package org.pac4j.saml.client;

import java.io.File;
import java.util.ArrayList;
import java.util.Iterator;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.EncryptedAttribute;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.encryption.Decrypter;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.AbstractMetadataProvider;
import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.encryption.DecryptionException;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.parse.StaticBasicParserPool;
import org.opensaml.xml.parse.XMLParserException;
import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.pac4j.core.client.BaseClient;
import org.pac4j.core.client.Protocol;
import org.pac4j.core.client.RedirectAction;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.RequiresHttpAction;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.saml.context.ExtendedSAMLMessageContext;
import org.pac4j.saml.context.Saml2ContextProvider;
import org.pac4j.saml.credentials.Saml2Credentials;
import org.pac4j.saml.crypto.CredentialProvider;
import org.pac4j.saml.crypto.EncryptionProvider;
import org.pac4j.saml.crypto.SignatureTrustEngineProvider;
import org.pac4j.saml.exceptions.SamlException;
import org.pac4j.saml.metadata.Saml2MetadataGenerator;
import org.pac4j.saml.profile.Saml2Profile;
import org.pac4j.saml.sso.Saml2AuthnRequestBuilder;
import org.pac4j.saml.sso.Saml2ResponseValidator;
import org.pac4j.saml.sso.Saml2WebSSOProfileHandler;
import org.pac4j.saml.transport.Pac4jHTTPPostDecoder;
import org.pac4j.saml.util.VelocityEngineFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pac4j/saml/client/Saml2Client.class */
public class Saml2Client extends BaseClient<Saml2Credentials, Saml2Profile> {
    protected static final Logger logger = LoggerFactory.getLogger(Saml2Client.class);
    public static final String SAML_METADATA_KEY_INFO_GENERATOR = "MetadataKeyInfoGenerator";
    private String keystorePath;
    private String keystorePassword;
    private String privateKeyPassword;
    private String idpMetadataPath;
    private String idpEntityId;
    private Integer maximumAuthenticationLifetime;
    private CredentialProvider credentialProvider;
    private Saml2ContextProvider contextProvider;
    private Saml2AuthnRequestBuilder authnRequestBuilder;
    private Saml2WebSSOProfileHandler handler;
    private Saml2ResponseValidator responseValidator;
    private SignatureTrustEngineProvider signatureTrustEngineProvider;
    private EncryptionProvider encryptionProvider;
    private String spMetadata;

    protected void internalInit() {
        CommonHelper.assertNotBlank("keystorePath", this.keystorePath);
        CommonHelper.assertNotBlank("keystorePassword", this.keystorePassword);
        CommonHelper.assertNotBlank("privateKeyPassword", this.privateKeyPassword);
        CommonHelper.assertNotBlank("idpMetadataPath", this.idpMetadataPath);
        CommonHelper.assertNotBlank("callbackUrl", this.callbackUrl);
        if (!this.callbackUrl.startsWith("http")) {
            throw new TechnicalException("SAML callbackUrl must be absolute");
        }
        try {
            DefaultBootstrap.bootstrap();
            NamedKeyInfoGeneratorManager keyInfoGeneratorManager = Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager();
            X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
            x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
            x509KeyInfoGeneratorFactory.setEmitEntityCertificateChain(true);
            keyInfoGeneratorManager.registerFactory(SAML_METADATA_KEY_INFO_GENERATOR, x509KeyInfoGeneratorFactory);
            this.credentialProvider = new CredentialProvider(this.keystorePath, this.keystorePassword, this.privateKeyPassword);
            StaticBasicParserPool staticBasicParserPool = new StaticBasicParserPool();
            try {
                staticBasicParserPool.initialize();
                try {
                    FilesystemMetadataProvider filesystemMetadataProvider = new FilesystemMetadataProvider(new File(this.idpMetadataPath));
                    filesystemMetadataProvider.setParserPool(staticBasicParserPool);
                    filesystemMetadataProvider.initialize();
                    if (this.idpEntityId == null) {
                        try {
                            EntitiesDescriptor metadata = filesystemMetadataProvider.getMetadata();
                            if (metadata instanceof EntitiesDescriptor) {
                                Iterator it = metadata.getEntityDescriptors().iterator();
                                if (it.hasNext()) {
                                    this.idpEntityId = ((EntityDescriptor) it.next()).getEntityID();
                                }
                            } else if (metadata instanceof EntityDescriptor) {
                                this.idpEntityId = ((EntityDescriptor) metadata).getEntityID();
                            }
                            if (this.idpEntityId == null) {
                                throw new SamlException("No idp entityId found");
                            }
                        } catch (MetadataProviderException e) {
                            throw new SamlException("Error getting idp entityId from IDP metadata", e);
                        }
                    }
                    Saml2MetadataGenerator saml2MetadataGenerator = new Saml2MetadataGenerator();
                    saml2MetadataGenerator.setCredentialProvider(this.credentialProvider);
                    String callbackUrl = getCallbackUrl();
                    saml2MetadataGenerator.setEntityId(callbackUrl);
                    saml2MetadataGenerator.setAssertionConsumerServiceUrl(getCallbackUrl());
                    saml2MetadataGenerator.setSingleLogoutServiceUrl(getCallbackUrl());
                    AbstractMetadataProvider buildMetadataProvider = saml2MetadataGenerator.buildMetadataProvider();
                    try {
                        buildMetadataProvider.initialize();
                        this.spMetadata = saml2MetadataGenerator.printMetadata();
                    } catch (MetadataProviderException e2) {
                        throw new TechnicalException("Error initializing spMetadataProvider", e2);
                    } catch (MarshallingException e3) {
                        logger.warn("Unable to print SP metadata", e3);
                    }
                    ChainingMetadataProvider chainingMetadataProvider = new ChainingMetadataProvider();
                    try {
                        chainingMetadataProvider.addMetadataProvider(filesystemMetadataProvider);
                        chainingMetadataProvider.addMetadataProvider(buildMetadataProvider);
                        this.contextProvider = new Saml2ContextProvider(chainingMetadataProvider, this.idpEntityId, callbackUrl);
                        VelocityEngine engine = VelocityEngineFactory.getEngine();
                        this.authnRequestBuilder = new Saml2AuthnRequestBuilder();
                        this.handler = new Saml2WebSSOProfileHandler(this.credentialProvider, new HTTPPostEncoder(engine, "/templates/saml2-post-binding.vm"), new Pac4jHTTPPostDecoder(staticBasicParserPool), staticBasicParserPool);
                        this.signatureTrustEngineProvider = new SignatureTrustEngineProvider(chainingMetadataProvider);
                        this.encryptionProvider = new EncryptionProvider(this.credentialProvider);
                        this.responseValidator = new Saml2ResponseValidator();
                        if (this.maximumAuthenticationLifetime != null) {
                            this.responseValidator.setMaximumAuthenticationLifetime(this.maximumAuthenticationLifetime.intValue());
                        }
                    } catch (MetadataProviderException e4) {
                        throw new TechnicalException("Error adding idp or sp metadatas to manager", e4);
                    }
                } catch (MetadataProviderException e5) {
                    throw new SamlException("Error initializing idpMetadataProvider", e5);
                }
            } catch (XMLParserException e6) {
                throw new SamlException("Error initializing parserPool", e6);
            }
        } catch (ConfigurationException e7) {
            throw new SamlException("Error bootstrapping OpenSAML", e7);
        }
    }

    protected BaseClient<Saml2Credentials, Saml2Profile> newClient() {
        Saml2Client saml2Client = new Saml2Client();
        saml2Client.setKeystorePath(this.keystorePath);
        saml2Client.setKeystorePassword(this.keystorePassword);
        saml2Client.setPrivateKeyPassword(this.privateKeyPassword);
        saml2Client.setIdpMetadataPath(this.idpMetadataPath);
        saml2Client.setIdpEntityId(this.idpEntityId);
        saml2Client.setMaximumAuthenticationLifetime(this.maximumAuthenticationLifetime);
        saml2Client.setCallbackUrl(this.callbackUrl);
        return saml2Client;
    }

    protected boolean isDirectRedirection() {
        return false;
    }

    protected RedirectAction retrieveRedirectAction(WebContext webContext) {
        SAMLMessageContext buildSpAndIdpContext = this.contextProvider.buildSpAndIdpContext(webContext);
        String contextualCallbackUrl = getContextualCallbackUrl(webContext);
        this.handler.sendMessage(buildSpAndIdpContext, this.authnRequestBuilder.build(buildSpAndIdpContext), contextualCallbackUrl);
        return RedirectAction.success(buildSpAndIdpContext.getOutboundMessageTransport().getOutgoingContent());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: retrieveCredentials, reason: merged with bridge method [inline-methods] */
    public Saml2Credentials m1retrieveCredentials(WebContext webContext) throws RequiresHttpAction {
        ExtendedSAMLMessageContext buildSpContext = this.contextProvider.buildSpContext(webContext);
        buildSpContext.setAssertionConsumerUrl(getCallbackUrl());
        SignatureTrustEngine build = this.signatureTrustEngineProvider.build();
        Decrypter buildDecrypter = this.encryptionProvider.buildDecrypter();
        this.handler.receiveMessage(buildSpContext, build);
        this.responseValidator.validateSamlResponse(buildSpContext, build, buildDecrypter);
        return buildSaml2Credentials(buildSpContext, buildDecrypter);
    }

    private Saml2Credentials buildSaml2Credentials(ExtendedSAMLMessageContext extendedSAMLMessageContext, Decrypter decrypter) {
        NameID subjectNameIdentifier = extendedSAMLMessageContext.getSubjectNameIdentifier();
        Assertion subjectAssertion = extendedSAMLMessageContext.getSubjectAssertion();
        ArrayList arrayList = new ArrayList();
        for (AttributeStatement attributeStatement : subjectAssertion.getAttributeStatements()) {
            Iterator it = attributeStatement.getAttributes().iterator();
            while (it.hasNext()) {
                arrayList.add((Attribute) it.next());
            }
            Iterator it2 = attributeStatement.getEncryptedAttributes().iterator();
            while (it2.hasNext()) {
                try {
                    arrayList.add(decrypter.decrypt((EncryptedAttribute) it2.next()));
                } catch (DecryptionException e) {
                    logger.warn("Decryption of attribute failed, continue with the next one", e);
                }
            }
        }
        return new Saml2Credentials(subjectNameIdentifier, arrayList, getName());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Saml2Profile retrieveUserProfile(Saml2Credentials saml2Credentials, WebContext webContext) {
        Saml2Profile saml2Profile = new Saml2Profile();
        saml2Profile.setId(saml2Credentials.getNameId().getValue());
        for (Attribute attribute : saml2Credentials.getAttributes()) {
            ArrayList arrayList = new ArrayList();
            Iterator it = attribute.getAttributeValues().iterator();
            while (it.hasNext()) {
                arrayList.add(((XMLObject) it.next()).getDOM().getTextContent());
            }
            saml2Profile.addAttribute(attribute.getName(), arrayList);
        }
        return saml2Profile;
    }

    public Protocol getProtocol() {
        return Protocol.SAML;
    }

    public void setIdpMetadataPath(String str) {
        this.idpMetadataPath = str;
    }

    public void setIdpEntityId(String str) {
        this.idpEntityId = str;
    }

    public void setKeystorePath(String str) {
        this.keystorePath = str;
    }

    public void setKeystorePassword(String str) {
        this.keystorePassword = str;
    }

    public void setPrivateKeyPassword(String str) {
        this.privateKeyPassword = str;
    }

    public void setMaximumAuthenticationLifetime(Integer num) {
        this.maximumAuthenticationLifetime = num;
    }

    public String printClientMetadata() {
        init();
        return this.spMetadata;
    }
}
