package org.pac4j.saml.client;

import java.util.ArrayList;
import java.util.Iterator;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.metadata.resolver.ChainingMetadataResolver;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.client.RedirectAction;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.HttpAction;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.saml.context.SAML2ContextProvider;
import org.pac4j.saml.context.SAML2MessageContext;
import org.pac4j.saml.context.SAMLContextProvider;
import org.pac4j.saml.credentials.SAML2Credentials;
import org.pac4j.saml.crypto.CredentialProvider;
import org.pac4j.saml.crypto.DefaultSignatureSigningParametersProvider;
import org.pac4j.saml.crypto.ExplicitSignatureTrustEngineProvider;
import org.pac4j.saml.crypto.KeyStoreCredentialProvider;
import org.pac4j.saml.crypto.KeyStoreDecryptionProvider;
import org.pac4j.saml.crypto.SAML2SignatureTrustEngineProvider;
import org.pac4j.saml.crypto.SignatureSigningParametersProvider;
import org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver;
import org.pac4j.saml.metadata.SAML2MetadataResolver;
import org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver;
import org.pac4j.saml.profile.SAML2Profile;
import org.pac4j.saml.sso.SAML2ObjectBuilder;
import org.pac4j.saml.sso.SAML2ProfileHandler;
import org.pac4j.saml.sso.SAML2ResponseValidator;
import org.pac4j.saml.sso.impl.SAML2AuthnRequestBuilder;
import org.pac4j.saml.sso.impl.SAML2DefaultResponseValidator;
import org.pac4j.saml.sso.impl.SAML2WebSSOMessageReceiver;
import org.pac4j.saml.sso.impl.SAML2WebSSOMessageSender;
import org.pac4j.saml.sso.impl.SAML2WebSSOProfileHandler;
import org.pac4j.saml.transport.Pac4jSAMLResponse;
import org.pac4j.saml.util.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:org/pac4j/saml/client/SAML2Client.class */
public class SAML2Client extends IndirectClient<SAML2Credentials, SAML2Profile> {
    protected static final Logger logger = LoggerFactory.getLogger(SAML2Client.class);
    public static final String SAML_RELAY_STATE_ATTRIBUTE = "samlRelayState";
    protected CredentialProvider credentialProvider;
    protected SAMLContextProvider contextProvider;
    protected SAML2ObjectBuilder<AuthnRequest> saml2ObjectBuilder;
    protected SignatureSigningParametersProvider signatureSigningParametersProvider;
    protected SAML2ProfileHandler<AuthnRequest> profileHandler;
    protected SAML2ResponseValidator responseValidator;
    protected SAML2SignatureTrustEngineProvider signatureTrustEngineProvider;
    protected SAML2MetadataResolver idpMetadataResolver;
    protected SAML2MetadataResolver spMetadataResolver;
    protected Decrypter decrypter;
    protected SAML2ClientConfiguration configuration;

    public SAML2Client() {
    }

    public SAML2Client(SAML2ClientConfiguration sAML2ClientConfiguration) {
        this.configuration = sAML2ClientConfiguration;
    }

    protected void internalInit(WebContext webContext) {
        CommonHelper.assertNotBlank("callbackUrl", this.callbackUrl);
        initCredentialProvider();
        initDecrypter();
        initSignatureSigningParametersProvider();
        ChainingMetadataResolver initChainingMetadataResolver = initChainingMetadataResolver(initIdentityProviderMetadataResolver(), initServiceProviderMetadataResolver(webContext));
        initSAMLContextProvider(initChainingMetadataResolver);
        initSAMLObjectBuilder();
        initSignatureTrustEngineProvider(initChainingMetadataResolver);
        initSAMLResponseValidator();
        initSAMLProfileHandler();
    }

    protected void initSAMLProfileHandler() {
        this.profileHandler = new SAML2WebSSOProfileHandler(new SAML2WebSSOMessageSender(this.signatureSigningParametersProvider, this.configuration.getDestinationBindingType(), this.configuration.isForceSignRedirectBindingAuthnRequest()), new SAML2WebSSOMessageReceiver(this.responseValidator));
    }

    protected void initSAMLResponseValidator() {
        this.responseValidator = new SAML2DefaultResponseValidator(this.signatureTrustEngineProvider, this.decrypter, this.configuration.getMaximumAuthenticationLifetime(), this.configuration.getWantsAssertionsSigned());
    }

    protected void initSignatureTrustEngineProvider(MetadataResolver metadataResolver) {
        this.signatureTrustEngineProvider = new ExplicitSignatureTrustEngineProvider(metadataResolver);
    }

    protected void initSAMLObjectBuilder() {
        this.saml2ObjectBuilder = new SAML2AuthnRequestBuilder(this.configuration.isForceAuth(), this.configuration.getComparisonType(), this.configuration.getDestinationBindingType(), this.configuration.getAuthnContextClassRef(), this.configuration.getNameIdPolicyFormat());
    }

    protected void initSAMLContextProvider(MetadataResolver metadataResolver) {
        this.contextProvider = new SAML2ContextProvider(metadataResolver, this.idpMetadataResolver, this.spMetadataResolver, this.configuration.getSamlMessageStorageFactory());
    }

    protected MetadataResolver initServiceProviderMetadataResolver(WebContext webContext) {
        this.spMetadataResolver = new SAML2ServiceProviderMetadataResolver(this.configuration, computeFinalCallbackUrl(webContext), this.credentialProvider);
        return this.spMetadataResolver.resolve();
    }

    protected MetadataResolver initIdentityProviderMetadataResolver() {
        this.idpMetadataResolver = new SAML2IdentityProviderMetadataResolver(this.configuration);
        return this.idpMetadataResolver.resolve();
    }

    protected void initCredentialProvider() {
        this.credentialProvider = new KeyStoreCredentialProvider(this.configuration);
    }

    protected void initDecrypter() {
        this.decrypter = new KeyStoreDecryptionProvider(this.credentialProvider).build();
    }

    protected void initSignatureSigningParametersProvider() {
        this.signatureSigningParametersProvider = new DefaultSignatureSigningParametersProvider(this.credentialProvider, this.configuration);
    }

    protected ChainingMetadataResolver initChainingMetadataResolver(MetadataResolver metadataResolver, MetadataResolver metadataResolver2) {
        ChainingMetadataResolver chainingMetadataResolver = new ChainingMetadataResolver();
        chainingMetadataResolver.setId(ChainingMetadataResolver.class.getCanonicalName());
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(metadataResolver);
            arrayList.add(metadataResolver2);
            chainingMetadataResolver.setResolvers(arrayList);
            chainingMetadataResolver.initialize();
            return chainingMetadataResolver;
        } catch (ComponentInitializationException e) {
            throw new TechnicalException("Error initializing manager", e);
        } catch (ResolverException e2) {
            throw new TechnicalException("Error adding idp or sp metadatas to manager", e2);
        }
    }

    protected RedirectAction retrieveRedirectAction(WebContext webContext) throws HttpAction {
        SAML2MessageContext buildContext = this.contextProvider.buildContext(webContext);
        this.profileHandler.send(buildContext, this.saml2ObjectBuilder.build(buildContext), getStateParameter(webContext));
        Pac4jSAMLResponse profileRequestContextOutboundMessageTransportResponse = buildContext.getProfileRequestContextOutboundMessageTransportResponse();
        return this.configuration.getDestinationBindingType().equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST") ? RedirectAction.success(profileRequestContextOutboundMessageTransportResponse.getOutgoingContent()) : RedirectAction.redirect(profileRequestContextOutboundMessageTransportResponse.getRedirectUrl());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: retrieveCredentials, reason: merged with bridge method [inline-methods] */
    public SAML2Credentials m1retrieveCredentials(WebContext webContext) throws HttpAction {
        SAML2Credentials sAML2Credentials = (SAML2Credentials) this.profileHandler.receive(this.contextProvider.buildContext(webContext));
        sAML2Credentials.setClientName(getName());
        return sAML2Credentials;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SAML2Profile retrieveUserProfile(SAML2Credentials sAML2Credentials, WebContext webContext) throws HttpAction {
        SAML2Profile sAML2Profile = new SAML2Profile();
        sAML2Profile.setId(sAML2Credentials.getNameId().getValue());
        sAML2Profile.addAttribute("sessionindex", sAML2Credentials.getSessionIndex());
        for (Attribute attribute : sAML2Credentials.getAttributes()) {
            logger.debug("Processing profile attribute {}", attribute);
            ArrayList arrayList = new ArrayList();
            Iterator it = attribute.getAttributeValues().iterator();
            while (it.hasNext()) {
                Element dom = ((XMLObject) it.next()).getDOM();
                if (dom != null) {
                    String textContent = dom.getTextContent();
                    logger.debug("Adding attribute value {} for attribute {}", textContent, attribute.getFriendlyName());
                    arrayList.add(textContent);
                } else {
                    logger.warn("Attribute value DOM element is null for {}", attribute);
                }
            }
            if (arrayList.isEmpty()) {
                logger.debug("No attribute values found for {}", attribute.getName());
            } else {
                sAML2Profile.addAttribute(attribute.getName(), arrayList);
            }
        }
        return sAML2Profile;
    }

    protected String getStateParameter(WebContext webContext) {
        String str = (String) webContext.getSessionAttribute(SAML_RELAY_STATE_ATTRIBUTE);
        webContext.setSessionAttribute(SAML_RELAY_STATE_ATTRIBUTE, "");
        return str == null ? computeFinalCallbackUrl(webContext) : str;
    }

    public final SAML2ResponseValidator getResponseValidator() {
        return this.responseValidator;
    }

    public final SAML2MetadataResolver getServiceProviderMetadataResolver() {
        return this.spMetadataResolver;
    }

    public final SAML2MetadataResolver getIdentityProviderMetadataResolver() {
        return this.idpMetadataResolver;
    }

    public final String getIdentityProviderResolvedEntityId() {
        return this.idpMetadataResolver.getEntityId();
    }

    public final String getServiceProviderResolvedEntityId() {
        return this.spMetadataResolver.getEntityId();
    }

    public void setConfiguration(SAML2ClientConfiguration sAML2ClientConfiguration) {
        this.configuration = sAML2ClientConfiguration;
    }

    public final SAML2ClientConfiguration getConfiguration() {
        return this.configuration;
    }

    static {
        CommonHelper.assertNotNull("parserPool", Configuration.getParserPool());
        CommonHelper.assertNotNull("marshallerFactory", Configuration.getMarshallerFactory());
        CommonHelper.assertNotNull("unmarshallerFactory", Configuration.getUnmarshallerFactory());
        CommonHelper.assertNotNull("builderFactory", Configuration.getBuilderFactory());
    }
}
