package org.gluu.oxtrust.action;

import com.unboundid.ldap.sdk.schema.AttributeTypeDefinition;
import java.io.BufferedWriter;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.Serializable;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.TreeSet;
import java.util.zip.ZipOutputStream;
import javax.faces.context.FacesContext;
import javax.faces.model.SelectItem;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.velocity.VelocityContext;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.JDKKeyPairGenerator;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.gluu.oxtrust.ldap.service.AttributeService;
import org.gluu.oxtrust.ldap.service.ClientService;
import org.gluu.oxtrust.ldap.service.MetadataValidationTimer;
import org.gluu.oxtrust.ldap.service.OrganizationService;
import org.gluu.oxtrust.ldap.service.SSLService;
import org.gluu.oxtrust.ldap.service.Shibboleth2ConfService;
import org.gluu.oxtrust.ldap.service.SvnSyncTimer;
import org.gluu.oxtrust.ldap.service.TemplateService;
import org.gluu.oxtrust.ldap.service.TrustService;
import org.gluu.oxtrust.model.GluuCustomAttribute;
import org.gluu.oxtrust.model.GluuMetadataSourceType;
import org.gluu.oxtrust.model.GluuSAMLTrustRelationship;
import org.gluu.oxtrust.model.OxAuthClient;
import org.gluu.oxtrust.util.OxTrustConstants;
import org.gluu.saml.metadata.SAMLMetadataParser;
import org.gluu.site.ldap.persistence.exception.LdapMappingException;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Out;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.security.Restrict;
import org.jboss.seam.core.ResourceLoader;
import org.jboss.seam.faces.FacesMessages;
import org.jboss.seam.international.StatusMessage;
import org.jboss.seam.log.Log;
import org.jboss.seam.security.Identity;
import org.xdi.config.oxtrust.ApplicationConfiguration;
import org.xdi.ldap.model.GluuStatus;
import org.xdi.model.GluuAttribute;
import org.xdi.model.GluuUserRole;
import org.xdi.service.SchemaService;
import org.xdi.util.StringHelper;
import org.xdi.util.io.FileUploadWrapper;
import org.xdi.util.io.ResponseHelper;

@Name("updateTrustRelationshipAction")
@Restrict("#{identity.loggedIn}")
@Scope(ScopeType.CONVERSATION)
/* loaded from: input_file:org/gluu/oxtrust/action/UpdateTrustRelationshipAction.class */
public class UpdateTrustRelationshipAction implements Serializable {
    private static final long serialVersionUID = -1032167044333943680L;

    @Logger
    private Log log;

    @In("#{oxTrustConfiguration.applicationConfiguration}")
    private ApplicationConfiguration applicationConfiguration;
    static final Class<?>[] NO_PARAM_SIGNATURE = new Class[0];
    private String inum;
    private boolean update;
    private GluuSAMLTrustRelationship trustRelationship;

    @In
    protected AttributeService attributeService;

    @In
    private TrustService trustService;

    @In
    private ClientService clientService;

    @In
    private Identity identity;

    @In
    private TemplateService templateService;

    @In
    private SvnSyncTimer svnSyncTimer;

    @In
    private Shibboleth2ConfService shibboleth2ConfService;

    @In
    private FacesMessages facesMessages;

    @In("#{facesContext}")
    private FacesContext facesContext;

    @In(create = true)
    @Out(scope = ScopeType.CONVERSATION)
    private TrustContactsAction trustContactsAction;

    @In(create = true)
    @Out(scope = ScopeType.CONVERSATION)
    private MetadataFiltersAction metadataFiltersAction;

    @In(create = true)
    @Out(scope = ScopeType.CONVERSATION)
    private RelyingPartyAction relyingPartyAction;

    @In(create = true)
    @Out(scope = ScopeType.CONVERSATION)
    private CustomAttributeAction customAttributeAction;

    @In(create = true)
    @Out(scope = ScopeType.CONVERSATION)
    private FederationDeconstructionAction federationDeconstructionAction;
    private FileUploadWrapper fileWrapper = new FileUploadWrapper();
    private FileUploadWrapper certWrapper = new FileUploadWrapper();
    private String selectedTR;
    private List<GluuSAMLTrustRelationship> federatedSites;
    private List<String> availableEntities;
    private List<String> filteredEntities;
    private String filterString;
    private List<String> availableEntitiesFiltered;

    @In
    private ResourceLoader resourceLoader;

    @Restrict("#{s:hasPermission('trust', 'access')}")
    public String add() {
        if (this.trustRelationship != null) {
            return OxTrustConstants.RESULT_SUCCESS;
        }
        this.update = false;
        this.trustRelationship = new GluuSAMLTrustRelationship();
        this.trustRelationship.setMaxRefreshDelay("PT8H");
        this.fileWrapper = new FileUploadWrapper();
        this.trustRelationship.setOwner(OrganizationService.instance().getOrganization().getDn());
        return !initActions() ? OxTrustConstants.RESULT_FAILURE : OxTrustConstants.RESULT_SUCCESS;
    }

    @Restrict("#{s:hasPermission('trust', 'access')}")
    public String update() {
        if (this.trustRelationship != null) {
            return OxTrustConstants.RESULT_SUCCESS;
        }
        this.update = true;
        try {
            this.trustRelationship = this.trustService.getRelationshipByInum(this.inum);
        } catch (LdapMappingException e) {
            this.log.error("Failed to find trust relationship {0}", e, new Object[]{this.inum});
        }
        if (this.trustRelationship == null) {
            return OxTrustConstants.RESULT_FAILURE;
        }
        this.fileWrapper = new FileUploadWrapper();
        this.fileWrapper.setFileName(this.trustRelationship.getSpMetaDataFN());
        return !initActions() ? OxTrustConstants.RESULT_FAILURE : OxTrustConstants.RESULT_SUCCESS;
    }

    @Restrict("#{s:hasPermission('trust', 'access')}")
    public void cancel() {
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:8:0x004e. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:33:0x0194 A[Catch: all -> 0x01f4, TRY_ENTER, TryCatch #1 {, blocks: (B:4:0x0007, B:6:0x0014, B:7:0x0038, B:8:0x004e, B:9:0x006c, B:11:0x0078, B:12:0x0081, B:14:0x0094, B:15:0x009b, B:16:0x00ad, B:19:0x007e, B:20:0x00af, B:22:0x00b6, B:23:0x00d0, B:24:0x00e9, B:57:0x00eb, B:59:0x00f2, B:61:0x00ff, B:62:0x0118, B:26:0x0124, B:29:0x013b, B:31:0x013d, B:50:0x016a, B:39:0x01e0, B:41:0x01f0, B:33:0x0194, B:35:0x01aa, B:36:0x01d7, B:46:0x01b7, B:47:0x01d5, B:53:0x0177, B:54:0x0192, B:66:0x0122, B:68:0x002d), top: B:3:0x0007, inners: #0, #2, #3 }] */
    /* JADX WARN: Removed duplicated region for block: B:39:0x01e0 A[Catch: all -> 0x01f4, TryCatch #1 {, blocks: (B:4:0x0007, B:6:0x0014, B:7:0x0038, B:8:0x004e, B:9:0x006c, B:11:0x0078, B:12:0x0081, B:14:0x0094, B:15:0x009b, B:16:0x00ad, B:19:0x007e, B:20:0x00af, B:22:0x00b6, B:23:0x00d0, B:24:0x00e9, B:57:0x00eb, B:59:0x00f2, B:61:0x00ff, B:62:0x0118, B:26:0x0124, B:29:0x013b, B:31:0x013d, B:50:0x016a, B:39:0x01e0, B:41:0x01f0, B:33:0x0194, B:35:0x01aa, B:36:0x01d7, B:46:0x01b7, B:47:0x01d5, B:53:0x0177, B:54:0x0192, B:66:0x0122, B:68:0x002d), top: B:3:0x0007, inners: #0, #2, #3 }] */
    /* JADX WARN: Removed duplicated region for block: B:49:0x016a A[EXC_TOP_SPLITTER, SYNTHETIC] */
    @org.jboss.seam.annotations.security.Restrict("#{s:hasPermission('trust', 'access')}")
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String save() {
        /*
            Method dump skipped, instructions count: 510
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.gluu.oxtrust.action.UpdateTrustRelationshipAction.save():java.lang.String");
    }

    private boolean initActions() {
        initAttributes(this.trustRelationship);
        if (!StringHelper.equalsIgnoreCase(OxTrustConstants.RESULT_SUCCESS, this.trustContactsAction.initContacts(this.trustRelationship)) || !StringHelper.equalsIgnoreCase(OxTrustConstants.RESULT_SUCCESS, this.metadataFiltersAction.initMetadataFilters(this.trustRelationship)) || !StringHelper.equalsIgnoreCase(OxTrustConstants.RESULT_SUCCESS, this.relyingPartyAction.initProfileConfigurations()) || !StringHelper.equalsIgnoreCase(OxTrustConstants.RESULT_SUCCESS, this.federationDeconstructionAction.initFederationDeconstructions(this.trustRelationship))) {
            return false;
        }
        initFederatedSites(this.trustRelationship);
        return true;
    }

    private List<GluuAttribute> getAllAttributes() {
        return this.attributeService.getAllPersonAttributes(GluuUserRole.ADMIN);
    }

    private List<GluuAttribute> getAllActiveAttributes() {
        return this.attributeService.getAllActivePersonAttributes(GluuUserRole.ADMIN);
    }

    private void initFederatedSites(GluuSAMLTrustRelationship gluuSAMLTrustRelationship) {
        List<GluuAttribute> allAttributes = getAllAttributes();
        this.federatedSites = new ArrayList();
        for (GluuSAMLTrustRelationship gluuSAMLTrustRelationship2 : this.trustService.getDeconstructedTrustRelationships(gluuSAMLTrustRelationship)) {
            initTrustRelationship(gluuSAMLTrustRelationship2, allAttributes);
            this.federatedSites.add(gluuSAMLTrustRelationship2);
        }
    }

    private void initAttributes(GluuSAMLTrustRelationship gluuSAMLTrustRelationship) {
        List<GluuAttribute> allActiveAttributes = getAllActiveAttributes();
        List<String> allAttributeOrigins = this.attributeService.getAllAttributeOrigins(allActiveAttributes);
        initTrustRelationship(gluuSAMLTrustRelationship, allActiveAttributes);
        this.customAttributeAction.initCustomAttributes(allActiveAttributes, gluuSAMLTrustRelationship.getReleasedCustomAttributes(), allAttributeOrigins, this.applicationConfiguration.getPersonObjectClassTypes(), this.applicationConfiguration.getPersonObjectClassDisplayNames());
    }

    public void initTrustRelationship(GluuSAMLTrustRelationship gluuSAMLTrustRelationship, List<GluuAttribute> list) {
        List<GluuCustomAttribute> customAttributesByAttributeDNs = this.attributeService.getCustomAttributesByAttributeDNs(gluuSAMLTrustRelationship.getReleasedAttributes(), this.attributeService.getAttributeMapByDNs(list));
        if (customAttributesByAttributeDNs == null || customAttributesByAttributeDNs.isEmpty()) {
            customAttributesByAttributeDNs = new ArrayList();
        }
        gluuSAMLTrustRelationship.setReleasedCustomAttributes(customAttributesByAttributeDNs);
    }

    private void setEntityId() {
        List<String> entityIdFromMetadataFile = SAMLMetadataParser.getEntityIdFromMetadataFile(new File((this.applicationConfiguration.getShibboleth2IdpRootDir() + File.separator + Shibboleth2ConfService.SHIB2_IDP_METADATA_FOLDER + File.separator) + this.trustRelationship.getSpMetaDataFN()));
        TreeSet treeSet = new TreeSet();
        if (entityIdFromMetadataFile != null && !entityIdFromMetadataFile.isEmpty()) {
            TreeSet treeSet2 = new TreeSet();
            for (String str : entityIdFromMetadataFile) {
                if (!treeSet.add(str)) {
                    treeSet2.add(str);
                }
            }
        }
        this.trustRelationship.setGluuEntityId(treeSet);
    }

    private String getCertForGeneratedSP() {
        X509Certificate certificate = SSLService.instance().getCertificate(this.certWrapper.getStream());
        if (certificate == null) {
            this.facesMessages.add(StatusMessage.Severity.INFO, "Certificate were not provided, or was incorrect. Appliance will create a self-signed certificate.", new Object[0]);
            if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
                Security.addProvider(new BouncyCastleProvider());
            }
            try {
                JDKKeyPairGenerator.RSA rsa = new JDKKeyPairGenerator.RSA();
                rsa.initialize(2048);
                KeyPair generateKeyPair = rsa.generateKeyPair();
                StringWriter stringWriter = new StringWriter();
                PEMWriter pEMWriter = new PEMWriter(stringWriter);
                pEMWriter.writeObject(generateKeyPair.getPrivate());
                pEMWriter.close();
                String replaceFirst = this.trustRelationship.getUrl().replaceFirst(".*//", "");
                certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(new JcaX509v3CertificateBuilder(new X500Name("CN=" + replaceFirst + ", OU=None, O=None L=None, C=None"), BigInteger.valueOf(new SecureRandom().nextInt()), new Date(System.currentTimeMillis() - 2592000000L), new Date(System.currentTimeMillis() + 315360000000L), new X500Name("CN=" + replaceFirst + ", OU=None, O=None L=None, C=None"), generateKeyPair.getPublic()).build(new JcaContentSignerBuilder("MD5withRSA").setProvider("BC").build(generateKeyPair.getPrivate())));
                String str = new String(new Base64(64).encode(certificate.getEncoded()));
                this.log.debug(Shibboleth2ConfService.PUBLIC_CERTIFICATE_START_LINE, new Object[0]);
                this.log.debug(str, new Object[0]);
                this.log.debug(Shibboleth2ConfService.PUBLIC_CERTIFICATE_END_LINE, new Object[0]);
                saveCert(this.trustRelationship, str);
                saveKey(this.trustRelationship, stringWriter.toString());
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        String str2 = null;
        if (certificate != null) {
            try {
                str2 = new String(org.bouncycastle.util.encoders.Base64.encode(certificate.getEncoded()));
            } catch (CertificateEncodingException e2) {
                str2 = null;
                this.facesMessages.add(StatusMessage.Severity.ERROR, "Failed to encode provided certificate. Please notify Gluu support about this.", new Object[0]);
                this.log.error("Failed to encode certificate to DER", e2, new Object[0]);
            }
        } else {
            this.facesMessages.add(StatusMessage.Severity.INFO, "Certificate were not provided, or was incorrect. Appliance will create a self-signed certificate.", new Object[0]);
        }
        return str2;
    }

    private void saveTR(boolean z) {
        this.log.trace("Saving Trust Relationship", new Object[0]);
        if (!z) {
            this.trustService.addTrustRelationship(this.trustRelationship);
            this.svnSyncTimer.addTrustRelationship(this.trustRelationship, this.identity.getCredentials().getUsername());
            return;
        }
        boolean z2 = !this.trustRelationship.getSpLogoutURL().equals(this.trustService.getRelationshipByDn(this.trustRelationship.getDn()).getSpLogoutURL());
        boolean equals = this.trustRelationship.getStatus().equals(GluuStatus.INACTIVE);
        if (!this.federatedSites.isEmpty()) {
            for (GluuSAMLTrustRelationship gluuSAMLTrustRelationship : this.federatedSites) {
                if (equals) {
                    gluuSAMLTrustRelationship.setStatus(GluuStatus.INACTIVE);
                }
                this.trustService.updateReleasedAttributes(gluuSAMLTrustRelationship);
                this.trustService.updateTrustRelationship(gluuSAMLTrustRelationship);
                this.svnSyncTimer.updateTrustRelationship(gluuSAMLTrustRelationship, this.identity.getCredentials().getUsername());
            }
        }
        this.trustService.updateTrustRelationship(this.trustRelationship);
        if (z2) {
            OxAuthClient clientByInum = this.clientService.getClientByInum(this.applicationConfiguration.getOxAuthClientId(), new String[0]);
            HashSet hashSet = new HashSet();
            List<GluuSAMLTrustRelationship> allTrustRelationships = this.trustService.getAllTrustRelationships();
            if (allTrustRelationships != null && !allTrustRelationships.isEmpty()) {
                Iterator<GluuSAMLTrustRelationship> it = allTrustRelationships.iterator();
                while (it.hasNext()) {
                    String spLogoutURL = it.next().getSpLogoutURL();
                    if (spLogoutURL != null && !spLogoutURL.isEmpty()) {
                        hashSet.add(spLogoutURL);
                    }
                }
            }
            if (hashSet.size() == 0) {
                clientByInum.setPostLogoutRedirectUris(null);
            } else {
                clientByInum.setPostLogoutRedirectUris((String[]) hashSet.toArray(new String[0]));
            }
            this.clientService.updateClient(clientByInum);
        }
        this.svnSyncTimer.updateTrustRelationship(this.trustRelationship, this.identity.getCredentials().getUsername());
    }

    private void updateSpMetaDataCert(FileUploadWrapper fileUploadWrapper) {
        String publicCertificate = this.shibboleth2ConfService.getPublicCertificate(fileUploadWrapper);
        if (publicCertificate == null) {
            return;
        }
        try {
            saveCert(this.trustRelationship, publicCertificate);
            saveKey(this.trustRelationship, null);
            File file = new File(this.shibboleth2ConfService.getSpMetadataFilePath(this.trustRelationship.getSpMetaDataFN()));
            FileUtils.writeStringToFile(file, FileUtils.readFileToString(file).replaceFirst("(?ms)(?<=<[^</>]{0,10}X509Certificate>).*(?=</[^</>]{0,10}?X509Certificate>)", publicCertificate));
            this.trustRelationship.setStatus(GluuStatus.ACTIVE);
        } catch (Exception e) {
            this.log.error("Failed to update certificate", e, new Object[0]);
        }
    }

    private void saveCert(GluuSAMLTrustRelationship gluuSAMLTrustRelationship, String str) {
        String str2 = this.applicationConfiguration.getShibboleth2IdpRootDir() + File.separator + TrustService.GENERATED_SSL_ARTIFACTS_DIR + File.separator;
        File file = new File(str2);
        if (!file.exists()) {
            this.log.debug("creating directory: " + str2, new Object[0]);
            if (file.mkdir()) {
                this.log.debug("DIR created", new Object[0]);
            }
        }
        BufferedWriter bufferedWriter = null;
        try {
            bufferedWriter = new BufferedWriter(new FileWriter(str2 + this.shibboleth2ConfService.getSpNewMetadataFileName(gluuSAMLTrustRelationship).replaceFirst("\\.xml$", ".crt")));
            bufferedWriter.write("-----BEGIN CERTIFICATE-----\n" + str + Shibboleth2ConfService.PUBLIC_CERTIFICATE_END_LINE);
            if (bufferedWriter != null) {
                try {
                    bufferedWriter.close();
                } catch (IOException e) {
                }
            }
        } catch (IOException e2) {
            if (bufferedWriter != null) {
                try {
                    bufferedWriter.close();
                } catch (IOException e3) {
                }
            }
        } catch (Throwable th) {
            if (bufferedWriter != null) {
                try {
                    bufferedWriter.close();
                } catch (IOException e4) {
                    throw th;
                }
            }
            throw th;
        }
    }

    private void saveKey(GluuSAMLTrustRelationship gluuSAMLTrustRelationship, String str) {
        String str2 = this.applicationConfiguration.getShibboleth2IdpRootDir() + File.separator + TrustService.GENERATED_SSL_ARTIFACTS_DIR + File.separator;
        File file = new File(str2);
        if (!file.exists()) {
            this.log.debug("creating directory: " + str2, new Object[0]);
            if (file.mkdir()) {
                this.log.debug("DIR created", new Object[0]);
            }
        }
        if (str == null) {
            File file2 = new File(str2 + this.shibboleth2ConfService.getSpNewMetadataFileName(gluuSAMLTrustRelationship).replaceFirst("\\.xml$", ".key"));
            if (file2.exists()) {
                file2.delete();
                return;
            }
            return;
        }
        BufferedWriter bufferedWriter = null;
        try {
            bufferedWriter = new BufferedWriter(new FileWriter(str2 + this.shibboleth2ConfService.getSpNewMetadataFileName(gluuSAMLTrustRelationship).replaceFirst("\\.xml$", ".key")));
            bufferedWriter.write(str);
            if (bufferedWriter != null) {
                try {
                    bufferedWriter.close();
                } catch (IOException e) {
                }
            }
        } catch (IOException e2) {
            if (bufferedWriter != null) {
                try {
                    bufferedWriter.close();
                } catch (IOException e3) {
                }
            }
        } catch (Throwable th) {
            if (bufferedWriter != null) {
                try {
                    bufferedWriter.close();
                } catch (IOException e4) {
                    throw th;
                }
            }
            throw th;
        }
    }

    private void markAsInactive() {
        if (!this.update) {
            this.trustRelationship.setSpMetaDataFN(null);
            this.trustRelationship.setInum(null);
            return;
        }
        try {
            this.trustService.getRelationshipByInum(this.trustRelationship.getInum()).setStatus(GluuStatus.INACTIVE);
            saveTR(this.update);
        } catch (LdapMappingException e) {
            this.log.error("Failed to update trust relationship {0}", e, new Object[]{this.inum});
        }
    }

    private void updateShibboleth2Configuration(List<GluuSAMLTrustRelationship> list) {
        if (this.shibboleth2ConfService.generateConfigurationFiles(list)) {
            this.log.info("Shibboleth2 configuration updated successfully", new Object[0]);
            this.facesMessages.add(StatusMessage.Severity.INFO, "Shibboleth2 configuration updated successfully", new Object[0]);
        } else {
            this.log.error("Failed to update Shibboleth2 configuration", new Object[0]);
            this.facesMessages.add(StatusMessage.Severity.ERROR, "Failed to update Shibboleth2 configuration", new Object[0]);
        }
    }

    private boolean generateSpMetaDataFile(String str) {
        boolean generateSpMetaDataFileImpl = generateSpMetaDataFileImpl(str);
        if (generateSpMetaDataFileImpl) {
            this.trustRelationship.setSpMetaDataSourceType(GluuMetadataSourceType.FILE);
            this.facesMessages.add(StatusMessage.Severity.WARN, "SP meta-data file generated.", new Object[0]);
        } else {
            this.facesMessages.add(StatusMessage.Severity.ERROR, "Failed to generate SP meta-data file", new Object[0]);
            markAsInactive();
        }
        return generateSpMetaDataFileImpl;
    }

    private boolean generateSpMetaDataFileImpl(String str) {
        if (StringHelper.isEmpty(this.trustRelationship.getSpMetaDataFN())) {
            this.trustRelationship.setSpMetaDataFN(this.shibboleth2ConfService.getSpNewMetadataFileName(this.trustRelationship));
        }
        return this.shibboleth2ConfService.generateSpMetadataFile(this.trustRelationship, str);
    }

    private boolean saveSpMetaDataFileSourceTypeFile() {
        String spMetadataFilePath;
        this.log.trace("Saving metadata file source type: File", new Object[0]);
        String spMetaDataFN = this.trustRelationship.getSpMetaDataFN();
        boolean isEmpty = StringHelper.isEmpty(spMetaDataFN);
        if (this.fileWrapper.getStream() == null) {
            return (isEmpty || (spMetadataFilePath = this.shibboleth2ConfService.getSpMetadataFilePath(spMetaDataFN)) == null || !new File(spMetadataFilePath).exists()) ? false : true;
        }
        if (isEmpty) {
            spMetaDataFN = this.shibboleth2ConfService.getSpNewMetadataFileName(this.trustRelationship);
            this.trustRelationship.setSpMetaDataFN(spMetaDataFN);
            if (this.trustRelationship.getDn() == null) {
                this.trustRelationship.setDn(this.trustService.getDnForTrustRelationShip(this.inum));
                this.trustService.addTrustRelationship(this.trustRelationship);
            } else {
                this.trustService.updateTrustRelationship(this.trustRelationship);
            }
        }
        String saveSpMetadataFile = this.shibboleth2ConfService.saveSpMetadataFile(spMetaDataFN, this.fileWrapper.getStream());
        if (StringHelper.isNotEmpty(saveSpMetadataFile)) {
            MetadataValidationTimer.queue(saveSpMetadataFile);
        } else {
            this.facesMessages.add(StatusMessage.Severity.ERROR, "Failed to save SP meta-data file. Please check if you provide correct file", new Object[0]);
        }
        return StringHelper.isNotEmpty(saveSpMetadataFile);
    }

    private boolean saveSpMetaDataFileSourceTypeURI() throws IOException {
        String spMetaDataFN = this.trustRelationship.getSpMetaDataFN();
        if (StringHelper.isEmpty(spMetaDataFN)) {
            spMetaDataFN = this.shibboleth2ConfService.getSpNewMetadataFileName(this.trustRelationship);
        }
        String saveSpMetadataFile = this.shibboleth2ConfService.saveSpMetadataFile(this.trustRelationship.getSpMetaDataURL(), spMetaDataFN);
        if (StringHelper.isNotEmpty(saveSpMetadataFile)) {
            MetadataValidationTimer.queue(saveSpMetadataFile);
        } else {
            this.facesMessages.add(StatusMessage.Severity.ERROR, "Failed to download metadata", new Object[0]);
        }
        return StringHelper.isNotEmpty(saveSpMetadataFile);
    }

    @Restrict("#{s:hasPermission('person', 'access')}")
    public String delete() {
        String str = OxTrustConstants.RESULT_FAILURE;
        try {
            if (this.update) {
                try {
                    try {
                        synchronized (this.svnSyncTimer) {
                            Iterator<GluuSAMLTrustRelationship> it = this.trustService.getDeconstructedTrustRelationships(this.trustRelationship).iterator();
                            while (it.hasNext()) {
                                if (GluuStatus.ACTIVE.equals(it.next().getStatus())) {
                                    this.log.error("Failed to remove federation trust relationship {0}, there are still active federated Trust Relationships left.", new Object[]{this.trustRelationship.getInum()});
                                    updateShibboleth2Configuration(this.trustService.getAllActiveTrustRelationships());
                                    return str;
                                }
                            }
                            for (GluuSAMLTrustRelationship gluuSAMLTrustRelationship : this.trustService.getDeconstructedTrustRelationships(this.trustRelationship)) {
                                this.trustService.removeTrustRelationship(gluuSAMLTrustRelationship);
                                this.svnSyncTimer.removeTrustRelationship(gluuSAMLTrustRelationship, this.identity.getCredentials().getUsername());
                            }
                            this.shibboleth2ConfService.removeSpMetadataFile(this.trustRelationship.getSpMetaDataFN());
                            this.trustService.removeTrustRelationship(this.trustRelationship);
                            this.svnSyncTimer.removeTrustRelationship(this.trustRelationship, this.identity.getCredentials().getUsername());
                            str = OxTrustConstants.RESULT_SUCCESS;
                            updateShibboleth2Configuration(this.trustService.getAllActiveTrustRelationships());
                        }
                    } catch (LdapMappingException e) {
                        str = OxTrustConstants.RESULT_FAILURE;
                        this.log.error("Failed to remove trust relationship {0}", e, new Object[]{this.trustRelationship.getInum()});
                        updateShibboleth2Configuration(this.trustService.getAllActiveTrustRelationships());
                    }
                } catch (InterruptedException e2) {
                    this.log.error("Failed to add trust relationship to remove queue. It will be removed during next application restart", e2, new Object[0]);
                    updateShibboleth2Configuration(this.trustService.getAllActiveTrustRelationships());
                }
            }
            return str;
        } catch (Throwable th) {
            updateShibboleth2Configuration(this.trustService.getAllActiveTrustRelationships());
            throw th;
        }
    }

    @Restrict("#{s:hasPermission('trust', 'access')}")
    public String downloadConfiguration() {
        Shibboleth2ConfService instance = Shibboleth2ConfService.instance();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(16384);
        ZipOutputStream createZipStream = ResponseHelper.createZipStream(byteArrayOutputStream, "Shibboleth2 configuration files");
        try {
            createZipStream.setMethod(8);
            createZipStream.setLevel(-1);
            String idpMetadataFilePath = instance.getIdpMetadataFilePath();
            if (!ResponseHelper.addFileToZip(idpMetadataFilePath, createZipStream, Shibboleth2ConfService.SHIB2_IDP_IDP_METADATA_FILE)) {
                this.log.error("Failed to add " + idpMetadataFilePath + " to zip", new Object[0]);
                IOUtils.closeQuietly(createZipStream);
                IOUtils.closeQuietly(byteArrayOutputStream);
                return OxTrustConstants.RESULT_FAILURE;
            }
            if (this.trustRelationship.getSpMetaDataFN() == null) {
                this.log.error("SpMetaDataFN is not set.", new Object[0]);
                IOUtils.closeQuietly(createZipStream);
                IOUtils.closeQuietly(byteArrayOutputStream);
                return OxTrustConstants.RESULT_FAILURE;
            }
            String spMetadataFilePath = instance.getSpMetadataFilePath(this.trustRelationship.getSpMetaDataFN());
            if (!ResponseHelper.addFileToZip(spMetadataFilePath, createZipStream, Shibboleth2ConfService.SHIB2_IDP_SP_METADATA_FILE)) {
                this.log.error("Failed to add " + spMetadataFilePath + " to zip", new Object[0]);
                IOUtils.closeQuietly(createZipStream);
                IOUtils.closeQuietly(byteArrayOutputStream);
                return OxTrustConstants.RESULT_FAILURE;
            }
            String str = this.applicationConfiguration.getShibboleth2IdpRootDir() + File.separator + TrustService.GENERATED_SSL_ARTIFACTS_DIR + File.separator;
            String str2 = str + instance.getSpNewMetadataFileName(this.trustRelationship).replaceFirst("\\.xml$", ".key");
            if (!ResponseHelper.addFileToZip(str2, createZipStream, Shibboleth2ConfService.SHIB2_IDP_SP_KEY_FILE)) {
                this.log.error("Failed to add " + str2 + " to zip", new Object[0]);
            }
            String str3 = str + instance.getSpNewMetadataFileName(this.trustRelationship).replaceFirst("\\.xml$", ".crt");
            if (!ResponseHelper.addFileToZip(str3, createZipStream, Shibboleth2ConfService.SHIB2_IDP_SP_CERT_FILE)) {
                this.log.error("Failed to add " + str3 + " to zip", new Object[0]);
            }
            String generateSpAttributeMapFile = instance.generateSpAttributeMapFile(this.trustRelationship);
            if (generateSpAttributeMapFile == null) {
                this.log.error("spAttributeMap is not set.", new Object[0]);
                IOUtils.closeQuietly(createZipStream);
                IOUtils.closeQuietly(byteArrayOutputStream);
                return OxTrustConstants.RESULT_FAILURE;
            }
            if (!ResponseHelper.addFileContentToZip(generateSpAttributeMapFile, createZipStream, Shibboleth2ConfService.SHIB2_SP_ATTRIBUTE_MAP)) {
                this.log.error("Failed to add " + generateSpAttributeMapFile + " to zip", new Object[0]);
                IOUtils.closeQuietly(createZipStream);
                IOUtils.closeQuietly(byteArrayOutputStream);
                return OxTrustConstants.RESULT_FAILURE;
            }
            String spShibboleth2FilePath = instance.getSpShibboleth2FilePath();
            VelocityContext velocityContext = new VelocityContext();
            velocityContext.put("spUrl", this.trustRelationship.getUrl());
            velocityContext.put("gluuSPEntityId", this.trustRelationship.getEntityId());
            velocityContext.put("spHost", this.trustRelationship.getUrl().replaceAll(":[0-9]*$", "").replaceAll("^.*?//", ""));
            String idpUrl = this.applicationConfiguration.getIdpUrl();
            velocityContext.put("idpUrl", idpUrl);
            velocityContext.put("idpHost", idpUrl.replaceAll(":[0-9]*$", "").replaceAll("^.*?//", ""));
            velocityContext.put("orgInum", StringHelper.removePunctuation(OrganizationService.instance().getOrganizationInum()));
            velocityContext.put("orgSupportEmail", this.applicationConfiguration.getOrgSupportEmail());
            if (!ResponseHelper.addFileContentToZip(this.templateService.generateConfFile(Shibboleth2ConfService.SHIB2_SP_SHIBBOLETH2, velocityContext), createZipStream, Shibboleth2ConfService.SHIB2_SP_SHIBBOLETH2)) {
                this.log.error("Failed to add " + spShibboleth2FilePath + " to zip", new Object[0]);
                IOUtils.closeQuietly(createZipStream);
                IOUtils.closeQuietly(byteArrayOutputStream);
                return OxTrustConstants.RESULT_FAILURE;
            }
            String spReadMeResourceName = instance.getSpReadMeResourceName();
            if (!ResponseHelper.addResourceToZip(this.resourceLoader.getResourceAsStream(spReadMeResourceName), new File(spReadMeResourceName).getName(), createZipStream)) {
                this.log.error("Failed to add " + spReadMeResourceName + " to zip", new Object[0]);
                IOUtils.closeQuietly(createZipStream);
                IOUtils.closeQuietly(byteArrayOutputStream);
                return OxTrustConstants.RESULT_FAILURE;
            }
            String spReadMeWindowsResourceName = instance.getSpReadMeWindowsResourceName();
            if (ResponseHelper.addResourceToZip(this.resourceLoader.getResourceAsStream(spReadMeWindowsResourceName), new File(spReadMeWindowsResourceName).getName(), createZipStream)) {
                IOUtils.closeQuietly(createZipStream);
                IOUtils.closeQuietly(byteArrayOutputStream);
                return ResponseHelper.downloadFile("shibboleth2-configuration.zip", OxTrustConstants.CONTENT_TYPE_APPLICATION_ZIP, byteArrayOutputStream.toByteArray(), this.facesContext) ? OxTrustConstants.RESULT_SUCCESS : OxTrustConstants.RESULT_FAILURE;
            }
            this.log.error("Failed to add " + spReadMeWindowsResourceName + " to zip", new Object[0]);
            IOUtils.closeQuietly(createZipStream);
            IOUtils.closeQuietly(byteArrayOutputStream);
            return OxTrustConstants.RESULT_FAILURE;
        } catch (Throwable th) {
            IOUtils.closeQuietly(createZipStream);
            IOUtils.closeQuietly(byteArrayOutputStream);
            throw th;
        }
    }

    public FileUploadWrapper getFileWrapper() {
        return this.fileWrapper;
    }

    public FileUploadWrapper getCertWrapper() {
        return this.certWrapper;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private List<GluuCustomAttribute> getCurrentCustomAttributes() {
        List arrayList = new ArrayList();
        if (this.selectedTR != null && !this.selectedTR.equals(this.trustRelationship.getInum())) {
            Iterator<GluuSAMLTrustRelationship> it = this.federatedSites.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                GluuSAMLTrustRelationship next = it.next();
                if (this.selectedTR.equals(next.getInum())) {
                    arrayList = next.getReleasedCustomAttributes();
                    break;
                }
            }
        } else {
            arrayList = this.trustRelationship.getReleasedCustomAttributes();
        }
        return arrayList;
    }

    public String getInum() {
        return this.inum;
    }

    public void setInum(String str) {
        this.inum = str;
    }

    public GluuSAMLTrustRelationship getTrustRelationship() {
        return this.trustRelationship;
    }

    public String getMetadata() throws IOException {
        if (this.trustRelationship == null) {
            return null;
        }
        String spMetaDataFN = this.trustRelationship.getSpMetaDataFN();
        if (StringUtils.isEmpty(spMetaDataFN)) {
            return null;
        }
        File file = new File(this.shibboleth2ConfService.getSpMetadataFilePath(spMetaDataFN));
        if (file.exists()) {
            return FileUtils.readFileToString(file);
        }
        return null;
    }

    public boolean isUpdate() {
        return this.update;
    }

    protected String getEventQueue() {
        return "trustQueue";
    }

    protected String getActionName() {
        return "updateTrustRelationshipAction";
    }

    protected boolean allowAccessAttribute(GluuAttribute gluuAttribute) {
        return gluuAttribute.isAdminCanAccess();
    }

    protected boolean allowEditAttribute(GluuAttribute gluuAttribute) {
        return true;
    }

    public String getSAML1URI(GluuAttribute gluuAttribute) {
        if (StringHelper.isNotEmpty(gluuAttribute.getSaml1Uri())) {
            return "SAML1 URI: " + gluuAttribute.getSaml1Uri();
        }
        return "SAML1 URI: urn:" + ((gluuAttribute.isCustom() || StringHelper.isEmpty(gluuAttribute.getUrn()) || (!StringHelper.isEmpty(gluuAttribute.getUrn()) && gluuAttribute.getUrn().startsWith("urn:gluu:dir:attribute-def:"))) ? "gluu" : "mace") + ":dir:attribute-def:" + gluuAttribute.getName();
    }

    public String getSAML2URI(GluuAttribute gluuAttribute) {
        if (StringHelper.isNotEmpty(gluuAttribute.getSaml2Uri())) {
            return "SAML1 URI: " + gluuAttribute.getSaml2Uri();
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(gluuAttribute.getName());
        SchemaService instance = SchemaService.instance();
        List attributeTypeDefinitions = instance.getAttributeTypeDefinitions(instance.getSchema(), arrayList);
        String name = gluuAttribute.getName();
        AttributeTypeDefinition attributeTypeDefinition = instance.getAttributeTypeDefinition(attributeTypeDefinitions, name);
        if (attributeTypeDefinition != null) {
            return "SAML2 URI: urn:oid:" + attributeTypeDefinition.getOID();
        }
        this.log.error("Failed to get OID for attribute name {0}", new Object[]{name});
        return null;
    }

    public void setSelectedTR(String str) {
        this.selectedTR = str;
        this.customAttributeAction.refreshCustomAttributes(getCurrentCustomAttributes());
    }

    public void setContainerFederation(SelectItem selectItem) {
        this.trustRelationship.setContainerFederation((GluuSAMLTrustRelationship) selectItem.getValue());
    }

    public SelectItem getContainerFederation() {
        return new SelectItem(this.trustRelationship.getContainerFederation(), this.trustRelationship.getContainerFederation() == null ? "Select Federation" : this.trustRelationship.getContainerFederation().getDisplayName());
    }

    public ArrayList<SelectItem> getAllFederations() {
        ArrayList<SelectItem> arrayList = new ArrayList<>();
        for (GluuSAMLTrustRelationship gluuSAMLTrustRelationship : this.trustService.getAllFederations()) {
            arrayList.add(new SelectItem(gluuSAMLTrustRelationship, gluuSAMLTrustRelationship.getDisplayName()));
        }
        return arrayList;
    }

    public boolean isActive() {
        return GluuStatus.ACTIVE.equals(this.trustRelationship.getStatus());
    }

    public String activationToggle() {
        if (this.trustRelationship.getStatus().equals(GluuStatus.ACTIVE)) {
            this.trustRelationship.setStatus(GluuStatus.INACTIVE);
        } else if (this.trustRelationship.getStatus().equals(GluuStatus.INACTIVE)) {
            this.trustRelationship.setStatus(GluuStatus.ACTIVE);
        }
        saveTR(true);
        updateShibboleth2Configuration(this.trustService.getAllActiveTrustRelationships());
        return OxTrustConstants.RESULT_SUCCESS;
    }

    public void setSelectedEntities(String[] strArr) {
        if (strArr == null || strArr.length <= 0) {
            return;
        }
        this.trustRelationship.setEntityId(strArr[0]);
    }

    public String[] getSelectedEntities() {
        return (!isUpdate() || this.trustRelationship.getGluuEntityId() == null) ? new String[0] : (String[]) this.trustRelationship.getGluuEntityId().toArray(new String[0]);
    }

    public void filterEntities() {
        this.filteredEntities = null;
        if (StringHelper.isNotEmpty(getFilterString())) {
            this.filteredEntities = new ArrayList();
            for (String str : this.trustRelationship.getContainerFederation().getGluuEntityId()) {
                if (str.toLowerCase().contains(getFilterString().toLowerCase())) {
                    this.filteredEntities.add(str);
                }
            }
        }
    }

    public void setAvailableEntities(List<String> list) {
        this.availableEntities.removeAll(this.availableEntitiesFiltered);
        this.availableEntities.addAll(list);
    }

    public List<String> getAvailableEntities() {
        if (this.trustRelationship.getContainerFederation() == null) {
            return null;
        }
        if (!this.trustRelationship.getContainerFederation().getGluuEntityId().contains(this.trustRelationship.getEntityId())) {
            this.trustRelationship.setEntityId(null);
            this.availableEntities = null;
        }
        if (this.availableEntities == null) {
            this.availableEntities = new ArrayList();
            if (this.trustRelationship.getContainerFederation() != null) {
                this.availableEntities.addAll(this.trustRelationship.getContainerFederation().getGluuEntityId());
            }
        }
        this.availableEntitiesFiltered = new ArrayList();
        this.availableEntitiesFiltered.addAll(this.availableEntities);
        if (this.filteredEntities != null) {
            this.availableEntitiesFiltered.retainAll(this.filteredEntities);
        }
        return this.availableEntitiesFiltered;
    }

    public void setFilterString(String str) {
        this.filterString = str;
    }

    public String getFilterString() {
        return this.filterString;
    }

    public List<GluuSAMLTrustRelationship> getFederatedSites() {
        return this.federatedSites;
    }
}
