package org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.saml;

import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementConstants;
import org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementServiceHolder;
import org.wso2.carbon.identity.api.server.application.management.v1.SAML2Configuration;
import org.wso2.carbon.identity.api.server.application.management.v1.SAML2ServiceProvider;
import org.wso2.carbon.identity.api.server.application.management.v1.SingleSignOnProfile;
import org.wso2.carbon.identity.api.server.application.management.v1.core.functions.Utils;
import org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.InboundFunctions;
import org.wso2.carbon.identity.api.server.common.error.APIError;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.sso.saml.Error;
import org.wso2.carbon.identity.sso.saml.SAMLSSOConfigServiceImpl;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO;
import org.wso2.carbon.identity.sso.saml.exception.IdentitySAML2ClientException;
import org.wso2.carbon.identity.sso.saml.exception.IdentitySAML2SSOException;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.api.server.application.management.v1-1.2.67.jar:org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/saml/SAMLInboundFunctions.class */
public class SAMLInboundFunctions {
    private static final String ATTRIBUTE_CONSUMING_SERVICE_INDEX = "attrConsumServiceIndex";
    private static final Log logger = LogFactory.getLog(SAMLInboundFunctions.class);

    private SAMLInboundFunctions() {
    }

    public static InboundAuthenticationRequestConfig putSAMLInbound(ServiceProvider serviceProvider, SAML2Configuration sAML2Configuration) {
        String inboundAuthKey = InboundFunctions.getInboundAuthKey(serviceProvider, "samlsso");
        try {
            validateSingleSignOnProfileBindings(sAML2Configuration);
            return inboundAuthKey != null ? updateSAMLInbound(serviceProvider, inboundAuthKey, sAML2Configuration) : createSAMLInbound(serviceProvider, sAML2Configuration);
        } catch (IdentityException e) {
            throw handleException(e);
        }
    }

    private static void validateSingleSignOnProfileBindings(SAML2Configuration sAML2Configuration) throws IdentitySAML2ClientException {
        if (sAML2Configuration.getManualConfiguration() == null || sAML2Configuration.getManualConfiguration().getSingleSignOnProfile() == null || sAML2Configuration.getManualConfiguration().getSingleSignOnProfile().getBindings() == null) {
            return;
        }
        List<SingleSignOnProfile.BindingsEnum> bindings = sAML2Configuration.getManualConfiguration().getSingleSignOnProfile().getBindings();
        if (bindings.size() < 2 || (bindings.size() == 2 && bindings.contains(SingleSignOnProfile.BindingsEnum.ARTIFACT))) {
            throw new IdentitySAML2ClientException(ApplicationManagementConstants.ErrorMessage.DISABLE_REDIRECT_OR_POST_BINDINGS.getCode(), ApplicationManagementConstants.ErrorMessage.DISABLE_REDIRECT_OR_POST_BINDINGS.getDescription());
        }
    }

    @Deprecated
    public static InboundAuthenticationRequestConfig createSAMLInbound(SAML2Configuration sAML2Configuration) {
        return createInboundAuthenticationRequestConfig(getSamlSsoServiceProviderDTO(sAML2Configuration));
    }

    public static InboundAuthenticationRequestConfig createSAMLInbound(ServiceProvider serviceProvider, SAML2Configuration sAML2Configuration) {
        SAMLSSOServiceProviderDTO samlSsoServiceProviderDTO = getSamlSsoServiceProviderDTO(sAML2Configuration);
        if (samlSsoServiceProviderDTO.getCertificateContent() != null) {
            serviceProvider.setCertificateContent(base64Encode(samlSsoServiceProviderDTO.getCertificateContent()));
        }
        return createInboundAuthenticationRequestConfig(samlSsoServiceProviderDTO);
    }

    public static InboundAuthenticationRequestConfig updateSAMLInbound(ServiceProvider serviceProvider, String str, SAML2Configuration sAML2Configuration) {
        SAMLSSOServiceProviderDTO updateSamlSSoServiceProviderDTO = updateSamlSSoServiceProviderDTO(sAML2Configuration, str);
        if (updateSamlSSoServiceProviderDTO.getCertificateContent() != null) {
            serviceProvider.setCertificateContent(base64Encode(updateSamlSSoServiceProviderDTO.getCertificateContent()));
        }
        return createInboundAuthenticationRequestConfig(updateSamlSSoServiceProviderDTO);
    }

    private static InboundAuthenticationRequestConfig createInboundAuthenticationRequestConfig(SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO) {
        InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig();
        inboundAuthenticationRequestConfig.setInboundAuthType("samlsso");
        inboundAuthenticationRequestConfig.setInboundAuthKey(sAMLSSOServiceProviderDTO.getIssuer());
        if (sAMLSSOServiceProviderDTO.isEnableAttributeProfile()) {
            Property[] propertyArr = new Property[1];
            Property property = new Property();
            property.setName(ATTRIBUTE_CONSUMING_SERVICE_INDEX);
            if (StringUtils.isNotBlank(sAMLSSOServiceProviderDTO.getAttributeConsumingServiceIndex())) {
                property.setValue(sAMLSSOServiceProviderDTO.getAttributeConsumingServiceIndex());
            } else {
                try {
                    property.setValue(Integer.toString(IdentityUtil.getRandomInteger()));
                } catch (IdentityException e) {
                    handleException(e);
                }
            }
            propertyArr[0] = property;
            inboundAuthenticationRequestConfig.setProperties(propertyArr);
        }
        return inboundAuthenticationRequestConfig;
    }

    public static SAML2ServiceProvider getSAML2ServiceProvider(InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig) {
        String inboundAuthKey = inboundAuthenticationRequestConfig.getInboundAuthKey();
        try {
            SAMLSSOServiceProviderDTO serviceProvider = getSamlSsoConfigService().getServiceProvider(inboundAuthKey);
            if (serviceProvider != null) {
                return new SAMLSSOServiceProviderToAPIModel().apply(serviceProvider);
            }
            return null;
        } catch (IdentityException e) {
            throw buildServerError("Error while retrieving service provider data for issuer: " + inboundAuthKey, e);
        }
    }

    public static void deleteSAMLServiceProvider(InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig) {
        try {
            ApplicationManagementServiceHolder.getSamlssoConfigService().removeServiceProvider(inboundAuthenticationRequestConfig.getInboundAuthKey());
        } catch (IdentityException e) {
            throw buildServerError("Error while trying to rollback SAML2 configuration. " + e.getMessage(), e);
        }
    }

    private static SAMLSSOServiceProviderDTO createSAMLSpWithManualConfiguration(SAML2ServiceProvider sAML2ServiceProvider) {
        try {
            return getSamlSsoConfigService().createServiceProvider(new ApiModelToSAMLSSOServiceProvider().apply(sAML2ServiceProvider));
        } catch (IdentityException e) {
            throw handleException(e);
        }
    }

    private static SAMLSSOServiceProviderDTO createSAMLSpWithMetadataFile(String str) {
        try {
            return getSamlSsoConfigService().uploadRPServiceProvider(new String(Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        } catch (IdentitySAML2SSOException e) {
            throw handleException(e);
        }
    }

    private static SAMLSSOServiceProviderDTO createSAMLSpWithMetadataUrl(String str) {
        try {
            return getSamlSsoConfigService().createServiceProviderWithMetadataURL(str);
        } catch (IdentitySAML2SSOException e) {
            throw handleException(e);
        }
    }

    private static SAMLSSOServiceProviderDTO updateSAMLSpWithManualConfiguration(SAML2ServiceProvider sAML2ServiceProvider, String str) {
        try {
            return getSamlSsoConfigService().updateServiceProvider(new ApiModelToSAMLSSOServiceProvider().apply(sAML2ServiceProvider), str);
        } catch (IdentityException e) {
            throw handleException(e);
        }
    }

    private static SAMLSSOServiceProviderDTO updateSAMLSpWithMetadataFile(String str, String str2) {
        try {
            return getSamlSsoConfigService().updateRPServiceProviderWithMetadata(new String(Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8), str2);
        } catch (IdentitySAML2SSOException e) {
            throw handleException(e);
        }
    }

    private static SAMLSSOServiceProviderDTO updateSAMLSpWithMetadataUrl(String str, String str2) {
        try {
            return getSamlSsoConfigService().updateServiceProviderWithMetadataURL(str, str2);
        } catch (IdentitySAML2SSOException e) {
            throw handleException(e);
        }
    }

    private static APIError handleException(IdentityException identityException) {
        return identityException instanceof IdentitySAML2ClientException ? Error.URL_NOT_FOUND.getErrorCode().equals(identityException.getErrorCode()) ? buildNotFoundError("Error while creating/updating SAML inbound of application.", identityException) : buildBadRequestError("Error while creating/updating SAML inbound of application.", identityException) : buildServerError("Error while creating/updating SAML inbound of application.", identityException);
    }

    private static APIError buildBadRequestError(String str, IdentityException identityException) {
        return Utils.buildClientError(identityException.getErrorCode(), str, identityException.getMessage());
    }

    private static APIError buildNotFoundError(String str, IdentityException identityException) {
        return Utils.buildNotFoundError(identityException.getErrorCode(), str, identityException.getMessage());
    }

    private static APIError buildServerError(String str, IdentityException identityException) {
        return Utils.buildServerError(identityException.getErrorCode(), str, identityException.getMessage(), identityException);
    }

    private static SAMLSSOConfigServiceImpl getSamlSsoConfigService() {
        return ApplicationManagementServiceHolder.getSamlssoConfigService();
    }

    private static String base64Encode(String str) {
        return new String(Base64.getEncoder().encode(str.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
    }

    private static SAMLSSOServiceProviderDTO getSamlSsoServiceProviderDTO(SAML2Configuration sAML2Configuration) throws APIError {
        SAML2ServiceProvider manualConfiguration = sAML2Configuration.getManualConfiguration();
        if (sAML2Configuration.getMetadataFile() != null) {
            return createSAMLSpWithMetadataFile(sAML2Configuration.getMetadataFile());
        }
        if (sAML2Configuration.getMetadataURL() != null) {
            return createSAMLSpWithMetadataUrl(sAML2Configuration.getMetadataURL());
        }
        if (manualConfiguration != null) {
            return createSAMLSpWithManualConfiguration(manualConfiguration);
        }
        throw Utils.buildBadRequestError("Invalid SAML2 Configuration. One of metadataFile, metaDataUrl or serviceProvider manual configuration needs to be present.");
    }

    private static SAMLSSOServiceProviderDTO updateSamlSSoServiceProviderDTO(SAML2Configuration sAML2Configuration, String str) throws APIError {
        SAML2ServiceProvider manualConfiguration = sAML2Configuration.getManualConfiguration();
        if (sAML2Configuration.getMetadataFile() != null) {
            return updateSAMLSpWithMetadataFile(sAML2Configuration.getMetadataFile(), str);
        }
        if (sAML2Configuration.getMetadataURL() != null) {
            return updateSAMLSpWithMetadataUrl(sAML2Configuration.getMetadataURL(), str);
        }
        if (manualConfiguration != null) {
            return updateSAMLSpWithManualConfiguration(manualConfiguration, str);
        }
        throw Utils.buildBadRequestError("Invalid SAML2 Configuration. One of metadataFile, metaDataUrl or serviceProvider manual configuration needs to be present.");
    }
}
