package com.linecorp.armeria.server.saml;

import com.linecorp.armeria.common.AggregatedHttpRequest;
import com.linecorp.armeria.common.HttpData;
import com.linecorp.armeria.common.HttpRequest;
import com.linecorp.armeria.common.HttpResponse;
import com.linecorp.armeria.common.HttpStatus;
import com.linecorp.armeria.common.MediaType;
import com.linecorp.armeria.common.QueryParams;
import com.linecorp.armeria.internal.shaded.guava.base.MoreObjects;
import com.linecorp.armeria.internal.shaded.guava.base.Strings;
import com.linecorp.armeria.internal.shaded.guava.collect.ImmutableMap;
import com.linecorp.armeria.internal.shaded.guava.collect.ImmutableSet;
import com.linecorp.armeria.server.HttpServiceWithRoutes;
import com.linecorp.armeria.server.Route;
import com.linecorp.armeria.server.RoutePathType;
import com.linecorp.armeria.server.Server;
import com.linecorp.armeria.server.ServiceConfig;
import com.linecorp.armeria.server.ServiceRequestContext;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/linecorp/armeria/server/saml/SamlService.class */
final class SamlService implements HttpServiceWithRoutes {
    private static final HttpData DATA_INCORRECT_PATH = HttpData.ofUtf8(HttpStatus.BAD_REQUEST + "\nSAML request with an incorrect path");
    private static final HttpData DATA_AGGREGATION_FAILURE = HttpData.ofUtf8(HttpStatus.BAD_REQUEST + "\nSAML request aggregation failure");
    private static final HttpData DATA_NOT_TLS = HttpData.ofUtf8(HttpStatus.BAD_REQUEST + "\nSAML request not from a TLS connection");
    private static final HttpData DATA_NOT_CLEARTEXT = HttpData.ofUtf8(HttpStatus.BAD_REQUEST + "\nSAML request not from a cleartext connection");
    private static final Logger logger = LoggerFactory.getLogger(SamlService.class);
    private final SamlServiceProvider sp;
    private final SamlPortConfigAutoFiller portConfigHolder;

    @Nullable
    private Server server;
    private final Map<String, SamlServiceFunction> serviceMap;
    private final Set<Route> routes;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/linecorp/armeria/server/saml/SamlService$SamlParameters.class */
    public static final class SamlParameters {
        private final QueryParams params;

        /* JADX INFO: Access modifiers changed from: package-private */
        public SamlParameters(AggregatedHttpRequest aggregatedHttpRequest) {
            Objects.requireNonNull(aggregatedHttpRequest, "req");
            MediaType contentType = aggregatedHttpRequest.contentType();
            if (contentType != null && contentType.belongsTo(MediaType.FORM_DATA)) {
                this.params = QueryParams.fromQueryString(aggregatedHttpRequest.content(contentType.charset(StandardCharsets.UTF_8)));
                return;
            }
            String path = aggregatedHttpRequest.path();
            int indexOf = path.indexOf(63);
            if (indexOf < 0) {
                this.params = QueryParams.of();
            } else {
                this.params = QueryParams.fromQueryString(path.substring(indexOf + 1));
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public String getFirstValue(String str) {
            String firstValueOrNull = getFirstValueOrNull(str);
            if (firstValueOrNull == null) {
                throw new InvalidSamlRequestException("failed to get the value of a parameter: " + str);
            }
            return firstValueOrNull;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Nullable
        public String getFirstValueOrNull(String str) {
            Objects.requireNonNull(str, "name");
            return Strings.emptyToNull(this.params.get(str));
        }

        public String toString() {
            return MoreObjects.toStringHelper(this).add("parameters", this.params).toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SamlService(SamlServiceProvider samlServiceProvider) {
        this.sp = (SamlServiceProvider) Objects.requireNonNull(samlServiceProvider, "sp");
        this.portConfigHolder = samlServiceProvider.portConfigAutoFiller();
        ImmutableMap.Builder builder = new ImmutableMap.Builder();
        samlServiceProvider.acsConfigs().forEach(samlAssertionConsumerConfig -> {
            builder.put(samlAssertionConsumerConfig.endpoint().uri().getPath(), new SamlAssertionConsumerFunction(samlAssertionConsumerConfig, samlServiceProvider.entityId(), samlServiceProvider.idpConfigs(), samlServiceProvider.defaultIdpConfig(), samlServiceProvider.requestIdManager(), samlServiceProvider.ssoHandler()));
        });
        samlServiceProvider.sloEndpoints().forEach(samlEndpoint -> {
            builder.put(samlEndpoint.uri().getPath(), new SamlSingleLogoutFunction(samlEndpoint, samlServiceProvider.entityId(), samlServiceProvider.signingCredential(), samlServiceProvider.signatureAlgorithm(), samlServiceProvider.idpConfigs(), samlServiceProvider.defaultIdpConfig(), samlServiceProvider.requestIdManager(), samlServiceProvider.sloHandler()));
        });
        Route metadataRoute = samlServiceProvider.metadataRoute();
        if (metadataRoute.pathType() == RoutePathType.EXACT) {
            builder.put((String) metadataRoute.paths().get(0), new SamlMetadataServiceFunction(samlServiceProvider.entityId(), samlServiceProvider.signingCredential(), samlServiceProvider.encryptionCredential(), samlServiceProvider.idpConfigs(), samlServiceProvider.acsConfigs(), samlServiceProvider.sloEndpoints()));
        }
        this.serviceMap = builder.build();
        this.routes = (Set) this.serviceMap.keySet().stream().map(str -> {
            return Route.builder().exact(str).build();
        }).collect(ImmutableSet.toImmutableSet());
    }

    public void serviceAdded(ServiceConfig serviceConfig) throws Exception {
        if (this.server != null) {
            if (this.server != serviceConfig.server()) {
                throw new IllegalStateException("cannot be added to more than one server");
            }
        } else {
            this.server = serviceConfig.server();
            this.server.addListener(this.portConfigHolder);
        }
    }

    public Set<Route> routes() {
        return this.routes;
    }

    public HttpResponse serve(ServiceRequestContext serviceRequestContext, HttpRequest httpRequest) throws Exception {
        SamlServiceFunction samlServiceFunction = this.serviceMap.get(httpRequest.path());
        if (samlServiceFunction == null) {
            return HttpResponse.of(HttpStatus.BAD_REQUEST, MediaType.PLAIN_TEXT_UTF_8, DATA_INCORRECT_PATH);
        }
        return HttpResponse.from((this.portConfigHolder.isDone() ? httpRequest.aggregate() : this.portConfigHolder.future().thenCompose(samlPortConfig -> {
            return httpRequest.aggregate();
        })).handle((aggregatedHttpRequest, th) -> {
            if (th != null) {
                logger.warn("{} Failed to aggregate a SAML request.", serviceRequestContext, th);
                return HttpResponse.of(HttpStatus.BAD_REQUEST, MediaType.PLAIN_TEXT_UTF_8, DATA_AGGREGATION_FAILURE);
            }
            SamlPortConfig config = this.portConfigHolder.config();
            boolean isTls = serviceRequestContext.sessionProtocol().isTls();
            if (config.scheme().isTls() == isTls) {
                return samlServiceFunction.serve(serviceRequestContext, aggregatedHttpRequest, (String) MoreObjects.firstNonNull(this.sp.hostname(), serviceRequestContext.config().virtualHost().defaultHostname()), config);
            }
            if (isTls) {
                logger.warn("{} Received a SAML request via a TLS connection.", serviceRequestContext);
                return HttpResponse.of(HttpStatus.BAD_REQUEST, MediaType.PLAIN_TEXT_UTF_8, DATA_NOT_CLEARTEXT);
            }
            logger.warn("{} Received a SAML request via a cleartext connection.", serviceRequestContext);
            return HttpResponse.of(HttpStatus.BAD_REQUEST, MediaType.PLAIN_TEXT_UTF_8, DATA_NOT_TLS);
        }));
    }
}
