package com.alfaariss.oa.profile.saml2;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.api.IService;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.profile.IRequestorProfile;
import com.alfaariss.oa.engine.core.Engine;
import com.alfaariss.oa.profile.saml2.listener.SAML2TGTListener;
import com.alfaariss.oa.util.saml2.SAML2IssueInstantWindow;
import com.alfaariss.oa.util.saml2.SAML2Requestors;
import com.alfaariss.oa.util.saml2.metadata.MetaDataDirector;
import com.alfaariss.oa.util.saml2.metadata.entitydescriptor.EntityDescriptorBuilder;
import com.alfaariss.oa.util.saml2.metadata.role.sso.IDPSSODescriptorBuilder;
import com.alfaariss.oa.util.saml2.opensaml.CustomOpenSAMLBootstrap;
import com.alfaariss.oa.util.saml2.profile.ISAML2Profile;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.asimba.utility.xml.XMLUtils;
import org.opensaml.Configuration;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/profile/saml2/SAML2Profile.class */
public class SAML2Profile implements IRequestorProfile, IService {
    private static final String DEFAULT_SSO_PATH = "/sso";
    private SAML2Requestors _requestors;
    private SAML2TGTListener _oSAML2TGTListener;
    private Log _logger = LogFactory.getLog(SAML2Profile.class);
    private Map<String, ISAML2Profile> _processors = new Hashtable();
    private String _sID = null;
    private EntityDescriptor _entityDescriptor = null;

    public SAML2Profile() throws OAException {
        try {
            CustomOpenSAMLBootstrap.bootstrap();
        } catch (ConfigurationException e) {
            this._logger.error("Could not initialize OpenSAML", e);
            throw new OAException(17);
        }
    }

    public String getID() {
        return this._sID;
    }

    public SAML2Requestors getSAML2Requestors() {
        return this._requestors;
    }

    public void init(ServletContext servletContext, IConfigurationManager iConfigurationManager, Element element) throws OAException {
        try {
            this._sID = iConfigurationManager.getParam(element, "id");
            if (this._sID == null) {
                this._logger.error("No 'id' item found in 'profile' section in configuration");
                throw new OAException(17);
            }
            String param = iConfigurationManager.getParam(element, "baseURL");
            if (param == null) {
                this._logger.error("No 'baseURL' item found in 'profile' section in configuration");
                throw new OAException(17);
            }
            try {
                new URL(param);
                this._logger.info("Using configured Base URL: " + param);
                String str = DEFAULT_SSO_PATH;
                Element section = iConfigurationManager.getSection(element, "websso");
                if (section == null) {
                    this._logger.warn("No optional 'websso' section found in 'profile' section with id='" + this._sID + "' in configuration, using defaults");
                } else {
                    str = iConfigurationManager.getParam(section, "path");
                    if (str == null) {
                        this._logger.warn("No optional 'path' parameter found in 'websso' section in configuration, using default");
                    }
                }
                this._logger.info("Using configured WebSSO path: " + str);
                Element section2 = iConfigurationManager.getSection(element, "IssueInstant");
                SAML2IssueInstantWindow sAML2IssueInstantWindow = section2 == null ? new SAML2IssueInstantWindow() : new SAML2IssueInstantWindow(iConfigurationManager, section2);
                Element section3 = iConfigurationManager.getSection(element, "requestors");
                if (section3 == null) {
                    this._logger.info("No optional 'requestors' section found in 'profile' section in configuration with profile id: " + this._sID);
                }
                this._requestors = new SAML2Requestors(iConfigurationManager, section3, this._sID);
                Element section4 = iConfigurationManager.getSection(element, "profiles");
                if (section4 == null) {
                    this._logger.error("No 'profiles' section found in 'profile' section in configuration with profile id: " + this._sID);
                    throw new OAException(17);
                }
                Element section5 = iConfigurationManager.getSection(section4, "profile");
                if (section5 == null) {
                    this._logger.error("No SAML 'profile' section found in 'profiles' section in configuration");
                    throw new OAException(17);
                }
                this._entityDescriptor = constructMetaData(iConfigurationManager, element);
                while (section5 != null) {
                    ISAML2Profile createProfile = createProfile(iConfigurationManager, section5);
                    createProfile.init(iConfigurationManager, section5, this._entityDescriptor, param, str, this._requestors, sAML2IssueInstantWindow, this._sID);
                    this._processors.put(createProfile.getID(), createProfile);
                    section5 = iConfigurationManager.getNextSection(section5);
                }
                this._oSAML2TGTListener = new SAML2TGTListener(iConfigurationManager, iConfigurationManager.getSection(element, "logout"), this._sID, this._requestors, this._entityDescriptor);
                if (this._oSAML2TGTListener.isEnabled()) {
                    Engine.getInstance().getTGTFactory().addListener(this._oSAML2TGTListener);
                    this._logger.info("Outgoing synchronous logout: enabled");
                } else {
                    this._logger.info("Outgoing synchronous logout: disabled");
                    this._oSAML2TGTListener = null;
                }
                signMetaData();
            } catch (MalformedURLException e) {
                this._logger.error("Invalid 'baseURL' item found in 'profile' section in configuration (should be an URL): " + param, e);
                throw new OAException(2);
            }
        } catch (OAException e2) {
            destroy();
            throw e2;
        } catch (Exception e3) {
            destroy();
            this._logger.fatal("Internal error during initialize", e3);
            throw new OAException(1);
        }
    }

    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OAException {
        try {
            ISAML2Profile resolveSAMLProfile = resolveSAMLProfile(httpServletRequest);
            if (resolveSAMLProfile != null) {
                resolveSAMLProfile.process(httpServletRequest, httpServletResponse);
            } else {
                String requestURI = httpServletRequest.getRequestURI();
                if (requestURI.endsWith("/")) {
                    requestURI = requestURI.substring(0, requestURI.length() - 1);
                }
                if (requestURI.length() == httpServletRequest.getContextPath().length() + httpServletRequest.getServletPath().length() + "/".length() + this._sID.length()) {
                    this._logger.debug("Supplying Metadata");
                    handleMetaData(httpServletResponse);
                } else {
                    this._logger.debug("No SAML Profile found for request and no metadata requested: " + httpServletRequest.getRequestURL().toString());
                    try {
                        if (!httpServletResponse.isCommitted()) {
                            httpServletResponse.sendError(404, requestURI);
                        }
                    } catch (IOException e) {
                        this._logger.warn("Could not send response", e);
                    }
                }
            }
        } catch (Exception e2) {
            this._logger.fatal("Internal error during service", e2);
            throw new OAException(1);
        } catch (OAException e3) {
            throw e3;
        }
    }

    public void destroy() {
        if (this._oSAML2TGTListener != null) {
            try {
                Engine.getInstance().getTGTFactory().removeListener(this._oSAML2TGTListener);
            } catch (OAException e) {
                this._logger.error("Could not remove the logout handler as TGT listener", e);
            }
        }
        if (this._processors != null) {
            Iterator<ISAML2Profile> it = this._processors.values().iterator();
            while (it.hasNext()) {
                it.next().destroy();
            }
            this._processors.clear();
        }
        if (this._requestors != null) {
            this._requestors.destroy();
        }
    }

    private ISAML2Profile createProfile(IConfigurationManager iConfigurationManager, Element element) throws OAException {
        try {
            String param = iConfigurationManager.getParam(element, "class");
            if (param == null) {
                this._logger.error("No 'class' item found in 'profile' section in configuration");
                throw new OAException(17);
            }
            try {
                try {
                    return (ISAML2Profile) Class.forName(param).newInstance();
                } catch (Exception e) {
                    this._logger.error("Could not create an 'ISAML2Profile' instance of the configured 'class' found with name: " + param, e);
                    throw new OAException(17);
                }
            } catch (Exception e2) {
                this._logger.error("No 'class' found with name: " + param, e2);
                throw new OAException(17);
            }
        } catch (Exception e3) {
            this._logger.fatal("Internal error during creation of SAML profile object", e3);
            throw new OAException(1);
        } catch (OAException e4) {
            throw e4;
        }
    }

    private ISAML2Profile resolveSAMLProfile(HttpServletRequest httpServletRequest) {
        ISAML2Profile iSAML2Profile = null;
        String requestURI = httpServletRequest.getRequestURI();
        if (requestURI.endsWith("/")) {
            requestURI = requestURI.substring(0, requestURI.length() - 1);
        }
        int length = httpServletRequest.getContextPath().length() + httpServletRequest.getServletPath().length() + "/".length() + this._sID.length() + "/".length();
        if (requestURI.length() <= length) {
            return null;
        }
        String substring = requestURI.substring(length);
        if (substring.length() > 1) {
            Iterator<String> it = this._processors.keySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String next = it.next();
                if (substring.startsWith(next)) {
                    iSAML2Profile = this._processors.get(next);
                    break;
                }
            }
        }
        return iSAML2Profile;
    }

    private EntityDescriptor constructMetaData(IConfigurationManager iConfigurationManager, Element element) throws OAException {
        try {
            Element section = iConfigurationManager.getSection(element, "metadata");
            if (section == null) {
                this._logger.error("No 'metadata' section found");
                throw new OAException(2);
            }
            EntityDescriptorBuilder entityDescriptorBuilder = new EntityDescriptorBuilder(iConfigurationManager, section, Engine.getInstance().getServer());
            new MetaDataDirector(entityDescriptorBuilder, new IDPSSODescriptorBuilder(iConfigurationManager, element, (IDPSSODescriptor) null), Engine.getInstance().getCryptoManager()).constructMetadata();
            return entityDescriptorBuilder.getResult();
        } catch (Exception e) {
            this._logger.error("Could not construct metadata", e);
            throw new OAException(2);
        } catch (OAException e2) {
            throw e2;
        }
    }

    private void signMetaData() throws OAException {
        try {
            Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(this._entityDescriptor);
            if (marshaller == null) {
                this._logger.error("No marshaller registered for " + this._entityDescriptor.getElementQName() + ", unable to marshall metadata");
                throw new OAException(1);
            }
            if (this._entityDescriptor.getDOM() == null) {
                marshaller.marshall(this._entityDescriptor);
            }
            Signature signature = this._entityDescriptor.getSignature();
            if (signature != null) {
                Signer.signObject(signature);
            } else {
                this._logger.info("Metadata signing is disabled");
            }
        } catch (MarshallingException e) {
            this._logger.warn("Marshalling error while signing metadata request", e);
            throw new OAException(1);
        } catch (OAException e2) {
            throw e2;
        } catch (Exception e3) {
            this._logger.error("Could not sign metadata", e3);
            throw new OAException(2);
        }
    }

    private void handleMetaData(HttpServletResponse httpServletResponse) throws OAException {
        PrintWriter printWriter = null;
        try {
            try {
                Element marshall = Configuration.getMarshallerFactory().getMarshaller(this._entityDescriptor).marshall(this._entityDescriptor);
                httpServletResponse.setContentType("application/samlmetadata+xml;charset=UTF-8");
                httpServletResponse.setHeader("Content-Disposition", "attachment; filename=metadata.xml");
                printWriter = httpServletResponse.getWriter();
                printWriter.write(XMLUtils.getStringFromDocument(marshall.getOwnerDocument()));
                if (printWriter != null) {
                    printWriter.close();
                }
            } catch (IOException e) {
                this._logger.warn("I/O error while processing metadata request", e);
                throw new OAException(1);
            } catch (Exception e2) {
                this._logger.warn("Internal error while processing metadata request", e2);
                throw new OAException(1);
            }
        } catch (Throwable th) {
            if (printWriter != null) {
                printWriter.close();
            }
            throw th;
        }
    }
}
