package org.keycloak.protocol.saml;

import com.google.common.base.Strings;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Collections;
import org.jboss.logging.Logger;
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.saml.util.ArtifactBindingUtils;

/* loaded from: input_file:org/keycloak/protocol/saml/DefaultSamlArtifactResolver.class */
public class DefaultSamlArtifactResolver implements ArtifactResolver {
    protected static final Logger logger = Logger.getLogger(SamlService.class);

    public String resolveArtifact(AuthenticatedClientSessionModel authenticatedClientSessionModel, String str) throws ArtifactResolverProcessingException {
        String note = authenticatedClientSessionModel.getNote("SAMLart=" + str);
        authenticatedClientSessionModel.removeNote("SAMLart=" + str);
        logger.tracef("Artifact response for artifact %s, is %s", str, note);
        if (Strings.isNullOrEmpty(note)) {
            throw new ArtifactResolverProcessingException("Artifact not present in ClientSession.");
        }
        return note;
    }

    public ClientModel selectSourceClient(KeycloakSession keycloakSession, String str) throws ArtifactResolverProcessingException {
        return (ClientModel) keycloakSession.clients().searchClientsByAttributes(keycloakSession.getContext().getRealm(), Collections.singletonMap(SamlConfigAttributes.SAML_ARTIFACT_BINDING_IDENTIFIER, ArtifactBindingUtils.getArtifactBindingIdentifierString(extractSourceFromArtifact(str))), 0, 1).findFirst().orElseThrow(() -> {
            return new ArtifactResolverProcessingException("No client matching the artifact source found");
        });
    }

    public String buildArtifact(AuthenticatedClientSessionModel authenticatedClientSessionModel, String str, String str2) throws ArtifactResolverProcessingException {
        String createArtifact = createArtifact(str);
        authenticatedClientSessionModel.setNote("SAMLart=" + createArtifact, str2);
        return createArtifact;
    }

    private void assertSupportedArtifactFormat(String str) throws ArtifactResolverProcessingException {
        byte[] decode = Base64.getDecoder().decode(str);
        if (decode.length != 44) {
            throw new ArtifactResolverProcessingException("Artifact " + str + " has a length of " + decode.length + ". It should be 44");
        }
        if (decode[0] != DefaultSamlArtifactResolverFactory.TYPE_CODE[0] || decode[1] != DefaultSamlArtifactResolverFactory.TYPE_CODE[1]) {
            throw new ArtifactResolverProcessingException("Artifact " + str + " does not start with 0x0004");
        }
    }

    private byte[] extractSourceFromArtifact(String str) throws ArtifactResolverProcessingException {
        assertSupportedArtifactFormat(str);
        byte[] bArr = new byte[20];
        System.arraycopy(Base64.getDecoder().decode(str), 4, bArr, 0, bArr.length);
        return bArr;
    }

    public String createArtifact(String str) throws ArtifactResolverProcessingException {
        try {
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            byte[] computeArtifactBindingIdentifier = ArtifactBindingUtils.computeArtifactBindingIdentifier(str);
            byte[] bArr = new byte[20];
            secureRandom.nextBytes(bArr);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(DefaultSamlArtifactResolverFactory.TYPE_CODE);
            byteArrayOutputStream.write(new byte[2]);
            byteArrayOutputStream.write(computeArtifactBindingIdentifier);
            byteArrayOutputStream.write(bArr);
            return Base64.getEncoder().encodeToString(byteArrayOutputStream.toByteArray());
        } catch (IOException e) {
            throw new ArtifactResolverProcessingException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new ArtifactResolverProcessingException("JVM does not support required cryptography algorithms: SHA-1/SHA1PRNG.", e2);
        }
    }

    public void close() {
    }
}
