package com.erudika.para.security.filters;

import com.erudika.para.Para;
import com.erudika.para.core.App;
import com.erudika.para.utils.Config;
import com.erudika.para.utils.Utils;
import com.onelogin.saml2.exception.SettingsException;
import com.onelogin.saml2.settings.Saml2Settings;
import com.onelogin.saml2.settings.SettingsBuilder;
import java.io.IOException;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:BOOT-INF/lib/para-server-1.41.3.jar:com/erudika/para/security/filters/SAMLMetadataFilter.class */
public class SAMLMetadataFilter extends GenericFilterBean {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SAMLMetadataFilter.class);
    public static final String SAML_ACTION = "/saml_metadata";

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String requestURI = httpServletRequest.getRequestURI();
        if (!requestURI.startsWith(SAML_ACTION)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String rootAppIdentifier = Config.getRootAppIdentifier();
        if (requestURI.startsWith("/saml_metadata/")) {
            String urlDecode = Utils.urlDecode(StringUtils.removeStart(requestURI, "/saml_metadata/"));
            rootAppIdentifier = !urlDecode.isEmpty() ? urlDecode : Config.getRootAppIdentifier();
        }
        try {
            App app = (App) Para.getDAO().read(App.id(rootAppIdentifier));
            if (app != null && app.getSetting("security.saml.sp.entityid") != null) {
                Saml2Settings build = new SettingsBuilder().fromValues(SAMLAuthFilter.getSAMLSettings(app)).build();
                build.setSPValidationOnly(true);
                String sPMetadata = build.getSPMetadata();
                List<String> validateMetadata = Saml2Settings.validateMetadata(sPMetadata);
                if (!validateMetadata.isEmpty()) {
                    httpServletResponse.sendError(400, StringUtils.join(validateMetadata, "; "));
                    httpServletResponse.setStatus(400);
                    return;
                } else {
                    httpServletResponse.setContentType("text/xml");
                    httpServletResponse.setCharacterEncoding(Config.DEFAULT_ENCODING);
                    httpServletResponse.getOutputStream().println(sPMetadata);
                    httpServletResponse.setStatus(200);
                    return;
                }
            }
        } catch (SettingsException e) {
            LOG.error("Invalid SAML settings for app {}:", rootAppIdentifier, e);
        } catch (Exception e2) {
            LOG.error((String) null, (Throwable) e2);
        }
        httpServletResponse.sendError(400);
        httpServletResponse.setStatus(400);
    }
}
