package org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.saml;

import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementConstants;
import org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementServiceHolder;
import org.wso2.carbon.identity.api.server.application.management.v1.SAML2Configuration;
import org.wso2.carbon.identity.api.server.application.management.v1.SAML2ServiceProvider;
import org.wso2.carbon.identity.api.server.application.management.v1.SingleSignOnProfile;
import org.wso2.carbon.identity.api.server.application.management.v1.core.functions.Utils;
import org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.InboundFunctions;
import org.wso2.carbon.identity.api.server.common.error.APIError;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.sso.saml.Error;
import org.wso2.carbon.identity.sso.saml.SAMLSSOConfigServiceImpl;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO;
import org.wso2.carbon.identity.sso.saml.exception.IdentitySAML2ClientException;
import org.wso2.carbon.identity.sso.saml.exception.IdentitySAML2SSOException;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.api.server.application.management.v1-1.0.258.jar:org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/saml/SAMLInboundFunctions.class */
public class SAMLInboundFunctions {
    private static final Log logger = LogFactory.getLog(SAMLInboundFunctions.class);

    private SAMLInboundFunctions() {
    }

    public static InboundAuthenticationRequestConfig putSAMLInbound(ServiceProvider serviceProvider, SAML2Configuration sAML2Configuration) {
        String inboundAuthKey = InboundFunctions.getInboundAuthKey(serviceProvider, "samlsso");
        SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO = null;
        try {
            validateSingleSignOnProfileBindings(sAML2Configuration);
            if (inboundAuthKey != null) {
                sAMLSSOServiceProviderDTO = getSamlSsoConfigService().getServiceProvider(inboundAuthKey);
                getSamlSsoConfigService().removeServiceProvider(inboundAuthKey);
            }
            try {
                return createSAMLInbound(sAML2Configuration);
            } catch (APIError e) {
                rollbackSAMLSpRemoval(sAMLSSOServiceProviderDTO);
                throw e;
            }
        } catch (IdentityException e2) {
            throw handleException(e2);
        }
    }

    private static void validateSingleSignOnProfileBindings(SAML2Configuration sAML2Configuration) throws IdentitySAML2ClientException {
        if (sAML2Configuration.getManualConfiguration() == null || sAML2Configuration.getManualConfiguration().getSingleSignOnProfile() == null || sAML2Configuration.getManualConfiguration().getSingleSignOnProfile().getBindings() == null) {
            return;
        }
        List<SingleSignOnProfile.BindingsEnum> bindings = sAML2Configuration.getManualConfiguration().getSingleSignOnProfile().getBindings();
        if (bindings.size() < 2 || (bindings.size() == 2 && bindings.contains(SingleSignOnProfile.BindingsEnum.ARTIFACT))) {
            throw new IdentitySAML2ClientException(ApplicationManagementConstants.ErrorMessage.DISABLE_REDIRECT_OR_POST_BINDINGS.getCode(), ApplicationManagementConstants.ErrorMessage.DISABLE_REDIRECT_OR_POST_BINDINGS.getDescription());
        }
    }

    private static void rollbackSAMLSpRemoval(SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO) {
        if (sAMLSSOServiceProviderDTO != null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Error occurred while updating SAML SP with issuer: " + SAMLSSOUtil.getIssuerWithQualifier(sAMLSSOServiceProviderDTO.getIssuer(), sAMLSSOServiceProviderDTO.getIssuerQualifier()) + ". Attempting to rollback by recreating the old SAML SP.");
            }
            try {
                getSamlSsoConfigService().addRPServiceProvider(sAMLSSOServiceProviderDTO);
            } catch (IdentityException e) {
                throw handleException(e);
            }
        }
    }

    public static InboundAuthenticationRequestConfig createSAMLInbound(SAML2Configuration sAML2Configuration) {
        String createSAMLSpWithManualConfiguration;
        SAML2ServiceProvider manualConfiguration = sAML2Configuration.getManualConfiguration();
        if (sAML2Configuration.getMetadataFile() != null) {
            createSAMLSpWithManualConfiguration = createSAMLSpWithMetadataFile(sAML2Configuration.getMetadataFile());
        } else if (sAML2Configuration.getMetadataURL() != null) {
            createSAMLSpWithManualConfiguration = createSAMLSpWithMetadataUrl(sAML2Configuration.getMetadataURL());
        } else {
            if (manualConfiguration == null) {
                throw Utils.buildBadRequestError("Invalid SAML2 Configuration. One of metadataFile, metaDataUrl or serviceProvider manual configuration needs to be present.");
            }
            createSAMLSpWithManualConfiguration = createSAMLSpWithManualConfiguration(manualConfiguration);
        }
        InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig();
        inboundAuthenticationRequestConfig.setInboundAuthType("samlsso");
        inboundAuthenticationRequestConfig.setInboundAuthKey(createSAMLSpWithManualConfiguration);
        return inboundAuthenticationRequestConfig;
    }

    public static SAML2ServiceProvider getSAML2ServiceProvider(InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig) {
        String inboundAuthKey = inboundAuthenticationRequestConfig.getInboundAuthKey();
        try {
            SAMLSSOServiceProviderDTO serviceProvider = getSamlSsoConfigService().getServiceProvider(inboundAuthKey);
            if (serviceProvider != null) {
                return new SAMLSSOServiceProviderToAPIModel().apply(serviceProvider);
            }
            return null;
        } catch (IdentityException e) {
            throw buildServerError("Error while retrieving service provider data for issuer: " + inboundAuthKey, e);
        }
    }

    public static void deleteSAMLServiceProvider(InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig) {
        try {
            ApplicationManagementServiceHolder.getSamlssoConfigService().removeServiceProvider(inboundAuthenticationRequestConfig.getInboundAuthKey());
        } catch (IdentityException e) {
            throw buildServerError("Error while trying to rollback SAML2 configuration. " + e.getMessage(), e);
        }
    }

    private static String createSAMLSpWithManualConfiguration(SAML2ServiceProvider sAML2ServiceProvider) {
        try {
            return getSamlSsoConfigService().createServiceProvider(new ApiModelToSAMLSSOServiceProvider().apply(sAML2ServiceProvider)).getIssuer();
        } catch (IdentityException e) {
            throw handleException(e);
        }
    }

    private static String createSAMLSpWithMetadataFile(String str) {
        try {
            return createSAMLSpWithMetadataContent(new String(Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        } catch (IdentitySAML2SSOException e) {
            throw handleException(e);
        }
    }

    private static String createSAMLSpWithMetadataContent(String str) throws IdentitySAML2SSOException {
        return getSamlSsoConfigService().uploadRPServiceProvider(str).getIssuer();
    }

    private static String createSAMLSpWithMetadataUrl(String str) {
        try {
            return getSamlSsoConfigService().createServiceProviderWithMetadataURL(str).getIssuer();
        } catch (IdentitySAML2SSOException e) {
            throw handleException(e);
        }
    }

    private static APIError handleException(IdentityException identityException) {
        return identityException instanceof IdentitySAML2ClientException ? Error.URL_NOT_FOUND.getErrorCode().equals(identityException.getErrorCode()) ? buildNotFoundError("Error while creating/updating SAML inbound of application.", identityException) : buildBadRequestError("Error while creating/updating SAML inbound of application.", identityException) : buildServerError("Error while creating/updating SAML inbound of application.", identityException);
    }

    private static APIError buildBadRequestError(String str, IdentityException identityException) {
        return Utils.buildClientError(identityException.getErrorCode(), str, identityException.getMessage());
    }

    private static APIError buildNotFoundError(String str, IdentityException identityException) {
        return Utils.buildNotFoundError(identityException.getErrorCode(), str, identityException.getMessage());
    }

    private static APIError buildServerError(String str, IdentityException identityException) {
        return Utils.buildServerError(identityException.getErrorCode(), str, identityException.getMessage(), identityException);
    }

    private static SAMLSSOConfigServiceImpl getSamlSsoConfigService() {
        return ApplicationManagementServiceHolder.getSamlssoConfigService();
    }
}
