package com.ibm.ws.security.saml.sso20.acs;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.saml.Constants;
import com.ibm.ws.security.saml.SsoRequest;
import com.ibm.ws.security.saml.SsoSamlService;
import com.ibm.ws.security.saml.error.SamlException;
import com.ibm.ws.security.saml.sso20.binding.BasicMessageContext;
import com.ibm.ws.security.saml.sso20.internal.utils.Cache;
import com.ibm.ws.security.saml.sso20.internal.utils.RequestInfo;
import com.ibm.ws.security.saml.sso20.internal.utils.SamlUtil;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Date;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.joda.time.DateTime;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.saml.sso20_1.0.14.jar:com/ibm/ws/security/saml/sso20/acs/SolicitedHandler.class */
public class SolicitedHandler {
    private static TraceComponent tc = Tr.register((Class<?>) SolicitedHandler.class, "SAML20", "com.ibm.ws.security.saml.sso20.internal.resources.SamlSso20Messages");
    HttpServletRequest request;
    HttpServletResponse response;
    SsoRequest samlRequest;
    Map<String, Object> parameters;
    SsoSamlService ssoService;
    static final long serialVersionUID = -1494780877729166979L;

    public SolicitedHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SsoRequest ssoRequest, Map<String, Object> map) {
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.samlRequest = ssoRequest;
        this.parameters = map;
        this.ssoService = (SsoSamlService) map.get(Constants.KEY_SAML_SERVICE);
    }

    public void handleRequest(String str) throws SamlException {
        if (this.request.getParameter(Constants.SAMLResponse) == null) {
            throw new SamlException("Cannot process the request because SAML Response from the IdP is missing", (Exception) null, new Object[0]);
        }
        try {
            BasicMessageContext<?, ?, ?> handleSAMLResponse = WebSSOConsumer.getInstance().handleSAMLResponse(this.request, this.response, this.ssoService, URLDecoder.decode(str, "UTF-8"), this.samlRequest);
            Cache acsCookieCache = this.ssoService.getAcsCookieCache(this.samlRequest.getProviderName());
            RequestInfo cachedRequestInfo = handleSAMLResponse.getCachedRequestInfo();
            DateTime plus = cachedRequestInfo.getBirthTime().plus(this.ssoService.getConfig().getAuthnRequestTime());
            if (plus.isBeforeNow()) {
                throw new SamlException("SAML20_AUTHN_REQUEST_EXPIRED", (Exception) null, new Object[]{new Date(cachedRequestInfo.getBirthTime().getMillis()), Long.valueOf(this.ssoService.getConfig().getAuthnRequestTime() / 60000), new Date(plus.getMillis()), new Date()});
            }
            cachedRequestInfo.setWithFragmentUrl(this.request, this.response);
            redirectToRelayState(handleSAMLResponse, this.samlRequest.getProviderName(), acsCookieCache, cachedRequestInfo);
        } catch (UnsupportedEncodingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.saml.sso20.acs.SolicitedHandler", "71", this, new Object[]{str});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Internal error process SAML Web SSO Version 2.0 request", e);
            }
            throw new SamlException(e);
        }
    }

    protected void redirectToRelayState(BasicMessageContext<?, ?, ?> basicMessageContext, String str, Cache cache, RequestInfo requestInfo) throws SamlException {
        String generateRandom = SamlUtil.generateRandom();
        requestInfo.redirectCachedRequestNoFragment(this.request, this.response, Constants.COOKIE_NAME_WAS_SAML_ACS + SamlUtil.hash(str), generateRandom);
        cache.put(generateRandom, basicMessageContext.getUserDataIfReady());
    }
}
