package com.appiancorp.security.auth.saml;

import com.appiancorp.common.monitoring.ProductMetricsAggregatedDataCollector;
import com.appiancorp.security.auth.saml.decrypter.SamlAssertionDecrypter;
import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.messaging.decoder.MessageDecodingException;
import org.opensaml.messaging.decoder.servlet.HttpServletRequestMessageDecoder;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.xmlsec.encryption.support.DecryptionException;

/* loaded from: input_file:com/appiancorp/security/auth/saml/SamlMessageRetrieverAdapter.class */
public class SamlMessageRetrieverAdapter {
    private static final String ASSERTION_METRIC_BASE_KEY = "saml.assertion.encryption";
    private final MessageDecoderResolver messageDecoderResolver;
    private final SamlAssertionDecrypter decrypter;

    public SamlMessageRetrieverAdapter(MessageDecoderResolver messageDecoderResolver, SamlAssertionDecrypter samlAssertionDecrypter) {
        this.messageDecoderResolver = (MessageDecoderResolver) Preconditions.checkNotNull(messageDecoderResolver);
        this.decrypter = (SamlAssertionDecrypter) Preconditions.checkNotNull(samlAssertionDecrypter);
    }

    public SamlMessageContextWrapper retrieveSamlMessage(HttpServletRequest httpServletRequest) throws MessageDecodingException, ComponentInitializationException {
        HttpServletRequestMessageDecoder resolve = this.messageDecoderResolver.resolve(httpServletRequest);
        try {
            resolve.setHttpServletRequest(httpServletRequest);
            resolve.initialize();
            resolve.decode();
            SamlMessageContextWrapper samlMessageContextWrapper = new SamlMessageContextWrapper(resolve.getMessageContext());
            resolve.destroy();
            return samlMessageContextWrapper;
        } catch (Throwable th) {
            resolve.destroy();
            throw th;
        }
    }

    public SamlMessageContextWrapper populateAssertionListIfNeeded(SamlMessageContextWrapper samlMessageContextWrapper) throws DecryptionException {
        Object message = samlMessageContextWrapper.getMessage();
        if (message instanceof Response) {
            Response response = (Response) message;
            recordAssertionMetrics(response);
            List<Assertion> assertions = hasNoEncryptedAssertion(response) ? response.getAssertions() : this.decrypter.decryptAssertions(response);
            samlMessageContextWrapper.setAssertionList(assertions != null ? assertions : Lists.newArrayList());
        }
        return samlMessageContextWrapper;
    }

    private boolean hasNoEncryptedAssertion(Response response) {
        return response.getEncryptedAssertions() == null || response.getEncryptedAssertions().isEmpty();
    }

    private void recordAssertionMetrics(Response response) {
        int size = response.getAssertions() != null ? response.getAssertions().size() : 0;
        int size2 = response.getEncryptedAssertions() != null ? response.getEncryptedAssertions().size() : 0;
        if (size > 0) {
            ProductMetricsAggregatedDataCollector.recordData("saml.assertion.encryption.isUnencrypted", size);
        } else if (size2 > 0) {
            ProductMetricsAggregatedDataCollector.recordData("saml.assertion.encryption.isEncrypted", size2);
            Iterator it = response.getEncryptedAssertions().iterator();
            while (it.hasNext()) {
                ProductMetricsAggregatedDataCollector.recordData("saml.assertion.encryption.algorithm." + ((EncryptedAssertion) it.next()).getEncryptedData().getEncryptionMethod().getAlgorithm(), 1L);
            }
        }
    }
}
