package com.resolution.samlprocessor;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Random;
import java.util.zip.Deflater;
import java.util.zip.DeflaterOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.io.IOUtils;
import org.apache.xml.security.c14n.Canonicalizer;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
import org.opensaml.common.SAMLVersion;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnContext;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder;
import org.opensaml.saml2.core.impl.AuthnRequestBuilder;
import org.opensaml.saml2.core.impl.IssuerBuilder;
import org.opensaml.saml2.core.impl.RequestedAuthnContextBuilder;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.NameIDFormat;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.security.SAMLSignatureProfileValidator;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.security.x509.X509Util;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.XMLHelper;
import org.opensaml.xml.validation.ValidationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

/* loaded from: input_file:com/resolution/samlprocessor/SAMLProcessor.class */
public class SAMLProcessor {
    private static final Logger logger = LoggerFactory.getLogger(SAMLProcessor.class);
    protected SignatureValidator signatureValidator;
    private String base64encodedCertificate;
    private X509Certificate idpCertificate;

    public SAMLProcessor() throws SAMLProcessorException {
        try {
            DefaultBootstrap.bootstrap();
        } catch (ConfigurationException e) {
            throw new SAMLProcessorException("Bootstrapping OpenSAML failed", e);
        }
    }

    public void setIdpCertificate(String str) throws SAMLProcessorException {
        if (str == null || str.isEmpty()) {
            str = null;
        }
        if (this.base64encodedCertificate == null && str == null) {
            return;
        }
        if (this.base64encodedCertificate != null && str == null && this.base64encodedCertificate.equals(str)) {
            logger.debug("base64encodedCertificate has not changed, nothing to do.");
            return;
        }
        if (str == null) {
            logger.debug("base64encodedCertificate is set to null, removing certificate validation");
            this.signatureValidator = null;
            this.base64encodedCertificate = null;
            this.idpCertificate = null;
            return;
        }
        if (this.base64encodedCertificate == null || !this.base64encodedCertificate.equals(str)) {
            logger.debug("Re-creating the signature validator with new certificate.");
            this.base64encodedCertificate = str;
            if (str == null || str.trim().length() == 0) {
                logger.warn("No certificate specified, disabling SAML response signature validation.");
                this.signatureValidator = null;
                this.base64encodedCertificate = null;
                this.idpCertificate = null;
                return;
            }
            try {
                BasicX509Credential basicX509Credential = new BasicX509Credential();
                this.idpCertificate = X509Util.decodeCertificate(str.getBytes()).iterator().next();
                basicX509Credential.setPublicKey(this.idpCertificate.getPublicKey());
                this.signatureValidator = new SignatureValidator(basicX509Credential);
            } catch (CertificateException e) {
                throw new SAMLProcessorException("Decoding the certificate failed.", e);
            }
        }
    }

    public String createSAMLAuthenticationRequest(String str, String str2, boolean z) throws SAMLProcessorException {
        logger.debug("Building request message...");
        Issuer buildObject = new IssuerBuilder().buildObject(SAMLConstants.SAML20_NS, "Issuer", "samlp");
        buildObject.setValue(str);
        DateTime dateTime = new DateTime();
        AuthnRequest buildObject2 = new AuthnRequestBuilder().buildObject(SAMLConstants.SAML20P_NS, AuthnRequest.DEFAULT_ELEMENT_LOCAL_NAME, "samlp");
        buildObject2.setVersion(SAMLVersion.VERSION_20);
        buildObject2.setIssueInstant(dateTime);
        buildObject2.setAssertionConsumerServiceURL(str);
        buildObject2.setDestination(str2);
        buildObject2.setIssuer(buildObject);
        if (!z) {
            AuthnContextClassRef buildObject3 = new AuthnContextClassRefBuilder().buildObject(SAMLConstants.SAML20_NS, AuthnContextClassRef.DEFAULT_ELEMENT_LOCAL_NAME, "saml");
            buildObject3.setAuthnContextClassRef(AuthnContext.PASSWORD_AUTHN_CTX);
            RequestedAuthnContext mo543buildObject = new RequestedAuthnContextBuilder().mo543buildObject();
            mo543buildObject.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
            mo543buildObject.getAuthnContextClassRefs().add(buildObject3);
            buildObject2.setRequestedAuthnContext(mo543buildObject);
        }
        buildObject2.setID(createID());
        try {
            Element marshall = Configuration.getMarshallerFactory().getMarshaller(buildObject2).marshall(buildObject2);
            logMessage("Request", buildObject2.getDOM());
            StringWriter stringWriter = new StringWriter();
            XMLHelper.writeNode(marshall, stringWriter);
            return stringWriter.toString();
        } catch (MarshallingException e) {
            throw new SAMLProcessorException(e);
        }
    }

    public byte[] compressSamlRequest(String str) throws IOException {
        Deflater deflater = new Deflater(8, true);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, deflater);
        deflaterOutputStream.write(str.getBytes());
        deflaterOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    public String encodeBase64(byte[] bArr) {
        return Base64.encodeBytes(bArr, 9);
    }

    public String buildPOSTtoIdPFormHtml(String str, String str2, String str3, String str4, boolean z) throws SAMLProcessorException {
        try {
            String encodeBase64 = encodeBase64(createSAMLAuthenticationRequest(str, str4, z).getBytes());
            StringBuffer stringBuffer = new StringBuffer();
            logger.debug("Creating HTML Form for IdP redirect");
            stringBuffer.append("<body>");
            stringBuffer.append("<p>Please wait, we're redirecting you...</p>");
            stringBuffer.append("<form method=\"POST\" enctype=\"application/x-www-form-urlencoded\" action=\"");
            stringBuffer.append(str4);
            stringBuffer.append("\"/>");
            stringBuffer.append("<input type=\"HIDDEN\" name=\"SAMLRequest\" value=\"");
            stringBuffer.append(encodeBase64);
            stringBuffer.append("\"/>");
            if (str2 != null && str2.length() > 0) {
                stringBuffer.append("<input type=\"HIDDEN\" name=\"");
                stringBuffer.append(str2);
                stringBuffer.append("\" value=\"");
                stringBuffer.append(str3);
                stringBuffer.append("\"></input>");
            }
            stringBuffer.append("</form>");
            stringBuffer.append("<script type=\"text/javascript\">window.onload = function () { document.forms[0].submit(); }</script>");
            stringBuffer.append("</body>");
            return stringBuffer.toString();
        } catch (Exception e) {
            throw new SAMLProcessorException(e);
        }
    }

    public String buildRedirectToIdPurl(HttpServletRequest httpServletRequest, String str, String str2, String str3, String str4, boolean z) throws SAMLProcessorException {
        try {
            String encode = URLEncoder.encode(encodeBase64(compressSamlRequest(createSAMLAuthenticationRequest(str, str4, z))), "ISO-8859-1");
            String encode2 = URLEncoder.encode(str3, "ISO-8859-1");
            String str5 = str4 + (str4.contains("?") ? "&" : "?") + "SAMLRequest=" + encode;
            if (str2 != null && str2.length() > 0) {
                str5 = str5 + "&" + str2 + "=" + encode2;
            }
            return str5;
        } catch (IOException e) {
            throw new SAMLProcessorException(e);
        }
    }

    public String processSAMLResponseMessage(String str) throws SAMLProcessorException {
        return processSAMLResponseMessage(str, true);
    }

    public String processSAMLResponseMessage(String str, boolean z) throws SAMLProcessorException {
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            Element documentElement = newInstance.newDocumentBuilder().parse(z ? new ByteArrayInputStream(new String(Base64.decode(str)).getBytes()) : IOUtils.toInputStream(str)).getDocumentElement();
            XMLObject unmarshall = Configuration.getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement);
            if (unmarshall == null) {
                logger.warn("Response is null, returning null");
                return null;
            }
            logMessage("Response", unmarshall.getDOM());
            Response response = (Response) unmarshall;
            SAMLSignatureProfileValidator sAMLSignatureProfileValidator = new SAMLSignatureProfileValidator();
            boolean z2 = false;
            Signature signature = response.getSignature();
            if (signature == null) {
                z2 = false;
            } else {
                try {
                    sAMLSignatureProfileValidator.validate(signature);
                    if (this.signatureValidator != null) {
                        this.signatureValidator.validate(signature);
                        z2 = true;
                    }
                } catch (ValidationException e) {
                    logger.warn("Response signature validation failed", e);
                    z2 = false;
                }
            }
            List<Assertion> assertions = response.getAssertions();
            if (assertions == null || assertions.size() <= 0) {
                logger.warn("Response contains no assertion, returning null");
                return null;
            }
            Assertion assertion = response.getAssertions().get(0);
            Signature signature2 = assertion.getSignature();
            if (signature2 != null) {
                try {
                    sAMLSignatureProfileValidator.validate(signature2);
                    if (this.signatureValidator != null) {
                        this.signatureValidator.validate(signature2);
                        logger.debug("Assertion Signature validation was successful.");
                    } else {
                        logger.warn("Signature validation is disabled, just trusting the response.");
                    }
                } catch (ValidationException e2) {
                    if (!z2) {
                        throw new SAMLProcessorException("Assertion signature validation failed", e2);
                    }
                    logger.warn("Assertion signature validation failed, but we have a valid singature on the Response, so we trust this", e2);
                }
            } else if (this.signatureValidator == null) {
                logger.warn("The assertion contains no signature, but validation is disabled, so we just trust the response.");
            } else if (!z2) {
                throw new SAMLProcessorException("Neither Response nor Assertion contains a valid signature");
            }
            try {
                return assertion.getSubject().getNameID().getValue();
            } catch (NullPointerException e3) {
                logger.warn("Assertion contains no Subject with a NameID value, returning null");
                return null;
            }
        } catch (IOException e4) {
            throw new SAMLProcessorException(e4);
        } catch (ParserConfigurationException e5) {
            throw new SAMLProcessorException(e5);
        } catch (UnmarshallingException e6) {
            throw new SAMLProcessorException(e6);
        } catch (SAXException e7) {
            throw new SAMLProcessorException(e7);
        }
    }

    public String generateMetadata(String str) throws SAMLProcessorException {
        XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
        EntityDescriptor entityDescriptor = (EntityDescriptor) builderFactory.getBuilder(EntityDescriptor.DEFAULT_ELEMENT_NAME).buildObject(EntityDescriptor.DEFAULT_ELEMENT_NAME);
        entityDescriptor.setEntityID(str);
        SPSSODescriptor sPSSODescriptor = (SPSSODescriptor) builderFactory.getBuilder(SPSSODescriptor.DEFAULT_ELEMENT_NAME).buildObject(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        sPSSODescriptor.setWantAssertionsSigned((Boolean) true);
        AssertionConsumerService assertionConsumerService = (AssertionConsumerService) builderFactory.getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME).buildObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
        assertionConsumerService.setIndex(0);
        assertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
        assertionConsumerService.setLocation(str);
        sPSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService);
        NameIDFormat nameIDFormat = (NameIDFormat) builderFactory.getBuilder(NameIDFormat.DEFAULT_ELEMENT_NAME).buildObject(NameIDFormat.DEFAULT_ELEMENT_NAME);
        nameIDFormat.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        sPSSODescriptor.getNameIDFormats().add(nameIDFormat);
        sPSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
        entityDescriptor.getRoleDescriptors().add(sPSSODescriptor);
        try {
            Document newDocument = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
            Configuration.getMarshallerFactory().getMarshaller(entityDescriptor).marshall(entityDescriptor, newDocument);
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            newTransformer.setOutputProperty("indent", "yes");
            newTransformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "2");
            StringWriter stringWriter = new StringWriter();
            newTransformer.transform(new DOMSource(newDocument), new StreamResult(stringWriter));
            stringWriter.close();
            String stringWriter2 = stringWriter.toString();
            logger.debug(stringWriter2);
            return stringWriter2;
        } catch (Exception e) {
            throw new SAMLProcessorException("Error generating Metadata", e);
        }
    }

    public X509Certificate getIdpCertificate() {
        return this.idpCertificate;
    }

    private String createID() {
        byte[] bArr = new byte[20];
        new Random().nextBytes(bArr);
        char[] cArr = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p'};
        char[] cArr2 = new char[40];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = (bArr[i] >> 4) & 15;
            int i3 = bArr[i] & 15;
            cArr2[i * 2] = cArr[i2];
            cArr2[(i * 2) + 1] = cArr[i3];
        }
        return String.valueOf(cArr2);
    }

    static void logMessage(String str, Element element) {
        if (logger.isDebugEnabled()) {
            try {
                Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
                newTransformer.setOutputProperty("omit-xml-declaration", "yes");
                newTransformer.setOutputProperty("indent", "yes");
                newTransformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "2");
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                newTransformer.transform(new DOMSource(element), new StreamResult(new OutputStreamWriter(byteArrayOutputStream, "utf-8")));
                logger.debug(str + "\n" + new String(byteArrayOutputStream.toString(Canonicalizer.ENCODING)));
            } catch (UnsupportedEncodingException e) {
                logger.warn("Exception during logging XML", e);
            } catch (TransformerException e2) {
                logger.warn("Exception during logging XML", e2);
            }
        }
    }
}
