package org.picketlink.identity.seam.federation;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import org.htmlparser.tags.FormTag;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.Import;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.log.Log;
import org.jboss.seam.util.Base64;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.util.JAXBUtil;
import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider;
import org.picketlink.identity.seam.federation.configuration.ServiceProvider;
import org.w3c.dom.Document;

@Import({"org.picketlink.identity.seam.federation"})
@Name("org.picketlink.identity.seam.federation.samlMessageReceiver")
@AutoCreate
/* loaded from: input_file:WEB-INF/lib/picketlink-seam-1.0.3.final.jar:org/picketlink/identity/seam/federation/SamlMessageReceiver.class */
public class SamlMessageReceiver {

    @Logger
    private Log log;

    @In
    private Requests requests;

    @In
    private SamlSingleLogoutReceiver samlSingleLogoutReceiver;

    @In
    private SamlSingleSignOnReceiver samlSingleSignOnReceiver;

    @In
    private SamlSignatureValidator samlSignatureValidator;

    @In
    private ServiceProvider serviceProvider;

    public void handleIncomingSamlMessage(SamlProfile samlProfile, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InvalidRequestException {
        String str;
        RequestOrResponse requestOrResponse;
        String value;
        String parameter = httpServletRequest.getParameter("SAMLRequest");
        String parameter2 = httpServletRequest.getParameter("SAMLResponse");
        if (parameter != null && parameter2 == null) {
            str = parameter;
            requestOrResponse = RequestOrResponse.REQUEST;
        } else {
            if (parameter != null || parameter2 == null) {
                throw new InvalidRequestException("SAML message should either have a SAMLRequest parameter or a SAMLResponse parameter");
            }
            str = parameter2;
            requestOrResponse = RequestOrResponse.RESPONSE;
        }
        RedirectBindingUtil.base64DeflateDecode(str);
        Document document = getDocument(httpServletRequest.getMethod().equals(FormTag.POST) ? new ByteArrayInputStream(Base64.decode(str)) : RedirectBindingUtil.base64DeflateDecode(str));
        RequestAbstractType requestAbstractType = null;
        StatusResponseType statusResponseType = null;
        if (requestOrResponse.isRequest()) {
            requestAbstractType = getSamlRequest(document);
            value = requestAbstractType.getIssuer().getValue();
        } else {
            statusResponseType = getSamlResponse(document);
            value = statusResponseType.getIssuer().getValue();
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("Received from IDP: " + DocumentUtil.asString(document), new Object[0]);
        }
        SamlIdentityProvider samlIdentityProviderByEntityId = this.serviceProvider.getSamlConfiguration().getSamlIdentityProviderByEntityId(value);
        if (samlIdentityProviderByEntityId == null) {
            throw new InvalidRequestException("Received message from unknown idp " + value);
        }
        if (samlProfile == SamlProfile.SINGLE_SIGN_ON ? this.serviceProvider.getSamlConfiguration().isWantAssertionsSigned() : samlIdentityProviderByEntityId.isSingleLogoutMessagesSigned()) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Validating the signature", new Object[0]);
            }
            if (httpServletRequest.getMethod().equals(FormTag.POST)) {
                this.samlSignatureValidator.validateSignatureForPostBinding(samlIdentityProviderByEntityId, document);
            } else {
                this.samlSignatureValidator.validateSignatureForRedirectBinding(samlIdentityProviderByEntityId, httpServletRequest, requestOrResponse);
            }
        }
        RequestContext requestContext = null;
        if (requestOrResponse.isResponse() && statusResponseType.getInResponseTo() != null) {
            requestContext = this.requests.getRequest(statusResponseType.getInResponseTo());
            if (requestContext == null) {
                throw new InvalidRequestException("No request that corresponds with the received response");
            }
            if (!requestContext.getIdentityProvider().equals(samlIdentityProviderByEntityId)) {
                throw new InvalidRequestException("Identity provider of request and response do not match");
            }
        }
        if (samlProfile == SamlProfile.SINGLE_SIGN_ON) {
            if (requestOrResponse.isRequest()) {
                throw new InvalidRequestException("Assertion consumer service can only process SAML responses");
            }
            this.samlSingleSignOnReceiver.processIDPResponse(httpServletRequest, httpServletResponse, statusResponseType, requestContext, samlIdentityProviderByEntityId);
        } else if (requestOrResponse.isRequest()) {
            this.samlSingleLogoutReceiver.processIDPRequest(httpServletRequest, httpServletResponse, requestAbstractType, samlIdentityProviderByEntityId);
        } else {
            this.samlSingleLogoutReceiver.processIDPResponse(httpServletRequest, httpServletResponse, statusResponseType, requestContext, samlIdentityProviderByEntityId);
        }
    }

    private RequestAbstractType getSamlRequest(Document document) throws InvalidRequestException {
        try {
            return (RequestAbstractType) ((JAXBElement) JAXBUtil.getJAXBContext((Class<?>) StatusResponseType.class).createUnmarshaller().unmarshal(document)).getValue();
        } catch (JAXBException e) {
            throw new InvalidRequestException("SAML message could not be parsed", e);
        }
    }

    private StatusResponseType getSamlResponse(Document document) throws InvalidRequestException {
        try {
            return (StatusResponseType) ((JAXBElement) JAXBUtil.getJAXBContext((Class<?>) StatusResponseType.class).createUnmarshaller().unmarshal(document)).getValue();
        } catch (JAXBException e) {
            throw new InvalidRequestException("SAML message could not be parsed", e);
        }
    }

    private Document getDocument(InputStream inputStream) throws InvalidRequestException {
        try {
            return DocumentUtil.getDocument(inputStream);
        } catch (ConfigurationException e) {
            throw new RuntimeException(e);
        } catch (ParsingException e2) {
            throw new InvalidRequestException("SAML request could not be parsed", e2);
        } catch (ProcessingException e3) {
            throw new RuntimeException(e3);
        }
    }
}
