package org.apache.cxf.rs.security.saml.sso;

import java.io.IOException;
import javax.ws.rs.BindingPriority;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.saml.sso.state.RequestState;

@BindingPriority(2000)
@PreMatching
/* loaded from: input_file:org/apache/cxf/rs/security/saml/sso/RequestAssertionConsumerFilter.class */
public class RequestAssertionConsumerFilter extends AbstractRequestAssertionConsumerHandler implements ContainerRequestFilter {
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        String method = containerRequestContext.getMethod();
        if ("GET".equals(method)) {
            processParams(containerRequestContext, containerRequestContext.getUriInfo().getQueryParameters(), false);
        } else if ("POST".equals(method) && MediaType.APPLICATION_FORM_URLENCODED_TYPE.isCompatible(containerRequestContext.getMediaType())) {
            processParams(containerRequestContext, JAXRSUtils.getStructuredParams(IOUtils.toString(containerRequestContext.getEntityStream()), "&", false, false), true);
        } else {
            containerRequestContext.abortWith(Response.status(400).build());
        }
    }

    protected void processParams(ContainerRequestContext containerRequestContext, MultivaluedMap<String, String> multivaluedMap, boolean z) {
        String str = (String) multivaluedMap.getFirst(SSOConstants.SAML_RESPONSE);
        String str2 = (String) multivaluedMap.getFirst(SSOConstants.RELAY_STATE);
        if (str2 == null && str == null) {
            JAXRSUtils.getCurrentMessage().put(SSOConstants.RACS_IS_COLLOCATED, Boolean.TRUE);
            return;
        }
        RequestState processRelayState = processRelayState(str2);
        String targetAddress = processRelayState.getTargetAddress();
        if (targetAddress == null || !targetAddress.startsWith(containerRequestContext.getUriInfo().getRequestUri().toString())) {
            containerRequestContext.getHeaders().add("Cookie", createSecurityContext(processRelayState, str, str2, z));
        } else {
            reportError("INVALID_TARGET_URI");
            containerRequestContext.abortWith(Response.status(400).build());
        }
    }
}
