package org.pac4j.saml.credentials.extractor;

import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.messaging.decoder.MessageDecoder;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.messaging.context.SAMLBindingContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.StatusResponseType;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.context.WebContextHelper;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.credentials.extractor.CredentialsExtractor;
import org.pac4j.core.logout.LogoutType;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.config.SAML2Configuration;
import org.pac4j.saml.context.SAML2MessageContext;
import org.pac4j.saml.context.SAMLContextProvider;
import org.pac4j.saml.credentials.SAML2Credentials;
import org.pac4j.saml.exceptions.SAMLException;
import org.pac4j.saml.metadata.SAML2MetadataResolver;
import org.pac4j.saml.sso.artifact.SAML2ArtifactBindingDecoder;
import org.pac4j.saml.sso.artifact.SOAPPipelineProvider;
import org.pac4j.saml.transport.AbstractPac4jDecoder;
import org.pac4j.saml.transport.Pac4jHTTPPostDecoder;
import org.pac4j.saml.transport.Pac4jHTTPRedirectDeflateDecoder;
import org.pac4j.saml.util.Configuration;

/* loaded from: input_file:org/pac4j/saml/credentials/extractor/SAML2CredentialsExtractor.class */
public class SAML2CredentialsExtractor implements CredentialsExtractor {
    private final SAMLContextProvider contextProvider;
    private final SAML2Client saml2Client;
    private final SAML2Configuration saml2Configuration;
    private final SAML2MetadataResolver idpMetadataResolver;
    private final SAML2MetadataResolver spMetadataResolver;
    private final SOAPPipelineProvider soapPipelineProvider;

    public SAML2CredentialsExtractor(SAML2Client sAML2Client, SAML2MetadataResolver sAML2MetadataResolver, SAML2MetadataResolver sAML2MetadataResolver2, SOAPPipelineProvider sOAPPipelineProvider) {
        this.saml2Client = sAML2Client;
        this.saml2Configuration = sAML2Client.getConfiguration();
        this.contextProvider = sAML2Client.getContextProvider();
        this.idpMetadataResolver = sAML2MetadataResolver;
        this.spMetadataResolver = sAML2MetadataResolver2;
        this.soapPipelineProvider = sOAPPipelineProvider;
    }

    public Optional<Credentials> extract(CallContext callContext) {
        SAML2MessageContext buildContext = this.contextProvider.buildContext(callContext, this.saml2Client);
        buildContext.setSaml2Configuration(this.saml2Configuration);
        buildContext.getSAMLPeerEntityContext().setRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
        buildContext.getSAMLSelfProtocolContext().setProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
        SAML2MessageContext prepareDecodedContext = prepareDecodedContext(buildContext, getDecoder(callContext));
        Object message = prepareDecodedContext.getMessageContext().getMessage();
        if (!(message instanceof Response)) {
            prepareDecodedContext.getProfileRequestContext().setProfileId("urn:oasis:names:tc:SAML:2.0:profiles:SSO:logout");
            return Optional.of(new SAML2Credentials(StringUtils.equals(prepareDecodedContext.getSAMLBindingContext().getBindingUri(), "urn:oasis:names:tc:SAML:2.0:bindings:SOAP") ? LogoutType.BACK : LogoutType.FRONT, prepareDecodedContext));
        }
        prepareDecodedContext.getSAMLEndpointContext().setEndpoint(prepareDecodedContext.getSPAssertionConsumerService((StatusResponseType) message));
        prepareDecodedContext.getProfileRequestContext().setProfileId("urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser");
        return Optional.of(new SAML2Credentials(prepareDecodedContext));
    }

    protected AbstractPac4jDecoder getDecoder(CallContext callContext) {
        AbstractPac4jDecoder pac4jHTTPRedirectDeflateDecoder;
        if (callContext.webContext().getRequestParameter("SAMLart").isPresent()) {
            pac4jHTTPRedirectDeflateDecoder = new SAML2ArtifactBindingDecoder(callContext, this.idpMetadataResolver, this.spMetadataResolver, this.soapPipelineProvider);
            try {
                pac4jHTTPRedirectDeflateDecoder.setParserPool(Configuration.getParserPool());
                pac4jHTTPRedirectDeflateDecoder.initialize();
                pac4jHTTPRedirectDeflateDecoder.decode();
            } catch (Exception e) {
                throw new SAMLException("Error decoding Artifact SAML message", e);
            }
        } else if (WebContextHelper.isPost(callContext.webContext())) {
            pac4jHTTPRedirectDeflateDecoder = new Pac4jHTTPPostDecoder(callContext);
            try {
                pac4jHTTPRedirectDeflateDecoder.setParserPool(Configuration.getParserPool());
                pac4jHTTPRedirectDeflateDecoder.initialize();
                pac4jHTTPRedirectDeflateDecoder.decode();
            } catch (Exception e2) {
                throw new SAMLException("Error decoding POST SAML message", e2);
            }
        } else {
            if (!WebContextHelper.isGet(callContext.webContext())) {
                throw new SAMLException("Unsupported binding");
            }
            pac4jHTTPRedirectDeflateDecoder = new Pac4jHTTPRedirectDeflateDecoder(callContext);
            try {
                pac4jHTTPRedirectDeflateDecoder.setParserPool(Configuration.getParserPool());
                pac4jHTTPRedirectDeflateDecoder.initialize();
                pac4jHTTPRedirectDeflateDecoder.decode();
            } catch (Exception e3) {
                throw new SAMLException("Error decoding HTTP-Redirect SAML message", e3);
            }
        }
        return pac4jHTTPRedirectDeflateDecoder;
    }

    protected SAML2MessageContext prepareDecodedContext(SAML2MessageContext sAML2MessageContext, AbstractPac4jDecoder abstractPac4jDecoder) {
        SAML2MessageContext sAML2MessageContext2 = new SAML2MessageContext(abstractPac4jDecoder.getCallContext());
        sAML2MessageContext2.setSaml2Configuration(this.saml2Configuration);
        sAML2MessageContext2.setMessageContext(abstractPac4jDecoder.getMessageContext());
        SAMLObject sAMLObject = (SAMLObject) abstractPac4jDecoder.getMessageContext().getMessage();
        if (sAMLObject == null) {
            throw new SAMLException("Response from the context cannot be null");
        }
        sAML2MessageContext2.getMessageContext().setMessage(sAMLObject);
        sAML2MessageContext.getMessageContext().setMessage(sAMLObject);
        sAML2MessageContext2.setSamlMessageStore(sAML2MessageContext.getSamlMessageStore());
        SAMLBindingContext prepareBindingContext = prepareBindingContext(sAML2MessageContext, abstractPac4jDecoder, sAML2MessageContext2);
        EntityDescriptor entityDescriptor = sAML2MessageContext.getSAMLPeerMetadataContext().getEntityDescriptor();
        if (entityDescriptor == null) {
            throw new SAMLException("IDP Metadata cannot be null");
        }
        preparePeerEntityContext(abstractPac4jDecoder, sAML2MessageContext2, prepareBindingContext, entityDescriptor);
        prepareSelfEntityContext(sAML2MessageContext, sAML2MessageContext2);
        sAML2MessageContext2.getSAMLSelfMetadataContext().setRoleDescriptor(sAML2MessageContext.getSPSSODescriptor());
        return sAML2MessageContext2;
    }

    protected void prepareSelfEntityContext(SAML2MessageContext sAML2MessageContext, SAML2MessageContext sAML2MessageContext2) {
        sAML2MessageContext2.getSAMLSelfEntityContext().setEntityId(sAML2MessageContext.getSAMLSelfEntityContext().getEntityId());
        sAML2MessageContext2.getSAMLSelfEndpointContext().setEndpoint(sAML2MessageContext.getSAMLSelfEndpointContext().getEndpoint());
        sAML2MessageContext2.getSAMLSelfEntityContext().setRole(sAML2MessageContext.getSAMLSelfEntityContext().getRole());
    }

    protected void preparePeerEntityContext(MessageDecoder messageDecoder, SAML2MessageContext sAML2MessageContext, SAMLBindingContext sAMLBindingContext, EntityDescriptor entityDescriptor) {
        SAMLPeerEntityContext subcontext = messageDecoder.getMessageContext().getSubcontext(SAMLPeerEntityContext.class);
        CommonHelper.assertNotNull("SAMLPeerEntityContext", sAMLBindingContext);
        sAML2MessageContext.getSAMLPeerEntityContext().setEntityId(entityDescriptor.getEntityID());
        sAML2MessageContext.getSAMLPeerEntityContext().setAuthenticated(subcontext != null && subcontext.isAuthenticated());
    }

    protected SAMLBindingContext prepareBindingContext(SAML2MessageContext sAML2MessageContext, MessageDecoder messageDecoder, SAML2MessageContext sAML2MessageContext2) {
        SAMLBindingContext subcontext = messageDecoder.getMessageContext().getSubcontext(SAMLBindingContext.class);
        CommonHelper.assertNotNull("SAMLBindingContext", subcontext);
        sAML2MessageContext2.getSAMLBindingContext().setBindingDescriptor(subcontext.getBindingDescriptor());
        sAML2MessageContext2.getSAMLBindingContext().setBindingUri(subcontext.getBindingUri());
        sAML2MessageContext2.getSAMLBindingContext().setHasBindingSignature(subcontext.hasBindingSignature());
        sAML2MessageContext2.getSAMLBindingContext().setIntendedDestinationEndpointURIRequired(subcontext.isIntendedDestinationEndpointURIRequired());
        String relayState = subcontext.getRelayState();
        sAML2MessageContext2.getSAMLBindingContext().setRelayState(relayState);
        sAML2MessageContext.getSAMLBindingContext().setRelayState(relayState);
        return subcontext;
    }
}
