package org.wildfly.security.http.util.sso;

import java.net.HttpURLConnection;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Base64;
import java.util.function.Consumer;
import javax.net.ssl.HttpsURLConnection;
import org.eclipse.aether.repository.Proxy;
import org.elasticsearch.common.breaker.CircuitBreaker;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.http.HttpServerRequest;
import org.wildfly.security.util.ByteIterator;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.1.3.Final.jar:org/wildfly/security/http/util/sso/DefaultSingleSignOnSessionFactory.class */
public class DefaultSingleSignOnSessionFactory implements SingleSignOnSessionFactory, SingleSignOnSessionContext {
    private static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA512withRSA";
    private final SingleSignOnManager manager;
    private final KeyPair keyPair;
    private final Consumer<HttpsURLConnection> logoutConnectionConfigurator;

    public DefaultSingleSignOnSessionFactory(SingleSignOnManager singleSignOnManager, KeyPair keyPair) {
        this(singleSignOnManager, keyPair, httpsURLConnection -> {
        });
    }

    public DefaultSingleSignOnSessionFactory(SingleSignOnManager singleSignOnManager, KeyPair keyPair, Consumer<HttpsURLConnection> consumer) {
        this.manager = (SingleSignOnManager) Assert.checkNotNullParam("manager", singleSignOnManager);
        this.keyPair = (KeyPair) Assert.checkNotNullParam("keyPair", keyPair);
        this.logoutConnectionConfigurator = (Consumer) Assert.checkNotNullParam("logoutConnectionConfigurator", consumer);
    }

    @Override // org.wildfly.security.http.util.sso.SingleSignOnSessionFactory
    public SingleSignOnSession find(String str, HttpServerRequest httpServerRequest) {
        Assert.checkNotNullParam("id", str);
        Assert.checkNotNullParam(CircuitBreaker.REQUEST, httpServerRequest);
        SingleSignOn find = this.manager.find(str);
        if (find != null) {
            return new DefaultSingleSignOnSession(this, httpServerRequest, find);
        }
        return null;
    }

    @Override // org.wildfly.security.http.util.sso.SingleSignOnSessionFactory
    public SingleSignOnSession create(HttpServerRequest httpServerRequest, String str) {
        Assert.checkNotNullParam(CircuitBreaker.REQUEST, httpServerRequest);
        Assert.checkNotNullParam("mechanismName", str);
        return new DefaultSingleSignOnSession(this, httpServerRequest, str);
    }

    @Override // org.wildfly.security.http.util.sso.SingleSignOnSessionContext
    public SingleSignOnManager getSingleSignOnManager() {
        return this.manager;
    }

    @Override // org.wildfly.security.http.util.sso.SingleSignOnSessionContext
    public String createLogoutParameter(String str) {
        try {
            Signature signature = Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM);
            signature.initSign(this.keyPair.getPrivate());
            return str + "." + ByteIterator.ofBytes(Base64.getUrlEncoder().encode(ByteIterator.ofBytes(str.getBytes(StandardCharsets.UTF_8)).sign(signature).drain())).asUtf8String().drainToString();
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // org.wildfly.security.http.util.sso.SingleSignOnSessionContext
    public String verifyLogoutParameter(String str) {
        String[] split = str.split("\\.");
        if (split.length != 2) {
            throw new IllegalArgumentException(str);
        }
        try {
            String drainToString = ByteIterator.ofBytes(split[0].getBytes(StandardCharsets.UTF_8)).asUtf8String().drainToString();
            Signature signature = Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM);
            signature.initVerify(this.keyPair.getPublic());
            signature.update(drainToString.getBytes(StandardCharsets.UTF_8));
            if (ByteIterator.ofBytes(Base64.getUrlDecoder().decode(split[1].getBytes(StandardCharsets.UTF_8))).verify(signature)) {
                return drainToString;
            }
            throw ElytronMessages.log.httpMechSsoInvalidLogoutMessage(drainToString);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        } catch (SignatureException e2) {
            throw new IllegalArgumentException(str, e2);
        }
    }

    @Override // org.wildfly.security.http.util.sso.SingleSignOnSessionContext
    public void configureLogoutConnection(HttpURLConnection httpURLConnection) {
        if (httpURLConnection.getURL().getProtocol().equalsIgnoreCase(Proxy.TYPE_HTTPS)) {
            this.logoutConnectionConfigurator.accept((HttpsURLConnection) httpURLConnection);
        }
    }
}
