package org.wso2.carbon.identity.application.authenticator.samlsso.logout.util;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import net.shibboleth.utilities.java.support.security.RandomIdentifierGenerationStrategy;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.joda.time.DateTime;
import org.opensaml.core.config.InitializationException;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.LogoutResponse;
import org.opensaml.saml.saml2.core.SessionIndex;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.core.StatusMessage;
import org.opensaml.saml.saml2.core.impl.IssuerBuilder;
import org.opensaml.saml.saml2.core.impl.LogoutResponseBuilder;
import org.opensaml.saml.saml2.core.impl.StatusBuilder;
import org.opensaml.saml.saml2.core.impl.StatusCodeBuilder;
import org.opensaml.saml.saml2.core.impl.StatusMessageBuilder;
import org.opensaml.security.SecurityException;
import org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException;
import org.wso2.carbon.identity.application.authenticator.samlsso.logout.context.SAMLMessageContext;
import org.wso2.carbon.identity.application.authenticator.samlsso.logout.exception.SAMLLogoutException;
import org.wso2.carbon.identity.application.authenticator.samlsso.logout.validators.LogoutReqSignatureValidator;
import org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager;
import org.wso2.carbon.identity.application.authenticator.samlsso.manager.X509CredentialImpl;
import org.wso2.carbon.identity.application.authenticator.samlsso.util.SSOConstants;
import org.wso2.carbon.identity.application.authenticator.samlsso.util.SSOUtils;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.saml.common.util.SAMLInitializer;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/samlsso/logout/util/SAMLLogoutUtil.class */
public class SAMLLogoutUtil {
    private static boolean bootStrapped = false;
    private static final Log log = LogFactory.getLog(SAMLLogoutUtil.class);

    private SAMLLogoutUtil() {
    }

    public static void doBootstrap() {
        if (bootStrapped) {
            return;
        }
        Thread currentThread = Thread.currentThread();
        ClassLoader contextClassLoader = currentThread.getContextClassLoader();
        currentThread.setContextClassLoader(new DefaultSAML2SSOManager().getClass().getClassLoader());
        try {
            SAMLInitializer.doBootstrap();
            bootStrapped = true;
        } catch (InitializationException e) {
            log.error("Error in bootstrapping the OpenSAML3 library", e);
        } finally {
            currentThread.setContextClassLoader(contextClassLoader);
        }
    }

    private static Status buildStatus(String str, String str2) {
        Status buildObject = new StatusBuilder().buildObject();
        StatusCode buildObject2 = new StatusCodeBuilder().buildObject();
        buildObject2.setValue(str);
        buildObject.setStatusCode(buildObject2);
        if (StringUtils.isNotBlank(str2)) {
            StatusMessage buildObject3 = new StatusMessageBuilder().buildObject();
            buildObject3.setMessage(str2);
            buildObject.setStatusMessage(buildObject3);
        }
        return buildObject;
    }

    private static String createID() {
        return new RandomIdentifierGenerationStrategy().generateIdentifier();
    }

    public static Map<String, String> getFederatedIdPConfigs(IdentityProvider identityProvider) {
        List asList = Arrays.asList("SPEntityId", "SSOUrl", "IsAuthnRespSigned", "IncludeCert", "IsLogoutReqSigned", "IsSLORequestAccepted");
        return (identityProvider.getDefaultAuthenticatorConfig() == null || identityProvider.getDefaultAuthenticatorConfig().getProperties() == null) ? Collections.emptyMap() : (Map) Arrays.stream(identityProvider.getDefaultAuthenticatorConfig().getProperties()).filter(property -> {
            return asList.contains(property.getName());
        }).collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, (v0) -> {
            return v0.getValue();
        }));
    }

    public static String buildErrorResponse(SAMLMessageContext sAMLMessageContext, String str, String str2, String str3) throws SAMLLogoutException {
        try {
            return SSOUtils.encode(SSOUtils.marshall(buildResponse(sAMLMessageContext, str, str2, str3)));
        } catch (SAMLSSOException e) {
            throw new SAMLLogoutException("Error Serializing the SAML Response", e);
        }
    }

    public static LogoutResponse buildResponse(SAMLMessageContext sAMLMessageContext, String str, String str2, String str3) throws SAMLLogoutException {
        try {
            doBootstrap();
            String str4 = sAMLMessageContext.getFedIdPConfigs().get("SPEntityId");
            String str5 = sAMLMessageContext.getFedIdPConfigs().get("SSOUrl");
            boolean parseBoolean = Boolean.parseBoolean(sAMLMessageContext.getFedIdPConfigs().get("IsAuthnRespSigned").toString());
            boolean parseBoolean2 = Boolean.parseBoolean(sAMLMessageContext.getFedIdPConfigs().get("IncludeCert").toString());
            LogoutResponse buildObject = new LogoutResponseBuilder().buildObject();
            buildObject.setID(createID());
            buildObject.setInResponseTo(str);
            buildObject.setIssuer(getIssuer(str4));
            buildObject.setVersion(SAMLVersion.VERSION_20);
            buildObject.setStatus(buildStatus(str2, str3));
            buildObject.setIssueInstant(new DateTime());
            buildObject.setDestination(str5);
            if (parseBoolean && SSOConstants.StatusCodes.SUCCESS_CODE.equals(str2)) {
                SSOUtils.setSignature(buildObject, (String) null, (String) null, parseBoolean2, new X509CredentialImpl(sAMLMessageContext.getTenantDomain(), (String) null));
            }
            return buildObject;
        } catch (SAMLSSOException e) {
            throw new SAMLLogoutException("Error occurred while setting the signature of logout response", e);
        }
    }

    private static Issuer getIssuer(String str) {
        Issuer buildObject = new IssuerBuilder().buildObject();
        buildObject.setValue(str);
        return buildObject;
    }

    public static boolean isValidSignature(LogoutRequest logoutRequest, SAMLMessageContext sAMLMessageContext) throws SAMLLogoutException {
        String value = logoutRequest.getIssuer().getValue();
        X509Certificate generateX509Certificate = generateX509Certificate(sAMLMessageContext.getFederatedIdP().getCertificate());
        LogoutReqSignatureValidator logoutReqSignatureValidator = new LogoutReqSignatureValidator();
        try {
            return sAMLMessageContext.getSAMLLogoutRequest().isPost() ? logoutReqSignatureValidator.validateXMLSignature(logoutRequest, new X509CredentialImpl(generateX509Certificate, value), null) : logoutReqSignatureValidator.validateSignature(sAMLMessageContext.getSAMLLogoutRequest().getQueryString(), value, generateX509Certificate);
        } catch (SecurityException | IdentityException e) {
            throw new SAMLLogoutException("Process of validating the signature failed for the logout request withissuer: " + logoutRequest.getIssuer().getValue(), e);
        }
    }

    private static X509Certificate generateX509Certificate(String str) throws SAMLLogoutException {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(str)));
        } catch (CertificateException e) {
            throw new SAMLLogoutException("Error occurred while generating X509Certificate using the string value of the certificate in IdP's properties: " + str, e);
        }
    }

    public static String getSessionIndex(LogoutRequest logoutRequest) throws SAMLLogoutException {
        if (CollectionUtils.isNotEmpty(logoutRequest.getSessionIndexes()) && StringUtils.isNotBlank(((SessionIndex) logoutRequest.getSessionIndexes().get(0)).getSessionIndex())) {
            return ((SessionIndex) logoutRequest.getSessionIndexes().get(0)).getSessionIndex();
        }
        if (log.isDebugEnabled()) {
            log.debug("Could not extract the session index from the logout request");
        }
        throw new SAMLLogoutException("Could not extract the session index from the logout request");
    }
}
