package org.codelibs.saml2;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.security.PrivateKey;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.codelibs.core.exception.InvalidKeyRuntimeException;
import org.codelibs.core.exception.NoSuchAlgorithmRuntimeException;
import org.codelibs.saml2.core.authn.AuthnRequest;
import org.codelibs.saml2.core.authn.AuthnRequestParams;
import org.codelibs.saml2.core.authn.SamlResponse;
import org.codelibs.saml2.core.exception.SAMLSevereException;
import org.codelibs.saml2.core.exception.SAMLSignatureException;
import org.codelibs.saml2.core.exception.SettingsException;
import org.codelibs.saml2.core.http.HttpRequest;
import org.codelibs.saml2.core.logout.LogoutRequest;
import org.codelibs.saml2.core.logout.LogoutRequestParams;
import org.codelibs.saml2.core.logout.LogoutResponse;
import org.codelibs.saml2.core.logout.LogoutResponseParams;
import org.codelibs.saml2.core.model.KeyStoreSettings;
import org.codelibs.saml2.core.model.SamlResponseStatus;
import org.codelibs.saml2.core.settings.Saml2Settings;
import org.codelibs.saml2.core.settings.SettingsBuilder;
import org.codelibs.saml2.core.util.Util;
import org.codelibs.saml2.factory.SamlMessageFactory;
import org.codelibs.saml2.servlet.ServletUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/codelibs/saml2/Auth.class */
public class Auth {
    private final Saml2Settings settings;
    private final HttpServletRequest request;
    private final HttpServletResponse response;
    private String nameid;
    private String nameidFormat;
    private String nameidNameQualifier;
    private String nameidSPNameQualifier;
    private String sessionIndex;
    private Instant sessionExpiration;
    private String lastMessageId;
    private Calendar lastMessageIssueInstant;
    private String lastAssertionId;
    private List<Instant> lastAssertionNotOnOrAfter;
    private Map<String, List<String>> attributes;
    private boolean authenticated;
    private final List<String> errors;
    private String errorReason;
    private Exception validationException;
    private String lastRequestId;
    private Calendar lastRequestIssueInstant;
    private String lastRequest;
    private String lastResponse;
    private SamlMessageFactory samlMessageFactory;
    private static final Logger LOGGER = LoggerFactory.getLogger(Auth.class);
    private static final SamlMessageFactory DEFAULT_SAML_MESSAGE_FACTORY = new SamlMessageFactory() { // from class: org.codelibs.saml2.Auth.1
    };

    public Auth() {
        this(new SettingsBuilder().fromFile("onelogin.saml.properties").build(), (HttpServletRequest) null, (HttpServletResponse) null);
    }

    public Auth(KeyStoreSettings keyStoreSettings) {
        this("onelogin.saml.properties", keyStoreSettings);
    }

    public Auth(String str) {
        this(str, null, null, null);
    }

    public Auth(String str, KeyStoreSettings keyStoreSettings) {
        this(new SettingsBuilder().fromFile(str, keyStoreSettings).build(), (HttpServletRequest) null, (HttpServletResponse) null);
    }

    public Auth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this(new SettingsBuilder().fromFile("onelogin.saml.properties").build(), httpServletRequest, httpServletResponse);
    }

    public Auth(KeyStoreSettings keyStoreSettings, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this(new SettingsBuilder().fromFile("onelogin.saml.properties", keyStoreSettings).build(), httpServletRequest, httpServletResponse);
    }

    public Auth(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this(str, null, httpServletRequest, httpServletResponse);
    }

    public Auth(String str, KeyStoreSettings keyStoreSettings, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this(new SettingsBuilder().fromFile(str, keyStoreSettings).build(), httpServletRequest, httpServletResponse);
    }

    public Auth(Saml2Settings saml2Settings, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.attributes = new LinkedHashMap();
        this.authenticated = false;
        this.errors = new ArrayList();
        this.samlMessageFactory = DEFAULT_SAML_MESSAGE_FACTORY;
        this.settings = saml2Settings;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        List checkSettings = saml2Settings.checkSettings();
        if (checkSettings.isEmpty()) {
            LOGGER.debug("Settings validated");
        } else {
            String str = "Invalid settings: " + StringUtils.join(checkSettings, ", ");
            LOGGER.warn(str);
            throw new SettingsException(str, 2);
        }
    }

    public void setStrict(Boolean bool) {
        this.settings.setStrict(bool.booleanValue());
    }

    @Deprecated
    public String login(String str, Boolean bool, Boolean bool2, Boolean bool3, Boolean bool4, String str2) {
        return login(str, new AuthnRequestParams(bool.booleanValue(), bool2.booleanValue(), bool3.booleanValue(), str2), bool4, new HashMap());
    }

    @Deprecated
    public String login(String str, Boolean bool, Boolean bool2, Boolean bool3, Boolean bool4, String str2, Map<String, String> map) {
        return login(str, new AuthnRequestParams(bool.booleanValue(), bool2.booleanValue(), bool3.booleanValue(), str2), bool4, map);
    }

    @Deprecated
    public String login(String str, Boolean bool, Boolean bool2, Boolean bool3, Boolean bool4) {
        return login(str, new AuthnRequestParams(bool.booleanValue(), bool2.booleanValue(), bool3.booleanValue()), bool4, (Map<String, String>) null);
    }

    @Deprecated
    public void login(String str, Boolean bool, Boolean bool2, Boolean bool3) {
        login(str, new AuthnRequestParams(bool.booleanValue(), bool2.booleanValue(), bool3.booleanValue()), false);
    }

    public void login() {
        login(null, new AuthnRequestParams(false, false, true));
    }

    public void login(AuthnRequestParams authnRequestParams) {
        login(null, authnRequestParams);
    }

    public void login(String str) {
        login(str, new AuthnRequestParams(false, false, true));
    }

    public void login(String str, AuthnRequestParams authnRequestParams) {
        login(str, authnRequestParams, false);
    }

    public String login(String str, AuthnRequestParams authnRequestParams, Boolean bool) {
        return login(str, authnRequestParams, bool, new HashMap());
    }

    public String login(String str, AuthnRequestParams authnRequestParams, Boolean bool, Map<String, String> map) {
        AuthnRequest createAuthnRequest = this.samlMessageFactory.createAuthnRequest(this.settings, authnRequestParams);
        if (map == null) {
            map = new HashMap();
        }
        String encodedAuthnRequest = createAuthnRequest.getEncodedAuthnRequest();
        map.put("SAMLRequest", encodedAuthnRequest);
        if (str == null) {
            str = ServletUtils.getSelfRoutedURLNoQuery(this.request);
        }
        if (!str.isEmpty()) {
            map.put("RelayState", str);
        }
        if (this.settings.getAuthnRequestsSigned()) {
            String signatureAlgorithm = this.settings.getSignatureAlgorithm();
            String buildRequestSignature = buildRequestSignature(encodedAuthnRequest, str, signatureAlgorithm);
            map.put("SigAlg", signatureAlgorithm);
            map.put("Signature", buildRequestSignature);
        }
        String sSOurl = getSSOurl();
        this.lastRequestId = createAuthnRequest.getId();
        this.lastRequestIssueInstant = createAuthnRequest.getIssueInstant();
        this.lastRequest = createAuthnRequest.getAuthnRequestXml();
        if (!bool.booleanValue()) {
            LOGGER.debug("AuthNRequest sent to {} --> {}", sSOurl, encodedAuthnRequest);
        }
        return ServletUtils.sendRedirect(this.response, sSOurl, map, bool);
    }

    public String logout(String str, LogoutRequestParams logoutRequestParams, Boolean bool) {
        return logout(str, logoutRequestParams, bool, new HashMap());
    }

    public void logout(String str, LogoutRequestParams logoutRequestParams) {
        logout(str, logoutRequestParams, (Boolean) false);
    }

    @Deprecated
    public String logout(String str, String str2, String str3, Boolean bool, String str4, String str5, String str6) {
        return logout(str, new LogoutRequestParams(str3, str2, str4, str5, str6), bool, new HashMap());
    }

    public String logout(String str, LogoutRequestParams logoutRequestParams, Boolean bool, Map<String, String> map) {
        if (map == null) {
            map = new HashMap();
        }
        LogoutRequest createOutgoingLogoutRequest = this.samlMessageFactory.createOutgoingLogoutRequest(this.settings, logoutRequestParams);
        String encodedLogoutRequest = createOutgoingLogoutRequest.getEncodedLogoutRequest();
        map.put("SAMLRequest", encodedLogoutRequest);
        if (str == null) {
            str = ServletUtils.getSelfRoutedURLNoQuery(this.request);
        }
        if (!str.isEmpty()) {
            map.put("RelayState", str);
        }
        if (this.settings.getLogoutRequestSigned()) {
            String signatureAlgorithm = this.settings.getSignatureAlgorithm();
            String buildRequestSignature = buildRequestSignature(encodedLogoutRequest, str, signatureAlgorithm);
            map.put("SigAlg", signatureAlgorithm);
            map.put("Signature", buildRequestSignature);
        }
        String sLOurl = getSLOurl();
        this.lastRequestId = createOutgoingLogoutRequest.getId();
        this.lastRequestIssueInstant = createOutgoingLogoutRequest.getIssueInstant();
        this.lastRequest = createOutgoingLogoutRequest.getLogoutRequestXml();
        if (!bool.booleanValue()) {
            LOGGER.debug("Logout request sent to {} --> {}", sLOurl, encodedLogoutRequest);
        }
        return ServletUtils.sendRedirect(this.response, sLOurl, map, bool);
    }

    @Deprecated
    public String logout(String str, String str2, String str3, Boolean bool, String str4, String str5, String str6, Map<String, String> map) {
        return logout(str, new LogoutRequestParams(str3, str2, str4, str5, str6), bool, map);
    }

    @Deprecated
    public String logout(String str, String str2, String str3, Boolean bool, String str4, String str5) {
        return logout(str, new LogoutRequestParams(str3, str2, str4, str5), bool, (Map<String, String>) null);
    }

    @Deprecated
    public String logout(String str, String str2, String str3, Boolean bool, String str4) {
        return logout(str, new LogoutRequestParams(str3, str2, str4), bool, (Map<String, String>) null);
    }

    @Deprecated
    public String logout(String str, String str2, String str3, Boolean bool) {
        return logout(str, new LogoutRequestParams(str3, str2), bool, (Map<String, String>) null);
    }

    @Deprecated
    public void logout(String str, String str2, String str3, String str4, String str5, String str6) {
        logout(str, new LogoutRequestParams(str3, str2, str4, str5, str6), (Boolean) false);
    }

    @Deprecated
    public void logout(String str, String str2, String str3, String str4, String str5) {
        logout(str, new LogoutRequestParams(str3, str2, str4, str5), (Boolean) false);
    }

    @Deprecated
    public void logout(String str, String str2, String str3, String str4) {
        logout(str, new LogoutRequestParams(str3, str2, str4), (Boolean) false);
    }

    @Deprecated
    public void logout(String str, String str2, String str3) {
        logout(str, new LogoutRequestParams(str3, str2), (Boolean) false, (Map<String, String>) null);
    }

    public void logout() {
        logout((String) null, new LogoutRequestParams(), (Boolean) false);
    }

    public void logout(String str) {
        logout(str, new LogoutRequestParams(), (Boolean) false);
    }

    public String getSSOurl() {
        return this.settings.getIdpSingleSignOnServiceUrl().toString();
    }

    public String getSLOurl() {
        return this.settings.getIdpSingleLogoutServiceUrl().toString();
    }

    public String getSLOResponseUrl() {
        return this.settings.getIdpSingleLogoutServiceResponseUrl().toString();
    }

    public void processResponse(String str) {
        this.authenticated = false;
        HttpRequest makeHttpRequest = ServletUtils.makeHttpRequest(this.request);
        String parameter = makeHttpRequest.getParameter("SAMLResponse");
        if (parameter == null) {
            this.errors.add("invalid_binding");
            throw new SAMLSevereException("SAML Response not found, Only supported HTTP_POST Binding", 3);
        }
        SamlResponse createSamlResponse = this.samlMessageFactory.createSamlResponse(this.settings, makeHttpRequest);
        this.lastResponse = createSamlResponse.getSAMLResponseXml();
        if (createSamlResponse.isValid(str)) {
            this.nameid = createSamlResponse.getNameId();
            this.nameidFormat = createSamlResponse.getNameIdFormat();
            this.nameidNameQualifier = createSamlResponse.getNameIdNameQualifier();
            this.nameidSPNameQualifier = createSamlResponse.getNameIdSPNameQualifier();
            this.authenticated = true;
            this.attributes = createSamlResponse.getAttributes();
            this.sessionIndex = createSamlResponse.getSessionIndex();
            this.sessionExpiration = createSamlResponse.getSessionNotOnOrAfter();
            this.lastMessageId = createSamlResponse.getId();
            this.lastMessageIssueInstant = createSamlResponse.getResponseIssueInstant();
            this.lastAssertionId = createSamlResponse.getAssertionId();
            this.lastAssertionNotOnOrAfter = createSamlResponse.getAssertionNotOnOrAfter();
            LOGGER.debug("processResponse success --> " + parameter);
            return;
        }
        this.errorReason = createSamlResponse.getError();
        this.validationException = createSamlResponse.getValidationException();
        SamlResponseStatus responseStatus = createSamlResponse.getResponseStatus();
        if (responseStatus.getStatusCode() != null && "urn:oasis:names:tc:SAML:2.0:status:Success".equals(responseStatus.getStatusCode())) {
            this.errors.add("invalid_response");
            LOGGER.warn("processResponse error. invalid_response");
            LOGGER.debug(" --> {}", parameter);
            return;
        }
        this.errors.add("response_not_success");
        LOGGER.warn("processResponse error. sso_not_success");
        LOGGER.debug(" --> {}", parameter);
        this.errors.add(responseStatus.getStatusCode());
        if (responseStatus.getSubStatusCode() != null) {
            this.errors.add(responseStatus.getSubStatusCode());
        }
    }

    public void processResponse() {
        processResponse(null);
    }

    public String processSLO(Boolean bool, String str, Boolean bool2) {
        HttpRequest makeHttpRequest = ServletUtils.makeHttpRequest(this.request);
        String parameter = makeHttpRequest.getParameter("SAMLRequest");
        String parameter2 = makeHttpRequest.getParameter("SAMLResponse");
        if (parameter2 != null) {
            LogoutResponse createIncomingLogoutResponse = this.samlMessageFactory.createIncomingLogoutResponse(this.settings, makeHttpRequest);
            this.lastResponse = createIncomingLogoutResponse.getLogoutResponseXml();
            if (!createIncomingLogoutResponse.isValid(str)) {
                this.errors.add("invalid_logout_response");
                LOGGER.warn("processSLO error. invalid_logout_response");
                LOGGER.debug(" --> {}", parameter2);
                this.errorReason = createIncomingLogoutResponse.getError();
                this.validationException = createIncomingLogoutResponse.getValidationException();
                return null;
            }
            SamlResponseStatus samlResponseStatus = createIncomingLogoutResponse.getSamlResponseStatus();
            String statusCode = samlResponseStatus.getStatusCode();
            if (statusCode != null && "urn:oasis:names:tc:SAML:2.0:status:Success".equals(statusCode)) {
                this.lastMessageId = createIncomingLogoutResponse.getId();
                this.lastMessageIssueInstant = createIncomingLogoutResponse.getIssueInstant();
                LOGGER.debug("processSLO success --> " + parameter2);
                if (bool.booleanValue()) {
                    return null;
                }
                this.request.getSession().invalidate();
                return null;
            }
            this.errors.add("logout_not_success");
            LOGGER.warn("processSLO error. logout_not_success");
            LOGGER.debug(" --> {}", parameter2);
            this.errors.add(samlResponseStatus.getStatusCode());
            if (samlResponseStatus.getSubStatusCode() == null) {
                return null;
            }
            this.errors.add(samlResponseStatus.getSubStatusCode());
            return null;
        }
        if (parameter == null) {
            this.errors.add("invalid_binding");
            throw new SAMLSevereException("SAML LogoutRequest/LogoutResponse not found. Only supported HTTP_REDIRECT Binding", 4);
        }
        LogoutRequest createIncomingLogoutRequest = this.samlMessageFactory.createIncomingLogoutRequest(this.settings, makeHttpRequest);
        this.lastRequest = createIncomingLogoutRequest.getLogoutRequestXml();
        if (!createIncomingLogoutRequest.isValid()) {
            this.errors.add("invalid_logout_request");
            LOGGER.warn("processSLO error. invalid_logout_request");
            LOGGER.debug(" --> {}", parameter);
            this.errorReason = createIncomingLogoutRequest.getError();
            this.validationException = createIncomingLogoutRequest.getValidationException();
            return null;
        }
        this.lastMessageId = createIncomingLogoutRequest.getId();
        this.lastMessageIssueInstant = createIncomingLogoutRequest.getIssueInstant();
        LOGGER.debug("processSLO success --> " + parameter);
        if (!bool.booleanValue()) {
            this.request.getSession().invalidate();
        }
        LogoutResponse createOutgoingLogoutResponse = this.samlMessageFactory.createOutgoingLogoutResponse(this.settings, new LogoutResponseParams(createIncomingLogoutRequest.id, "urn:oasis:names:tc:SAML:2.0:status:Success"));
        this.lastResponse = createOutgoingLogoutResponse.getLogoutResponseXml();
        String encodedLogoutResponse = createOutgoingLogoutResponse.getEncodedLogoutResponse();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("SAMLResponse", encodedLogoutResponse);
        String parameter3 = this.request.getParameter("RelayState");
        if (parameter3 != null) {
            linkedHashMap.put("RelayState", parameter3);
        }
        if (this.settings.getLogoutResponseSigned()) {
            String signatureAlgorithm = this.settings.getSignatureAlgorithm();
            String buildResponseSignature = buildResponseSignature(encodedLogoutResponse, parameter3, signatureAlgorithm);
            linkedHashMap.put("SigAlg", signatureAlgorithm);
            linkedHashMap.put("Signature", buildResponseSignature);
        }
        String sLOResponseUrl = getSLOResponseUrl();
        if (!bool2.booleanValue()) {
            LOGGER.debug("Logout response sent to {} --> {}", sLOResponseUrl, encodedLogoutResponse);
        }
        return ServletUtils.sendRedirect(this.response, sLOResponseUrl, linkedHashMap, bool2);
    }

    public void processSLO(Boolean bool, String str) {
        processSLO(bool, str, false);
    }

    public void processSLO() {
        processSLO(false, null);
    }

    public final boolean isAuthenticated() {
        return this.authenticated;
    }

    public final List<String> getAttributesName() {
        return new ArrayList(this.attributes.keySet());
    }

    public final Map<String, List<String>> getAttributes() {
        return this.attributes;
    }

    public final Collection<String> getAttribute(String str) {
        return this.attributes.get(str);
    }

    public final String getNameId() {
        return this.nameid;
    }

    public final String getNameIdFormat() {
        return this.nameidFormat;
    }

    public final String getNameIdNameQualifier() {
        return this.nameidNameQualifier;
    }

    public final String getNameIdSPNameQualifier() {
        return this.nameidSPNameQualifier;
    }

    public final String getSessionIndex() {
        return this.sessionIndex;
    }

    public final Instant getSessionExpiration() {
        return this.sessionExpiration;
    }

    public String getLastMessageId() {
        return this.lastMessageId;
    }

    public Calendar getLastMessageIssueInstant() {
        return this.lastMessageIssueInstant;
    }

    public String getLastAssertionId() {
        return this.lastAssertionId;
    }

    public List<Instant> getLastAssertionNotOnOrAfter() {
        return this.lastAssertionNotOnOrAfter;
    }

    public List<String> getErrors() {
        return this.errors;
    }

    public String getLastErrorReason() {
        return this.errorReason;
    }

    public Exception getLastValidationException() {
        return this.validationException;
    }

    public String getLastRequestId() {
        return this.lastRequestId;
    }

    public Calendar getLastRequestIssueInstant() {
        return this.lastRequestIssueInstant;
    }

    public Saml2Settings getSettings() {
        return this.settings;
    }

    public Boolean isDebugActive() {
        return Boolean.valueOf(this.settings.isDebugActive());
    }

    public String buildRequestSignature(String str, String str2, String str3) {
        return buildSignature(str, str2, str3, "SAMLRequest");
    }

    public String buildResponseSignature(String str, String str2, String str3) {
        return buildSignature(str, str2, str3, "SAMLResponse");
    }

    private String buildSignature(String str, String str2, String str3, String str4) {
        String str5 = "";
        if (!this.settings.checkSPCerts()) {
            String str6 = "Trying to sign the " + str4 + " but can't load the SP private key";
            LOGGER.warn("buildSignature error. {}", str6);
            throw new SettingsException(str6, 4);
        }
        PrivateKey sPkey = this.settings.getSPkey();
        StringBuilder append = new StringBuilder().append(str4).append("=").append(Util.urlEncoder(str));
        if (StringUtils.isNotEmpty(str2)) {
            append.append("&RelayState=").append(Util.urlEncoder(str2));
        }
        if (StringUtils.isEmpty(str3)) {
            str3 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
        }
        append.append("&SigAlg=").append(Util.urlEncoder(str3));
        try {
            str5 = Util.base64encoder(Util.sign(append.toString(), sPkey, str3));
        } catch (InvalidKeyRuntimeException | NoSuchAlgorithmRuntimeException | SAMLSignatureException e) {
            LOGGER.warn("buildSignature error." + e.getMessage(), e);
        }
        if (!str5.isEmpty()) {
            LOGGER.debug("buildResponseSignature success. --> {}", str5);
            return str5;
        }
        String str7 = "There was a problem when calculating the Signature of the " + str4;
        LOGGER.warn("buildSignature error. {}", str7);
        throw new IllegalArgumentException(str7);
    }

    public String getLastRequestXML() {
        return this.lastRequest;
    }

    public String getLastResponseXML() {
        return this.lastResponse;
    }

    public void setSamlMessageFactory(SamlMessageFactory samlMessageFactory) {
        this.samlMessageFactory = samlMessageFactory != null ? samlMessageFactory : DEFAULT_SAML_MESSAGE_FACTORY;
    }
}
