package org.apereo.cas.support.saml.authentication.principal;

import java.io.BufferedReader;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.commons.lang3.NotImplementedException;
import org.apereo.cas.authentication.principal.AbstractServiceFactory;
import org.apereo.cas.support.saml.util.Saml10ObjectBuilder;
import org.jdom.Attribute;
import org.jdom.Document;
import org.jdom.Element;
import org.jdom.Namespace;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/apereo/cas/support/saml/authentication/principal/SamlServiceFactory.class */
public class SamlServiceFactory extends AbstractServiceFactory<SamlService> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlServiceFactory.class);
    private static final Namespace NAMESPACE_ENVELOPE = Namespace.getNamespace("http://schemas.xmlsoap.org/soap/envelope/");
    private static final Namespace NAMESPACE_SAML1 = Namespace.getNamespace("urn:oasis:names:tc:SAML:1.0:protocol");
    private final Saml10ObjectBuilder saml10ObjectBuilder;

    /* renamed from: createService, reason: merged with bridge method [inline-methods] */
    public SamlService m9createService(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        LOGGER.trace("Current request URI is [{}]", requestURI);
        if (requestURI.contains("/idp/profile/SAML2/SOAP/ECP")) {
            LOGGER.trace("The [{}] request on [{}] seems to be a SOAP ECP Request, skip creating service from it.", httpServletRequest.getMethod(), requestURI);
            return null;
        }
        String parameter = httpServletRequest.getParameter("TARGET");
        String requestBody = (requestURI.contains("/samlValidate") && httpServletRequest.getMethod().equalsIgnoreCase(HttpMethod.POST.name())) ? getRequestBody(httpServletRequest) : null;
        String str = null;
        String str2 = null;
        if (!StringUtils.hasText(parameter) && !StringUtils.hasText(requestBody)) {
            LOGGER.trace("Request does not specify a [{}] or request body is empty", "TARGET");
            return null;
        }
        String cleanupUrl = cleanupUrl(parameter);
        if (StringUtils.hasText(requestBody)) {
            LOGGER.debug("Request Body: [{}]", requestBody);
            httpServletRequest.setAttribute("SAMLRequest", requestBody);
            Saml10ObjectBuilder saml10ObjectBuilder = this.saml10ObjectBuilder;
            Document constructDocumentFromXml = Saml10ObjectBuilder.constructDocumentFromXml(requestBody);
            if (constructDocumentFromXml == null) {
                LOGGER.trace("Could not construct SAML document from request body [{}]", requestBody);
                return null;
            }
            Element child = constructDocumentFromXml.getRootElement().getChild("Body", NAMESPACE_ENVELOPE);
            if (child == null) {
                LOGGER.trace("Request body not specify a [Body] element");
                return null;
            }
            Element child2 = child.getChild("Request", NAMESPACE_SAML1);
            if (child2 == null) {
                LOGGER.trace("Request body not specify a [Request] element");
                return null;
            }
            str = child2.getChild("AssertionArtifact", NAMESPACE_SAML1).getValue().trim();
            Attribute attribute = child2.getAttribute("RequestID");
            if (attribute == null) {
                LOGGER.error("SAML request body does not specify the RequestID attribute. This is a required attribute per the schema definition and MUST be provided by the client.  RequestID needs to be unique on a per-request basis and per OWASP, it may be 16 bytes of entropy in session identifiers which have similar requirements. While CAS does allow the RequestID attribute to be optional for the time being to preserve backward compatibility, this behavior MUST be fixed by the client and future CAS versions begin to enforce the presence of RequestID more forcefully to remain compliant with schema and protocol.");
            } else {
                str2 = attribute.getValue().trim();
            }
        }
        LOGGER.debug("Extracted ArtifactId: [{}]. Extracted Request Id: [{}]", str, str2);
        SamlService samlService = new SamlService(cleanupUrl, parameter, str, str2);
        samlService.setSource("TARGET");
        return samlService;
    }

    /* renamed from: createService, reason: merged with bridge method [inline-methods] */
    public SamlService m8createService(String str) {
        throw new NotImplementedException("This operation is not supported. ");
    }

    private static String getRequestBody(HttpServletRequest httpServletRequest) {
        String str = null;
        try {
            try {
                BufferedReader reader = httpServletRequest.getReader();
                Throwable th = null;
                if (reader == null) {
                    LOGGER.debug("Request body could not be read because it's empty.");
                } else {
                    str = (String) reader.lines().collect(Collectors.joining());
                }
                if (reader != null) {
                    if (0 != 0) {
                        try {
                            reader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        reader.close();
                    }
                }
            } finally {
            }
        } catch (Exception e) {
            LOGGER.trace("Could not obtain the saml request body from the http request", e);
        }
        if (!StringUtils.hasText(str)) {
            LOGGER.trace("Looking at the request attribute [{}] to locate SAML request body", "SAMLRequest");
            str = (String) httpServletRequest.getAttribute("SAMLRequest");
            LOGGER.trace("Located cached saml request body [{}] as a request attribute", str);
        }
        return str;
    }

    @Generated
    public SamlServiceFactory(Saml10ObjectBuilder saml10ObjectBuilder) {
        this.saml10ObjectBuilder = saml10ObjectBuilder;
    }
}
