package org.keycloak.saml.processing.api.saml.v2.response;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Writer;
import java.net.URI;
import java.util.Arrays;
import java.util.LinkedList;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import org.keycloak.dom.saml.v2.SAML2Object;
import org.keycloak.dom.saml.v2.assertion.ActionType;
import org.keycloak.dom.saml.v2.assertion.AssertionType;
import org.keycloak.dom.saml.v2.assertion.AuthnContextClassRefType;
import org.keycloak.dom.saml.v2.assertion.AuthnContextType;
import org.keycloak.dom.saml.v2.assertion.AuthnStatementType;
import org.keycloak.dom.saml.v2.assertion.AuthzDecisionStatementType;
import org.keycloak.dom.saml.v2.assertion.DecisionType;
import org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType;
import org.keycloak.dom.saml.v2.assertion.EncryptedElementType;
import org.keycloak.dom.saml.v2.assertion.EvidenceType;
import org.keycloak.dom.saml.v2.assertion.NameIDType;
import org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType;
import org.keycloak.dom.saml.v2.assertion.SubjectConfirmationType;
import org.keycloak.dom.saml.v2.assertion.SubjectType;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.dom.saml.v2.protocol.StatusResponseType;
import org.keycloak.saml.common.PicketLinkLogger;
import org.keycloak.saml.common.PicketLinkLoggerFactory;
import org.keycloak.saml.common.constants.JBossSAMLConstants;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.common.exceptions.fed.IssueInstantMissingException;
import org.keycloak.saml.common.util.DocumentUtil;
import org.keycloak.saml.common.util.StaxUtil;
import org.keycloak.saml.processing.core.parsers.saml.SAMLParser;
import org.keycloak.saml.processing.core.saml.v2.common.IDGenerator;
import org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder;
import org.keycloak.saml.processing.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
import org.keycloak.saml.processing.core.saml.v2.factories.SAMLAssertionFactory;
import org.keycloak.saml.processing.core.saml.v2.holders.IDPInfoHolder;
import org.keycloak.saml.processing.core.saml.v2.holders.IssuerInfoHolder;
import org.keycloak.saml.processing.core.saml.v2.holders.SPInfoHolder;
import org.keycloak.saml.processing.core.saml.v2.util.AssertionUtil;
import org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil;
import org.keycloak.saml.processing.core.saml.v2.writers.SAMLResponseWriter;
import org.keycloak.saml.processing.core.util.JAXPValidationUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/keycloak-saml-core-15.1.0.jar:org/keycloak/saml/processing/api/saml/v2/response/SAML2Response.class */
public class SAML2Response {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
    private final long ASSERTION_VALIDITY = 5000;
    private final long CLOCK_SKEW = 2000;
    private SAMLDocumentHolder samlDocumentHolder = null;

    public AssertionType createAssertion(String str, NameIDType nameIDType) {
        return AssertionUtil.createAssertion(str, nameIDType);
    }

    public AuthnStatementType createAuthnStatement(String str, XMLGregorianCalendar xMLGregorianCalendar) {
        AuthnStatementType authnStatementType = new AuthnStatementType(xMLGregorianCalendar);
        AuthnContextType authnContextType = new AuthnContextType();
        authnContextType.addAuthenticatingAuthority(URI.create(JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get()));
        AuthnContextType.AuthnContextTypeSequence authnContextTypeSequence = new AuthnContextType.AuthnContextTypeSequence();
        authnContextTypeSequence.setClassRef(new AuthnContextClassRefType(JBossSAMLURIConstants.AC_PASSWORD.getUri()));
        authnContextType.setSequence(authnContextTypeSequence);
        authnStatementType.setAuthnContext(authnContextType);
        return authnStatementType;
    }

    public AuthzDecisionStatementType createAuthzDecisionStatementType(String str, DecisionType decisionType, EvidenceType evidenceType, ActionType... actionTypeArr) {
        AuthzDecisionStatementType authzDecisionStatementType = new AuthzDecisionStatementType();
        authzDecisionStatementType.setResource(str);
        authzDecisionStatementType.setDecision(decisionType);
        if (evidenceType != null) {
            authzDecisionStatementType.setEvidence(evidenceType);
        }
        if (actionTypeArr != null) {
            authzDecisionStatementType.getAction().addAll(Arrays.asList(actionTypeArr));
        }
        return authzDecisionStatementType;
    }

    public ResponseType createResponseType(String str, SPInfoHolder sPInfoHolder, IDPInfoHolder iDPInfoHolder, IssuerInfoHolder issuerInfoHolder) throws ProcessingException {
        String responseDestinationURI = sPInfoHolder.getResponseDestinationURI();
        XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
        SubjectType subjectType = new SubjectType();
        NameIDType nameIDType = new NameIDType();
        nameIDType.setFormat(iDPInfoHolder.getNameIDFormat() == null ? null : URI.create(iDPInfoHolder.getNameIDFormat()));
        nameIDType.setValue(iDPInfoHolder.getNameIDFormatValue());
        SubjectType.STSubType sTSubType = new SubjectType.STSubType();
        sTSubType.addBaseID(nameIDType);
        subjectType.setSubType(sTSubType);
        SubjectConfirmationType subjectConfirmationType = new SubjectConfirmationType();
        subjectConfirmationType.setMethod(iDPInfoHolder.getSubjectConfirmationMethod());
        SubjectConfirmationDataType subjectConfirmationDataType = new SubjectConfirmationDataType();
        subjectConfirmationDataType.setInResponseTo(sPInfoHolder.getRequestID());
        subjectConfirmationDataType.setRecipient(responseDestinationURI);
        subjectConfirmationDataType.setNotOnOrAfter(issueInstant);
        subjectConfirmationType.setSubjectConfirmationData(subjectConfirmationDataType);
        subjectType.addConfirmation(subjectConfirmationType);
        AssertionType createAssertion = SAMLAssertionFactory.createAssertion(IDGenerator.create("ID_"), issuerInfoHolder.getIssuer(), XMLTimeUtil.getIssueInstant(), null, subjectType, new LinkedList());
        try {
            AssertionUtil.createTimedConditions(createAssertion, 5000L, 2000L);
            ResponseType createResponseType = createResponseType(str, issuerInfoHolder, createAssertion);
            createResponseType.setInResponseTo(sPInfoHolder.getRequestID());
            createResponseType.setDestination(responseDestinationURI);
            return createResponseType;
        } catch (ConfigurationException e) {
            throw logger.processingError(e);
        } catch (IssueInstantMissingException e2) {
            throw logger.processingError(e2);
        }
    }

    public ResponseType createResponseType(String str) {
        return new ResponseType(str, XMLTimeUtil.getIssueInstant());
    }

    public ResponseType createResponseType(String str, IssuerInfoHolder issuerInfoHolder, AssertionType assertionType) {
        return JBossSAMLAuthnResponseFactory.createResponseType(str, issuerInfoHolder, assertionType);
    }

    public ResponseType createResponseType(String str, IssuerInfoHolder issuerInfoHolder, Element element) throws ConfigurationException {
        return JBossSAMLAuthnResponseFactory.createResponseType(str, issuerInfoHolder, element);
    }

    public void createTimedConditions(AssertionType assertionType, long j) throws ConfigurationException, IssueInstantMissingException {
        AssertionUtil.createTimedConditions(assertionType, j);
    }

    public EncryptedAssertionType getEncryptedAssertion(InputStream inputStream) throws ParsingException, ConfigurationException, ProcessingException {
        if (inputStream == null) {
            throw logger.nullArgumentError("InputStream");
        }
        Document document = DocumentUtil.getDocument(inputStream);
        SAMLParser sAMLParser = SAMLParser.getInstance();
        JAXPValidationUtil.checkSchemaValidation(document);
        return (EncryptedAssertionType) sAMLParser.parse(document);
    }

    public AssertionType getAssertionType(InputStream inputStream) throws ParsingException, ConfigurationException, ProcessingException {
        if (inputStream == null) {
            throw logger.nullArgumentError("InputStream");
        }
        Document document = DocumentUtil.getDocument(inputStream);
        SAMLParser sAMLParser = SAMLParser.getInstance();
        JAXPValidationUtil.checkSchemaValidation(document);
        return (AssertionType) sAMLParser.parse(document);
    }

    public SAMLDocumentHolder getSamlDocumentHolder() {
        return this.samlDocumentHolder;
    }

    public ResponseType getResponseType(InputStream inputStream) throws ParsingException, ConfigurationException, ProcessingException {
        if (inputStream == null) {
            throw logger.nullArgumentError("InputStream");
        }
        Document document = DocumentUtil.getDocument(inputStream);
        SAMLParser sAMLParser = SAMLParser.getInstance();
        JAXPValidationUtil.checkSchemaValidation(document);
        ResponseType responseType = (ResponseType) sAMLParser.parse(document);
        this.samlDocumentHolder = new SAMLDocumentHolder(responseType, document);
        return responseType;
    }

    public SAML2Object getSAML2ObjectFromStream(InputStream inputStream) throws ParsingException, ConfigurationException, ProcessingException {
        if (inputStream == null) {
            throw logger.nullArgumentError("InputStream");
        }
        Document document = DocumentUtil.getDocument(inputStream);
        if (logger.isTraceEnabled()) {
            logger.trace("SAML Response Document: " + DocumentUtil.asString(document));
        }
        SAMLParser sAMLParser = SAMLParser.getInstance();
        JAXPValidationUtil.checkSchemaValidation(document);
        SAML2Object sAML2Object = (SAML2Object) sAMLParser.parse(document);
        this.samlDocumentHolder = new SAMLDocumentHolder(sAML2Object, document);
        return sAML2Object;
    }

    public Document convert(EncryptedElementType encryptedElementType) throws ConfigurationException {
        if (encryptedElementType == null) {
            throw logger.nullArgumentError("encryptedElementType");
        }
        Document createDocument = DocumentUtil.createDocument();
        createDocument.appendChild(createDocument.importNode(encryptedElementType.getEncryptedElement(), true));
        return createDocument;
    }

    public Document convert(StatusResponseType statusResponseType) throws ProcessingException, ConfigurationException, ParsingException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SAMLResponseWriter sAMLResponseWriter = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(byteArrayOutputStream));
        if (statusResponseType instanceof ResponseType) {
            sAMLResponseWriter.write((ResponseType) statusResponseType);
        } else {
            sAMLResponseWriter.write(statusResponseType, new QName(JBossSAMLURIConstants.PROTOCOL_NSURI.get(), JBossSAMLConstants.LOGOUT_RESPONSE.get(), "samlp"));
        }
        return DocumentUtil.getDocument(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
    }

    public void marshall(ResponseType responseType, OutputStream outputStream) throws ProcessingException {
        new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(outputStream)).write(responseType);
    }

    public void marshall(ResponseType responseType, Writer writer) throws ProcessingException {
        new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(writer)).write(responseType);
    }
}
