package org.jahia.modules.saml2;

import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.xalan.templates.Constants;
import org.jahia.modules.jahiaauth.service.ConnectorConfig;
import org.jahia.modules.jahiaauth.service.SettingsService;
import org.jahia.settings.SettingsBean;
import org.jahia.utils.ClassLoaderUtils;
import org.opensaml.core.config.InitializationService;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.config.SAML2Configuration;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.core.io.FileSystemResource;

/* loaded from: input_file:org/jahia/modules/saml2/SAML2Util.class */
public final class SAML2Util {
    private final HashMap<String, SAML2Client> clients = new HashMap<>();

    public String getAssertionConsumerServiceUrl(HttpServletRequest httpServletRequest, String str) {
        String header = httpServletRequest.getHeader("X-Forwarded-Server");
        if (StringUtils.isEmpty(header)) {
            header = httpServletRequest.getServerName();
        }
        try {
            return new URL(httpServletRequest.getScheme(), header, httpServletRequest.getServerPort(), httpServletRequest.getContextPath() + str).toString();
        } catch (MalformedURLException e) {
            throw new RuntimeException(e);
        }
    }

    public SAML2Client getSAML2Client(SettingsService settingsService, HttpServletRequest httpServletRequest, String str) {
        SAML2Client initSAMLClient;
        if (this.clients.containsKey(str)) {
            initSAMLClient = this.clients.get(str);
        } else {
            initSAMLClient = initSAMLClient(settingsService.getConnectorConfig(str, "Saml"), httpServletRequest);
            this.clients.put(str, initSAMLClient);
        }
        return initSAMLClient;
    }

    public String getCookieValue(HttpServletRequest httpServletRequest, String str) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(str)) {
                return cookie.getValue();
            }
        }
        return null;
    }

    public void resetClient(String str) {
        this.clients.remove(str);
    }

    public SAML2Configuration getSAML2ClientConfiguration(ConnectorConfig connectorConfig) {
        SAML2Configuration sAML2Configuration = new SAML2Configuration();
        sAML2Configuration.setMaximumAuthenticationLifetime(Integer.parseInt(connectorConfig.getProperty(SAML2Constants.MAXIMUM_AUTHENTICATION_LIFETIME)));
        sAML2Configuration.setIdentityProviderMetadataResource(new ByteArrayResource(connectorConfig.getBinaryProperty(SAML2Constants.IDENTITY_PROVIDER_METADATA)));
        sAML2Configuration.setServiceProviderEntityId(connectorConfig.getProperty(SAML2Constants.RELYING_PARTY_IDENTIFIER));
        if (connectorConfig.getProperty(SAML2Constants.KEY_STORE) != null) {
            sAML2Configuration.setKeystoreResource(new ByteArrayResource(connectorConfig.getBinaryProperty(SAML2Constants.KEY_STORE)));
        }
        sAML2Configuration.setKeystoreType(connectorConfig.getProperty(SAML2Constants.KEY_STORE_TYPE));
        if (StringUtils.isNotEmpty(connectorConfig.getProperty(SAML2Constants.KEY_STORE_ALIAS))) {
            sAML2Configuration.setKeystoreAlias(connectorConfig.getProperty(SAML2Constants.KEY_STORE_ALIAS));
        }
        sAML2Configuration.setKeystorePassword(connectorConfig.getProperty(SAML2Constants.KEY_STORE_PASS));
        sAML2Configuration.setPrivateKeyPassword(connectorConfig.getProperty(SAML2Constants.PRIVATE_KEY_PASS));
        sAML2Configuration.setServiceProviderMetadataResource(new FileSystemResource(getSamlFileName(connectorConfig.getSiteKey(), "sp-metadata.xml")));
        sAML2Configuration.setForceAuth(connectorConfig.getBooleanProperty(SAML2Constants.FORCE_AUTH).booleanValue());
        sAML2Configuration.setPassive(connectorConfig.getBooleanProperty(SAML2Constants.PASSIVE).booleanValue());
        sAML2Configuration.setAuthnRequestSigned(connectorConfig.getBooleanProperty(SAML2Constants.SIGN_AUTH_REQUEST).booleanValue());
        sAML2Configuration.setWantsAssertionsSigned(connectorConfig.getBooleanProperty(SAML2Constants.REQUIRES_SIGNED_ASSERTIONS).booleanValue());
        sAML2Configuration.setAuthnRequestBindingType(connectorConfig.getProperty(SAML2Constants.BINDING_TYPE));
        return sAML2Configuration;
    }

    private SAML2Client initSAMLClient(ConnectorConfig connectorConfig, HttpServletRequest httpServletRequest) {
        SAML2Configuration sAML2ClientConfiguration = getSAML2ClientConfiguration(connectorConfig);
        return StringUtils.isEmpty(connectorConfig.getProperty(SAML2Constants.SERVER_LOCATION)) ? initSAMLClient(sAML2ClientConfiguration, getAssertionConsumerServiceUrl(httpServletRequest, connectorConfig.getProperty(SAML2Constants.INCOMING_TARGET_URL))) : initSAMLClient(sAML2ClientConfiguration, connectorConfig.getProperty(SAML2Constants.SERVER_LOCATION) + connectorConfig.getProperty(SAML2Constants.INCOMING_TARGET_URL));
    }

    private SAML2Client initSAMLClient(SAML2Configuration sAML2Configuration, String str) {
        return (SAML2Client) ClassLoaderUtils.executeWith(InitializationService.class.getClassLoader(), () -> {
            try {
                File file = sAML2Configuration.getServiceProviderMetadataResource().getFile();
                if (file.exists()) {
                    file.delete();
                }
                SAML2Client sAML2Client = new SAML2Client(sAML2Configuration);
                sAML2Client.setCallbackUrl(str);
                try {
                    sAML2Client.init();
                    return sAML2Client;
                } catch (NullPointerException e) {
                    if (e.getStackTrace().length <= 0 || !e.getStackTrace()[0].getClassName().equals("org.opensaml.saml.metadata.resolver.impl.DOMMetadataResolver")) {
                        throw e;
                    }
                    throw new TechnicalException("Error parsing idp Metadata - Invalid XML file", e);
                }
            } catch (IOException e2) {
                throw new TechnicalException("Cannot udpate SP Metadata file", e2);
            }
        });
    }

    public void validateSettings(ConnectorConfig connectorConfig) throws IOException {
        if (connectorConfig.getBinaryProperty(SAML2Constants.KEY_STORE) == null) {
            connectorConfig.getValues().setBinaryProperty(SAML2Constants.KEY_STORE, generateKeyStore(connectorConfig));
        }
        initSAMLClient(getSAML2ClientConfiguration(connectorConfig), "/");
    }

    private byte[] generateKeyStore(ConnectorConfig connectorConfig) throws IOException {
        File file = new File(getSamlFileName(connectorConfig.getSiteKey(), "keystore.jks"));
        file.getParentFile().mkdirs();
        SAML2Configuration sAML2ClientConfiguration = getSAML2ClientConfiguration(connectorConfig);
        sAML2ClientConfiguration.setKeystoreResource(new FileSystemResource(file));
        initSAMLClient(sAML2ClientConfiguration, "/");
        byte[] readFileToByteArray = FileUtils.readFileToByteArray(file);
        file.delete();
        return readFileToByteArray;
    }

    private String getSamlFileName(String str, String str2) {
        return SettingsBean.getInstance().getJahiaVarDiskPath() + "/saml/" + str + Constants.ATTRVAL_THIS + str2;
    }
}
