package org.keycloak.testsuite.util.saml;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.lang.invoke.SerializedLambda;
import java.net.URI;
import java.nio.charset.Charset;
import java.security.PrivateKey;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.ws.rs.core.UriBuilder;
import org.apache.http.NameValuePair;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
import org.junit.Assert;
import org.keycloak.dom.saml.v2.assertion.NameIDType;
import org.keycloak.dom.saml.v2.protocol.ArtifactResolveType;
import org.keycloak.models.SamlArtifactSessionMappingStoreProvider;
import org.keycloak.protocol.saml.profile.util.Soap;
import org.keycloak.saml.BaseSAML2BindingBuilder;
import org.keycloak.saml.SignatureAlgorithm;
import org.keycloak.saml.common.util.DocumentUtil;
import org.keycloak.saml.common.util.StaxUtil;
import org.keycloak.saml.processing.core.saml.v2.common.IDGenerator;
import org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil;
import org.keycloak.saml.processing.core.saml.v2.writers.SAMLRequestWriter;
import org.keycloak.testsuite.util.KeyUtils;
import org.keycloak.testsuite.util.SamlClientBuilder;
import org.w3c.dom.Document;

/* loaded from: input_file:org/keycloak/testsuite/util/saml/HandleArtifactStepBuilder.class */
public class HandleArtifactStepBuilder extends SamlDocumentStepBuilder<ArtifactResolveType, HandleArtifactStepBuilder> implements StepWithCheckers {
    private String signingPrivateKeyPem;
    private String signingPublicKeyPem;
    private String id;
    private String issuer;
    private final URI authServerSamlUrl;
    private boolean verifyRedirect;
    private HttpPost replayPostMessage;
    private boolean replayPost;
    private boolean replayArtifact;
    private AtomicReference<String> providedArtifact;
    private AtomicReference<String> storeArtifact;
    private Runnable beforeStepChecker;
    private Runnable afterStepChecker;
    private static final Pattern artifactPattern = Pattern.compile("NAME=\"SAMLart\" VALUE=\"([A-Za-z0-9+=/]*)\"");

    public HandleArtifactStepBuilder(URI uri, String str, SamlClientBuilder samlClientBuilder) {
        super(samlClientBuilder);
        this.id = IDGenerator.create("ID_");
        this.issuer = str;
        this.authServerSamlUrl = uri.toString().endsWith("resolve") ? uri : UriBuilder.fromUri(uri).path("resolve").build(new Object[0]);
        this.verifyRedirect = false;
    }

    public HandleArtifactStepBuilder signWith(String str, String str2) {
        this.signingPrivateKeyPem = str;
        this.signingPublicKeyPem = str2;
        return this;
    }

    public HandleArtifactStepBuilder issuer(String str) {
        this.issuer = str;
        return this;
    }

    public HandleArtifactStepBuilder setBeforeStepChecks(Runnable runnable) {
        this.beforeStepChecker = runnable;
        return this;
    }

    public HandleArtifactStepBuilder setAfterStepChecks(Runnable runnable) {
        this.afterStepChecker = runnable;
        return this;
    }

    public HandleArtifactStepBuilder verifyRedirect(boolean z) {
        this.verifyRedirect = z;
        return this;
    }

    public HandleArtifactStepBuilder replayPost(boolean z) {
        this.replayPost = z;
        return this;
    }

    public HandleArtifactStepBuilder storeArtifact(AtomicReference<String> atomicReference) {
        this.storeArtifact = atomicReference;
        return this;
    }

    public HandleArtifactStepBuilder useArtifact(AtomicReference<String> atomicReference) {
        this.providedArtifact = atomicReference;
        return this;
    }

    public HandleArtifactStepBuilder setArtifactResolveId(String str) {
        this.id = str;
        return this;
    }

    @Override // org.keycloak.testsuite.util.SamlClient.Step
    public HttpUriRequest perform(CloseableHttpClient closeableHttpClient, URI uri, CloseableHttpResponse closeableHttpResponse, HttpClientContext httpClientContext) throws Exception {
        if (this.replayPost && this.replayPostMessage != null) {
            return this.replayPostMessage;
        }
        ArtifactResolveType artifactResolveType = new ArtifactResolveType(this.id, XMLTimeUtil.getIssueInstant());
        NameIDType nameIDType = new NameIDType();
        nameIDType.setValue(this.issuer);
        artifactResolveType.setIssuer(nameIDType);
        String artifactFromResponse = getArtifactFromResponse(closeableHttpResponse);
        if (this.storeArtifact != null) {
            this.storeArtifact.set(artifactFromResponse);
        }
        artifactResolveType.setArtifact(artifactFromResponse);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new SAMLRequestWriter(StaxUtil.getXMLStreamWriter(byteArrayOutputStream)).write(artifactResolveType);
        Document document = DocumentUtil.getDocument(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
        BaseSAML2BindingBuilder baseSAML2BindingBuilder = new BaseSAML2BindingBuilder();
        if (this.signingPrivateKeyPem != null && this.signingPublicKeyPem != null) {
            PrivateKey privateKeyFromString = KeyUtils.privateKeyFromString(this.signingPrivateKeyPem);
            baseSAML2BindingBuilder.signatureAlgorithm(SignatureAlgorithm.RSA_SHA256).signWith(org.keycloak.common.util.KeyUtils.createKeyId(privateKeyFromString), privateKeyFromString, KeyUtils.publicKeyFromString(this.signingPublicKeyPem)).signDocument(document);
        }
        String transform = getTransformer().transform(DocumentUtil.getDocumentAsString(document));
        if (transform == null) {
            return null;
        }
        if (this.beforeStepChecker != null && (this.beforeStepChecker instanceof SessionStateChecker)) {
            SessionStateChecker sessionStateChecker = (SessionStateChecker) this.beforeStepChecker;
            sessionStateChecker.setUserSessionProvider(keycloakSession -> {
                return keycloakSession.getProvider(SamlArtifactSessionMappingStoreProvider.class).get(artifactFromResponse).getUserSessionId();
            });
            sessionStateChecker.setClientSessionProvider(keycloakSession2 -> {
                return keycloakSession2.getProvider(SamlArtifactSessionMappingStoreProvider.class).get(artifactFromResponse).getClientSessionId();
            });
        }
        HttpPost buildHttpPost = Soap.createMessage().addToBody(DocumentUtil.getDocument(transform)).buildHttpPost(this.authServerSamlUrl);
        this.replayPostMessage = buildHttpPost;
        return buildHttpPost;
    }

    private String getArtifactFromResponse(CloseableHttpResponse closeableHttpResponse) throws IOException {
        String value;
        if (this.providedArtifact != null) {
            return this.providedArtifact.get();
        }
        if (closeableHttpResponse.getFirstHeader("location") != null) {
            for (NameValuePair nameValuePair : URLEncodedUtils.parse(URI.create(closeableHttpResponse.getFirstHeader("location").getValue()), Charset.forName("UTF-8"))) {
                if ("SAMLart".equals(nameValuePair.getName()) && (value = nameValuePair.getValue()) != null && !value.isEmpty()) {
                    return value;
                }
            }
        }
        Assert.assertFalse(this.verifyRedirect);
        String entityUtils = EntityUtils.toString(closeableHttpResponse.getEntity());
        Matcher matcher = artifactPattern.matcher(entityUtils);
        Assert.assertTrue("Can't find artifact in " + entityUtils, matcher.find());
        return matcher.group(1);
    }

    @Override // org.keycloak.testsuite.util.saml.StepWithCheckers
    public Runnable getBeforeStepChecker() {
        return this.beforeStepChecker;
    }

    @Override // org.keycloak.testsuite.util.saml.StepWithCheckers
    public Runnable getAfterStepChecker() {
        return this.afterStepChecker;
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 268982617:
                if (implMethodName.equals("lambda$perform$e133e4c4$1")) {
                    z = false;
                    break;
                }
                break;
            case 268982618:
                if (implMethodName.equals("lambda$perform$e133e4c4$2")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/infinispan/util/function/SerializableFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/util/saml/HandleArtifactStepBuilder") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;Lorg/keycloak/models/KeycloakSession;)Ljava/lang/String;")) {
                    String str = (String) serializedLambda.getCapturedArg(0);
                    return keycloakSession -> {
                        return keycloakSession.getProvider(SamlArtifactSessionMappingStoreProvider.class).get(str).getUserSessionId();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/infinispan/util/function/SerializableFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/util/saml/HandleArtifactStepBuilder") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;Lorg/keycloak/models/KeycloakSession;)Ljava/lang/String;")) {
                    String str2 = (String) serializedLambda.getCapturedArg(0);
                    return keycloakSession2 -> {
                        return keycloakSession2.getProvider(SamlArtifactSessionMappingStoreProvider.class).get(str2).getClientSessionId();
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
