package com.ibm.ws.security.saml.sso20.web;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.SecurityService;
import com.ibm.ws.security.saml.Constants;
import com.ibm.ws.security.saml.SsoConfig;
import com.ibm.ws.security.saml.SsoRequest;
import com.ibm.ws.security.saml.SsoSamlService;
import com.ibm.ws.security.saml.error.SamlException;
import com.ibm.ws.security.saml.impl.HandlerFactory;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceMap;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.cxf.transport.https.HttpsURLConnectionFactory;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.saml.wab20_1.0.14.jar:com/ibm/ws/security/saml/sso20/web/EndpointServices.class */
public class EndpointServices {
    private static TraceComponent tc = Tr.register((Class<?>) EndpointServices.class, "SAML20", TraceConstants.MESSAGE_BUNDLE);
    public static final String KEY_SECURITY_SERVICE = "securityService";
    public static final String KEY_ID = "id";
    public static final String KEY_SAML_SERVICE = "samlService";
    private final ConcurrentServiceReferenceMap<String, SsoSamlService> samlServiceRef = new ConcurrentServiceReferenceMap<>(KEY_SAML_SERVICE);
    protected final AtomicServiceReference<SecurityService> securityServiceRef = new AtomicServiceReference<>("securityService");
    private static final String WWW_AUTHENTICATE_HEADER = "WWW-Authenticate";
    static final long serialVersionUID = 2368018060324393578L;

    protected void setSecurityService(ServiceReference<SecurityService> serviceReference) {
        this.securityServiceRef.setReference(serviceReference);
    }

    protected void unsetSecurityService(ServiceReference<SecurityService> serviceReference) {
        this.securityServiceRef.unsetReference(serviceReference);
    }

    protected void setSamlService(ServiceReference<SsoSamlService> serviceReference) {
        synchronized (this.samlServiceRef) {
            this.samlServiceRef.putReference((String) serviceReference.getProperty("id"), serviceReference);
        }
    }

    protected void unsetSamlService(ServiceReference<SsoSamlService> serviceReference) {
        synchronized (this.samlServiceRef) {
            this.samlServiceRef.removeReference((String) serviceReference.getProperty("id"), serviceReference);
        }
    }

    protected void activate(ComponentContext componentContext) {
        this.securityServiceRef.activate(componentContext);
        this.samlServiceRef.activate(componentContext);
        Tr.info(tc, "SAML20_ENDPOINT_SERVICE_ACTIVATED", new Object[0]);
    }

    protected void deactivate(ComponentContext componentContext) {
        this.securityServiceRef.deactivate(componentContext);
        this.samlServiceRef.deactivate(componentContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleSamlRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SamlException {
        SsoRequest ssoRequest = (SsoRequest) httpServletRequest.getAttribute(Constants.ATTRIBUTE_SAML20_REQUEST);
        if (ssoRequest != null) {
            handleSamlRequest(httpServletRequest, httpServletResponse, ssoRequest);
        }
    }

    private void handleSamlRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SsoRequest ssoRequest) throws SamlException {
        SsoConfig config;
        SsoSamlService ssoSamlService = getSsoSamlService(httpServletResponse, ssoRequest);
        if (ssoSamlService == null || (config = ssoSamlService.getConfig()) == null) {
            return;
        }
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        if (!checkHttpsRequirement(config, stringBuffer)) {
            throw new SamlException("SAML20_EP_PROTOCOL_NOT_HTTPS", (Exception) null, new Object[]{stringBuffer});
        }
        HandlerFactory.getHandlerInstance(ssoRequest).handleRequest(httpServletRequest, httpServletResponse, ssoRequest, getParameterMap(ssoSamlService));
    }

    boolean checkHttpsRequirement(SsoConfig ssoConfig, String str) {
        boolean z = true;
        if (ssoConfig.isHttpsRequired() && str != null && !str.startsWith(HttpsURLConnectionFactory.HTTPS_URL_PROTOCOL_ID)) {
            z = false;
        }
        return z;
    }

    private Map<String, Object> getParameterMap(SsoSamlService ssoSamlService) {
        HashMap hashMap = new HashMap();
        hashMap.put(Constants.KEY_SAML_SERVICE, ssoSamlService);
        hashMap.put(Constants.KEY_SECURITY_SERVICE, this.securityServiceRef.getService());
        return hashMap;
    }

    private SsoSamlService getSsoSamlService(HttpServletResponse httpServletResponse, SsoRequest ssoRequest) throws SamlException {
        SsoSamlService service = this.samlServiceRef.getService(ssoRequest.getProviderName());
        if (service == null || !service.isEnabled()) {
            throw new SamlException("SAML20_NO_SUCH_ACS_PROVIDER", (Exception) null, new Object[]{ssoRequest.getProviderName()});
        }
        ssoRequest.setSsoSamlService(service);
        return service;
    }
}
