package org.jahia.modules.saml2;

import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Base64;
import java.util.HashMap;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.xalan.templates.Constants;
import org.jahia.modules.saml2.admin.SAML2Settings;
import org.jahia.modules.saml2.admin.SAML2SettingsService;
import org.jahia.settings.SettingsBean;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.client.SAML2ClientConfiguration;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.core.io.FileSystemResource;

/* loaded from: input_file:org/jahia/modules/saml2/SAML2Util.class */
public final class SAML2Util {
    private final HashMap<String, SAML2Client> clients = new HashMap<>();

    public String getAssertionConsumerServiceUrl(HttpServletRequest httpServletRequest, String str) {
        String header = httpServletRequest.getHeader("X-Forwarded-Server");
        if (StringUtils.isEmpty(header)) {
            header = httpServletRequest.getServerName();
        }
        try {
            return new URL(httpServletRequest.getScheme(), header, httpServletRequest.getLocalPort(), httpServletRequest.getContextPath() + str).toString();
        } catch (MalformedURLException e) {
            throw new RuntimeException(e);
        }
    }

    public SAML2Client getSAML2Client(SAML2SettingsService sAML2SettingsService, HttpServletRequest httpServletRequest, String str) {
        SAML2Client initSAMLClient;
        if (this.clients.containsKey(str)) {
            initSAMLClient = this.clients.get(str);
        } else {
            initSAMLClient = initSAMLClient(sAML2SettingsService.getSettings(str), httpServletRequest);
            this.clients.put(str, initSAMLClient);
        }
        return initSAMLClient;
    }

    public String getCookieValue(HttpServletRequest httpServletRequest, String str) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(str)) {
                return cookie.getValue();
            }
        }
        return null;
    }

    public void resetClient(String str) {
        this.clients.remove(str);
    }

    public SAML2ClientConfiguration getSAML2ClientConfiguration(SAML2Settings sAML2Settings) {
        SAML2ClientConfiguration sAML2ClientConfiguration = new SAML2ClientConfiguration();
        sAML2ClientConfiguration.setMaximumAuthenticationLifetime(sAML2Settings.getMaximumAuthenticationLifetime().intValue());
        sAML2ClientConfiguration.setIdentityProviderMetadataResource(new ByteArrayResource(Base64.getDecoder().decode(sAML2Settings.getIdentityProviderMetadata())));
        sAML2ClientConfiguration.setServiceProviderEntityId(sAML2Settings.getRelyingPartyIdentifier());
        if (sAML2Settings.getKeyStore() != null) {
            sAML2ClientConfiguration.setKeystoreResource(new ByteArrayResource(Base64.getDecoder().decode(sAML2Settings.getKeyStore())));
        }
        sAML2ClientConfiguration.setKeystoreType(sAML2Settings.getKeyStoreType());
        if (StringUtils.isNotEmpty(sAML2Settings.getKeyStoreAlias())) {
            sAML2ClientConfiguration.setKeystoreAlias(sAML2Settings.getKeyStoreAlias());
        }
        sAML2ClientConfiguration.setKeystorePassword(sAML2Settings.getKeyStorePass());
        sAML2ClientConfiguration.setPrivateKeyPassword(sAML2Settings.getPrivateKeyPass());
        sAML2ClientConfiguration.setServiceProviderMetadataResource(new FileSystemResource(getSamlFileName(sAML2Settings.getSiteKey(), "sp-metadata.xml")));
        sAML2ClientConfiguration.setForceAuth(sAML2Settings.isForceAuth());
        sAML2ClientConfiguration.setPassive(sAML2Settings.isPassive());
        sAML2ClientConfiguration.setAuthnRequestSigned(sAML2Settings.isSignAuthnRequest());
        sAML2ClientConfiguration.setWantsAssertionsSigned(sAML2Settings.isRequireSignedAssertions());
        sAML2ClientConfiguration.setDestinationBindingType(sAML2Settings.getBindingType());
        sAML2ClientConfiguration.setAttributeAsId(sAML2Settings.getMapperIdField());
        return sAML2ClientConfiguration;
    }

    private SAML2Client initSAMLClient(SAML2Settings sAML2Settings, HttpServletRequest httpServletRequest) {
        return initSAMLClient(getSAML2ClientConfiguration(sAML2Settings), getAssertionConsumerServiceUrl(httpServletRequest, sAML2Settings.getIncomingTargetUrl()));
    }

    private SAML2Client initSAMLClient(SAML2ClientConfiguration sAML2ClientConfiguration, String str) {
        try {
            File file = sAML2ClientConfiguration.getServiceProviderMetadataResource().getFile();
            if (file.exists()) {
                file.delete();
            }
            SAML2Client sAML2Client = new SAML2Client(sAML2ClientConfiguration);
            sAML2Client.setCallbackUrl(str);
            try {
                sAML2Client.init();
                return sAML2Client;
            } catch (NullPointerException e) {
                if (e.getStackTrace().length <= 0 || !e.getStackTrace()[0].getClassName().equals("org.opensaml.saml.metadata.resolver.impl.DOMMetadataResolver")) {
                    throw e;
                }
                throw new TechnicalException("Error parsing idp Metadata - Invalid XML file", e);
            }
        } catch (IOException e2) {
            throw new TechnicalException("Cannot udpate SP Metadata file", e2);
        }
    }

    public void validateSettings(SAML2Settings sAML2Settings) throws IOException {
        if (sAML2Settings.getIdentityProviderMetadataFile() != null) {
            sAML2Settings.setIdentityProviderMetadata(Base64.getEncoder().encodeToString(FileUtils.readFileToByteArray(sAML2Settings.getIdentityProviderMetadataFile())));
            sAML2Settings.setIdentityProviderMetadataFile(null);
        }
        if (sAML2Settings.getKeyStoreFile() != null) {
            sAML2Settings.setKeyStore(Base64.getEncoder().encodeToString(FileUtils.readFileToByteArray(sAML2Settings.getKeyStoreFile())));
            sAML2Settings.setKeyStoreFile(null);
        } else if (sAML2Settings.getKeyStore() == null) {
            sAML2Settings.setKeyStore(generateKeyStore(sAML2Settings));
        }
        initSAMLClient(getSAML2ClientConfiguration(sAML2Settings), "/");
    }

    private String generateKeyStore(SAML2Settings sAML2Settings) throws IOException {
        File file = new File(getSamlFileName(sAML2Settings.getSiteKey(), "keystore.jks"));
        file.getParentFile().mkdirs();
        SAML2ClientConfiguration sAML2ClientConfiguration = getSAML2ClientConfiguration(sAML2Settings);
        sAML2ClientConfiguration.setKeystoreResource(new FileSystemResource(file));
        initSAMLClient(sAML2ClientConfiguration, "/");
        String encodeToString = Base64.getEncoder().encodeToString(FileUtils.readFileToByteArray(file));
        file.delete();
        return encodeToString;
    }

    private String getSamlFileName(String str, String str2) {
        return SettingsBean.getInstance().getJahiaVarDiskPath() + "/saml/" + str + Constants.ATTRVAL_THIS + str2;
    }
}
