package com.appiancorp.security.auth.saml;

import com.appiancorp.security.auth.AuthenticationDetails;
import com.appiancorp.security.auth.EmbeddedLogoutHelper;
import com.appiancorp.security.auth.LoginEntryPoint;
import com.appiancorp.suite.cfg.SamlConfiguration;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.apache.log4j.Logger;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.messaging.decoder.MessageDecodingException;
import org.opensaml.messaging.encoder.MessageEncodingException;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.LogoutResponse;
import org.opensaml.saml.saml2.core.NameIDType;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.metadata.Endpoint;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.xmlsec.encryption.support.DecryptionException;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationServiceException;

/* loaded from: input_file:com/appiancorp/security/auth/saml/IdentityProviderManager.class */
public class IdentityProviderManager {
    private static final Logger LOG = Logger.getLogger(IdentityProviderManager.class);
    static final String PARAMETER_SAML_RESPONSE = "SAMLResponse";
    static final String REQUEST_PARAMETER_MAP_SESSION_KEY = "requestParameterMap";
    public static final String MOBILE_AUTH_POPUP_HEADER_KEY = "X-Appian-Mobile-Auth-Popup";
    private SamlMessageRetrieverAdapter samlMessageRetrieverAdapter;
    private SamlMessageSenderAdapter samlMessageSenderAdapter;
    private SamlRequestGenerator samlRequestGenerator;
    private SamlResponseGenerator samlResponseGenerator;
    private SamlConfiguration samlConfiguration;
    private XMLObjectBuilderFactory xmlObjectBuilderFactory;

    public IdentityProviderManager(SamlMessageRetrieverAdapter samlMessageRetrieverAdapter, SamlMessageSenderAdapter samlMessageSenderAdapter, SamlRequestGenerator samlRequestGenerator, SamlResponseGenerator samlResponseGenerator, SamlConfiguration samlConfiguration, XMLObjectBuilderFactory xMLObjectBuilderFactory) {
        this.samlMessageRetrieverAdapter = samlMessageRetrieverAdapter;
        this.samlMessageSenderAdapter = samlMessageSenderAdapter;
        this.samlRequestGenerator = samlRequestGenerator;
        this.samlResponseGenerator = samlResponseGenerator;
        this.samlConfiguration = samlConfiguration;
        this.xmlObjectBuilderFactory = xMLObjectBuilderFactory;
    }

    public AuthnRequest generateAuthnRequest(boolean z) {
        return this.samlRequestGenerator.buildAuthnRequest(z);
    }

    public void sendSingleSignOnRequest(HttpServletResponse httpServletResponse, boolean z) throws ComponentInitializationException, MessageHandlerException, ResolverException, MessageEncodingException {
        sendSingleSignOnRequest(httpServletResponse, generateAuthnRequest(z));
    }

    public void sendSingleSignOnRequest(HttpServletResponse httpServletResponse, AuthnRequest authnRequest) throws MessageEncodingException, ResolverException, MessageHandlerException, ComponentInitializationException {
        sendSingleSignOnRequest(httpServletResponse, authnRequest, Optional.empty());
    }

    public void sendSingleSignOnRequest(HttpServletResponse httpServletResponse, AuthnRequest authnRequest, Optional<String> optional) throws MessageEncodingException, ResolverException, MessageHandlerException, ComponentInitializationException {
        LOG.debug("Sending login request to: " + authnRequest.getDestination());
        Endpoint buildSingleSignOnEndpoint = buildSingleSignOnEndpoint();
        if (this.samlConfiguration.isMobileAuthPopupEnabled()) {
            httpServletResponse.setHeader(MOBILE_AUTH_POPUP_HEADER_KEY, "true");
        }
        this.samlMessageSenderAdapter.sendSamlMessage(authnRequest, buildSingleSignOnEndpoint, httpServletResponse, this.samlConfiguration.getSpIdentity(), optional, EndpointType.SINGLE_SIGN_ON_SERVICE);
    }

    public void sendSingleLogoutRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Optional<String> optional, NameIDType nameIDType) throws MessageEncodingException, ResolverException, MessageHandlerException, ComponentInitializationException {
        LogoutRequest buildLogoutRequest = this.samlRequestGenerator.buildLogoutRequest(str, optional, nameIDType);
        LOG.debug("Sending logout request to " + buildLogoutRequest.getDestination());
        if (EmbeddedLogoutHelper.isEmbeddedLogoutRequest(httpServletRequest)) {
            saveEmbeddedLogoutRequestParameters(httpServletRequest, buildLogoutRequest);
        }
        sendSamlMessage(httpServletResponse, buildLogoutRequest);
    }

    public void sendSuccessfulLogoutResponse(HttpServletResponse httpServletResponse, LogoutRequest logoutRequest, String str) throws ComponentInitializationException, MessageHandlerException, ResolverException, MessageEncodingException {
        LOG.debug("Sending successful logout response to " + logoutRequest.getDestination());
        sendSamlMessage(httpServletResponse, this.samlResponseGenerator.buildSuccessfulLogoutResponse(logoutRequest.getID(), this.samlConfiguration.getIdpLogoutUrl()), Optional.ofNullable(str));
    }

    public void sendUnsuccessfulLogoutResponse(HttpServletResponse httpServletResponse, LogoutRequest logoutRequest, String str) throws ComponentInitializationException, MessageHandlerException, ResolverException, MessageEncodingException {
        LogoutResponse buildUnsuccessfulLogoutResponse = this.samlResponseGenerator.buildUnsuccessfulLogoutResponse(logoutRequest.getID(), this.samlConfiguration.getIdpLogoutUrl());
        LOG.debug("Sending unsuccessful logout response to " + logoutRequest.getDestination());
        sendSamlMessage(httpServletResponse, buildUnsuccessfulLogoutResponse, Optional.ofNullable(str));
    }

    private void sendSamlMessage(HttpServletResponse httpServletResponse, SignableSAMLObject signableSAMLObject) throws ComponentInitializationException, MessageHandlerException, ResolverException, MessageEncodingException {
        sendSamlMessage(httpServletResponse, signableSAMLObject, Optional.empty());
    }

    private void sendSamlMessage(HttpServletResponse httpServletResponse, SignableSAMLObject signableSAMLObject, Optional<String> optional) throws MessageEncodingException, ResolverException, MessageHandlerException, ComponentInitializationException {
        this.samlMessageSenderAdapter.sendSamlMessage(signableSAMLObject, buildSingleLogoutEndpoint(), httpServletResponse, this.samlConfiguration.getSpIdentity(), optional, EndpointType.SINGLE_LOG_OUT_SERVICE);
    }

    public SamlAuthToken createSamlAuthenticationToken(HttpServletRequest httpServletRequest, SamlMessageContextWrapper<Response> samlMessageContextWrapper) {
        SamlAuthToken samlAuthToken = new SamlAuthToken(samlMessageContextWrapper, getName(samlMessageContextWrapper), httpServletRequest);
        samlAuthToken.setDetails(new AuthenticationDetails(httpServletRequest, LoginEntryPoint.PORTAL));
        return samlAuthToken;
    }

    public SamlMessageContextWrapper extractMessageContext(HttpServletRequest httpServletRequest) throws ComponentInitializationException, MessageDecodingException, DecryptionException {
        return this.samlMessageRetrieverAdapter.populateAssertionListIfNeeded(extractRawMessageContext(httpServletRequest));
    }

    public SamlMessageContextWrapper extractRawMessageContext(HttpServletRequest httpServletRequest) throws ComponentInitializationException, MessageDecodingException {
        return this.samlMessageRetrieverAdapter.retrieveSamlMessage(httpServletRequest);
    }

    @VisibleForTesting
    String getName(SamlMessageContextWrapper<Response> samlMessageContextWrapper) {
        String usernameFromAssertion = this.samlConfiguration.getUsernameFromAssertion(samlMessageContextWrapper.getAssertionList().get(0));
        if (Strings.isNullOrEmpty(usernameFromAssertion)) {
            throw new AuthenticationServiceException("SAML Assertion contained no valid Username");
        }
        return usernameFromAssertion;
    }

    public String getSessionIndexFromSamlMessage(SamlMessageContextWrapper<Response> samlMessageContextWrapper) throws MessageDecodingException, SecurityException {
        return ((AuthnStatement) samlMessageContextWrapper.getAssertionList().get(0).getAuthnStatements().get(0)).getSessionIndex();
    }

    public boolean hasSamlAssertion(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getMethod().equalsIgnoreCase(HttpMethod.POST.toString()) && httpServletRequest.getParameter(PARAMETER_SAML_RESPONSE) != null;
    }

    private SingleSignOnService buildSingleSignOnEndpoint() {
        SingleSignOnService buildObject = this.xmlObjectBuilderFactory.getBuilder(SingleSignOnService.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setLocation(this.samlConfiguration.getIdpLoginUrl());
        return buildObject;
    }

    private SingleLogoutService buildSingleLogoutEndpoint() {
        SingleLogoutService buildObject = this.xmlObjectBuilderFactory.getBuilder(SingleLogoutService.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setLocation(this.samlConfiguration.getIdpLogoutUrl());
        buildObject.setBinding(this.samlConfiguration.getIdpEndpointService(EndpointType.SINGLE_LOG_OUT_SERVICE).getBinding());
        return buildObject;
    }

    private void saveEmbeddedLogoutRequestParameters(HttpServletRequest httpServletRequest, LogoutRequest logoutRequest) {
        Map map = (Map) httpServletRequest.getSession().getAttribute(REQUEST_PARAMETER_MAP_SESSION_KEY);
        if (map == null) {
            map = new HashMap();
        }
        map.put(logoutRequest.getID(), EmbeddedLogoutHelper.getReturnLinkServletPath(httpServletRequest));
        httpServletRequest.getSession().setAttribute(REQUEST_PARAMETER_MAP_SESSION_KEY, map);
    }

    @VisibleForTesting
    void setSamlMessageSenderAdapter(SamlMessageSenderAdapter samlMessageSenderAdapter) {
        this.samlMessageSenderAdapter = samlMessageSenderAdapter;
    }
}
