package com.liferay.saml.opensaml.integration.internal.profile;

import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.CookieKeys;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.Portal;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.saml.opensaml.integration.SamlBinding;
import com.liferay.saml.opensaml.integration.internal.transport.ProxyPathRequestWrapper;
import com.liferay.saml.opensaml.integration.internal.util.OpenSamlUtil;
import com.liferay.saml.opensaml.integration.metadata.MetadataManager;
import com.liferay.saml.persistence.model.SamlSpSession;
import com.liferay.saml.persistence.service.SamlSpSessionLocalService;
import com.liferay.saml.runtime.SamlException;
import com.liferay.saml.runtime.configuration.SamlProviderConfigurationHelper;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.xpath.compiler.PsuedoNames;
import org.opensaml.common.IdentifierGenerator;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.io.MarshallingException;

/* loaded from: input_file:com/liferay/saml/opensaml/integration/internal/profile/BaseProfile.class */
public abstract class BaseProfile {
    protected MetadataManager metadataManager;
    protected Portal portal;
    protected SamlProviderConfigurationHelper samlProviderConfigurationHelper;
    protected SamlSpSessionLocalService samlSpSessionLocalService;
    private static final Log _log = LogFactoryUtil.getLog(BaseProfile.class);
    private IdentifierGenerator _identifierGenerator;
    private List<SamlBinding> _samlBindings = new ArrayList();

    /* JADX WARN: Type inference failed for: r0v31, types: [org.opensaml.common.SAMLObject, org.opensaml.xml.XMLObject] */
    public SAMLMessageContext<?, ?, ?> decodeSamlMessage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SamlBinding samlBinding, boolean z) throws Exception {
        SAMLMessageContext<?, ?, ?> samlMessageContext = getSamlMessageContext(httpServletRequest, httpServletResponse);
        samlMessageContext.setCommunicationProfileId(samlBinding.getCommunicationProfileId());
        samlMessageContext.setSecurityPolicyResolver(this.metadataManager.getSecurityPolicyResolver(samlMessageContext.getCommunicationProfileId(), z));
        samlBinding.getMessageDecoder().decode(samlMessageContext);
        if (_log.isDebugEnabled()) {
            _log.debug("Received message using binding " + samlMessageContext.getCommunicationProfileId() + " " + OpenSamlUtil.marshall(samlMessageContext.getInboundSAMLMessage()));
        }
        EntityDescriptor peerEntityMetadata = samlMessageContext.getPeerEntityMetadata();
        if (peerEntityMetadata == null) {
            throw new SamlException("Unable to resolve metadata for issuer " + samlMessageContext.getInboundMessageIssuer());
        }
        samlMessageContext.setPeerEntityId(peerEntityMetadata.getEntityID());
        SPSSODescriptor sPSSODescriptor = null;
        if (this.samlProviderConfigurationHelper.isRoleIdp()) {
            sPSSODescriptor = peerEntityMetadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
        } else if (this.samlProviderConfigurationHelper.isRoleSp()) {
            sPSSODescriptor = peerEntityMetadata.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
        }
        samlMessageContext.setPeerEntityRoleMetadata(sPSSODescriptor);
        return samlMessageContext;
    }

    public String generateIdentifier(int i) {
        return this._identifierGenerator.generateIdentifier(i);
    }

    public IdentifierGenerator getIdentifierGenerator() {
        return this._identifierGenerator;
    }

    public SamlBinding getSamlBinding(String str) throws PortalException {
        for (SamlBinding samlBinding : this._samlBindings) {
            if (str.equals(samlBinding.getCommunicationProfileId())) {
                return samlBinding;
            }
        }
        throw new SamlException("Unsupported binding " + str);
    }

    public SAMLMessageContext<?, ?, ?> getSamlMessageContext(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        BasicSAMLMessageContext basicSAMLMessageContext = new BasicSAMLMessageContext();
        basicSAMLMessageContext.setInboundMessageTransport(new HttpServletRequestAdapter(new ProxyPathRequestWrapper(httpServletRequest)));
        basicSAMLMessageContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
        IDPSSODescriptor iDPSSODescriptor = null;
        EntityDescriptor entityDescriptor = this.metadataManager.getEntityDescriptor(httpServletRequest);
        basicSAMLMessageContext.setLocalEntityMetadata(entityDescriptor);
        if (this.samlProviderConfigurationHelper.isRoleIdp()) {
            iDPSSODescriptor = entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
        } else if (this.samlProviderConfigurationHelper.isRoleSp()) {
            iDPSSODescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
        }
        basicSAMLMessageContext.setLocalEntityId(entityDescriptor.getEntityID());
        if (this.samlProviderConfigurationHelper.isRoleIdp()) {
            basicSAMLMessageContext.setLocalEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
        } else if (this.samlProviderConfigurationHelper.isRoleSp()) {
            basicSAMLMessageContext.setLocalEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        }
        basicSAMLMessageContext.setLocalEntityRoleMetadata(iDPSSODescriptor);
        basicSAMLMessageContext.setMetadataProvider(this.metadataManager.getMetadataProvider());
        basicSAMLMessageContext.setOutboundMessageTransport(new HttpServletResponseAdapter(httpServletResponse, httpServletRequest.isSecure()));
        if (this.samlProviderConfigurationHelper.isRoleIdp()) {
            basicSAMLMessageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        } else if (this.samlProviderConfigurationHelper.isRoleSp()) {
            basicSAMLMessageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
        }
        return basicSAMLMessageContext;
    }

    public SAMLMessageContext<?, ?, ?> getSamlMessageContext(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws Exception {
        SAMLMessageContext<?, ?, ?> samlMessageContext = getSamlMessageContext(httpServletRequest, httpServletResponse);
        samlMessageContext.setPeerEntityId(str);
        EntityDescriptor entityDescriptor = samlMessageContext.getMetadataProvider().getEntityDescriptor(str);
        if (entityDescriptor == null) {
            throw new SamlException("Unknown peer entity ID " + str);
        }
        samlMessageContext.setPeerEntityMetadata(entityDescriptor);
        SPSSODescriptor sPSSODescriptor = null;
        if (this.samlProviderConfigurationHelper.isRoleIdp()) {
            sPSSODescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
        } else if (this.samlProviderConfigurationHelper.isRoleSp()) {
            sPSSODescriptor = entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
        }
        samlMessageContext.setPeerEntityRoleMetadata(sPSSODescriptor);
        return samlMessageContext;
    }

    public SamlSpSession getSamlSpSession(HttpServletRequest httpServletRequest) {
        SamlSpSession fetchSamlSpSessionBySamlSpSessionKey;
        String samlSpSessionKey = getSamlSpSessionKey(httpServletRequest);
        return (!Validator.isNotNull(samlSpSessionKey) || (fetchSamlSpSessionBySamlSpSessionKey = this.samlSpSessionLocalService.fetchSamlSpSessionBySamlSpSessionKey(samlSpSessionKey)) == null) ? this.samlSpSessionLocalService.fetchSamlSpSessionByJSessionId(httpServletRequest.getSession().getId()) : fetchSamlSpSessionBySamlSpSessionKey;
    }

    public String getSamlSpSessionKey(HttpServletRequest httpServletRequest) {
        String str = (String) httpServletRequest.getSession().getAttribute("SAML_SP_SESSION_KEY");
        if (Validator.isNull(str)) {
            str = CookieKeys.getCookie(httpServletRequest, "SAML_SP_SESSION_KEY");
        }
        return str;
    }

    public String getSamlSsoSessionId(HttpServletRequest httpServletRequest) {
        return CookieKeys.getCookie(httpServletRequest, "SAML_SSO_SESSION_ID");
    }

    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String domain = CookieKeys.getDomain(httpServletRequest);
        Cookie cookie = new Cookie("COMPANY_ID", "");
        if (Validator.isNotNull(domain)) {
            cookie.setDomain(domain);
        }
        cookie.setMaxAge(0);
        cookie.setPath(PsuedoNames.PSEUDONAME_ROOT);
        Cookie cookie2 = new Cookie("ID", "");
        if (Validator.isNotNull(domain)) {
            cookie2.setDomain(domain);
        }
        cookie2.setMaxAge(0);
        cookie2.setPath(PsuedoNames.PSEUDONAME_ROOT);
        Cookie cookie3 = new Cookie("PASSWORD", "");
        if (Validator.isNotNull(domain)) {
            cookie3.setDomain(domain);
        }
        cookie3.setMaxAge(0);
        cookie3.setPath(PsuedoNames.PSEUDONAME_ROOT);
        if (!GetterUtil.getBoolean(CookieKeys.getCookie(httpServletRequest, "REMEMBER_ME"))) {
            Cookie cookie4 = new Cookie("LOGIN", "");
            if (Validator.isNotNull(domain)) {
                cookie4.setDomain(domain);
            }
            cookie4.setMaxAge(0);
            cookie4.setPath(PsuedoNames.PSEUDONAME_ROOT);
            CookieKeys.addCookie(httpServletRequest, httpServletResponse, cookie4);
        }
        Cookie cookie5 = new Cookie("REMEMBER_ME", "");
        if (Validator.isNotNull(domain)) {
            cookie5.setDomain(domain);
        }
        cookie5.setMaxAge(0);
        cookie5.setPath(PsuedoNames.PSEUDONAME_ROOT);
        CookieKeys.addCookie(httpServletRequest, httpServletResponse, cookie);
        CookieKeys.addCookie(httpServletRequest, httpServletResponse, cookie2);
        CookieKeys.addCookie(httpServletRequest, httpServletResponse, cookie3);
        CookieKeys.addCookie(httpServletRequest, httpServletResponse, cookie5);
        try {
            httpServletRequest.getSession().invalidate();
        } catch (Exception e) {
        }
    }

    /* JADX WARN: Type inference failed for: r0v7, types: [org.opensaml.common.SAMLObject, org.opensaml.xml.XMLObject] */
    public void sendSamlMessage(SAMLMessageContext<?, ?, ?> sAMLMessageContext) throws PortalException {
        Endpoint peerEntityEndpoint = sAMLMessageContext.getPeerEntityEndpoint();
        SamlBinding samlBinding = getSamlBinding(peerEntityEndpoint.getBinding());
        if (_log.isDebugEnabled()) {
            try {
                _log.debug("Sending SAML message " + OpenSamlUtil.marshall(sAMLMessageContext.getOutboundSAMLMessage()) + " to " + peerEntityEndpoint.getLocation() + " with binding " + peerEntityEndpoint.getBinding());
            } catch (MarshallingException e) {
            }
        }
        try {
            samlBinding.getMessageEncoder().encode(sAMLMessageContext);
        } catch (MessageEncodingException e2) {
            throw new SamlException("Unable to send SAML message to " + peerEntityEndpoint.getLocation() + " with binding " + peerEntityEndpoint.getBinding(), e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, int i) {
        Cookie cookie = new Cookie(str, str2);
        cookie.setMaxAge(i);
        if (Validator.isNull(this.portal.getPathContext())) {
            cookie.setPath(PsuedoNames.PSEUDONAME_ROOT);
        } else {
            cookie.setPath(this.portal.getPathContext());
        }
        cookie.setSecure(httpServletRequest.isSecure());
        httpServletResponse.addCookie(cookie);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addSamlBinding(SamlBinding samlBinding) {
        this._samlBindings.add(samlBinding);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeSamlBinding(SamlBinding samlBinding) {
        this._samlBindings.remove(samlBinding);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setIdentifierGenerator(IdentifierGenerator identifierGenerator) {
        this._identifierGenerator = identifierGenerator;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setMetadataManager(MetadataManager metadataManager) {
        this.metadataManager = metadataManager;
    }

    protected void setSamlBindings(List<SamlBinding> list) {
        this._samlBindings = list;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setSamlProviderConfigurationHelper(SamlProviderConfigurationHelper samlProviderConfigurationHelper) {
        this.samlProviderConfigurationHelper = samlProviderConfigurationHelper;
    }

    protected void unsetSamlBinding(SamlBinding samlBinding) {
        removeSamlBinding(samlBinding);
    }
}
