package com.liferay.saml.internal.servlet.filter;

import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.struts.LastPath;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.Portal;
import com.liferay.portal.kernel.util.Props;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.saml.persistence.model.SamlSpSession;
import com.liferay.saml.runtime.configuration.SamlProviderConfiguration;
import com.liferay.saml.runtime.configuration.SamlProviderConfigurationHelper;
import com.liferay.saml.runtime.servlet.profile.SingleLogoutProfile;
import com.liferay.saml.runtime.servlet.profile.WebSsoProfile;
import com.liferay.saml.util.SamlHttpRequestUtil;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(immediate = true, property = {"after-filter=Virtual Host Filter", "dispatcher=FORWARD", "dispatcher=REQUEST", "init-param.url-regex-ignore-pattern=^/html/.+\\.(css|gif|html|ico|jpg|js|png)(\\?.*)?$", "servlet-context-name=", "servlet-filter-name=SSO SAML SP Filter", "url-pattern=/*"}, service = {Filter.class})
/* loaded from: input_file:com/liferay/saml/internal/servlet/filter/SamlSpSsoFilter.class */
public class SamlSpSsoFilter extends BaseSamlPortalFilter {
    private static final Log _log = LogFactoryUtil.getLog(SamlSpSsoFilter.class);

    @Reference
    private Portal _portal;

    @Reference
    private Props _props;

    @Reference
    private SamlHttpRequestUtil _samlHttpRequestUtil;

    @Reference
    private SamlProviderConfigurationHelper _samlProviderConfigurationHelper;
    private ServletContext _servletContext;

    @Reference
    private SingleLogoutProfile _singleLogoutProfile;

    @Reference
    private WebSsoProfile _webSsoProfile;

    public void init(FilterConfig filterConfig) {
        super.init(filterConfig);
        this._servletContext = filterConfig.getServletContext();
    }

    public boolean isFilterEnabled() {
        return this._samlProviderConfigurationHelper.isEnabled() && this._samlProviderConfigurationHelper.isRoleSp();
    }

    public boolean isFilterEnabled(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!this._samlProviderConfigurationHelper.isEnabled() || !this._samlProviderConfigurationHelper.isRoleSp()) {
            return false;
        }
        try {
            if (this._portal.getUser(httpServletRequest) != null) {
                return true;
            }
        } catch (Exception e) {
            if (_log.isDebugEnabled()) {
                _log.debug(e.getMessage(), e);
            } else if (_log.isWarnEnabled()) {
                _log.warn(e.getMessage());
            }
        }
        String requestPath = this._samlHttpRequestUtil.getRequestPath(httpServletRequest);
        return requestPath.equals("/c/portal/login") || requestPath.equals("/c/portal/logout");
    }

    @Override // com.liferay.saml.internal.servlet.filter.BaseSamlPortalFilter
    protected void doProcessFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws Exception {
        String requestPath = this._samlHttpRequestUtil.getRequestPath(httpServletRequest);
        SamlSpSession samlSpSession = this._singleLogoutProfile.getSamlSpSession(httpServletRequest);
        if (samlSpSession != null && samlSpSession.isTerminated()) {
            this._singleLogoutProfile.terminateSpSession(httpServletRequest, httpServletResponse);
            this._singleLogoutProfile.logout(httpServletRequest, httpServletResponse);
            httpServletResponse.sendRedirect(this._portal.getCurrentCompleteURL(httpServletRequest));
            return;
        }
        if (!requestPath.equals("/c/portal/login")) {
            if (!requestPath.equals("/c/portal/logout")) {
                this._webSsoProfile.updateSamlSpSession(httpServletRequest, httpServletResponse);
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            } else if (this._singleLogoutProfile.isSingleLogoutSupported(httpServletRequest)) {
                this._singleLogoutProfile.processSpLogout(httpServletRequest, httpServletResponse);
                return;
            } else {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
        }
        RequestDispatcher requestDispatcher = this._servletContext.getRequestDispatcher("/c/portal/saml/login");
        httpServletResponse.setContentType("text/html");
        requestDispatcher.include(httpServletRequest, httpServletResponse);
        if (httpServletRequest.getAttribute("SAML_SP_IDP_CONNECTION") == null) {
            SamlProviderConfiguration samlProviderConfiguration = this._samlProviderConfigurationHelper.getSamlProviderConfiguration();
            if (httpServletRequest.getAttribute("SAML_SSO_LOGIN_CONTEXT") == null && samlProviderConfiguration.allowShowingTheLoginPortlet()) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            return;
        }
        try {
            _login(httpServletRequest, httpServletResponse);
        } catch (PortalException e) {
            if (_log.isInfoEnabled()) {
                _log.info("Failed to send Authn request: " + e.getMessage());
            }
        }
    }

    protected Log getLog() {
        return _log;
    }

    private void _login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws PortalException {
        String string = ParamUtil.getString(httpServletRequest, "redirect");
        if (Validator.isNotNull(string)) {
            string = this._portal.escapeRedirect(string);
        }
        LastPath lastPath = (LastPath) httpServletRequest.getSession().getAttribute("LAST_PATH");
        if (GetterUtil.getBoolean(this._props.get("auth.forward.by.last.path")) && lastPath != null && Validator.isNull(string)) {
            string = StringBundler.concat(new String[]{this._portal.getPortalURL(httpServletRequest), lastPath.getContextPath(), lastPath.getPath(), lastPath.getParameters()});
        } else if (Validator.isNull(string)) {
            string = this._portal.getHomeURL(httpServletRequest);
        }
        this._webSsoProfile.sendAuthnRequest(httpServletRequest, httpServletResponse, string);
    }
}
