package pl.edu.icm.unity.webui.authn.remote;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.InteractiveAuthenticationProcessor;
import pl.edu.icm.unity.engine.api.authn.remote.AuthenticationTriggeringContext;
import pl.edu.icm.unity.engine.api.authn.remote.RedirectedAuthnState;
import pl.edu.icm.unity.engine.api.authn.remote.RemoteAuthenticationContextManagement;
import pl.edu.icm.unity.engine.api.authn.remote.RemoteAuthnResponseProcessor;
import pl.edu.icm.unity.engine.api.authn.remote.SharedRemoteAuthenticationContextStore;
import pl.edu.icm.unity.engine.api.utils.PrototypeComponent;

@PrototypeComponent
/* loaded from: input_file:pl/edu/icm/unity/webui/authn/remote/RemoteRedirectedAuthnResponseProcessingFilter.class */
public class RemoteRedirectedAuthnResponseProcessingFilter implements Filter {
    private static final Logger log = Log.getLogger("unity.server.authn", RemoteRedirectedAuthnResponseProcessingFilter.class);
    public static final String CONTEXT_ID_HTTP_PARAMETER = "__remote_authn_context_id";
    public static final String DECISION_SESSION_ATTRIBUTE = "__ff_post_authn_decision";
    private final SharedRemoteAuthenticationContextStore remoteAuthnContextStore;
    private final RemoteAuthnResponseProcessor remoteAuthnResponseProcessor;

    /* loaded from: input_file:pl/edu/icm/unity/webui/authn/remote/RemoteRedirectedAuthnResponseProcessingFilter$PostAuthenticationDecissionWithContext.class */
    public static class PostAuthenticationDecissionWithContext {
        public final InteractiveAuthenticationProcessor.PostAuthenticationStepDecision decision;
        public final AuthenticationTriggeringContext triggeringContext;

        PostAuthenticationDecissionWithContext(InteractiveAuthenticationProcessor.PostAuthenticationStepDecision postAuthenticationStepDecision, AuthenticationTriggeringContext authenticationTriggeringContext) {
            this.decision = postAuthenticationStepDecision;
            this.triggeringContext = authenticationTriggeringContext;
        }
    }

    public RemoteRedirectedAuthnResponseProcessingFilter(SharedRemoteAuthenticationContextStore sharedRemoteAuthenticationContextStore, RemoteAuthnResponseProcessor remoteAuthnResponseProcessor) {
        this.remoteAuthnContextStore = sharedRemoteAuthenticationContextStore;
        this.remoteAuthnResponseProcessor = remoteAuthnResponseProcessor;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String parameter = servletRequest.getParameter(CONTEXT_ID_HTTP_PARAMETER);
        if (parameter == null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        log.debug("Processing remote authentication with context id {}", parameter);
        try {
            RedirectedAuthnState andRemoveAuthnContext = this.remoteAuthnContextStore.getAndRemoveAuthnContext(parameter);
            log.debug("Got remote context associated with id {}", parameter);
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            httpServletRequest.getSession().setAttribute(DECISION_SESSION_ATTRIBUTE, new PostAuthenticationDecissionWithContext(this.remoteAuthnResponseProcessor.processResponse(andRemoveAuthnContext, httpServletRequest, httpServletResponse, new BareSessionReinitializer(httpServletRequest)), andRemoveAuthnContext.getAuthenticationTriggeringContext()));
            log.debug("Authentication result was set in session");
            httpServletResponse.sendRedirect(andRemoveAuthnContext.getUltimateReturnURL());
        } catch (RemoteAuthenticationContextManagement.UnboundRelayStateException e) {
            log.debug("Request with invalid remote authn context {}, ignoring it", parameter);
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
