package org.keycloak.adapters.saml;

import java.io.IOException;
import javax.xml.datatype.XMLGregorianCalendar;
import org.jboss.logging.Logger;
import org.keycloak.adapters.saml.SamlDeployment;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.saml.BaseSAML2BindingBuilder;
import org.keycloak.saml.common.constants.GeneralConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.processing.core.saml.v1.SAML11Constants;
import org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil;
import org.w3c.dom.Document;

/* loaded from: input_file:WEB-INF/lib/keycloak-saml-adapter-core-12.0.3.jar:org/keycloak/adapters/saml/SamlUtil.class */
public class SamlUtil {
    protected static Logger log = Logger.getLogger((Class<?>) SamlUtil.class);

    public static void sendSaml(boolean z, HttpFacade httpFacade, String str, BaseSAML2BindingBuilder baseSAML2BindingBuilder, Document document, SamlDeployment.Binding binding) throws ProcessingException, ConfigurationException, IOException {
        if (binding != SamlDeployment.Binding.POST) {
            String uri = z ? baseSAML2BindingBuilder.redirectBinding(document).requestURI(str).toString() : baseSAML2BindingBuilder.redirectBinding(document).responseURI(str).toString();
            httpFacade.getResponse().setStatus(302);
            httpFacade.getResponse().setHeader(SAML11Constants.LOCATION, uri);
            httpFacade.getResponse().end();
            return;
        }
        String htmlRequest = z ? baseSAML2BindingBuilder.postBinding(document).getHtmlRequest(str) : baseSAML2BindingBuilder.postBinding(document).getHtmlResponse(str);
        httpFacade.getResponse().setStatus(200);
        httpFacade.getResponse().setHeader("Content-Type", "text/html");
        httpFacade.getResponse().setHeader("Pragma", "no-cache");
        httpFacade.getResponse().setHeader("Cache-Control", "no-cache, no-store");
        httpFacade.getResponse().getOutputStream().write(htmlRequest.getBytes(GeneralConstants.SAML_CHARSET));
        httpFacade.getResponse().end();
    }

    public static String getRedirectTo(HttpFacade httpFacade, String str, String str2) {
        int indexOf;
        String queryParamValue = httpFacade.getRequest().getQueryParamValue("redirectTo");
        if (queryParamValue != null && !queryParamValue.isEmpty()) {
            return buildRedirectTo(str2, queryParamValue);
        }
        String firstParam = httpFacade.getRequest().getFirstParam(GeneralConstants.RELAY_STATE);
        if (firstParam == null || (indexOf = firstParam.indexOf("redirectTo=")) < 0) {
            if (str.isEmpty()) {
                str2 = str2 + "/";
            }
            return str2;
        }
        String substring = firstParam.substring(indexOf + "redirectTo=".length());
        int indexOf2 = substring.indexOf(59);
        if (indexOf2 >= 0) {
            substring = substring.substring(0, indexOf2);
        }
        return buildRedirectTo(str2, substring);
    }

    private static String buildRedirectTo(String str, String str2) {
        if (str2.startsWith("/")) {
            str2 = str2.substring(1);
        }
        if (str.endsWith("/")) {
            str = str.substring(0, str.length() - 1);
        }
        return str + "/" + str2;
    }

    public static SamlSession validateSamlSession(Object obj, SamlDeployment samlDeployment) {
        if (obj == null) {
            log.debug("SamlSession was not found in the session");
            return null;
        }
        if (!(obj instanceof SamlSession)) {
            log.debug("Provided samlSession was not SamlSession type");
            return null;
        }
        SamlSession samlSession = (SamlSession) obj;
        XMLGregorianCalendar sessionNotOnOrAfter = samlSession.getSessionNotOnOrAfter();
        if (sessionNotOnOrAfter != null) {
            XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
            XMLTimeUtil.add(sessionNotOnOrAfter, samlDeployment.getIDP().getAllowedClockSkew());
            if (issueInstant.compare(sessionNotOnOrAfter) != -1) {
                return null;
            }
        }
        return samlSession;
    }
}
