package org.wso2.carbon.identity.sso.saml;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.Collection;
import java.util.function.Predicate;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.input.BoundedInputStream;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.context.RegistryType;
import org.wso2.carbon.core.util.KeyStoreUtil;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.sso.saml.admin.SAMLSSOConfigAdmin;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderInfoDTO;
import org.wso2.carbon.identity.sso.saml.exception.IdentitySAML2ClientException;
import org.wso2.carbon.identity.sso.saml.exception.IdentitySAML2SSOException;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.security.SecurityConfigException;
import org.wso2.carbon.security.keystore.KeyStoreAdmin;
import org.wso2.carbon.security.keystore.service.KeyStoreData;
import org.wso2.carbon.user.api.ClaimMapping;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/SAMLSSOConfigServiceImpl.class */
public class SAMLSSOConfigServiceImpl {
    private static final Log log = LogFactory.getLog(SAMLSSOConfigServiceImpl.class);
    private static final String CONNECTION_TIMEOUT_XPATH = "SSOService.SAMLMetadataUrlConnectionTimeout";
    private static final String READ_TIMEOUT_XPATH = "SSOService.SAMLMetadataUrlReadTimeout";
    private static final String MAX_SIZE_XPATH = "SSOService.SAMLMetadataUrlResponseMaxSize";
    private static final int CONNECTION_TIMEOUT_IN_MILLIS = 5000;
    private static final int READ_TIMEOUT_IN_MILLIS = 5000;
    private static final int MAX_SIZE_IN_BYTES = 51200;

    public boolean addRPServiceProvider(SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO) throws IdentityException {
        try {
            return new SAMLSSOConfigAdmin(getConfigSystemRegistry()).addRelyingPartyServiceProvider(sAMLSSOServiceProviderDTO);
        } catch (IdentityException e) {
            throw handleException("Error while creating SAML SP in tenantDomain: " + getTenantDomain(), e);
        }
    }

    public SAMLSSOServiceProviderDTO createServiceProvider(SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO) throws IdentityException {
        try {
            return new SAMLSSOConfigAdmin(getConfigSystemRegistry()).addSAMLServiceProvider(sAMLSSOServiceProviderDTO);
        } catch (IdentityException e) {
            throw handleException("Error while creating SAML SP in tenantDomain: " + getTenantDomain(), e);
        }
    }

    public SAMLSSOServiceProviderDTO uploadRPServiceProvider(String str) throws IdentitySAML2SSOException {
        SAMLSSOConfigAdmin sAMLSSOConfigAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry());
        try {
            if (log.isDebugEnabled()) {
                log.debug("Creating SAML Service Provider with metadata: " + str);
            }
            return sAMLSSOConfigAdmin.uploadRelyingPartyServiceProvider(str);
        } catch (IdentityException e) {
            throw handleException("Error while uploading SAML SP metadata in tenantDomain: " + getTenantDomain(), e);
        }
    }

    public SAMLSSOServiceProviderDTO createServiceProviderWithMetadataURL(String str) throws IdentitySAML2SSOException {
        InputStream inputStream = null;
        try {
            try {
                URLConnection openConnection = new URL(str).openConnection();
                openConnection.setConnectTimeout(getConnectionTimeoutInMillis());
                openConnection.setReadTimeout(getReadTimeoutInMillis());
                inputStream = new BoundedInputStream(openConnection.getInputStream(), getMaxSizeInBytes());
                SAMLSSOServiceProviderDTO uploadRPServiceProvider = uploadRPServiceProvider(IOUtils.toString(inputStream));
                IOUtils.closeQuietly(inputStream);
                return uploadRPServiceProvider;
            } catch (IOException e) {
                throw handleIOException("Error while creating SAML service provider in tenantDomain: " + getTenantDomain(), e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    private int getConnectionTimeoutInMillis() {
        return getHttpConnectionConfigValue(CONNECTION_TIMEOUT_XPATH, 5000);
    }

    private int getReadTimeoutInMillis() {
        return getHttpConnectionConfigValue(READ_TIMEOUT_XPATH, 5000);
    }

    private int getMaxSizeInBytes() {
        return getHttpConnectionConfigValue(MAX_SIZE_XPATH, MAX_SIZE_IN_BYTES);
    }

    private int getHttpConnectionConfigValue(String str, int i) {
        int i2 = i;
        String property = IdentityUtil.getProperty(str);
        if (StringUtils.isNotBlank(property)) {
            try {
                i2 = Integer.parseInt(property);
            } catch (NumberFormatException e) {
                log.error("Provided HTTP connection config value in " + str + " should be an integer type. Value : " + property);
            }
        }
        return i2;
    }

    private IdentitySAML2SSOException handleIOException(String str, IOException iOException) {
        return new IdentitySAML2SSOException(Error.UNEXPECTED_SERVER_ERROR.getErrorCode(), str, iOException);
    }

    public SAMLSSOServiceProviderInfoDTO getServiceProviders() throws IdentityException {
        try {
            return new SAMLSSOConfigAdmin(getConfigSystemRegistry()).getServiceProviders();
        } catch (IdentityException e) {
            throw handleException("Error while retrieving SAML SPs of tenantDomain: " + getTenantDomain(), e);
        }
    }

    public SAMLSSOServiceProviderDTO getServiceProvider(String str) throws IdentityException {
        try {
            for (SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO : new SAMLSSOConfigAdmin(getConfigSystemRegistry()).getServiceProviders().getServiceProviders()) {
                if (StringUtils.equals(sAMLSSOServiceProviderDTO.getIssuer(), str)) {
                    if (log.isDebugEnabled()) {
                        log.debug("SAML SP found for issuer: " + str + " in tenantDomain: " + getTenantDomain());
                    }
                    return sAMLSSOServiceProviderDTO;
                }
            }
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("SAML SP not found for issuer: " + str + " in tenantDomain: " + getTenantDomain());
            return null;
        } catch (IdentityException e) {
            throw handleException("Error retrieving SAML SP for issuer: " + str + " of tenantDomain: " + getTenantDomain(), e);
        }
    }

    private KeyStoreData[] getKeyStores(int i) throws IdentityException {
        try {
            return new KeyStoreAdmin(i, getGovernanceRegistry()).getKeyStores(isSuperTenant(i));
        } catch (SecurityConfigException e) {
            throw new IdentityException("Error when loading the key stores from registry", e);
        }
    }

    public String[] getCertAliasOfPrimaryKeyStore() throws IdentityException {
        int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        KeyStoreData[] keyStores = getKeyStores(tenantId);
        KeyStoreData keyStoreData = null;
        Predicate<String> isPrimaryKeyStoreFunction = getIsPrimaryKeyStoreFunction(tenantId);
        int length = keyStores.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            KeyStoreData keyStoreData2 = keyStores[i];
            if (isPrimaryKeyStoreFunction.test(keyStoreData2.getKeyStoreName())) {
                keyStoreData = keyStoreData2;
                break;
            }
            i++;
        }
        if (keyStoreData != null) {
            return getStoreEntries(keyStoreData.getKeyStoreName());
        }
        throw buildServerError("Primary Keystore cannot be found for tenantDomain: " + getTenantDomain());
    }

    private Predicate<String> getIsPrimaryKeyStoreFunction(int i) {
        return isSuperTenant(i) ? KeyStoreUtil::isPrimaryStore : str -> {
            return SAMLSSOUtil.generateKSNameFromDomainName(getTenantDomain()).equals(str);
        };
    }

    private boolean isSuperTenant(int i) {
        return -1234 == i;
    }

    public String[] getSigningAlgorithmUris() {
        Collection values = IdentityApplicationManagementUtil.getXMLSignatureAlgorithms().values();
        return (String[]) values.toArray(new String[values.size()]);
    }

    public String getSigningAlgorithmUriByConfig() {
        return IdentityApplicationManagementUtil.getSigningAlgoURIByConfig();
    }

    public String[] getDigestAlgorithmURIs() {
        Collection values = IdentityApplicationManagementUtil.getXMLDigestAlgorithms().values();
        return (String[]) values.toArray(new String[values.size()]);
    }

    public String getDigestAlgorithmURIByConfig() {
        return IdentityApplicationManagementUtil.getDigestAlgoURIByConfig();
    }

    public String[] getAssertionEncryptionAlgorithmURIs() {
        Collection values = IdentityApplicationManagementUtil.getXMLAssertionEncryptionAlgorithms().values();
        return (String[]) values.toArray(new String[values.size()]);
    }

    public String getAssertionEncryptionAlgorithmURIByConfig() {
        return IdentityApplicationManagementUtil.getAssertionEncryptionAlgorithmURIByConfig();
    }

    public String[] getKeyEncryptionAlgorithmURIs() {
        Collection values = IdentityApplicationManagementUtil.getXMLKeyEncryptionAlgorithms().values();
        return (String[]) values.toArray(new String[values.size()]);
    }

    public String getKeyEncryptionAlgorithmURIByConfig() {
        return IdentityApplicationManagementUtil.getKeyEncryptionAlgorithmURIByConfig();
    }

    public boolean removeServiceProvider(String str) throws IdentityException {
        try {
            return new SAMLSSOConfigAdmin(getConfigSystemRegistry()).removeServiceProvider(str);
        } catch (IdentityException e) {
            throw handleException("Error removing SAML SP with issuer: " + str + " in tenantDomain: " + getTenantDomain(), e);
        }
    }

    public String[] getClaimURIs() throws IdentityException {
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(CarbonContext.getThreadLocalCarbonContext().getUsername());
        String tenantDomain = MultitenantUtils.getTenantDomain(tenantAwareUsername);
        try {
            ClaimMapping[] allClaimMappings = IdentityTenantUtil.getRealm(tenantDomain, tenantAwareUsername).getClaimManager().getAllClaimMappings(getClaimDialect());
            String[] strArr = new String[allClaimMappings.length];
            for (int i = 0; i < allClaimMappings.length; i++) {
                strArr[i] = allClaimMappings[i].getClaim().getClaimUri();
            }
            return strArr;
        } catch (UserStoreException e) {
            throw buildServerError("Error getting all claim URIs for tenantDomain: " + tenantDomain, e);
        } catch (IdentityException e2) {
            throw handleException("Error while getting realm for user: " + tenantAwareUsername + " of tenantDomain: " + tenantDomain, e2);
        }
    }

    private String getClaimDialect() {
        String property = IdentityUtil.getProperty("SSOService.AttributesClaimDialect");
        if (StringUtils.isBlank(property)) {
            property = SAMLSSOConstants.CLAIM_DIALECT_URL;
        }
        return property;
    }

    private String[] getStoreEntries(String str) throws IdentityException {
        try {
            return new KeyStoreAdmin(CarbonContext.getThreadLocalCarbonContext().getTenantId(), getGovernanceRegistry()).getStoreEntries(str);
        } catch (SecurityConfigException e) {
            throw new IdentityException("Error reading entries from the key store: " + str, e);
        }
    }

    protected String getTenantDomain() {
        return CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
    }

    private Registry getConfigSystemRegistry() {
        return PrivilegedCarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.SYSTEM_CONFIGURATION);
    }

    private Registry getGovernanceRegistry() {
        return CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
    }

    private IdentitySAML2SSOException handleException(String str, IdentityException identityException) {
        setErrorCodeIfNotDefined(identityException);
        return identityException instanceof IdentitySAML2SSOException ? (IdentitySAML2SSOException) identityException : new IdentitySAML2SSOException(identityException.getErrorCode(), str, identityException);
    }

    private void setErrorCodeIfNotDefined(IdentityException identityException) {
        if (identityException instanceof IdentitySAML2ClientException) {
            setErrorCode(identityException, Error.INVALID_REQUEST);
        } else {
            setErrorCode(identityException, Error.UNEXPECTED_SERVER_ERROR);
        }
    }

    private void setErrorCode(IdentityException identityException, Error error) {
        if (StringUtils.isBlank(identityException.getErrorCode())) {
            identityException.setErrorCode(error.getErrorCode());
        }
    }

    private IdentityException buildServerError(String str) {
        return new IdentityException(Error.UNEXPECTED_SERVER_ERROR.getErrorCode(), str);
    }

    private IdentityException buildServerError(String str, Exception exc) {
        return new IdentityException(Error.UNEXPECTED_SERVER_ERROR.getErrorCode(), str, exc);
    }
}
