package com.liferay.saml.opensaml.integration.internal.servlet.profile;

import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.CookieKeys;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.Portal;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.saml.constants.SamlWebKeys;
import com.liferay.saml.opensaml.integration.SamlBinding;
import com.liferay.saml.opensaml.integration.internal.util.OpenSamlUtil;
import com.liferay.saml.opensaml.integration.metadata.MetadataManager;
import com.liferay.saml.persistence.model.SamlSpSession;
import com.liferay.saml.persistence.service.SamlSpSessionLocalService;
import com.liferay.saml.runtime.SamlException;
import com.liferay.saml.runtime.configuration.SamlProviderConfigurationHelper;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.messaging.context.InOutOperationContext;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.decoder.servlet.HttpServletRequestMessageDecoder;
import org.opensaml.messaging.encoder.servlet.HttpServletResponseMessageEncoder;
import org.opensaml.messaging.handler.MessageHandler;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.binding.security.impl.SAMLOutboundProtocolMessageSigningHandler;
import org.opensaml.saml.common.messaging.context.SAMLBindingContext;
import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
import org.opensaml.saml.common.messaging.context.SAMLMetadataContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.common.messaging.context.SAMLProtocolContext;
import org.opensaml.saml.common.messaging.context.SAMLSelfEntityContext;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.metadata.Endpoint;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.xmlsec.SignatureValidationConfiguration;
import org.opensaml.xmlsec.SignatureValidationParameters;
import org.opensaml.xmlsec.context.SecurityParametersContext;
import org.opensaml.xmlsec.criterion.SignatureValidationConfigurationCriterion;
import org.opensaml.xmlsec.impl.BasicSignatureValidationParametersResolver;

/* loaded from: input_file:com/liferay/saml/opensaml/integration/internal/servlet/profile/BaseProfile.class */
public abstract class BaseProfile {
    protected MetadataManager metadataManager;
    protected Portal portal;
    protected SamlProviderConfigurationHelper samlProviderConfigurationHelper;
    protected SamlSpSessionLocalService samlSpSessionLocalService;
    private static final Log _log = LogFactoryUtil.getLog((Class<?>) BaseProfile.class);
    private IdentifierGenerationStrategyFactory _identifierGenerationStrategyFactory;
    private List<SamlBinding> _samlBindings = new ArrayList();

    /* JADX WARN: Multi-variable type inference failed */
    public MessageContext decodeSamlMessage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SamlBinding samlBinding, boolean z) throws Exception {
        MessageContext<SAMLObject> messageContext = getMessageContext(httpServletRequest, httpServletResponse);
        HttpServletRequestMessageDecoder httpServletRequestMessageDecoder = samlBinding.getHttpServletRequestMessageDecoderSupplier().get();
        httpServletRequestMessageDecoder.setHttpServletRequest(httpServletRequest);
        httpServletRequestMessageDecoder.initialize();
        httpServletRequestMessageDecoder.decode();
        MessageContext<MessageType> messageContext2 = httpServletRequestMessageDecoder.getMessageContext();
        messageContext.addSubcontext(new InOutOperationContext(messageContext2, new MessageContext()));
        SAMLBindingContext sAMLBindingContext = (SAMLBindingContext) messageContext2.getSubcontext(SAMLBindingContext.class);
        messageContext.addSubcontext(sAMLBindingContext);
        if (_log.isDebugEnabled()) {
            _log.debug("Received message using binding " + sAMLBindingContext.getBindingUri() + " " + OpenSamlUtil.marshall((SAMLObject) messageContext2.getMessage()));
        }
        SAMLPeerEntityContext sAMLPeerEntityContext = (SAMLPeerEntityContext) messageContext2.getSubcontext(SAMLPeerEntityContext.class, true);
        EntityDescriptor resolveSingle = this.metadataManager.getMetadataResolver().resolveSingle(new CriteriaSet(new EntityIdCriterion(sAMLPeerEntityContext.getEntityId())));
        if (resolveSingle == null) {
            throw new SamlException("Unable to resolve metadata for issuer " + ((RequestAbstractType) messageContext.getMessage()).getIssuer());
        }
        SPSSODescriptor sPSSODescriptor = null;
        if (this.samlProviderConfigurationHelper.isRoleIdp()) {
            sPSSODescriptor = resolveSingle.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
            sAMLPeerEntityContext.setRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        } else if (this.samlProviderConfigurationHelper.isRoleSp()) {
            sPSSODescriptor = resolveSingle.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
            sAMLPeerEntityContext.setRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
        }
        SAMLMetadataContext sAMLMetadataContext = (SAMLMetadataContext) sAMLPeerEntityContext.getSubcontext(SAMLMetadataContext.class, true);
        sAMLMetadataContext.setEntityDescriptor(resolveSingle);
        sAMLMetadataContext.setRoleDescriptor(sPSSODescriptor);
        MessageHandler<?> securityMessageHandler = this.metadataManager.getSecurityMessageHandler(httpServletRequest, sAMLBindingContext.getBindingUri(), z);
        SecurityParametersContext securityParametersContext = (SecurityParametersContext) messageContext2.getSubcontext(SecurityParametersContext.class, true);
        SignatureValidationParameters resolveSingle2 = new BasicSignatureValidationParametersResolver().resolveSingle(new CriteriaSet(new SignatureValidationConfigurationCriterion((SignatureValidationConfiguration) ConfigurationService.get(SignatureValidationConfiguration.class))));
        resolveSingle2.setSignatureTrustEngine(this.metadataManager.getSignatureTrustEngine());
        securityParametersContext.setSignatureValidationParameters(resolveSingle2);
        messageContext2.addSubcontext(messageContext.getSubcontext(SAMLProtocolContext.class));
        securityMessageHandler.invoke(messageContext2);
        messageContext.removeSubcontext(SAMLPeerEntityContext.class);
        messageContext.addSubcontext(sAMLPeerEntityContext);
        return messageContext;
    }

    public String generateIdentifier(int i) {
        return getIdentifierGenerationStrategyFactory().create(i).generateIdentifier();
    }

    public IdentifierGenerationStrategyFactory getIdentifierGenerationStrategyFactory() {
        return this._identifierGenerationStrategyFactory;
    }

    public MessageContext<SAMLObject> getMessageContext(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        MessageContext<SAMLObject> messageContext = new MessageContext<>();
        messageContext.setAutoCreateSubcontexts(true);
        IDPSSODescriptor iDPSSODescriptor = null;
        EntityDescriptor entityDescriptor = this.metadataManager.getEntityDescriptor(httpServletRequest);
        SAMLSelfEntityContext sAMLSelfEntityContext = (SAMLSelfEntityContext) messageContext.getSubcontext(SAMLSelfEntityContext.class);
        SAMLMetadataContext sAMLMetadataContext = (SAMLMetadataContext) sAMLSelfEntityContext.getSubcontext(SAMLMetadataContext.class, true);
        sAMLMetadataContext.setEntityDescriptor(entityDescriptor);
        ((SAMLProtocolContext) messageContext.getSubcontext(SAMLProtocolContext.class, true)).setProtocol(SAMLConstants.SAML20P_NS);
        if (this.samlProviderConfigurationHelper.isRoleIdp()) {
            iDPSSODescriptor = entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
        } else if (this.samlProviderConfigurationHelper.isRoleSp()) {
            iDPSSODescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
        }
        SAMLPeerEntityContext sAMLPeerEntityContext = (SAMLPeerEntityContext) messageContext.getSubcontext(SAMLPeerEntityContext.class);
        if (this.samlProviderConfigurationHelper.isRoleIdp()) {
            sAMLPeerEntityContext.setRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        } else if (this.samlProviderConfigurationHelper.isRoleSp()) {
            sAMLPeerEntityContext.setRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
        }
        sAMLSelfEntityContext.setEntityId(entityDescriptor.getEntityID());
        sAMLMetadataContext.setRoleDescriptor(iDPSSODescriptor);
        return messageContext;
    }

    public MessageContext<?> getMessageContext(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws Exception {
        MessageContext<SAMLObject> messageContext = getMessageContext(httpServletRequest, httpServletResponse);
        SAMLPeerEntityContext sAMLPeerEntityContext = (SAMLPeerEntityContext) messageContext.getSubcontext(SAMLPeerEntityContext.class, true);
        sAMLPeerEntityContext.setEntityId(str);
        EntityDescriptor resolveSingle = this.metadataManager.getMetadataResolver().resolveSingle(new CriteriaSet(new EntityIdCriterion(str)));
        if (resolveSingle == null) {
            throw new SamlException("Unknown peer entity ID " + str);
        }
        SAMLMetadataContext sAMLMetadataContext = (SAMLMetadataContext) sAMLPeerEntityContext.getSubcontext(SAMLMetadataContext.class, true);
        sAMLMetadataContext.setEntityDescriptor(resolveSingle);
        SPSSODescriptor sPSSODescriptor = null;
        if (this.samlProviderConfigurationHelper.isRoleIdp()) {
            sPSSODescriptor = resolveSingle.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
        } else if (this.samlProviderConfigurationHelper.isRoleSp()) {
            sPSSODescriptor = resolveSingle.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
        }
        sAMLMetadataContext.setRoleDescriptor(sPSSODescriptor);
        return messageContext;
    }

    public SamlBinding getSamlBinding(String str) throws PortalException {
        for (SamlBinding samlBinding : this._samlBindings) {
            if (str.equals(samlBinding.getCommunicationProfileId())) {
                return samlBinding;
            }
        }
        throw new SamlException("Unsupported binding " + str);
    }

    public SamlSpSession getSamlSpSession(HttpServletRequest httpServletRequest) {
        SamlSpSession fetchSamlSpSessionBySamlSpSessionKey;
        String samlSpSessionKey = getSamlSpSessionKey(httpServletRequest);
        return (!Validator.isNotNull(samlSpSessionKey) || (fetchSamlSpSessionBySamlSpSessionKey = this.samlSpSessionLocalService.fetchSamlSpSessionBySamlSpSessionKey(samlSpSessionKey)) == null) ? this.samlSpSessionLocalService.fetchSamlSpSessionByJSessionId(httpServletRequest.getSession().getId()) : fetchSamlSpSessionBySamlSpSessionKey;
    }

    public String getSamlSpSessionKey(HttpServletRequest httpServletRequest) {
        String str = (String) httpServletRequest.getSession().getAttribute(SamlWebKeys.SAML_SP_SESSION_KEY);
        if (Validator.isNull(str)) {
            str = CookieKeys.getCookie(httpServletRequest, SamlWebKeys.SAML_SP_SESSION_KEY);
        }
        return str;
    }

    public String getSamlSsoSessionId(HttpServletRequest httpServletRequest) {
        return CookieKeys.getCookie(httpServletRequest, SamlWebKeys.SAML_SSO_SESSION_ID);
    }

    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String domain = CookieKeys.getDomain(httpServletRequest);
        Cookie cookie = new Cookie("COMPANY_ID", "");
        if (Validator.isNotNull(domain)) {
            cookie.setDomain(domain);
        }
        cookie.setMaxAge(0);
        cookie.setPath("/");
        Cookie cookie2 = new Cookie("ID", "");
        if (Validator.isNotNull(domain)) {
            cookie2.setDomain(domain);
        }
        cookie2.setMaxAge(0);
        cookie2.setPath("/");
        Cookie cookie3 = new Cookie(CookieKeys.PASSWORD, "");
        if (Validator.isNotNull(domain)) {
            cookie3.setDomain(domain);
        }
        cookie3.setMaxAge(0);
        cookie3.setPath("/");
        if (!GetterUtil.getBoolean(CookieKeys.getCookie(httpServletRequest, CookieKeys.REMEMBER_ME))) {
            Cookie cookie4 = new Cookie("LOGIN", "");
            if (Validator.isNotNull(domain)) {
                cookie4.setDomain(domain);
            }
            cookie4.setMaxAge(0);
            cookie4.setPath("/");
            CookieKeys.addCookie(httpServletRequest, httpServletResponse, cookie4);
        }
        Cookie cookie5 = new Cookie(CookieKeys.REMEMBER_ME, "");
        if (Validator.isNotNull(domain)) {
            cookie5.setDomain(domain);
        }
        cookie5.setMaxAge(0);
        cookie5.setPath("/");
        CookieKeys.addCookie(httpServletRequest, httpServletResponse, cookie);
        CookieKeys.addCookie(httpServletRequest, httpServletResponse, cookie2);
        CookieKeys.addCookie(httpServletRequest, httpServletResponse, cookie3);
        CookieKeys.addCookie(httpServletRequest, httpServletResponse, cookie5);
        try {
            httpServletRequest.getSession().invalidate();
        } catch (Exception e) {
        }
    }

    public void sendSamlMessage(MessageContext<?> messageContext, HttpServletResponse httpServletResponse) throws PortalException {
        MessageContext outboundMessageContext = ((InOutOperationContext) messageContext.getSubcontext(InOutOperationContext.class)).getOutboundMessageContext();
        Endpoint endpoint = ((SAMLEndpointContext) ((SAMLPeerEntityContext) outboundMessageContext.getSubcontext(SAMLPeerEntityContext.class)).getSubcontext(SAMLEndpointContext.class)).getEndpoint();
        SamlBinding samlBinding = getSamlBinding(endpoint.getBinding());
        if (_log.isDebugEnabled()) {
            try {
                _log.debug("Sending SAML message " + OpenSamlUtil.marshall((XMLObject) outboundMessageContext.getMessage()) + " to " + endpoint.getLocation() + " with binding " + endpoint.getBinding());
            } catch (MarshallingException e) {
            }
        }
        HttpServletResponseMessageEncoder httpServletResponseMessageEncoder = samlBinding.getHttpServletResponseMessageEncoderSupplier().get();
        SAMLOutboundProtocolMessageSigningHandler sAMLOutboundProtocolMessageSigningHandler = new SAMLOutboundProtocolMessageSigningHandler();
        try {
            sAMLOutboundProtocolMessageSigningHandler.initialize();
            sAMLOutboundProtocolMessageSigningHandler.invoke(outboundMessageContext);
            httpServletResponseMessageEncoder.setHttpServletResponse(httpServletResponse);
            httpServletResponseMessageEncoder.setMessageContext(outboundMessageContext);
            httpServletResponseMessageEncoder.initialize();
            httpServletResponseMessageEncoder.encode();
        } catch (Exception e2) {
            throw new SamlException("Unable to send SAML message to " + endpoint.getLocation() + " with binding " + endpoint.getBinding(), e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, int i) {
        Cookie cookie = new Cookie(str, str2);
        cookie.setMaxAge(i);
        if (Validator.isNull(this.portal.getPathContext())) {
            cookie.setPath("/");
        } else {
            cookie.setPath(this.portal.getPathContext());
        }
        cookie.setSecure(httpServletRequest.isSecure());
        httpServletResponse.addCookie(cookie);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addSamlBinding(SamlBinding samlBinding) {
        this._samlBindings.add(samlBinding);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeSamlBinding(SamlBinding samlBinding) {
        this._samlBindings.remove(samlBinding);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setIdentifierGenerationStrategyFactory(IdentifierGenerationStrategyFactory identifierGenerationStrategyFactory) {
        this._identifierGenerationStrategyFactory = identifierGenerationStrategyFactory;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setMetadataManager(MetadataManager metadataManager) {
        this.metadataManager = metadataManager;
    }

    protected void setSamlBindings(List<SamlBinding> list) {
        this._samlBindings = list;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setSamlProviderConfigurationHelper(SamlProviderConfigurationHelper samlProviderConfigurationHelper) {
        this.samlProviderConfigurationHelper = samlProviderConfigurationHelper;
    }

    protected void unsetSamlBinding(SamlBinding samlBinding) {
        removeSamlBinding(samlBinding);
    }
}
