package org.wso2.carbon.identity.application.authenticator.samlsso;

import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.owasp.encoder.Encode;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorStateInfo;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationContextProperty;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException;
import org.wso2.carbon.identity.application.authenticator.samlsso.internal.SAMLSSOAuthenticatorServiceComponent;
import org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager;
import org.wso2.carbon.identity.application.authenticator.samlsso.manager.SAML2SSOManager;
import org.wso2.carbon.identity.application.authenticator.samlsso.model.StateInfo;
import org.wso2.carbon.identity.application.authenticator.samlsso.util.SSOConstants;
import org.wso2.carbon.identity.application.authenticator.samlsso.util.SSOErrorConstants;
import org.wso2.carbon.identity.application.authenticator.samlsso.util.SSOUtils;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.SubProperty;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.utils.DiagnosticLog;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/samlsso/SAMLSSOAuthenticator.class */
public class SAMLSSOAuthenticator extends AbstractApplicationAuthenticator implements FederatedApplicationAuthenticator {
    private static final long serialVersionUID = -8097512332218044859L;
    public static final String AS_REQUEST = "AS_REQUEST";
    public static final String AUTHENTICATION_CONTEXT = "AUTHENTICATION_CONTEXT";
    private static final String AS_RESPONSE = "AS_RESPONSE";
    private static final String AUTH_PARAM = "$authparam";
    private String[] samlNameIdFormats = {"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", SSOConstants.ISSUER_FORMAT, "urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"};
    private static final String DYNAMIC_AUTH_PARAMS_LOOKUP_REGEX = "\\$authparam\\{(\\w+)}";
    private static final Pattern authParamDynamicQueryPattern = Pattern.compile(DYNAMIC_AUTH_PARAMS_LOOKUP_REGEX);
    private static final Log log = LogFactory.getLog(SAMLSSOAuthenticator.class);

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        if (log.isTraceEnabled()) {
            log.trace("Inside canHandle()");
        }
        boolean z = (httpServletRequest.getParameter(SSOConstants.HTTP_POST_PARAM_SAML2_RESP) == null && httpServletRequest.getParameter(SSOConstants.HTTP_POST_PARAM_SAML2_ARTIFACT_ID) == null) ? false : true;
        if (z && LoggerUtils.isDiagnosticLogsEnabled()) {
            DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(SSOConstants.LogConstants.OUTBOUND_AUTH_SAMLSSO_SERVICE, "handle-authentication-step");
            diagnosticLogBuilder.resultStatus(DiagnosticLog.ResultStatus.SUCCESS).logDetailLevel(DiagnosticLog.LogDetailLevel.INTERNAL_SYSTEM).resultMessage("Outbound SAML authenticator handling the authentication.");
            LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
        }
        return z;
    }

    /* JADX WARN: Type inference failed for: r17v0, types: [java.lang.Throwable, org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException] */
    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(SSOConstants.LogConstants.OUTBOUND_AUTH_SAMLSSO_SERVICE, SSOConstants.LogConstants.ActionIDs.INITIATE_OUTBOUND_AUTH_REQUEST);
            diagnosticLogBuilder.resultMessage("Initiate outbound saml authentication request.").logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION).resultStatus(DiagnosticLog.ResultStatus.SUCCESS).inputParam("step", Integer.valueOf(authenticationContext.getCurrentStep())).inputParams(getApplicationDetails(authenticationContext));
            LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
        }
        Map<String, String> authenticatorProperties = authenticationContext.getAuthenticatorProperties();
        String str = authenticatorProperties.get("SSOUrl");
        boolean z = false;
        DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder2 = null;
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            diagnosticLogBuilder2 = new DiagnosticLog.DiagnosticLogBuilder(SSOConstants.LogConstants.OUTBOUND_AUTH_SAMLSSO_SERVICE, SSOConstants.LogConstants.ActionIDs.INITIATE_OUTBOUND_AUTH_REQUEST);
            diagnosticLogBuilder2.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION).resultStatus(DiagnosticLog.ResultStatus.SUCCESS).inputParam("step", Integer.valueOf(authenticationContext.getCurrentStep())).inputParam("authenticator properties", authenticatorProperties.keySet()).inputParams(getApplicationDetails(authenticationContext));
        }
        try {
            String str2 = authenticatorProperties.get("RequestMethod");
            if (str2 != null && str2.trim().length() != 0) {
                if ("POST".equalsIgnoreCase(str2)) {
                    z = true;
                } else if (AS_REQUEST.equalsIgnoreCase(str2)) {
                    z = authenticationContext.getAuthenticationRequest().isPost();
                }
            }
            resolveDynamicParameter(httpServletRequest, authenticationContext);
            if (z) {
                sendPostRequest(httpServletRequest, httpServletResponse, false, str, authenticationContext, diagnosticLogBuilder2);
            } else {
                SAML2SSOManager sAML2SSOManagerInstance = getSAML2SSOManagerInstance();
                sAML2SSOManagerInstance.init(authenticationContext.getTenantDomain(), authenticationContext.getAuthenticatorProperties(), authenticationContext.getExternalIdP().getIdentityProvider());
                generateAuthenticationRequest(httpServletRequest, httpServletResponse, sAML2SSOManagerInstance.buildRequest(httpServletRequest, false, false, str, authenticationContext), authenticatorProperties, diagnosticLogBuilder2);
            }
            if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder2 != null) {
                diagnosticLogBuilder2.resultMessage("Outbound SAML authentication request sent to the IDP.");
                LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder2);
            }
        } catch (UnsupportedEncodingException e) {
            throw new AuthenticationFailedException(SSOErrorConstants.ErrorMessages.UNSUPPORTED_ENCODING_EXCEPTION.getCode(), e.getMessage(), e);
        } catch (SAMLSSOException e2) {
            throw new AuthenticationFailedException(e2.getErrorCode(), e2.getMessage(), (Throwable) e2);
        }
    }

    private void resolveDynamicParameter(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext) throws UnsupportedEncodingException {
        String str = (String) authenticationContext.getAuthenticatorProperties().get("commonAuthQueryParams");
        if (str != null) {
            authenticationContext.getAuthenticatorProperties().put("commonAuthQueryParams", getResolvedQueryParams(httpServletRequest, authenticationContext, str));
        }
    }

    private String getResolvedQueryParams(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext, String str) throws UnsupportedEncodingException {
        Map<String, String> queryMap = SSOUtils.getQueryMap(str);
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, String> entry : queryMap.entrySet()) {
            String resolvedQueryParamValue = getResolvedQueryParamValue(httpServletRequest, authenticationContext, entry);
            if (sb.length() > 0) {
                sb.append('&');
            }
            sb.append(URLEncoder.encode(entry.getKey(), StandardCharsets.UTF_8.name())).append("=").append(URLEncoder.encode(resolvedQueryParamValue, StandardCharsets.UTF_8.name()));
        }
        return sb.toString();
    }

    private String getResolvedQueryParamValue(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext, Map.Entry<String, String> entry) {
        String value = entry.getValue();
        if (isDynamicQueryParam(value)) {
            String removeEnclosingParenthesis = removeEnclosingParenthesis(value);
            String[] requestQueryParam = authenticationContext.getAuthenticationRequest().getRequestQueryParam(removeEnclosingParenthesis);
            String parameter = httpServletRequest.getParameter(removeEnclosingParenthesis);
            value = ArrayUtils.isNotEmpty(requestQueryParam) ? requestQueryParam[0] : StringUtils.isNotBlank(parameter) ? parameter : "";
        } else if (isDynamicAuthContextParam(value)) {
            Matcher matcher = authParamDynamicQueryPattern.matcher(value);
            if (!matcher.find()) {
                return "";
            }
            String str = (String) getRuntimeParams(authenticationContext).get(matcher.group(1));
            if (!StringUtils.isNotEmpty(str)) {
                return "";
            }
            if (log.isDebugEnabled()) {
                log.debug(entry.getKey() + "=" + entry.getValue() + " was replaced as " + entry.getKey() + "=" + str);
            }
            return str;
        }
        return value;
    }

    private boolean isDynamicAuthContextParam(String str) {
        return StringUtils.startsWith(str, AUTH_PARAM);
    }

    private String removeEnclosingParenthesis(String str) {
        return isEnclosedWithParenthesis(str) ? str.substring(1, str.length() - 1) : str;
    }

    private boolean isDynamicQueryParam(String str) {
        return isEnclosedWithParenthesis(str) && str.length() > 2;
    }

    private boolean isEnclosedWithParenthesis(String str) {
        return StringUtils.startsWith(str, "{") && StringUtils.endsWith(str, "}");
    }

    private void generateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Map<String, String> map, DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder) throws AuthenticationFailedException {
        String str2;
        try {
            if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
                diagnosticLogBuilder.inputParam(SSOConstants.LogConstants.InputKeys.IS_POST, false);
            }
            String parameter = httpServletRequest.getParameter("domain");
            if (parameter != null) {
                str = str + "&fidp=" + parameter;
            }
            if (map != null && (str2 = map.get("commonAuthQueryParams")) != null) {
                if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
                    diagnosticLogBuilder.inputParam("query params", str2);
                }
                str = !str2.startsWith("&") ? str + "&" + str2 : str + str2;
            }
            httpServletResponse.sendRedirect(str);
        } catch (IOException e) {
            throw new AuthenticationFailedException(SSOErrorConstants.ErrorMessages.IO_ERROR.getCode(), "Error while sending the redirect to federated SAML IdP.", e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v74, types: [java.util.List] */
    /* JADX WARN: Type inference failed for: r12v0, types: [java.lang.Throwable, org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException] */
    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        ArrayList arrayList;
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(SSOConstants.LogConstants.OUTBOUND_AUTH_SAMLSSO_SERVICE, SSOConstants.LogConstants.ActionIDs.PROCESS_AUTHENTICATION_RESPONSE);
            diagnosticLogBuilder.resultMessage("Processing outbound saml authentication response.").logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION).resultStatus(DiagnosticLog.ResultStatus.SUCCESS).inputParam("step", Integer.valueOf(authenticationContext.getCurrentStep())).inputParams(getApplicationDetails(authenticationContext));
            LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
        }
        String str = null;
        try {
            try {
                SAML2SSOManager sAML2SSOManagerInstance = getSAML2SSOManagerInstance();
                sAML2SSOManagerInstance.init(authenticationContext.getTenantDomain(), authenticationContext.getAuthenticatorProperties(), authenticationContext.getExternalIdP().getIdentityProvider());
                httpServletRequest.setAttribute(AUTHENTICATION_CONTEXT, authenticationContext);
                sAML2SSOManagerInstance.processResponse(httpServletRequest);
                Map map = (Map) httpServletRequest.getSession(false).getAttribute("samlssoAttributes");
                if ("true".equalsIgnoreCase((String) authenticationContext.getAuthenticatorProperties().get("IsUserIdInClaims"))) {
                    str = FrameworkUtils.getFederatedSubjectFromClaims(authenticationContext.getExternalIdP().getIdentityProvider(), map);
                    if (str == null) {
                        log.warn("Subject claim could not be found amongst attribute statements. Defaulting to Name Identifier.");
                    }
                }
                if (str == null) {
                    str = (String) httpServletRequest.getSession().getAttribute("username");
                }
                if (StringUtils.isBlank(str)) {
                    throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.FEDERATED_USER_IDENTIFIER_NOT_FOUND.getCode(), SSOErrorConstants.ErrorMessages.FEDERATED_USER_IDENTIFIER_NOT_FOUND.getMessage());
                }
                Object attribute = httpServletRequest.getSession(false).getAttribute(SSOConstants.IDP_SESSION);
                String str2 = (String) httpServletRequest.getSession().getAttribute(SSOConstants.NAME_QUALIFIER);
                String str3 = (String) httpServletRequest.getSession().getAttribute(SSOConstants.SP_NAME_QUALIFIER);
                String str4 = null;
                if (attribute != null) {
                    str4 = (String) attribute;
                }
                StateInfo stateInfo = new StateInfo();
                stateInfo.setSessionIndex(str4);
                stateInfo.setSubject(str);
                stateInfo.setNameQualifier(str2);
                stateInfo.setSpNameQualifier(str3);
                authenticationContext.setStateInfo(stateInfo);
                authenticationContext.setProperty("FederatedIdPSessionIndex_" + authenticationContext.getExternalIdP().getIdentityProvider().getIdentityProviderName(), str4);
                if (AS_RESPONSE.equalsIgnoreCase((String) authenticationContext.getAuthenticatorProperties().get("ResponseAuthnContextClassRef"))) {
                    if (log.isDebugEnabled()) {
                        log.debug("AuthnContextClassRefs received with SAML response from the IdP '" + authenticationContext.getExternalIdP().getIdPName() + "' is passed to service provider.");
                    }
                    if (httpServletRequest.getSession().getAttribute(SSOConstants.AUTHN_CONTEXT_CLASS_REF) != null) {
                        AuthenticationContextProperty authenticationContextProperty = new AuthenticationContextProperty(authenticationContext.getExternalIdP().getIdPName(), SSOConstants.AUTHN_CONTEXT_CLASS_REF, httpServletRequest.getSession().getAttribute(SSOConstants.AUTHN_CONTEXT_CLASS_REF));
                        if (authenticationContext.getProperty("AUTHENTICATION_CONTEXT_PROPERTIES") != null) {
                            arrayList = (List) authenticationContext.getProperty("AUTHENTICATION_CONTEXT_PROPERTIES");
                        } else {
                            arrayList = new ArrayList();
                            authenticationContext.setProperty("AUTHENTICATION_CONTEXT_PROPERTIES", arrayList);
                        }
                        arrayList.add(authenticationContextProperty);
                    }
                }
                AuthenticatedUser createFederateAuthenticatedUserFromSubjectIdentifier = AuthenticatedUser.createFederateAuthenticatedUserFromSubjectIdentifier(str);
                createFederateAuthenticatedUserFromSubjectIdentifier.setUserAttributes(map);
                authenticationContext.setSubject(createFederateAuthenticatedUserFromSubjectIdentifier);
                if (LoggerUtils.isDiagnosticLogsEnabled()) {
                    DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder2 = new DiagnosticLog.DiagnosticLogBuilder(SSOConstants.LogConstants.OUTBOUND_AUTH_SAMLSSO_SERVICE, SSOConstants.LogConstants.ActionIDs.PROCESS_AUTHENTICATION_RESPONSE);
                    diagnosticLogBuilder2.resultMessage("Successfully completed the outbound saml authentication response.").logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION).resultStatus(DiagnosticLog.ResultStatus.SUCCESS).inputParam("step", Integer.valueOf(authenticationContext.getCurrentStep())).inputParams(getApplicationDetails(authenticationContext));
                    adduserAttributesToDiagnosticLog(createFederateAuthenticatedUserFromSubjectIdentifier, diagnosticLogBuilder2);
                    LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder2);
                }
            } catch (SAMLSSOException e) {
                throw new AuthenticationFailedException(e.getErrorCode(), e.getMessage(), (Throwable) e);
            }
        } finally {
            httpServletRequest.removeAttribute(AUTHENTICATION_CONTEXT);
        }
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        if (log.isTraceEnabled()) {
            log.trace("Inside getContextIdentifier()");
        }
        String parameter = httpServletRequest.getParameter("sessionDataKey");
        if (parameter == null) {
            parameter = httpServletRequest.getParameter(SSOConstants.RELAY_STATE);
            if (parameter != null) {
                try {
                    return URLDecoder.decode(parameter, "UTF-8");
                } catch (UnsupportedEncodingException e) {
                    log.error("Exception while URL decoding the Relay State", e);
                }
            }
        }
        return parameter;
    }

    public String getFriendlyName() {
        return SSOConstants.AUTHENTICATOR_FRIENDLY_NAME;
    }

    public String getName() {
        return SSOConstants.AUTHENTICATOR_NAME;
    }

    protected void initiateLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws LogoutFailedException {
        if (!Boolean.parseBoolean((String) authenticationContext.getAuthenticatorProperties().get("IsLogoutEnabled"))) {
            throw new UnsupportedOperationException();
        }
        String str = (String) authenticationContext.getAuthenticatorProperties().get("LogoutReqUrl");
        if (StringUtils.isBlank(str)) {
            str = (String) authenticationContext.getAuthenticatorProperties().get("SSOUrl");
        }
        if (StringUtils.isBlank(str)) {
            throw new LogoutFailedException("Logout is enabled for the IdP but Logout URL is not configured");
        }
        AuthenticatorStateInfo stateInfo = authenticationContext.getStateInfo();
        if (stateInfo instanceof StateInfo) {
            httpServletRequest.getSession().setAttribute(SSOConstants.LOGOUT_SESSION_INDEX, ((StateInfo) stateInfo).getSessionIndex());
            httpServletRequest.getSession().setAttribute(SSOConstants.LOGOUT_USERNAME, ((StateInfo) stateInfo).getSubject());
            httpServletRequest.getSession().setAttribute(SSOConstants.NAME_QUALIFIER, ((StateInfo) stateInfo).getNameQualifier());
            httpServletRequest.getSession().setAttribute(SSOConstants.SP_NAME_QUALIFIER, ((StateInfo) stateInfo).getSpNameQualifier());
        }
        try {
            SAML2SSOManager sAML2SSOManagerInstance = getSAML2SSOManagerInstance();
            sAML2SSOManagerInstance.init(authenticationContext.getTenantDomain(), authenticationContext.getAuthenticatorProperties(), authenticationContext.getExternalIdP().getIdentityProvider());
            boolean z = false;
            String str2 = (String) authenticationContext.getAuthenticatorProperties().get("RequestMethod");
            if (str2 != null && str2.trim().length() != 0) {
                if ("POST".equalsIgnoreCase(str2)) {
                    z = true;
                } else if (AS_REQUEST.equalsIgnoreCase(str2)) {
                    z = authenticationContext.getAuthenticationRequest().isPost();
                }
            }
            if (z) {
                sendPostRequest(httpServletRequest, httpServletResponse, true, str, authenticationContext, null);
            } else {
                httpServletResponse.sendRedirect(sAML2SSOManagerInstance.buildRequest(httpServletRequest, true, false, str, authenticationContext));
            }
        } catch (IOException | SAMLSSOException e) {
            throw new LogoutFailedException(e.getMessage(), e);
        }
    }

    protected void processLogoutResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) {
        throw new UnsupportedOperationException();
    }

    public List<Property> getConfigurationProperties() {
        ArrayList arrayList = new ArrayList();
        Property property = new Property();
        property.setName("SPEntityId");
        property.setDisplayName("Service Provider Entity ID");
        property.setRequired(true);
        property.setDescription("Enter the service provider's entity identifier value");
        property.setType("string");
        property.setDisplayOrder(1);
        arrayList.add(property);
        Property property2 = new Property();
        property2.setName("NameIDType");
        property2.setDisplayName("NameID format");
        property2.setRequired(true);
        property2.setDescription("NameID format to be used in the SAML request");
        property2.setType("string");
        property2.setDisplayOrder(2);
        property2.setOptions(this.samlNameIdFormats);
        property2.setDefaultValue("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        arrayList.add(property2);
        Property property3 = new Property();
        property3.setName("SelectMode");
        property3.setDisplayName("Select Mode");
        property3.setDescription("Select the input method for SAML configuration");
        property3.setType("string");
        property3.setOptions(new String[]{"Manual Configuration", "Metadata File Configuration"});
        property3.setDefaultValue("Manual Configuration");
        property3.setDisplayOrder(3);
        arrayList.add(property3);
        Property property4 = new Property();
        property4.setName("meta_data_saml");
        property4.setDisplayName("SAML Metadata File");
        property4.setDescription("Base-64 encoded metadata file content for SAML configuration");
        property4.setType("string");
        property4.setDisplayOrder(4);
        arrayList.add(property4);
        Property property5 = new Property();
        property5.setName("IdPEntityId");
        property5.setDisplayName("Identity Provider Entity ID");
        property5.setRequired(true);
        property5.setDescription("Enter identity provider's entity identifier value. This should be a valid URI/URL.");
        property5.setType("string");
        property5.setDisplayOrder(5);
        arrayList.add(property5);
        Property property6 = new Property();
        property6.setName("SSOUrl");
        property6.setDisplayName("SSO URL");
        property6.setRequired(true);
        property6.setDescription("Enter identity provider's SAML2 Web SSO URL value");
        property6.setType("string");
        property6.setDisplayOrder(6);
        arrayList.add(property6);
        Property property7 = new Property();
        property7.setName("ACSUrl");
        property7.setDisplayName("ACS URL");
        property7.setRequired(false);
        property7.setDescription("Enter service provider's SAML2 ACS URL value");
        property7.setType("string");
        property7.setDisplayOrder(7);
        arrayList.add(property7);
        Property property8 = new Property();
        property8.setName("ISAuthnReqSigned");
        property8.setDisplayName("Enable Authentication Request Signing");
        property8.setRequired(false);
        property8.setDescription("Specifies if the SAML2 authentication request to the identity provider must be signed or not");
        property8.setType("boolean");
        property8.setDisplayOrder(8);
        arrayList.add(property8);
        Property property9 = new Property();
        property9.setName("IsAssertionEncrypted");
        property9.setDisplayName("Enable Assertion Encryption");
        property9.setRequired(false);
        property9.setDescription("Specify if SAMLAssertion element is encrypted");
        property9.setType("boolean");
        property9.setDisplayOrder(9);
        arrayList.add(property9);
        Property property10 = new Property();
        property10.setName("isAssertionSigned");
        property10.setDisplayName("Enable Assertion Signing");
        property10.setRequired(false);
        property10.setDescription("Specify if SAMLAssertion element is signed");
        property10.setType("boolean");
        property10.setDisplayOrder(10);
        arrayList.add(property10);
        Property property11 = new Property();
        property11.setName("IsLogoutEnabled");
        property11.setDisplayName("Enable Logout");
        property11.setRequired(false);
        property11.setDescription("Specifies if logout/single Logout is enabled for this identity provider");
        property11.setType("boolean");
        property11.setDisplayOrder(11);
        arrayList.add(property11);
        Property property12 = new Property();
        property12.setName("IsSLORequestAccepted");
        property12.setDisplayName("Enable Logout Request Accepting");
        property12.setRequired(false);
        property12.setDescription("Specifies if single logout request from the identity provider is accepted");
        property12.setType("boolean");
        property12.setDisplayOrder(12);
        arrayList.add(property12);
        Property property13 = new Property();
        property13.setName("LogoutReqUrl");
        property13.setDisplayName("Logout Url");
        property13.setRequired(false);
        property13.setDescription("Enter identity provider's logout URL value if it is different from the SSO Url");
        property13.setType("string");
        property13.setDisplayOrder(13);
        arrayList.add(property13);
        Property property14 = new Property();
        property14.setName("IsLogoutReqSigned");
        property14.setDisplayName("Enable Logout Request Signing");
        property14.setRequired(false);
        property14.setDescription("Specifies if SAML2 logout request to the identity provider must be signed or not");
        property14.setType("boolean");
        property14.setDisplayOrder(14);
        arrayList.add(property14);
        Property property15 = new Property();
        property15.setName("IsAuthnRespSigned");
        property15.setDisplayName("Enable Authentication Response Signing");
        property15.setRequired(false);
        property15.setDescription("Specifies if SAML2 authentication response from the identity provider must be signed or not");
        property15.setType("boolean");
        property15.setDisplayOrder(15);
        arrayList.add(property15);
        Property property16 = new Property();
        property16.setName("ISArtifactBindingEnabled");
        property16.setDisplayName(" Enable Artifact Binding");
        property16.setRequired(false);
        property16.setDescription("Specifies if SAML2 Artifact Binding is enabled from IDP");
        property16.setType("boolean");
        property16.setDisplayOrder(16);
        SubProperty subProperty = new SubProperty();
        subProperty.setName("ArtifactResolveUrl");
        subProperty.setDisplayName("Artifact Resolve Endpoint Url");
        subProperty.setRequired(false);
        subProperty.setDescription("Specify the Artifact Resolve Endpoint Url");
        subProperty.setType("string");
        subProperty.setDisplayOrder(17);
        SubProperty subProperty2 = new SubProperty();
        subProperty2.setName("ISArtifactResolveReqSigned");
        subProperty2.setDisplayName("Enable Artifact Resolve Request Signing");
        subProperty2.setRequired(false);
        subProperty2.setDescription(" Specifies if the SAML2 artifact resolve request to the identity provider must be signed or not");
        subProperty2.setType("boolean");
        subProperty2.setDisplayOrder(18);
        SubProperty subProperty3 = new SubProperty();
        subProperty3.setName("ISArtifactResponseSigned");
        subProperty3.setDisplayName("Enable Artifact Response Signing");
        subProperty3.setRequired(false);
        subProperty3.setDescription("Specifies if the SAML2 artifact response from the identity provider will be signed or not");
        subProperty3.setType("boolean");
        subProperty3.setDisplayOrder(19);
        property16.setSubProperties(new SubProperty[]{subProperty, subProperty2, subProperty3});
        arrayList.add(property16);
        Property property17 = new Property();
        property17.setName("SignatureAlgorithm");
        property17.setDisplayName("Signature Algorithm");
        property17.setRequired(false);
        property17.setDescription("Specifies the SignatureMethod Algorithm");
        property17.setType("string");
        property17.setDisplayOrder(20);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add("DSA with SHA1");
        arrayList2.add("RSA with SHA1");
        arrayList2.add("ECDSA with SHA1");
        arrayList2.add("ECDSA with SHA256");
        arrayList2.add("ECDSA with SHA384");
        arrayList2.add("ECDSA with SHA512");
        arrayList2.add("RSA with MD5");
        arrayList2.add("RSA with RIPEMD160");
        arrayList2.add("RSA with SHA256");
        arrayList2.add("RSA with SHA384");
        arrayList2.add("RSA with SHA512");
        property17.setOptions((String[]) arrayList2.toArray(new String[0]));
        property17.setDefaultValue("RSA with SHA256");
        arrayList.add(property17);
        Property property18 = new Property();
        property18.setName("DigestAlgorithm");
        property18.setDisplayName("Digest Algorithm");
        property18.setRequired(false);
        property18.setDescription("Specifies the DigestMethod Algorithm. Applicable only in POST Binding");
        property18.setType("string");
        property18.setDisplayOrder(21);
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add("MD5");
        arrayList3.add("RIPEMD160");
        arrayList3.add("SHA1");
        arrayList3.add("SHA256");
        arrayList3.add("SHA384");
        arrayList3.add("SHA512");
        property18.setOptions((String[]) arrayList3.toArray(new String[0]));
        property18.setDefaultValue("SHA256");
        arrayList.add(property18);
        Property property19 = new Property();
        property19.setName("AttributeConsumingServiceIndex");
        property19.setDisplayName("Attribute Consuming Service Index");
        property19.setRequired(false);
        property19.setDescription("Specify the Attribute Consuming Service Index");
        property19.setType("string");
        property19.setDisplayOrder(22);
        arrayList.add(property19);
        Property property20 = new Property();
        property20.setName("ForceAuthentication");
        property20.setDisplayName("Enable Force Authentication");
        property20.setRequired(false);
        property20.setDescription("Enable force authentication or decide from the in coming request");
        property20.setType("string");
        property20.setDisplayOrder(23);
        property20.setOptions(new String[]{"yes", "no", "as_request"});
        property20.setDefaultValue("as_request");
        arrayList.add(property20);
        Property property21 = new Property();
        property21.setName("IncludeCert");
        property21.setDisplayName(" Include Public Certificate");
        property21.setRequired(false);
        property21.setDescription("Include Public Certificate in the the request");
        property21.setType("boolean");
        property21.setDisplayOrder(24);
        arrayList.add(property21);
        Property property22 = new Property();
        property22.setName("IncludeProtocolBinding");
        property22.setDisplayName(" Include Protocol Binding");
        property22.setRequired(false);
        property22.setDescription("Include ProtocolBinding in the request");
        property22.setType("boolean");
        property22.setDisplayOrder(25);
        arrayList.add(property22);
        Property property23 = new Property();
        property23.setName("IncludeNameIDPolicy");
        property23.setDisplayName(" Include NameID Policy");
        property23.setRequired(false);
        property23.setDescription("Include NameIDPolicy in the request");
        property23.setType("boolean");
        property23.setDisplayOrder(26);
        arrayList.add(property23);
        Property property24 = new Property();
        property24.setName("IncludeAuthnContext");
        property24.setDisplayName(" Include Authentication Context");
        property24.setRequired(false);
        property24.setDescription("Include a new RequestedAuthnContext in the request, or decide from the incoming request");
        property24.setType("string");
        property24.setDisplayOrder(27);
        property24.setOptions(new String[]{"yes", "no", "as_request"});
        property24.setDefaultValue("yes");
        arrayList.add(property24);
        Property property25 = new Property();
        property25.setName(SSOConstants.AUTHN_CONTEXT_CLASS_REF);
        property25.setDisplayName("Authentication Context Class");
        property25.setRequired(false);
        property25.setDescription(" Choose AuthnContextClassRef to be sent");
        property25.setType("string");
        ArrayList arrayList4 = new ArrayList();
        arrayList4.add("Telephony (Authenticated)");
        arrayList4.add("Internet Protocol");
        arrayList4.add("Internet Protocol Password");
        arrayList4.add("Kerberos");
        arrayList4.add("Mobile One Factor Contract");
        arrayList4.add("Mobile One Factor Unregistered");
        arrayList4.add("Mobile Two Factor Contract");
        arrayList4.add("Mobile Two Factor Unregistered");
        arrayList4.add("Telephony (Nomadic)");
        arrayList4.add("Password");
        arrayList4.add("Password Protected Transport");
        arrayList4.add("Telephony (Personalized)");
        arrayList4.add("Public Key - PGP");
        arrayList4.add("Previous Session");
        arrayList4.add("Secure Remote Password");
        arrayList4.add("Smartcard");
        arrayList4.add("Smartcard PKI");
        arrayList4.add("Software PKI");
        arrayList4.add("Public Key - SPKI");
        arrayList4.add("Telephony");
        arrayList4.add("Time Sync Token");
        arrayList4.add("SSL/TLS Certificate-Based Client Authentication");
        arrayList4.add("Unspecified");
        arrayList4.add("Public Key - X.509");
        arrayList4.add("Public Key - XML Digital Signature");
        arrayList4.add("Custom Authentication Context Class");
        property25.setOptions((String[]) arrayList4.toArray(new String[0]));
        property25.setDefaultValue("Unspecified");
        property25.setDisplayOrder(28);
        arrayList.add(property25);
        Property property26 = new Property();
        property26.setName("CustomAuthnContextClassRef");
        property26.setDisplayName((String) null);
        property26.setRequired(false);
        property26.setDescription("Custom AuthnContextClassRef to be sent");
        property26.setType("string");
        property26.setDisplayOrder(29);
        arrayList.add(property26);
        Property property27 = new Property();
        property27.setName("AuthnContextComparisonLevel");
        property27.setDisplayName("Authentication Context Comparison Level");
        property27.setRequired(false);
        property27.setDescription("Choose RequestedAuthnContext Comparison to be sent");
        property27.setType("string");
        property27.setDisplayOrder(30);
        property27.setOptions(new String[]{"Exact", "Mininum", "Maximum", "Better"});
        property27.setDefaultValue("Exact");
        arrayList.add(property27);
        Property property28 = new Property();
        property28.setName("IsUserIdInClaims");
        property28.setDisplayName("SAML2 Web SSO User ID Location");
        property28.setRequired(false);
        property28.setDescription("Specifies the location to find the user identifier in the SAML2 assertion");
        property28.setType("boolean");
        property28.setDisplayOrder(31);
        property28.setDefaultValue("false");
        arrayList.add(property28);
        Property property29 = new Property();
        property29.setName("RequestMethod");
        property29.setDisplayName("HTTP Binding");
        property29.setRequired(false);
        property29.setDescription("Choose the HTTP Binding or decide from incoming request");
        property29.setType("string");
        property29.setDisplayOrder(32);
        property29.setOptions(new String[]{"redirect", "post", "as_request"});
        property29.setDefaultValue("redirect");
        arrayList.add(property29);
        Property property30 = new Property();
        property30.setName("ResponseAuthnContextClassRef");
        property30.setDisplayName("Response Authentication Context Class");
        property30.setRequired(false);
        property30.setDescription("Choose the AuthnContextClassRef sent back to the service provider");
        property30.setType("string");
        property30.setDisplayOrder(33);
        property30.setOptions(new String[]{"default", "as_response"});
        property30.setDefaultValue("default");
        arrayList.add(property30);
        Property property31 = new Property();
        property31.setName("commonAuthQueryParams");
        property31.setDisplayName("Additional Query Parameters");
        property31.setRequired(false);
        property31.setDescription("Additional query parameters. e.g: paramName1=value1");
        property31.setType("string");
        property31.setDisplayOrder(34);
        arrayList.add(property31);
        Property property32 = new Property();
        property32.setName("SignatureAlgorithmPost");
        property32.setDisplayName((String) null);
        property32.setRequired(false);
        property32.setDescription((String) null);
        property32.setType("string");
        property32.setDisplayOrder(0);
        arrayList.add(property32);
        return arrayList;
    }

    private void sendPostRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, String str, AuthenticationContext authenticationContext, DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder) throws SAMLSSOException {
        SAML2SSOManager sAML2SSOManagerInstance = getSAML2SSOManagerInstance();
        sAML2SSOManagerInstance.init(authenticationContext.getTenantDomain(), authenticationContext.getAuthenticatorProperties(), authenticationContext.getExternalIdP().getIdentityProvider());
        if (!(sAML2SSOManagerInstance instanceof DefaultSAML2SSOManager)) {
            throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.HTTP_POST_NOT_SUPPORTED.getCode(), SSOErrorConstants.ErrorMessages.HTTP_POST_NOT_SUPPORTED.getMessage());
        }
        String buildPostRequest = ((DefaultSAML2SSOManager) sAML2SSOManagerInstance).buildPostRequest(httpServletRequest, z, false, str, authenticationContext);
        String contextIdentifier = authenticationContext.getContextIdentifier();
        Map<String, String> additionalRequestParams = getAdditionalRequestParams(httpServletRequest, authenticationContext);
        if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
            diagnosticLogBuilder.inputParam("encoded request", buildPostRequest).inputParam(SSOConstants.LogConstants.InputKeys.IS_POST, true).inputParam("param map", additionalRequestParams);
        }
        printPostPage(httpServletResponse, str, buildPostPageInputs(buildPostRequest, contextIdentifier, additionalRequestParams));
    }

    private SAML2SSOManager getSAML2SSOManagerInstance() throws SAMLSSOException {
        String str = (String) getAuthenticatorConfig().getParameterMap().get(SSOConstants.ServerConfig.SAML2_SSO_MANAGER);
        if (str == null) {
            return new DefaultSAML2SSOManager();
        }
        try {
            return (SAML2SSOManager) Class.forName(str).newInstance();
        } catch (ClassNotFoundException e) {
            throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.CLASS_NOT_FOUND_EXCEPTION.getCode(), e.getMessage(), e);
        } catch (IllegalAccessException e2) {
            throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.ILLEGAL_ACCESS.getCode(), e2.getMessage(), e2);
        } catch (InstantiationException e3) {
            throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.INSTANTIATION_FAILED.getCode(), e3.getMessage(), e3);
        }
    }

    private String buildPostPageInputs(String str, String str2, Map<String, String> map) throws SAMLSSOException {
        StringBuilder sb = new StringBuilder("");
        sb.append("<input type='hidden' name='SAMLRequest' value='").append(str).append("'>");
        if (str2 != null) {
            sb.append("<input type='hidden' name='RelayState' value='").append(str2).append("'>");
        }
        for (Map.Entry<String, String> entry : map.entrySet()) {
            try {
                sb.append("<input type='hidden' name='").append(Encode.forHtmlAttribute(entry.getKey())).append("' value='").append(Encode.forHtmlAttribute(URLDecoder.decode(entry.getValue(), StandardCharsets.UTF_8.toString()))).append("'>");
            } catch (UnsupportedEncodingException e) {
                throw new SAMLSSOException("Error while building POST request.", e);
            }
        }
        return sb.toString();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Map<String, String> getAdditionalRequestParams(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext) {
        String str;
        Map hashMap = new HashMap();
        Map authenticatorProperties = authenticationContext.getAuthenticatorProperties();
        if (authenticatorProperties != null && (str = (String) authenticatorProperties.get("commonAuthQueryParams")) != null) {
            hashMap = SSOUtils.getQueryMap(str);
        }
        String parameter = httpServletRequest.getParameter("domain");
        if (parameter != null) {
            hashMap.put("fidp", Encode.forHtmlAttribute(parameter));
        }
        return hashMap;
    }

    private void printPostPage(HttpServletResponse httpServletResponse, String str, String str2) throws SAMLSSOException {
        try {
            String postPage = SAMLSSOAuthenticatorServiceComponent.getPostPage();
            httpServletResponse.setContentType("text/html; charset=UTF-8");
            if (postPage != null) {
                String replace = postPage.replace("$url", Encode.forHtmlAttribute(str)).replace("<!--$params-->", str2);
                httpServletResponse.getWriter().print(replace);
                if (log.isDebugEnabled()) {
                    log.debug("HTTP-POST page: " + replace);
                }
            } else {
                PrintWriter writer = httpServletResponse.getWriter();
                writer.println("<html>");
                writer.println("<body>");
                writer.println("<p>You are now redirected to " + Encode.forHtml(str));
                writer.println(" If the redirection fails, please click the post button.</p>");
                writer.println("<form method='post' action='" + Encode.forHtmlAttribute(str) + "'>");
                writer.println("<p>");
                writer.println(str2);
                writer.println("<button type='submit'>POST</button>");
                writer.println("</p>");
                writer.println("</form>");
                writer.println("<script type='text/javascript'>");
                writer.println("document.forms[0].submit();");
                writer.println("</script>");
                writer.println("</body>");
                writer.println("</html>");
            }
        } catch (Exception e) {
            throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.IO_ERROR.getCode(), "Error while sending POST request", e);
        }
    }

    private Map<String, String> getApplicationDetails(AuthenticationContext authenticationContext) {
        HashMap hashMap = new HashMap();
        FrameworkUtils.getApplicationResourceId(authenticationContext).ifPresent(str -> {
            hashMap.put("app id", str);
        });
        FrameworkUtils.getApplicationName(authenticationContext).ifPresent(str2 -> {
            hashMap.put("application name", str2);
        });
        return hashMap;
    }

    private void adduserAttributesToDiagnosticLog(AuthenticatedUser authenticatedUser, DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder) {
        if (authenticatedUser.getUserAttributes() == null) {
            return;
        }
        Set entrySet = authenticatedUser.getUserAttributes().entrySet();
        ArrayList arrayList = new ArrayList();
        entrySet.forEach(entry -> {
            arrayList.add(((ClaimMapping) entry.getKey()).getLocalClaim().getClaimUri() + " : " + ((ClaimMapping) entry.getKey()).getRemoteClaim().getClaimUri());
        });
        diagnosticLogBuilder.inputParam("user attributes (local claim : remote claim)", arrayList);
    }
}
