package io.asgardeo.java.saml.sdk.artifact;

import io.asgardeo.java.saml.sdk.bean.SSOAgentConfig;
import io.asgardeo.java.saml.sdk.exception.ArtifactResolutionException;
import io.asgardeo.java.saml.sdk.exception.SSOAgentException;
import io.asgardeo.java.saml.sdk.security.X509CredentialImpl;
import io.asgardeo.java.saml.sdk.util.SSOAgentConstants;
import io.asgardeo.java.saml.sdk.util.SSOAgentUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.util.Iterator;
import java.util.UUID;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.MimeHeaders;
import javax.xml.soap.SOAPBodyElement;
import javax.xml.soap.SOAPException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.joda.time.DateTime;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml2.core.Artifact;
import org.opensaml.saml.saml2.core.ArtifactResolve;
import org.opensaml.saml.saml2.core.ArtifactResponse;
import org.opensaml.saml.saml2.core.Issuer;

/* loaded from: input_file:io/asgardeo/java/saml/sdk/artifact/SAMLSSOArtifactResolutionService.class */
public class SAMLSSOArtifactResolutionService {
    private static final Log log = LogFactory.getLog(SAMLSSOArtifactResolutionService.class);
    private SSOAgentConfig ssoAgentConfig;

    public SAMLSSOArtifactResolutionService(SSOAgentConfig sSOAgentConfig) {
        this.ssoAgentConfig = sSOAgentConfig;
    }

    public ArtifactResponse getSAMLArtifactResponse(String str) throws ArtifactResolutionException {
        validateArtifactResolveConfig();
        return sendArtifactResolveRequest(generateArtifactResolveReq(str));
    }

    public ArtifactResolve generateArtifactResolveReq(String str) throws ArtifactResolutionException {
        ArtifactResolve createArtifactResolveObject = createArtifactResolveObject(str);
        if (this.ssoAgentConfig.getSAML2().isEnableArtifactResolveSigning()) {
            if (log.isDebugEnabled()) {
                log.debug("Signing artifact resolve request for the received SAML artifact: " + str);
            }
            createArtifactResolveObject = signArtifactResolveReq(createArtifactResolveObject);
        }
        if (log.isDebugEnabled()) {
            log.debug("Created Artifact Resolve object: " + createArtifactResolveObject);
        }
        return createArtifactResolveObject;
    }

    public ArtifactResponse sendArtifactResolveRequest(ArtifactResolve artifactResolve) throws ArtifactResolutionException {
        SAMLSSOSoapMessageService sAMLSSOSoapMessageService = new SAMLSSOSoapMessageService();
        try {
            String marshall = SSOAgentUtils.marshall(sAMLSSOSoapMessageService.buildSOAPMessage(artifactResolve));
            if (log.isDebugEnabled()) {
                log.debug("Artifact Resolve Request as a SOAP Message: " + marshall);
            }
            String sendSOAP = sAMLSSOSoapMessageService.sendSOAP(marshall, this.ssoAgentConfig.getSAML2().getArtifactResolveURL());
            if (log.isDebugEnabled()) {
                log.debug("Received artifact response string: " + sendSOAP);
            }
            ArtifactResponse extractArtifactResponse = extractArtifactResponse(sendSOAP);
            validateArtifactResponse(artifactResolve, extractArtifactResponse);
            return extractArtifactResponse;
        } catch (SSOAgentException e) {
            throw new ArtifactResolutionException("Encountered error marshalling SOAP message with artifact resolve, into its DOM representation", e);
        }
    }

    public ArtifactResponse extractArtifactResponse(String str) throws ArtifactResolutionException {
        ArtifactResponse artifactResponse = null;
        try {
            Iterator childElements = MessageFactory.newInstance().createMessage(new MimeHeaders(), new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8))).getSOAPBody().getChildElements();
            while (childElements.hasNext()) {
                SOAPBodyElement sOAPBodyElement = (SOAPBodyElement) childElements.next();
                if (!StringUtils.equals("urn:oasis:names:tc:SAML:2.0:protocol", sOAPBodyElement.getNamespaceURI()) || !StringUtils.equals("ArtifactResponse", sOAPBodyElement.getLocalName())) {
                    throw new ArtifactResolutionException("Received invalid artifact response with nameSpaceURI: " + sOAPBodyElement.getNamespaceURI() + " and localName: " + sOAPBodyElement.getLocalName());
                }
                DOMSource dOMSource = new DOMSource(sOAPBodyElement);
                StringWriter stringWriter = new StringWriter();
                TransformerFactory.newInstance().newTransformer().transform(dOMSource, new StreamResult(stringWriter));
                artifactResponse = (ArtifactResponse) SSOAgentUtils.unmarshall(stringWriter.toString());
                if (log.isDebugEnabled()) {
                    log.debug("Extracted Artifact Response: " + stringWriter);
                }
            }
            return artifactResponse;
        } catch (SSOAgentException e) {
            throw new ArtifactResolutionException("Encountered error unmarshalling response into SAML2 object", e);
        } catch (SOAPException | IOException | TransformerException e2) {
            throw new ArtifactResolutionException("Didn't receive valid artifact response.", e2);
        }
    }

    private void validateArtifactResponse(ArtifactResolve artifactResolve, ArtifactResponse artifactResponse) throws ArtifactResolutionException {
        if (artifactResponse == null) {
            throw new ArtifactResolutionException("Received artifact response message was null.");
        }
        String id = artifactResolve.getID();
        String inResponseTo = artifactResponse.getInResponseTo();
        if (!id.equals(inResponseTo)) {
            throw new ArtifactResolutionException("Artifact resolve ID: " + id + " is not equal to artifact response InResponseTo : " + inResponseTo);
        }
        String value = artifactResponse.getStatus().getStatusCode().getValue();
        if (!SSOAgentConstants.SAML2SSO.SUCCESS_CODE.equals(value)) {
            throw new ArtifactResolutionException("Unsuccessful artifact response with status: " + value);
        }
        if (artifactResponse.getMessage() == null) {
            throw new ArtifactResolutionException("No SAML response embedded into the artifact response.");
        }
    }

    private void validateArtifactResolveConfig() throws ArtifactResolutionException {
        if (StringUtils.isEmpty(this.ssoAgentConfig.getSAML2().getArtifactResolveURL())) {
            throw new ArtifactResolutionException("Artifact Resolve Url is not configured.");
        }
        if (StringUtils.isEmpty(this.ssoAgentConfig.getSAML2().getSPEntityId())) {
            throw new ArtifactResolutionException("Artifact Resolve Issuer is not configured.");
        }
    }

    private ArtifactResolve createArtifactResolveObject(String str) {
        XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
        ArtifactResolve buildObject = builderFactory.getBuilder(ArtifactResolve.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setVersion(SAMLVersion.VERSION_20);
        buildObject.setID(UUID.randomUUID().toString());
        buildObject.setIssueInstant(new DateTime());
        Artifact buildObject2 = builderFactory.getBuilder(Artifact.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject2.setArtifact(str);
        Issuer buildObject3 = builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject3.setValue(this.ssoAgentConfig.getSAML2().getSPEntityId());
        buildObject.setIssuer(buildObject3);
        buildObject.setArtifact(buildObject2);
        return buildObject;
    }

    private ArtifactResolve signArtifactResolveReq(ArtifactResolve artifactResolve) throws ArtifactResolutionException {
        try {
            return SSOAgentUtils.setSignature(artifactResolve, "http://www.w3.org/2000/09/xmldsig#rsa-sha1", new X509CredentialImpl(this.ssoAgentConfig.getSAML2().getSSOAgentX509Credential()));
        } catch (SSOAgentException e) {
            throw new ArtifactResolutionException("Error in signing the Artifact Resolve request", e);
        }
    }
}
