package org.picketlink.identity.federation.web.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.PrivateKey;
import java.util.List;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.JAXBException;
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
import org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature;
import org.picketlink.identity.federation.core.config.IDPType;
import org.picketlink.identity.federation.core.config.TrustType;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.interfaces.AttributeManager;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.picketlink.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.picketlink.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/picketlink-web-1.0.1.jar:org/picketlink/identity/federation/web/util/IDPWebRequestUtil.class */
public class IDPWebRequestUtil {
    private static Logger log = Logger.getLogger(IDPWebRequestUtil.class);
    private boolean trace = log.isTraceEnabled();
    private boolean redirectProfile;
    private boolean postProfile;
    private IDPType idpConfiguration;
    private TrustKeyManager keyManager;
    private AttributeManager attributeManager;
    private List<String> attribKeys;

    public IDPWebRequestUtil(HttpServletRequest httpServletRequest, IDPType iDPType, TrustKeyManager trustKeyManager) {
        this.redirectProfile = false;
        this.postProfile = false;
        this.idpConfiguration = iDPType;
        this.keyManager = trustKeyManager;
        this.redirectProfile = "GET".equals(httpServletRequest.getMethod());
        this.postProfile = "POST".equals(httpServletRequest.getMethod());
    }

    public void setAttributeKeys(List<String> list) {
        this.attribKeys = list;
    }

    public void setAttributeManager(AttributeManager attributeManager) {
        this.attributeManager = attributeManager;
    }

    public boolean hasSAMLRequestInRedirectProfile() {
        return this.redirectProfile;
    }

    public boolean hasSAMLRequestInPostProfile() {
        return this.postProfile;
    }

    public SAMLDocumentHolder getSAMLDocumentHolder(String str) throws ParsingException, ConfigurationException, ProcessingException {
        InputStream byteArrayInputStream;
        SAML2Request sAML2Request = new SAML2Request();
        if (this.redirectProfile) {
            byteArrayInputStream = RedirectBindingUtil.base64DeflateDecode(str);
        } else {
            try {
                byte[] base64Decode = PostBindingUtil.base64Decode(str);
                if (this.trace) {
                    log.trace("SAMLRequest=" + new String(base64Decode));
                }
                byteArrayInputStream = new ByteArrayInputStream(base64Decode);
            } catch (Exception e) {
                if (this.trace) {
                    log.trace("Error in base64 decoding saml message: " + e);
                }
                throw new ParsingException(e);
            }
        }
        sAML2Request.getSAML2ObjectFromStream(byteArrayInputStream);
        return sAML2Request.getSamlDocumentHolder();
    }

    public RequestAbstractType getSAMLRequest(String str) throws ParsingException, ConfigurationException, ProcessingException {
        InputStream base64DeflateDecode;
        SAML2Request sAML2Request = new SAML2Request();
        if (this.redirectProfile) {
            try {
                base64DeflateDecode = RedirectBindingUtil.base64DeflateDecode(str);
            } catch (Exception e) {
                log.error("Exception in parsing saml message:", e);
                throw new ParsingException();
            }
        } else {
            byte[] base64Decode = PostBindingUtil.base64Decode(str);
            if (this.trace) {
                log.trace("SAMLRequest=" + new String(base64Decode));
            }
            base64DeflateDecode = new ByteArrayInputStream(base64Decode);
        }
        return sAML2Request.getRequestType(base64DeflateDecode);
    }

    public Document getResponse(String str, Principal principal, List<String> list, String str2, long j, boolean z) throws ConfigurationException, IssueInstantMissingException {
        Document document = null;
        if (this.trace) {
            log.trace("AssertionConsumerURL=" + str + "::assertion validity=" + j);
        }
        SAML2Response sAML2Response = new SAML2Response();
        String create = IDGenerator.create("ID_");
        IssuerInfoHolder issuerInfoHolder = new IssuerInfoHolder(str2);
        issuerInfoHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
        IDPInfoHolder iDPInfoHolder = new IDPInfoHolder();
        iDPInfoHolder.setNameIDFormatValue(principal.getName());
        iDPInfoHolder.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
        SPInfoHolder sPInfoHolder = new SPInfoHolder();
        sPInfoHolder.setResponseDestinationURI(str);
        ResponseType createResponseType = sAML2Response.createResponseType(create, sPInfoHolder, iDPInfoHolder, issuerInfoHolder);
        AssertionType assertionType = (AssertionType) createResponseType.getAssertionOrEncryptedAssertion().get(0);
        assertionType.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(StatementUtil.createAttributeStatement(list));
        sAML2Response.createTimedConditions(assertionType, j);
        if (this.attributeManager != null) {
            try {
                assertionType.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(StatementUtil.createAttributeStatement(this.attributeManager.getAttributes(principal, this.attribKeys)));
            } catch (Exception e) {
                log.error("Exception in generating attributes:", e);
            }
        }
        if (log.isTraceEnabled()) {
            StringWriter stringWriter = new StringWriter();
            try {
                sAML2Response.marshall(createResponseType, stringWriter);
            } catch (JAXBException e2) {
                log.trace(e2);
            } catch (SAXException e3) {
                log.trace(e3);
            }
            log.trace("Response=" + stringWriter.toString());
        }
        if (this.trace) {
            log.trace("Support Sig=" + z + " ::Post Profile?=" + hasSAMLRequestInPostProfile());
        }
        if (z && hasSAMLRequestInPostProfile()) {
            try {
                document = new SAML2Signature().sign(createResponseType, this.keyManager.getSigningKeyPair());
            } catch (Exception e4) {
                if (this.trace) {
                    log.trace(e4);
                }
            }
        } else {
            try {
                document = sAML2Response.convert(createResponseType);
            } catch (Exception e5) {
                if (this.trace) {
                    log.trace(e5);
                }
            }
        }
        return document;
    }

    public void isTrusted(String str) throws IssuerNotTrustedException {
        if (this.idpConfiguration == null) {
            throw new IllegalStateException("IDP Configuration is null");
        }
        try {
            String domain = getDomain(str);
            TrustType trust = this.idpConfiguration.getTrust();
            if (trust != null) {
                String domains = trust.getDomains();
                if (this.trace) {
                    log.trace("Domains that IDP trusts=" + domains + " and issuer domain=" + domain);
                }
                if (domains.indexOf(domain) < 0) {
                    StringTokenizer stringTokenizer = new StringTokenizer(domains, ",");
                    while (stringTokenizer != null && stringTokenizer.hasMoreTokens()) {
                        String nextToken = stringTokenizer.nextToken();
                        if (this.trace) {
                            log.trace("Matching uri bit=" + nextToken);
                        }
                        if (domain.indexOf(nextToken) > 0) {
                            if (this.trace) {
                                log.trace("Matched " + nextToken + " trust for " + domain);
                                return;
                            }
                            return;
                        }
                    }
                    throw new IssuerNotTrustedException(str);
                }
            }
        } catch (Exception e) {
            throw new IssuerNotTrustedException(e.getLocalizedMessage(), e);
        }
    }

    public void send(Document document, String str, String str2, HttpServletResponse httpServletResponse, boolean z, PrivateKey privateKey, boolean z2) throws GeneralSecurityException, IOException {
        if (document == null) {
            throw new IllegalArgumentException("responseType is null");
        }
        if (!this.redirectProfile) {
            if (z) {
                new SAML2Signature().signSAMLDocument(document, this.keyManager.getSigningKeyPair());
                if (this.trace) {
                    log.trace("Sending over to SP:" + DocumentUtil.asString(document));
                }
            }
            PostBindingUtil.sendPost(new DestinationInfoHolder(str, PostBindingUtil.base64Encode(new String(DocumentUtil.getDocumentAsString(document).getBytes("UTF-8"))), str2), httpServletResponse, z2);
            return;
        }
        String deflateBase64URLEncode = RedirectBindingUtil.deflateBase64URLEncode(DocumentUtil.getDocumentAsString(document).getBytes("UTF-8"));
        if (this.trace) {
            log.trace("IDP:Destination=" + str);
        }
        if (StringUtil.isNotNull(str2)) {
            str2 = RedirectBindingUtil.urlEncode(str2);
        }
        String str3 = str + getDestination(deflateBase64URLEncode, str2, z, z2);
        if (this.trace) {
            log.trace("Redirecting to=" + str3);
        }
        HTTPRedirectUtil.sendRedirectForResponder(str3, httpServletResponse);
    }

    public String getDestination(String str, String str2, boolean z, boolean z2) {
        StringBuilder sb = new StringBuilder();
        if (z) {
            try {
                sb.append("?");
                sb.append(RedirectBindingSignatureUtil.getSAMLResponseURLWithSignature(str, str2, this.keyManager.getSigningKey()));
            } catch (Exception e) {
                if (this.trace) {
                    log.trace(e);
                }
            }
        } else {
            if (z2) {
                sb.append("?SAMLRequest=").append(str);
            } else {
                sb.append("?SAMLResponse=").append(str);
            }
            if (StringUtil.isNotNull(str2)) {
                sb.append("&RelayState=").append(str2);
            }
        }
        return sb.toString();
    }

    public Document getErrorResponse(String str, String str2, String str3, boolean z) {
        ResponseType createResponseType;
        Document document = null;
        SAML2Response sAML2Response = new SAML2Response();
        String create = IDGenerator.create("ID_");
        IssuerInfoHolder issuerInfoHolder = new IssuerInfoHolder(str3);
        issuerInfoHolder.setStatusCode(str2);
        IDPInfoHolder iDPInfoHolder = new IDPInfoHolder();
        iDPInfoHolder.setNameIDFormatValue(null);
        iDPInfoHolder.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
        SPInfoHolder sPInfoHolder = new SPInfoHolder();
        sPInfoHolder.setResponseDestinationURI(str);
        try {
            createResponseType = sAML2Response.createResponseType(create, sPInfoHolder, iDPInfoHolder, issuerInfoHolder);
        } catch (ConfigurationException e) {
            if (this.trace) {
                log.trace(e);
            }
            createResponseType = sAML2Response.createResponseType();
        }
        if (log.isTraceEnabled()) {
            log.trace("Error_ResponseType = ");
            StringWriter stringWriter = new StringWriter();
            try {
                sAML2Response.marshall(createResponseType, stringWriter);
            } catch (JAXBException e2) {
                log.trace(e2);
            } catch (SAXException e3) {
                log.trace(e3);
            }
            log.trace("Response=" + stringWriter.toString());
        }
        if (z) {
            try {
                document = new SAML2Signature().sign(createResponseType, this.keyManager.getSigningKeyPair());
            } catch (Exception e4) {
                if (this.trace) {
                    log.trace(e4);
                }
            }
        } else {
            try {
                document = sAML2Response.convert(createResponseType);
            } catch (Exception e5) {
                if (this.trace) {
                    log.trace(e5);
                }
            }
        }
        return document;
    }

    private static String getDomain(String str) throws IOException {
        return new URL(str).getHost();
    }
}
