package org.jboss.identity.federation.bindings.tomcat.sp;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.xml.bind.JAXBElement;
import org.apache.catalina.connector.Request;
import org.apache.catalina.realm.GenericPrincipal;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.core.saml.v2.common.StatementLocal;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeType;
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.jboss.identity.federation.saml.v2.protocol.StatusType;

/* loaded from: input_file:org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.class */
public class SPUtil {
    public AuthnRequestType createSAMLRequest(String str, String str2) throws ConfigurationException {
        if (str == null) {
            throw new IllegalArgumentException("serviceURL is null");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("identityURL is null");
        }
        return new SAML2Request().createAuthnRequestType(IDGenerator.create("ID_"), str, str2, str);
    }

    public Principal handleSAMLResponse(Request request, ResponseType responseType) throws ConfigurationException, AssertionExpiredException {
        if (request == null) {
            throw new IllegalArgumentException("request is null");
        }
        if (responseType == null) {
            throw new IllegalArgumentException("response type is null");
        }
        StatusType status = responseType.getStatus();
        if (status == null) {
            throw new IllegalArgumentException("Status Type from the IDP is null");
        }
        if (!JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(status.getStatusCode().getValue())) {
            throw new SecurityException("IDP forbid the user");
        }
        List assertionOrEncryptedAssertion = responseType.getAssertionOrEncryptedAssertion();
        if (assertionOrEncryptedAssertion.size() == 0) {
            throw new IllegalStateException("No assertions in reply from IDP");
        }
        AssertionType assertionType = (AssertionType) assertionOrEncryptedAssertion.get(0);
        if (AssertionUtil.hasExpired(assertionType)) {
            throw new AssertionExpiredException();
        }
        String value = ((NameIDType) ((JAXBElement) assertionType.getSubject().getContent().get(0)).getValue()).getValue();
        ArrayList arrayList = new ArrayList();
        StatementLocal.statements.set(assertionType.getStatementOrAuthnStatementOrAuthzDecisionStatement());
        Iterator it = ((AttributeStatementType) assertionType.getStatementOrAuthnStatementOrAuthzDecisionStatement().get(0)).getAttributeOrEncryptedAttribute().iterator();
        while (it.hasNext()) {
            arrayList.add((String) ((AttributeType) it.next()).getAttributeValue().get(0));
        }
        return createGenericPrincipal(request, value, arrayList);
    }

    private Principal createGenericPrincipal(Request request, String str, List<String> list) {
        return new GenericPrincipal(request.getContext().getRealm(), str, (String) null, list);
    }
}
