package org.overlord.commons.auth.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.picketlink.common.PicketLinkLogger;
import org.picketlink.common.PicketLinkLoggerFactory;
import org.picketlink.common.constants.JBossSAMLURIConstants;
import org.picketlink.common.exceptions.ConfigurationException;
import org.picketlink.common.exceptions.ParsingException;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.common.exceptions.fed.IssuerNotTrustedException;
import org.picketlink.common.util.StringUtil;
import org.picketlink.config.federation.IDPType;
import org.picketlink.config.federation.TrustType;
import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
import org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
import org.picketlink.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.web.util.HTTPRedirectUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
import org.w3c.dom.Document;

/* loaded from: input_file:WEB-INF/lib/overlord-commons-auth-2.0.8-SNAPSHOT.jar:org/overlord/commons/auth/util/SamlIDPWebRequestUtil.class */
public class SamlIDPWebRequestUtil {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
    private boolean redirectProfile;
    private boolean postProfile;
    private final IDPType idpConfiguration;
    private final TrustKeyManager keyManager;
    protected String canonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";

    /* loaded from: input_file:WEB-INF/lib/overlord-commons-auth-2.0.8-SNAPSHOT.jar:org/overlord/commons/auth/util/SamlIDPWebRequestUtil$WebRequestUtilHolder.class */
    public class WebRequestUtilHolder {
        private Document responseDoc;
        private String relayState;
        private String destination;
        private HttpServletResponse servletResponse;
        private PrivateKey privateKey;
        private boolean supportSignature;
        private boolean postBindingRequested;
        private boolean areWeSendingRequest;
        private String destinationQueryStringWithSignature;
        private boolean errorResponse = false;
        private boolean strictPostBinding = false;

        public WebRequestUtilHolder() {
        }

        public boolean isStrictPostBinding() {
            return this.strictPostBinding;
        }

        public void setStrictPostBinding(boolean z) {
            this.strictPostBinding = z;
        }

        public Document getResponseDoc() {
            return this.responseDoc;
        }

        public WebRequestUtilHolder setResponseDoc(Document document) {
            this.responseDoc = document;
            return this;
        }

        public String getRelayState() {
            return this.relayState;
        }

        public WebRequestUtilHolder setRelayState(String str) {
            this.relayState = str;
            return this;
        }

        public String getDestination() {
            return this.destination;
        }

        public WebRequestUtilHolder setDestination(String str) {
            this.destination = str;
            return this;
        }

        public HttpServletResponse getServletResponse() {
            return this.servletResponse;
        }

        public WebRequestUtilHolder setServletResponse(HttpServletResponse httpServletResponse) {
            this.servletResponse = httpServletResponse;
            return this;
        }

        public PrivateKey getPrivateKey() {
            return this.privateKey;
        }

        public WebRequestUtilHolder setPrivateKey(PrivateKey privateKey) {
            this.privateKey = privateKey;
            return this;
        }

        public boolean isSupportSignature() {
            return this.supportSignature;
        }

        public WebRequestUtilHolder setSupportSignature(boolean z) {
            this.supportSignature = z;
            return this;
        }

        public boolean isPostBindingRequested() {
            return this.postBindingRequested;
        }

        public WebRequestUtilHolder setPostBindingRequested(boolean z) {
            this.postBindingRequested = z;
            return this;
        }

        public boolean isPostBinding() {
            return isPostBindingRequested() || isStrictPostBinding();
        }

        public boolean isAreWeSendingRequest() {
            return this.areWeSendingRequest;
        }

        public WebRequestUtilHolder setAreWeSendingRequest(boolean z) {
            this.areWeSendingRequest = z;
            return this;
        }

        public boolean isErrorResponse() {
            return this.errorResponse;
        }

        public WebRequestUtilHolder setErrorResponse(boolean z) {
            this.errorResponse = z;
            return this;
        }

        public WebRequestUtilHolder setDestinationQueryStringWithSignature(String str) {
            this.destinationQueryStringWithSignature = str;
            return this;
        }

        public String getDestinationQueryStringWithSignature() {
            return this.destinationQueryStringWithSignature;
        }
    }

    public SamlIDPWebRequestUtil(HttpServletRequest httpServletRequest, IDPType iDPType, TrustKeyManager trustKeyManager) {
        this.redirectProfile = false;
        this.postProfile = false;
        this.idpConfiguration = iDPType;
        this.keyManager = trustKeyManager;
        this.redirectProfile = "GET".equals(httpServletRequest.getMethod());
        this.postProfile = "POST".equals(httpServletRequest.getMethod());
    }

    public String getCanonicalizationMethod() {
        return this.canonicalizationMethod;
    }

    public void setCanonicalizationMethod(String str) {
        this.canonicalizationMethod = str;
    }

    public boolean hasSAMLRequestInRedirectProfile() {
        return this.redirectProfile;
    }

    public boolean hasSAMLRequestInPostProfile() {
        return this.postProfile;
    }

    public SAMLDocumentHolder getSAMLDocumentHolder(String str) throws ParsingException, ConfigurationException, ProcessingException {
        SAML2Request sAML2Request = new SAML2Request();
        try {
            sAML2Request.getSAML2ObjectFromStream(this.redirectProfile ? parseSAMLRequestRedirectBinding(str) : parseSAMLRequestPostBinding(str));
            return sAML2Request.getSamlDocumentHolder();
        } catch (Exception e) {
            logger.samlBase64DecodingError(e);
            return null;
        }
    }

    public RequestAbstractType getSAMLRequest(String str) throws ParsingException, ConfigurationException, ProcessingException {
        InputStream parseSAMLRequestRedirectBinding;
        SAML2Request sAML2Request = new SAML2Request();
        if (this.redirectProfile) {
            try {
                parseSAMLRequestRedirectBinding = parseSAMLRequestRedirectBinding(str);
            } catch (Exception e) {
                logger.samlParsingError(e);
                throw logger.parserError(e);
            }
        } else {
            parseSAMLRequestRedirectBinding = parseSAMLRequestPostBinding(str);
        }
        return sAML2Request.getRequestType(parseSAMLRequestRedirectBinding);
    }

    public void isTrusted(String str) throws IssuerNotTrustedException {
        if (this.idpConfiguration == null) {
            throw logger.nullValueError("IDP Configuration");
        }
        try {
            String domain = getDomain(str);
            TrustType trust = this.idpConfiguration.getTrust();
            if (trust != null) {
                String domains = trust.getDomains();
                logger.trace("Domains that IDP trusts = " + domains + " and issuer domain = " + domain);
                if (domains.indexOf(domain) < 0) {
                    StringTokenizer stringTokenizer = new StringTokenizer(domains, ",");
                    while (stringTokenizer != null && stringTokenizer.hasMoreTokens()) {
                        String nextToken = stringTokenizer.nextToken();
                        logger.trace("Matching uri bit = " + nextToken);
                        if (domain.indexOf(nextToken) > 0) {
                            logger.trace("Matched " + nextToken + " trust for " + domain);
                            return;
                        }
                    }
                    throw logger.samlIssuerNotTrustedError(str);
                }
            }
        } catch (Exception e) {
            throw logger.samlIssuerNotTrustedException(e);
        }
    }

    public void send(WebRequestUtilHolder webRequestUtilHolder) throws GeneralSecurityException, IOException {
        String str;
        Document responseDoc = webRequestUtilHolder.getResponseDoc();
        if (responseDoc == null) {
            throw logger.nullValueError("responseType");
        }
        String destination = webRequestUtilHolder.getDestination();
        String relayState = webRequestUtilHolder.getRelayState();
        boolean isSupportSignature = webRequestUtilHolder.isSupportSignature();
        boolean isAreWeSendingRequest = webRequestUtilHolder.isAreWeSendingRequest();
        HttpServletResponse servletResponse = webRequestUtilHolder.getServletResponse();
        boolean isErrorResponse = webRequestUtilHolder.isErrorResponse();
        if (webRequestUtilHolder.isPostBinding()) {
            if (logger.isTraceEnabled()) {
                logger.trace("SAML Response Document: " + DocumentUtil.asString(responseDoc));
            }
            SamlPostBindingUtil.sendPost(new DestinationInfoHolder(destination, SamlPostBindingUtil.base64Encode(new String(DocumentUtil.getDocumentAsString(responseDoc).getBytes("UTF-8"))), relayState), servletResponse, isAreWeSendingRequest);
            return;
        }
        if (webRequestUtilHolder.getDestinationQueryStringWithSignature() != null) {
            str = destination + "?" + webRequestUtilHolder.getDestinationQueryStringWithSignature();
        } else {
            String deflateBase64URLEncode = RedirectBindingUtil.deflateBase64URLEncode(DocumentUtil.getDocumentAsString(responseDoc).getBytes("UTF-8"));
            if (StringUtil.isNotNull(relayState)) {
                relayState = RedirectBindingUtil.urlEncode(relayState);
            }
            str = destination + getDestination(deflateBase64URLEncode, relayState, isSupportSignature, isAreWeSendingRequest, isErrorResponse);
        }
        logger.trace("Destination = " + str);
        HTTPRedirectUtil.sendRedirectForResponder(str, servletResponse);
    }

    public String getDestination(String str, String str2, boolean z, boolean z2, boolean z3) {
        StringBuilder sb = new StringBuilder();
        if (z && z3) {
            try {
                sb.append("?");
                sb.append(RedirectBindingSignatureUtil.getSAMLResponseURLWithSignature(str, str2, this.keyManager.getSigningKey()));
            } catch (Exception e) {
                logger.trace(e);
            }
        } else {
            if (z2) {
                sb.append("?SAMLRequest=").append(str);
            } else {
                sb.append("?SAMLResponse=").append(str);
            }
            if (StringUtil.isNotNull(str2)) {
                sb.append("&RelayState=").append(str2);
            }
        }
        return sb.toString();
    }

    public WebRequestUtilHolder getHolder() {
        return new WebRequestUtilHolder();
    }

    public Document getErrorResponse(String str, String str2, String str3, boolean z) {
        Document document = null;
        SAML2Response sAML2Response = new SAML2Response();
        String create = IDGenerator.create("ID_");
        new IssuerInfoHolder(str3).setStatusCode(str2);
        IDPInfoHolder iDPInfoHolder = new IDPInfoHolder();
        iDPInfoHolder.setNameIDFormatValue((String) null);
        iDPInfoHolder.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
        new SPInfoHolder().setResponseDestinationURI(str);
        ResponseType createResponseType = sAML2Response.createResponseType(create);
        createResponseType.setStatus(JBossSAMLAuthnResponseFactory.createStatusType(str2));
        if (logger.isTraceEnabled()) {
            StringWriter stringWriter = new StringWriter();
            try {
                sAML2Response.marshall(createResponseType, stringWriter);
            } catch (ProcessingException e) {
                logger.trace(e);
            }
            logger.trace("SAML Response Document: " + stringWriter.toString());
        }
        if (z) {
            try {
                document = new SAML2Signature().sign(createResponseType, this.keyManager.getSigningKeyPair());
            } catch (Exception e2) {
                logger.trace(e2);
                throw new RuntimeException(logger.signatureError(e2));
            }
        } else {
            try {
                document = sAML2Response.convert(createResponseType);
            } catch (Exception e3) {
                logger.trace(e3);
            }
        }
        return document;
    }

    private static String getDomain(String str) throws IOException {
        return new URL(str).getHost();
    }

    private InputStream parseSAMLRequestPostBinding(String str) {
        byte[] base64Decode = SamlPostBindingUtil.base64Decode(str);
        logger.trace("SAML Request Document: " + new String(base64Decode));
        return new ByteArrayInputStream(base64Decode);
    }

    private InputStream parseSAMLRequestRedirectBinding(String str) {
        return RedirectBindingUtil.base64DeflateDecode(str);
    }
}
