package org.jboss.security.identity.sso;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Date;
import java.util.Iterator;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAuthenticationQuery;
import org.opensaml.SAMLAuthenticationStatement;
import org.opensaml.SAMLException;
import org.opensaml.SAMLNameIdentifier;
import org.opensaml.SAMLRequest;
import org.opensaml.SAMLResponse;
import org.opensaml.SAMLSubject;
import org.opensaml.provider.SecureRandomIDProvider;

/* loaded from: input_file:org/jboss/security/identity/sso/JBossSingleSignOnProcessor.class */
public class JBossSingleSignOnProcessor implements SingleSignOnProcessor {
    private SecureRandomIDProvider idProvider = new SecureRandomIDProvider();
    private static final String LOGIN_FAILED = "login_failed";

    @Override // org.jboss.security.identity.sso.SingleSignOnProcessor
    public String generateAuthRequest(String str, String str2) throws SSOException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("username is null or zero-length");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("password is null");
        }
        try {
            SAMLNameIdentifier sAMLNameIdentifier = new SAMLNameIdentifier();
            sAMLNameIdentifier.setName(str);
            sAMLNameIdentifier.setNameQualifier(str2);
            sAMLNameIdentifier.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
            SAMLSubject sAMLSubject = new SAMLSubject();
            sAMLSubject.setNameIdentifier(sAMLNameIdentifier);
            return new SAMLRequest(new SAMLAuthenticationQuery(sAMLSubject, "urn:oasis:names:tc:SAML:1.0:am:password")).toString();
        } catch (SAMLException e) {
            throw new SSOException((Throwable) e);
        }
    }

    @Override // org.jboss.security.identity.sso.SingleSignOnProcessor
    public String generateAuthResponse(String str, String str2, boolean z) throws SSOException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("assertingParty is null or zero-length");
        }
        if (str2 == null || str2.length() == 0) {
            throw new IllegalArgumentException("username is null or zero-length");
        }
        try {
            SAMLResponse sAMLResponse = new SAMLResponse();
            sAMLResponse.setId(this.idProvider.getIdentifier());
            if (z) {
                SAMLNameIdentifier sAMLNameIdentifier = new SAMLNameIdentifier();
                sAMLNameIdentifier.setName(str2);
                sAMLNameIdentifier.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
                SAMLSubject sAMLSubject = new SAMLSubject();
                sAMLSubject.setNameIdentifier(sAMLNameIdentifier);
                SAMLAuthenticationStatement sAMLAuthenticationStatement = new SAMLAuthenticationStatement();
                sAMLAuthenticationStatement.setAuthMethod("urn:oasis:names:tc:SAML:1.0:am:password");
                sAMLAuthenticationStatement.setSubject(sAMLSubject);
                sAMLAuthenticationStatement.setAuthInstant(new Date());
                SAMLAssertion sAMLAssertion = new SAMLAssertion();
                sAMLAssertion.setId(this.idProvider.getIdentifier());
                sAMLAssertion.setIssuer(str);
                sAMLAssertion.addStatement(sAMLAuthenticationStatement);
                sAMLResponse.addAssertion(sAMLAssertion);
            } else {
                sAMLResponse.setStatus(new SAMLException(LOGIN_FAILED));
            }
            return sAMLResponse.toString();
        } catch (SAMLException e) {
            throw new SSOException((Throwable) e);
        }
    }

    @Override // org.jboss.security.identity.sso.SingleSignOnProcessor
    public SSOUser parseAuthRequest(String str) throws SSOException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("request is null or zero-length");
        }
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
                SAMLNameIdentifier nameIdentifier = new SAMLRequest(byteArrayInputStream).getQuery().getSubject().getNameIdentifier();
                SSOUser sSOUser = new SSOUser(nameIdentifier.getName(), nameIdentifier.getNameQualifier());
                if (byteArrayInputStream != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (IOException e) {
                    }
                }
                return sSOUser;
            } catch (SAMLException e2) {
                throw new SSOException((Throwable) e2);
            }
        } catch (Throwable th) {
            if (byteArrayInputStream != null) {
                try {
                    byteArrayInputStream.close();
                } catch (IOException e3) {
                }
            }
            throw th;
        }
    }

    @Override // org.jboss.security.identity.sso.SingleSignOnProcessor
    public AuthResponse parseAuthResponse(String str) throws SSOException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("response is null or zero-length");
        }
        AuthResponse authResponse = null;
        ByteArrayInputStream byteArrayInputStream = null;
        String str2 = null;
        String str3 = null;
        try {
            try {
                byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
                Iterator assertions = new SAMLResponse(byteArrayInputStream).getAssertions();
                if (assertions != null && assertions.hasNext()) {
                    SAMLAssertion sAMLAssertion = (SAMLAssertion) assertions.next();
                    str2 = sAMLAssertion.getId();
                    str3 = sAMLAssertion.getIssuer();
                    authResponse = new AuthResponse(str3, str2, new SSOUser(((SAMLAuthenticationStatement) sAMLAssertion.getStatements().next()).getSubject().getNameIdentifier().getName(), null), true);
                }
                AuthResponse authResponse2 = authResponse;
                if (byteArrayInputStream != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e) {
                    }
                }
                return authResponse2;
            } catch (SAMLException e2) {
                if (!e2.getMessage().equals(LOGIN_FAILED)) {
                    throw new SSOException((Throwable) e2);
                }
                AuthResponse authResponse3 = new AuthResponse(str3, str2, null, false);
                if (byteArrayInputStream != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e3) {
                    }
                }
                return authResponse3;
            }
        } catch (Throwable th) {
            if (byteArrayInputStream != null) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e4) {
                }
            }
            throw th;
        }
    }
}
