package com.sap.smp.client.httpc.authflows;

import android.content.Context;
import com.sap.smp.client.httpc.authflows.webstrategies.SAML2AuthenticationCompleteCallback;
import com.sap.smp.client.httpc.authflows.webstrategies.SAML2WebStrategy;
import com.sap.smp.client.httpc.authflows.webstrategies.WebStrategies;
import com.sap.smp.client.httpc.events.IReceiveEvent;
import com.sap.smp.client.httpc.filters.IResponseFilter;
import com.sap.smp.client.httpc.filters.IResponseFilterChain;
import com.sap.smp.client.httpc.utils.BoundedBufferedReader;
import com.sap.smp.client.supportability.ClientLogLevel;
import com.sap.smp.client.supportability.ClientLogger;
import com.sap.smp.client.supportability.Supportability;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.locks.ReentrantLock;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: classes.dex */
class SAML2ResponseFilter implements IResponseFilter {
    private static final String SAMLREQUEST = "SAMLRequest";
    private static final String SUCCESS_INDICATOR = "success_indicator";
    private static volatile CountDownLatch cdl;
    private static volatile boolean[] successHolder;
    private final Context appContext;
    private final ClientLogger logger;
    private final List<SAML2ConfigProvider> providers;
    private static final Pattern INPUT_PATTERN = Pattern.compile("<input\\s", 34);
    private static final Pattern INPUT_END_PATTERN = Pattern.compile("/?>", 34);
    private static final Pattern SAML_CHALLENGE_PATTERN = Pattern.compile("name=['\"]SAMLRequest['\"]", 34);
    private static final ReentrantLock LOCK = new ReentrantLock();
    private static volatile String currentEndpoint = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SAML2ResponseFilter(List<SAML2ConfigProvider> list, Context context) {
        this.providers = list;
        this.appContext = context;
        this.logger = Supportability.getInstance().getClientLogger(context, "com.sap.smp.authflows");
    }

    private boolean hasSAMLChallenge(IReceiveEvent iReceiveEvent, SAML2Config sAML2Config) {
        if (sAML2Config != null && sAML2Config.header != null && sAML2Config.header.length() > 0 && iReceiveEvent.getResponseHeaders().containsKey(sAML2Config.header)) {
            if (ClientLogLevel.DEBUG.isEnabled(this.logger.getLogLevel())) {
                this.logger.logDebug("SAML2 challenge detected using identifying header: " + sAML2Config.header);
            }
            return true;
        }
        if (ClientLogLevel.DEBUG.isEnabled(this.logger.getLogLevel())) {
            this.logger.logDebug("Inspecting response for SAML2 challenge.");
        }
        if (iReceiveEvent.getResponseStatusCode() >= 400) {
            if (ClientLogLevel.DEBUG.isEnabled(this.logger.getLogLevel())) {
                this.logger.logDebug("Response status code is >= 400 --> no SAML2 challenge. Status code: " + iReceiveEvent.getResponseStatusCode());
            }
            return false;
        }
        List<String> list = iReceiveEvent.getResponseHeaders().get("Content-Type");
        if (list == null || list.isEmpty()) {
            if (ClientLogLevel.DEBUG.isEnabled(this.logger.getLogLevel())) {
                this.logger.logDebug("Response content type is not present --> no SAML2 challenge.");
            }
            return false;
        }
        String str = list.get(0);
        if (str == null || !str.startsWith("text/html")) {
            if (ClientLogLevel.DEBUG.isEnabled(this.logger.getLogLevel())) {
                this.logger.logDebug("Response content type is not 'text/html' --> no SAML2 challenge. Content type: " + str);
            }
            return false;
        }
        this.logger.logDebug("URL :" + iReceiveEvent.getResponseURL().toExternalForm());
        if (iReceiveEvent.getResponseURL().getQuery() != null && iReceiveEvent.getResponseURL().getQuery().indexOf(SAMLREQUEST) != -1) {
            if (ClientLogLevel.DEBUG.isEnabled(this.logger.getLogLevel())) {
                this.logger.logDebug("Found SAMLRequest parameter in request query params. SAML2 challenge detected");
            }
            return true;
        }
        BoundedBufferedReader boundedBufferedReader = new BoundedBufferedReader(iReceiveEvent.getReader());
        StringBuilder sb = new StringBuilder();
        while (true) {
            try {
                String readLine = boundedBufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                sb.append(readLine).append("\n");
            } catch (IOException e) {
                if (ClientLogLevel.ERROR.isEnabled(this.logger.getLogLevel())) {
                    this.logger.logError("Error reading response body line-by-line. SAML2 challenge detection failed.", e);
                }
                return false;
            }
        }
        boolean z = false;
        Matcher matcher = INPUT_PATTERN.matcher(sb);
        Matcher matcher2 = INPUT_END_PATTERN.matcher(sb);
        Matcher matcher3 = SAML_CHALLENGE_PATTERN.matcher(sb);
        while (matcher.find() && !z) {
            int start = matcher.start();
            if (matcher2.find(start)) {
                matcher3.region(start, matcher2.start());
                if (matcher3.find()) {
                    z = true;
                }
            }
        }
        if (z) {
            this.logger.logDebug("SAML2 challenge was detected by inspection of the HTML response body.");
            return z;
        }
        this.logger.logDebug("No SAML2 challenge was detected after inspecting the HTML response body.");
        return z;
    }

    private static boolean performSaml2Authentication(final ClientLogger clientLogger, final boolean z, boolean z2, Context context, final String str, String str2) {
        if (z) {
            clientLogger.logDebug("Attempting to acquire global lock for checking the current finish endpoint. Targeted endpoint: " + str);
        }
        LOCK.lock();
        if (z) {
            clientLogger.logDebug("Lock acquired. Checking whether current endpoint is the target endpoint.");
        }
        while (currentEndpoint != null && !currentEndpoint.equals(str)) {
            if (z) {
                clientLogger.logDebug("Current endpoint differs from targeted one. Waiting for it's completion. Current endpoint: " + currentEndpoint);
            }
            CountDownLatch countDownLatch = cdl;
            LOCK.unlock();
            try {
                countDownLatch.await();
                LOCK.lock();
                if (z) {
                    clientLogger.logDebug("Attempting to acquire global lock to retry checking the current finish endpoint. Targeted endpoint: " + str);
                }
                if (z) {
                    clientLogger.logDebug("Lock acquired. Retrying check whether current endpoint is the target endpoint.");
                }
            } catch (InterruptedException e) {
                if (z2) {
                    clientLogger.logError("Waiting on latch was interrupted when waiting for the completion of the previous UI flow", e);
                }
                throw new IllegalStateException("Waiting on latch was interrupted", e);
            }
        }
        if (currentEndpoint == null) {
            if (z) {
                clientLogger.logDebug("No web view is being shown currently. Start the SAML2 authentication...");
            }
            cdl = new CountDownLatch(1);
            currentEndpoint = str;
            SAML2WebStrategy resolve = WebStrategies.inst.resolve(str, str2);
            if (z) {
                clientLogger.logDebug("Using web strategy: " + resolve);
            }
            successHolder = new boolean[1];
            resolve.startSaml2Authentication(context, str, str2, new SAML2AuthenticationCompleteCallback() { // from class: com.sap.smp.client.httpc.authflows.SAML2ResponseFilter.1
                @Override // com.sap.smp.client.httpc.authflows.webstrategies.SAML2AuthenticationCompleteCallback
                public void onComplete(boolean z3) {
                    if (z) {
                        clientLogger.logDebug("SAML2 web strategy returned with result (success) '" + z3 + "' for finish endpoint: " + str);
                    }
                    String unused = SAML2ResponseFilter.currentEndpoint = null;
                    SAML2ResponseFilter.successHolder[0] = z3;
                    SAML2ResponseFilter.cdl.countDown();
                }
            });
            if (z) {
                clientLogger.logDebug("Web strategy invoked for authenticating against target finish endpoint: " + str);
            }
        }
        CountDownLatch countDownLatch2 = cdl;
        boolean[] zArr = successHolder;
        LOCK.unlock();
        if (z) {
            clientLogger.logDebug("Awaiting for UI flow to finish authentication to target finish endpoint: " + str);
        }
        try {
            countDownLatch2.await();
            if (z) {
                clientLogger.logDebug("Target finish endpoint UI flow completed: " + str);
            }
            return zArr[0];
        } catch (InterruptedException e2) {
            if (z2) {
                clientLogger.logError("Waiting on latch was interrupted when waiting for the UI flow of the target finish endpoint to complete: " + str, e2);
            }
            throw new IllegalStateException("Waiting on latch was interrupted", e2);
        }
    }

    @Override // com.sap.smp.client.httpc.filters.IResponseFilter
    public Object filter(IReceiveEvent iReceiveEvent, IResponseFilterChain iResponseFilterChain) throws IOException {
        if (ClientLogLevel.DEBUG.isEnabled(this.logger.getLogLevel())) {
            this.logger.logDebug("Asking for SAML2 configuration from provider.");
        }
        SAML2Config sAML2Config = null;
        Iterator<SAML2ConfigProvider> it = this.providers.iterator();
        while (it.hasNext() && (sAML2Config = it.next().onSAML2Challenge(iReceiveEvent)) == null) {
        }
        ConcurrentMap<String, Object> stateMap = iReceiveEvent.getConversationContext().getStateMap(SAML2ResponseFilter.class.getSimpleName(), false);
        if (!hasSAMLChallenge(iReceiveEvent, sAML2Config)) {
            if (stateMap != null) {
                stateMap.remove(SUCCESS_INDICATOR);
            }
            return iResponseFilterChain.filter();
        }
        if (stateMap != null && stateMap.containsKey(SUCCESS_INDICATOR)) {
            return SAML2AuthCancellation.DOUBLE_CHALLENGE;
        }
        if (sAML2Config == null) {
            if (ClientLogLevel.DEBUG.isEnabled(this.logger.getLogLevel())) {
                this.logger.logDebug("No SAML2 config has been provided. Unable to respont to challenge. Cancelling conversation.");
            }
            return SAML2AuthCancellation.NO_CONFIG;
        }
        if (!performSaml2Authentication(this.logger, ClientLogLevel.DEBUG.isEnabled(this.logger.getLogLevel()), ClientLogLevel.ERROR.isEnabled(this.logger.getLogLevel()), this.appContext, sAML2Config.finishEndpoint, sAML2Config.finishEndpointParam)) {
            if (ClientLogLevel.DEBUG.isEnabled(this.logger.getLogLevel())) {
                this.logger.logDebug("Unable to answer SAML2 challenge successfully (most likely: authentication has failed in the WebView). Cancelling conversation.");
            }
            return SAML2AuthCancellation.UNSUCCESSFUL_AUTH;
        }
        if (ClientLogLevel.DEBUG.isEnabled(this.logger.getLogLevel())) {
            this.logger.logDebug("SAML2 challenge has been successfully answered. Restarting conversation.");
        }
        if (stateMap == null) {
            stateMap = iReceiveEvent.getConversationContext().getStateMap(SAML2ResponseFilter.class.getSimpleName(), true);
        }
        stateMap.put(SUCCESS_INDICATOR, true);
        return RESTART_SIGNAL;
    }

    @Override // com.sap.smp.client.httpc.filters.IResponseFilter
    public Object getDescriptor() {
        return FilterDescriptors.SAML2_RESPF;
    }
}
