package org.jboss.identity.federation.bindings.tomcat.idp;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.List;
import javax.servlet.ServletException;
import javax.xml.bind.JAXBException;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.util.LifecycleSupport;
import org.apache.catalina.valves.ValveBase;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.bindings.config.IDPType;
import org.jboss.identity.federation.bindings.config.TrustType;
import org.jboss.identity.federation.bindings.interfaces.RoleGenerator;
import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator;
import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil;
import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.class */
public class IDPRedirectValve extends ValveBase implements Lifecycle {
    private static Logger log = Logger.getLogger(IDPRedirectValve.class);
    protected IDPType idpConfiguration = null;
    private RoleGenerator rg = new TomcatRoleGenerator();
    private long assertionValidity = 5000;
    private String identityURL = null;
    protected LifecycleSupport lifecycle = new LifecycleSupport(this);
    private boolean started = false;

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:10:0x005c
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    public void invoke(org.apache.catalina.connector.Request r6, org.apache.catalina.connector.Response r7) throws java.io.IOException, javax.servlet.ServletException {
        /*
            Method dump skipped, instructions count: 314
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jboss.identity.federation.bindings.tomcat.idp.IDPRedirectValve.invoke(org.apache.catalina.connector.Request, org.apache.catalina.connector.Response):void");
    }

    protected void isTrusted(String str) throws IssuerNotTrustedException {
        try {
            String domain = ValveUtil.getDomain(str);
            TrustType trust = this.idpConfiguration.getTrust();
            if (trust == null || trust.getDomains().indexOf(domain) >= 0) {
            } else {
                throw new IssuerNotTrustedException(str);
            }
        } catch (Exception e) {
            throw new IssuerNotTrustedException(e.getLocalizedMessage(), e);
        }
    }

    protected void send(ResponseType responseType, String str, Response response) throws ParsingException, ProcessingException {
        try {
            SAML2Response sAML2Response = new SAML2Response();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            sAML2Response.marshall(responseType, byteArrayOutputStream);
            String deflateBase64URLEncode = RedirectBindingUtil.deflateBase64URLEncode(byteArrayOutputStream.toByteArray());
            String destination = responseType.getDestination();
            log.trace("IDP:Destination=" + destination);
            if (str != null && str.length() > 0) {
                str = RedirectBindingUtil.urlEncode(str);
            }
            HTTPRedirectUtil.sendRedirectForResponder(destination + getDestination(deflateBase64URLEncode, str), response);
        } catch (IOException e) {
            throw new ProcessingException(e);
        } catch (JAXBException e2) {
            throw new ParsingException(e2);
        } catch (SAXException e3) {
            throw new ParsingException(e3);
        }
    }

    protected String getDestination(String str, String str2) {
        StringBuilder sb = new StringBuilder();
        sb.append("?SAMLResponse=").append(str);
        if (str2 != null && str2.length() > 0) {
            sb.append("&RelayState=").append(str2);
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean validate(Request request) throws IOException, GeneralSecurityException {
        return hasSAMLRequestMessage(request);
    }

    private boolean hasSAMLRequestMessage(Request request) {
        return request.getParameter("SAMLRequest") != null;
    }

    private RequestAbstractType getSAMLRequest(Request request) throws JAXBException, SAXException {
        return new SAML2Request().getRequestType(RedirectBindingUtil.base64DeflateDecode(getSAMLMessage(request)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ResponseType getResponse(Request request, Principal principal) throws ParsingException, ConfigurationException, ProcessingException {
        InputStream base64DeflateDecode = RedirectBindingUtil.base64DeflateDecode(getSAMLMessage(request));
        SAML2Request sAML2Request = new SAML2Request();
        try {
            AuthnRequestType authnRequestType = sAML2Request.getAuthnRequestType(base64DeflateDecode);
            if (authnRequestType == null) {
                throw new IllegalStateException("AuthnRequest is null");
            }
            if (log.isTraceEnabled()) {
                StringWriter stringWriter = new StringWriter();
                try {
                    sAML2Request.marshall(authnRequestType, stringWriter);
                } catch (SAXException e) {
                    log.trace(e);
                } catch (JAXBException e2) {
                    log.trace(e2);
                }
                log.trace("IDPRedirectValve::AuthnRequest=" + stringWriter.toString());
            }
            SAML2Response sAML2Response = new SAML2Response();
            String create = IDGenerator.create("ID_");
            IssuerInfoHolder issuerInfoHolder = new IssuerInfoHolder(this.identityURL);
            issuerInfoHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
            IDPInfoHolder iDPInfoHolder = new IDPInfoHolder();
            iDPInfoHolder.setNameIDFormatValue(principal.getName());
            iDPInfoHolder.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
            SPInfoHolder sPInfoHolder = new SPInfoHolder();
            sPInfoHolder.setResponseDestinationURI(authnRequestType.getAssertionConsumerServiceURL());
            ResponseType createResponseType = sAML2Response.createResponseType(create, sPInfoHolder, iDPInfoHolder, issuerInfoHolder);
            List<String> generateRoles = this.rg.generateRoles(principal);
            AssertionType assertionType = (AssertionType) createResponseType.getAssertionOrEncryptedAssertion().get(0);
            assertionType.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(sAML2Response.createAttributeStatement(generateRoles));
            try {
                sAML2Response.createTimedConditions(assertionType, this.assertionValidity);
            } catch (IssueInstantMissingException e3) {
                log.error(e3);
            }
            if (log.isTraceEnabled()) {
                StringWriter stringWriter2 = new StringWriter();
                try {
                    sAML2Response.marshall(createResponseType, stringWriter2);
                } catch (JAXBException e4) {
                    log.trace(e4);
                } catch (SAXException e5) {
                    log.trace(e5);
                }
                log.trace("IDPRedirectValve::Response=" + stringWriter2.toString());
            }
            return createResponseType;
        } catch (JAXBException e6) {
            throw new ParsingException(e6);
        } catch (SAXException e7) {
            throw new ParsingException(e7);
        }
    }

    private ResponseType getErrorResponse(String str, String str2) throws ServletException {
        try {
            SAML2Response sAML2Response = new SAML2Response();
            String create = IDGenerator.create("ID_");
            IssuerInfoHolder issuerInfoHolder = new IssuerInfoHolder(this.identityURL);
            issuerInfoHolder.setStatusCode(str2);
            IDPInfoHolder iDPInfoHolder = new IDPInfoHolder();
            iDPInfoHolder.setNameIDFormatValue((String) null);
            iDPInfoHolder.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
            SPInfoHolder sPInfoHolder = new SPInfoHolder();
            sPInfoHolder.setResponseDestinationURI(str);
            ResponseType createResponseType = sAML2Response.createResponseType(create, sPInfoHolder, iDPInfoHolder, issuerInfoHolder);
            log.debug("ResponseType = ");
            if (log.isTraceEnabled()) {
                StringWriter stringWriter = new StringWriter();
                sAML2Response.marshall(createResponseType, stringWriter);
                log.trace("IDPRedirectValve::Response=" + stringWriter.toString());
            }
            return createResponseType;
        } catch (Exception e) {
            log.error("Exception in getErrorResponse::", e);
            throw new ServletException(e.getLocalizedMessage());
        }
    }

    private String getSAMLMessage(Request request) {
        return request.getParameter("SAMLRequest");
    }

    public void addLifecycleListener(LifecycleListener lifecycleListener) {
        this.lifecycle.addLifecycleListener(lifecycleListener);
    }

    public LifecycleListener[] findLifecycleListeners() {
        return this.lifecycle.findLifecycleListeners();
    }

    public void removeLifecycleListener(LifecycleListener lifecycleListener) {
        this.lifecycle.removeLifecycleListener(lifecycleListener);
    }

    public void start() throws LifecycleException {
        if (this.started) {
            throw new LifecycleException("IDPRedirectValve already Started");
        }
        this.lifecycle.fireLifecycleEvent("start", (Object) null);
        this.started = true;
        InputStream resourceAsStream = getContainer().getServletContext().getResourceAsStream("/WEB-INF/jboss-idfed.xml");
        if (resourceAsStream == null) {
            throw new RuntimeException("/WEB-INF/jboss-idfed.xml missing");
        }
        try {
            this.idpConfiguration = ValveUtil.getIDPConfiguration(resourceAsStream);
            this.identityURL = this.idpConfiguration.getIdentityURL();
            log.trace("Identity Provider URL=" + this.identityURL);
            this.assertionValidity = this.idpConfiguration.getAssertionValidity();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public void stop() throws LifecycleException {
        if (!this.started) {
            throw new LifecycleException("IDPRedirectValve NotStarted");
        }
        this.lifecycle.fireLifecycleEvent("stop", (Object) null);
        this.started = false;
    }
}
