package com.resolution.samlprocessor;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.net.URLEncoder;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.zip.Deflater;
import java.util.zip.DeflaterOutputStream;
import javax.servlet.http.HttpServletRequest;
import org.bouncycastle.i18n.LocalizedMessage;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLVersion;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.AuthnContext;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder;
import org.opensaml.saml2.core.impl.AuthnRequestBuilder;
import org.opensaml.saml2.core.impl.IssuerBuilder;
import org.opensaml.saml2.core.impl.RequestedAuthnContextBuilder;
import org.opensaml.security.SAMLSignatureProfileValidator;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.security.x509.X509Util;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.XMLHelper;
import org.opensaml.xml.validation.ValidationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:com/resolution/samlprocessor/SingleIdpSAMLProcessor.class */
public class SingleIdpSAMLProcessor {
    private final String useridAttribute;
    private final String idpUrl;
    private final String emailAttribute;
    private final String fullNameAttribute;
    private final String groupAttribute;
    private final String issuerIdP;
    private final String consumerURL;
    private final String relayStateParameterName;
    private final SignatureValidator idpSignatureValidator;
    private final boolean omitRequestedAuthnContext;
    private final String useridTransformationRegex;
    private final String useridTransformationReplacement;
    private final List<String> defaultGroups;
    private final List<String> defaultSdCustomerGroups;
    private final boolean updateUser;
    private final boolean removeFromGroups;
    private final boolean updateExisting;
    private static final Logger logger = LoggerFactory.getLogger(SingleIdpSAMLProcessor.class);

    public SingleIdpSAMLProcessor(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, boolean z, String str10, String str11, List<String> list, List<String> list2, boolean z2, boolean z3, boolean z4) throws CertificateException {
        this.idpUrl = str;
        this.issuerIdP = str2;
        this.consumerURL = str7;
        this.relayStateParameterName = str8;
        this.omitRequestedAuthnContext = z;
        this.useridTransformationRegex = str10;
        this.useridTransformationReplacement = str11;
        this.useridAttribute = str3;
        this.fullNameAttribute = str5;
        this.emailAttribute = str4;
        this.groupAttribute = str6;
        this.defaultGroups = list;
        this.defaultSdCustomerGroups = list2;
        this.updateUser = z2;
        this.removeFromGroups = z3;
        this.updateExisting = z4;
        if (str9 == null || str9.trim().isEmpty()) {
            this.idpSignatureValidator = null;
            logger.warn("No certificate specified for Idp {}. Responses from this IdP will not be validated!", str2);
        } else {
            BasicX509Credential basicX509Credential = new BasicX509Credential();
            basicX509Credential.setPublicKey(X509Util.decodeCertificate(str9.getBytes()).iterator().next().getPublicKey());
            this.idpSignatureValidator = new SignatureValidator(basicX509Credential);
        }
    }

    public String createSAMLAuthenticationRequest(String str) throws SAMLProcessorException {
        logger.debug("Building request message...");
        Issuer buildObject = new IssuerBuilder().buildObject(SAMLConstants.SAML20_NS, "Issuer", "samlp");
        if (str == null || str.isEmpty()) {
            str = this.consumerURL;
        }
        buildObject.setValue(str);
        DateTime dateTime = new DateTime();
        AuthnRequest buildObject2 = new AuthnRequestBuilder().buildObject(SAMLConstants.SAML20P_NS, AuthnRequest.DEFAULT_ELEMENT_LOCAL_NAME, "samlp");
        buildObject2.setVersion(SAMLVersion.VERSION_20);
        buildObject2.setIssueInstant(dateTime);
        buildObject2.setAssertionConsumerServiceURL(str);
        buildObject2.setDestination(this.idpUrl);
        buildObject2.setIssuer(buildObject);
        if (!this.omitRequestedAuthnContext) {
            AuthnContextClassRef buildObject3 = new AuthnContextClassRefBuilder().buildObject(SAMLConstants.SAML20_NS, AuthnContextClassRef.DEFAULT_ELEMENT_LOCAL_NAME, "saml");
            buildObject3.setAuthnContextClassRef(AuthnContext.PASSWORD_AUTHN_CTX);
            RequestedAuthnContext mo732buildObject = new RequestedAuthnContextBuilder().mo732buildObject();
            mo732buildObject.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
            mo732buildObject.getAuthnContextClassRefs().add(buildObject3);
            buildObject2.setRequestedAuthnContext(mo732buildObject);
        }
        buildObject2.setID(createID());
        try {
            Element marshall = Configuration.getMarshallerFactory().getMarshaller(buildObject2).marshall(buildObject2);
            if (logger.isDebugEnabled()) {
                logger.debug(SAMLProcessor.elementToString(buildObject2.getDOM()));
            }
            StringWriter stringWriter = new StringWriter();
            XMLHelper.writeNode(marshall, stringWriter);
            return stringWriter.toString();
        } catch (MarshallingException e) {
            throw new SAMLProcessorException(e);
        }
    }

    public SAMLResponseContent processSAMLResponse(Response response) throws SAMLProcessorException {
        String str;
        String str2;
        List<String> list;
        List list2;
        List list3;
        HashMap hashMap = new HashMap();
        try {
            SAMLSignatureProfileValidator sAMLSignatureProfileValidator = new SAMLSignatureProfileValidator();
            boolean z = false;
            Signature signature = response.getSignature();
            if (signature == null) {
                z = false;
            } else {
                try {
                    sAMLSignatureProfileValidator.validate(signature);
                    if (this.idpSignatureValidator != null) {
                        this.idpSignatureValidator.validate(signature);
                        z = true;
                    }
                } catch (ValidationException e) {
                    logger.warn("Response signature validation failed", e);
                    z = false;
                }
            }
            List<Assertion> assertions = response.getAssertions();
            if (assertions == null || assertions.size() <= 0) {
                logger.warn("Response contains no assertion");
                return new SAMLResponseContent(false, null, "Response contains no assertion", hashMap, this.updateUser, this.removeFromGroups, this.updateExisting);
            }
            Assertion assertion = response.getAssertions().get(0);
            Signature signature2 = assertion.getSignature();
            if (signature2 != null) {
                try {
                    sAMLSignatureProfileValidator.validate(signature2);
                    if (this.idpSignatureValidator != null) {
                        this.idpSignatureValidator.validate(signature2);
                        logger.debug("Assertion Signature validation was successful.");
                    } else {
                        logger.warn("Signature validation is disabled, just trusting the response.");
                    }
                } catch (ValidationException e2) {
                    if (!z) {
                        throw new SAMLProcessorException("Assertion signature validation failed", e2);
                    }
                    logger.warn("Assertion signature validation failed, but we have a valid singature on the Response, so we trust this", e2);
                }
            } else if (this.idpSignatureValidator == null) {
                logger.warn("The assertion contains no signature, but validation is disabled, so we just trust the response.");
            } else if (!z) {
                throw new SAMLProcessorException("Neither Response nor Assertion contains a valid signature");
            }
            String str3 = null;
            try {
                str = assertion.getSubject().getNameID().getValue();
            } catch (NullPointerException e3) {
                str = null;
                logger.warn("Assertion contains no Subject with a NameID value");
                str3 = "Assertion contains no Subject with a NameID value";
            }
            Iterator<AttributeStatement> it = assertion.getAttributeStatements().iterator();
            while (it.hasNext()) {
                for (Attribute attribute : it.next().getAttributes()) {
                    String name = attribute.getName();
                    ArrayList arrayList = new ArrayList();
                    Iterator<XMLObject> it2 = attribute.getAttributeValues().iterator();
                    while (it2.hasNext()) {
                        arrayList.add(it2.next().getDOM().getTextContent());
                    }
                    hashMap.put(name, arrayList);
                }
            }
            if (this.useridAttribute == null || this.useridAttribute.trim().isEmpty()) {
                str2 = str;
            } else {
                List list4 = (List) hashMap.get(this.useridAttribute);
                if (list4 == null || list4.isEmpty()) {
                    logger.error("No userid value in attribute {}", this.useridAttribute);
                    str3 = "No userid value in attribute " + this.useridAttribute;
                    str2 = null;
                } else {
                    str2 = (String) list4.get(0);
                }
            }
            if (str2 != null && this.useridTransformationRegex != null && !this.useridTransformationRegex.isEmpty()) {
                str2 = str2.replaceAll(this.useridTransformationRegex, this.useridTransformationReplacement);
            }
            String str4 = null;
            String str5 = null;
            ArrayList arrayList2 = new ArrayList(this.defaultGroups.size());
            arrayList2.addAll(this.defaultGroups);
            ArrayList arrayList3 = new ArrayList(this.defaultSdCustomerGroups.size());
            arrayList3.addAll(this.defaultSdCustomerGroups);
            if (this.fullNameAttribute != null && (list3 = (List) hashMap.get(this.fullNameAttribute)) != null && !list3.isEmpty()) {
                str4 = (String) list3.get(0);
            }
            if (this.emailAttribute != null && (list2 = (List) hashMap.get(this.emailAttribute)) != null && !list2.isEmpty()) {
                str5 = (String) list2.get(0);
            }
            if (this.groupAttribute != null && (list = (List) hashMap.get(this.groupAttribute)) != null) {
                for (String str6 : list) {
                    if (!arrayList2.contains(str6)) {
                        arrayList2.add(str6);
                        arrayList3.add(str6);
                    }
                }
            }
            return new SAMLResponseContent(str2 != null, str2, str3, str4, str5, arrayList2, arrayList3, hashMap, this.updateUser, this.removeFromGroups, this.updateExisting);
        } catch (Exception e4) {
            throw new SAMLProcessorException(e4);
        }
    }

    public String buildRedirectToIdPurl(HttpServletRequest httpServletRequest, String str, String str2, Map<String, String> map) throws SAMLProcessorException {
        try {
            String str3 = this.idpUrl + (this.idpUrl.contains("?") ? "&" : "?") + "SAMLRequest=" + URLEncoder.encode(encodeBase64(compressSamlRequest(createSAMLAuthenticationRequest(str2))), LocalizedMessage.DEFAULT_ENCODING) + "&" + this.relayStateParameterName + "=" + URLEncoder.encode(str, LocalizedMessage.DEFAULT_ENCODING);
            for (String str4 : map.keySet()) {
                str3 = str3 + "&" + str4 + "=" + map.get(str4);
            }
            return str3;
        } catch (IOException e) {
            throw new SAMLProcessorException(e);
        }
    }

    public String buildPOSTtoIdPFormHtml(String str, String str2, Map<String, String> map) throws SAMLProcessorException {
        try {
            String encodeBase64 = encodeBase64(createSAMLAuthenticationRequest(str2).getBytes());
            StringBuffer stringBuffer = new StringBuffer();
            logger.debug("Creating HTML Form for IdP redirect");
            stringBuffer.append("<body>");
            stringBuffer.append("<p>Please wait, we're redirecting you...</p>");
            stringBuffer.append("<form method=\"POST\" enctype=\"application/x-www-form-urlencoded\" action=\"");
            stringBuffer.append(this.idpUrl);
            stringBuffer.append("\"/>");
            stringBuffer.append("<input type=\"HIDDEN\" name=\"SAMLRequest\" value=\"");
            stringBuffer.append(encodeBase64);
            stringBuffer.append("\"/>");
            if (this.relayStateParameterName != null && this.relayStateParameterName.length() > 0) {
                stringBuffer.append("<input type=\"HIDDEN\" name=\"");
                stringBuffer.append(this.relayStateParameterName);
                stringBuffer.append("\" value=\"");
                stringBuffer.append(str);
                stringBuffer.append("\"></input>");
            }
            for (String str3 : map.keySet()) {
                stringBuffer.append("<input type=\"HIDDEN\" name=\"");
                stringBuffer.append(str3);
                stringBuffer.append("\" value=\"");
                stringBuffer.append(map.get(str3));
                stringBuffer.append("\"></input>");
            }
            stringBuffer.append("</form>");
            stringBuffer.append("<script type=\"text/javascript\">window.onload = function () { document.forms[0].submit(); }</script>");
            stringBuffer.append("</body>");
            return stringBuffer.toString();
        } catch (Exception e) {
            throw new SAMLProcessorException(e);
        }
    }

    public String transformUserid(String str) {
        String str2 = this.useridTransformationRegex == null ? "" : this.useridTransformationRegex;
        String str3 = this.useridTransformationReplacement == null ? "" : this.useridTransformationReplacement;
        if (str2.isEmpty()) {
            logger.debug("Transformation regex is empty, retuning {}", str);
            return str;
        }
        String replaceAll = str.replaceAll(str2, str3);
        logger.debug("Transformed userid {} to {} using regex {} and replacement {}", new String[]{str, replaceAll, str2, str3});
        return replaceAll;
    }

    public static byte[] compressSamlRequest(String str) throws IOException {
        Deflater deflater = new Deflater(8, true);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, deflater);
        deflaterOutputStream.write(str.getBytes());
        deflaterOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    public static String encodeBase64(byte[] bArr) {
        return Base64.encodeBytes(bArr, 9);
    }

    public static String createID() {
        byte[] bArr = new byte[20];
        new Random().nextBytes(bArr);
        char[] cArr = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p'};
        char[] cArr2 = new char[40];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = (bArr[i] >> 4) & 15;
            int i3 = bArr[i] & 15;
            cArr2[i * 2] = cArr[i2];
            cArr2[(i * 2) + 1] = cArr[i3];
        }
        return String.valueOf(cArr2);
    }
}
