getBean(SAMLUserDetailsServiceImpl.class)).setRequest((HttpServletRequest) servletRequest);
        super.doFilter(servletRequest, servletResponse, filterChain);
    }

    public boolean applicableForHtml() {
        return true;
    }

    public boolean applicableForServices() {
        return true;
    }

    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        httpServletRequest.setAttribute("_logout_redirect", "/saml/logout");
    }

    protected String getPreAuthenticatedPrincipalName(HttpServletRequest httpServletRequest) {
        return null;
    }
}
