package com.onelogin.saml2;

import com.onelogin.saml2.authn.AuthnRequest;
import com.onelogin.saml2.authn.SamlResponse;
import com.onelogin.saml2.exception.Error;
import com.onelogin.saml2.exception.SettingsException;
import com.onelogin.saml2.exception.XMLEntityException;
import com.onelogin.saml2.http.HttpRequest;
import com.onelogin.saml2.logout.LogoutRequest;
import com.onelogin.saml2.logout.LogoutResponse;
import com.onelogin.saml2.servlet.ServletUtils;
import com.onelogin.saml2.settings.Saml2Settings;
import com.onelogin.saml2.settings.SettingsBuilder;
import com.onelogin.saml2.util.Constants;
import com.onelogin.saml2.util.Util;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.joda.time.Instant;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/onelogin/saml2/Auth.class */
public class Auth {
    private static final Logger LOGGER = LoggerFactory.getLogger(Auth.class);
    private Saml2Settings settings;
    private HttpServletRequest request;
    private HttpServletResponse response;
    private String nameid;
    private String nameidFormat;
    private String nameidNameQualifier;
    private String nameidSPNameQualifier;
    private String sessionIndex;
    private DateTime sessionExpiration;
    private String lastMessageId;
    private String lastAssertionId;
    private List<Instant> lastAssertionNotOnOrAfter;
    private Map<String, List<String>> attributes;
    private boolean authenticated;
    private List<String> errors;
    private String errorReason;
    private String lastRequestId;
    private String lastRequest;
    private String lastResponse;

    public Auth() throws IOException, SettingsException, Error {
        this(new SettingsBuilder().fromFile("onelogin.saml.properties").build(), (HttpServletRequest) null, (HttpServletResponse) null);
    }

    public Auth(String str) throws IOException, SettingsException, Error {
        this(new SettingsBuilder().fromFile(str).build(), (HttpServletRequest) null, (HttpServletResponse) null);
    }

    public Auth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, SettingsException, Error {
        this(new SettingsBuilder().fromFile("onelogin.saml.properties").build(), httpServletRequest, httpServletResponse);
    }

    public Auth(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SettingsException, IOException, Error {
        this(new SettingsBuilder().fromFile(str).build(), httpServletRequest, httpServletResponse);
    }

    public Auth(Saml2Settings saml2Settings, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SettingsException {
        this.attributes = new HashMap();
        this.authenticated = false;
        this.errors = new ArrayList();
        this.settings = saml2Settings;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        List checkSettings = saml2Settings.checkSettings();
        if (checkSettings.isEmpty()) {
            LOGGER.debug("Settings validated");
        } else {
            String str = "Invalid settings: " + StringUtils.join(checkSettings, ", ");
            LOGGER.error(str);
            throw new SettingsException(str, 2);
        }
    }

    public void setStrict(Boolean bool) {
        this.settings.setStrict(bool.booleanValue());
    }

    public String login(String str, Boolean bool, Boolean bool2, Boolean bool3, Boolean bool4) throws IOException, SettingsException {
        HashMap hashMap = new HashMap();
        AuthnRequest authnRequest = new AuthnRequest(this.settings, bool.booleanValue(), bool2.booleanValue(), bool3.booleanValue());
        String encodedAuthnRequest = authnRequest.getEncodedAuthnRequest();
        hashMap.put("SAMLRequest", encodedAuthnRequest);
        String selfRoutedURLNoQuery = str == null ? ServletUtils.getSelfRoutedURLNoQuery(this.request) : str;
        if (!selfRoutedURLNoQuery.isEmpty()) {
            hashMap.put("RelayState", selfRoutedURLNoQuery);
        }
        if (this.settings.getAuthnRequestsSigned()) {
            String signatureAlgorithm = this.settings.getSignatureAlgorithm();
            String buildRequestSignature = buildRequestSignature(encodedAuthnRequest, selfRoutedURLNoQuery, signatureAlgorithm);
            hashMap.put("SigAlg", signatureAlgorithm);
            hashMap.put("Signature", buildRequestSignature);
        }
        String sSOurl = getSSOurl();
        this.lastRequestId = authnRequest.getId();
        this.lastRequest = authnRequest.getAuthnRequestXml();
        if (!bool4.booleanValue()) {
            LOGGER.debug("AuthNRequest sent to " + sSOurl + " --> " + encodedAuthnRequest);
        }
        return ServletUtils.sendRedirect(this.response, sSOurl, hashMap, bool4);
    }

    public void login(String str, Boolean bool, Boolean bool2, Boolean bool3) throws IOException, SettingsException {
        login(str, bool, bool2, bool3, false);
    }

    public void login() throws IOException, SettingsException {
        login(null, false, false, true);
    }

    public void login(String str) throws IOException, SettingsException {
        login(str, false, false, true);
    }

    public String logout(String str, String str2, String str3, Boolean bool, String str4, String str5, String str6) throws IOException, XMLEntityException, SettingsException {
        HashMap hashMap = new HashMap();
        LogoutRequest logoutRequest = new LogoutRequest(this.settings, (HttpRequest) null, str2, str3, str4, str5, str6);
        String encodedLogoutRequest = logoutRequest.getEncodedLogoutRequest();
        hashMap.put("SAMLRequest", encodedLogoutRequest);
        String selfRoutedURLNoQuery = str == null ? ServletUtils.getSelfRoutedURLNoQuery(this.request) : str;
        if (!selfRoutedURLNoQuery.isEmpty()) {
            hashMap.put("RelayState", selfRoutedURLNoQuery);
        }
        if (this.settings.getLogoutRequestSigned()) {
            String signatureAlgorithm = this.settings.getSignatureAlgorithm();
            String buildRequestSignature = buildRequestSignature(encodedLogoutRequest, selfRoutedURLNoQuery, signatureAlgorithm);
            hashMap.put("SigAlg", signatureAlgorithm);
            hashMap.put("Signature", buildRequestSignature);
        }
        String sLOurl = getSLOurl();
        this.lastRequestId = logoutRequest.getId();
        this.lastRequest = logoutRequest.getLogoutRequestXml();
        if (!bool.booleanValue()) {
            LOGGER.debug("Logout request sent to " + sLOurl + " --> " + encodedLogoutRequest);
        }
        return ServletUtils.sendRedirect(this.response, sLOurl, hashMap, bool);
    }

    public String logout(String str, String str2, String str3, Boolean bool, String str4, String str5) throws IOException, XMLEntityException, SettingsException {
        return logout(str, str2, str3, bool, str4, str5, null);
    }

    public String logout(String str, String str2, String str3, Boolean bool, String str4) throws IOException, XMLEntityException, SettingsException {
        return logout(str, str2, str3, bool, str4, (String) null);
    }

    public String logout(String str, String str2, String str3, Boolean bool) throws IOException, XMLEntityException, SettingsException {
        return logout(str, str2, str3, bool, (String) null);
    }

    public void logout(String str, String str2, String str3, String str4, String str5, String str6) throws IOException, XMLEntityException, SettingsException {
        logout(str, str2, str3, false, str4, str5, str6);
    }

    public void logout(String str, String str2, String str3, String str4, String str5) throws IOException, XMLEntityException, SettingsException {
        logout(str, str2, str3, (Boolean) false, str4, str5);
    }

    public void logout(String str, String str2, String str3, String str4) throws IOException, XMLEntityException, SettingsException {
        logout(str, str2, str3, (Boolean) false, str4);
    }

    public void logout(String str, String str2, String str3) throws IOException, XMLEntityException, SettingsException {
        logout(str, str2, str3, (Boolean) false, (String) null);
    }

    public void logout() throws IOException, XMLEntityException, SettingsException {
        logout((String) null, (String) null, (String) null, (Boolean) false);
    }

    public void logout(String str) throws IOException, XMLEntityException, SettingsException {
        logout(str, null, null);
    }

    public String getSSOurl() {
        return this.settings.getIdpSingleSignOnServiceUrl().toString();
    }

    public String getSLOurl() {
        return this.settings.getIdpSingleLogoutServiceUrl().toString();
    }

    public String getSLOResponseUrl() {
        return this.settings.getIdpSingleLogoutServiceResponseUrl().toString();
    }

    public void processResponse(String str) throws Exception {
        this.authenticated = false;
        HttpRequest makeHttpRequest = ServletUtils.makeHttpRequest(this.request);
        String parameter = makeHttpRequest.getParameter("SAMLResponse");
        if (parameter == null) {
            this.errors.add("invalid_binding");
            LOGGER.error("processResponse error.SAML Response not found, Only supported HTTP_POST Binding");
            throw new Error("SAML Response not found, Only supported HTTP_POST Binding", 3);
        }
        SamlResponse samlResponse = new SamlResponse(this.settings, makeHttpRequest);
        this.lastResponse = samlResponse.getSAMLResponseXml();
        if (!samlResponse.isValid(str)) {
            this.errors.add("invalid_response");
            LOGGER.error("processResponse error. invalid_response");
            LOGGER.debug(" --> " + parameter);
            this.errorReason = samlResponse.getError();
            return;
        }
        this.nameid = samlResponse.getNameId();
        this.nameidFormat = samlResponse.getNameIdFormat();
        this.nameidNameQualifier = samlResponse.getNameIdNameQualifier();
        this.nameidSPNameQualifier = samlResponse.getNameIdSPNameQualifier();
        this.authenticated = true;
        this.attributes = samlResponse.getAttributes();
        this.sessionIndex = samlResponse.getSessionIndex();
        this.sessionExpiration = samlResponse.getSessionNotOnOrAfter();
        this.lastMessageId = samlResponse.getId();
        this.lastAssertionId = samlResponse.getAssertionId();
        this.lastAssertionNotOnOrAfter = samlResponse.getAssertionNotOnOrAfter();
        LOGGER.debug("processResponse success --> " + parameter);
    }

    public void processResponse() throws Exception {
        processResponse(null);
    }

    public void processSLO(Boolean bool, String str) throws Exception {
        HttpRequest makeHttpRequest = ServletUtils.makeHttpRequest(this.request);
        String parameter = makeHttpRequest.getParameter("SAMLRequest");
        String parameter2 = makeHttpRequest.getParameter("SAMLResponse");
        if (parameter2 != null) {
            LogoutResponse logoutResponse = new LogoutResponse(this.settings, makeHttpRequest);
            this.lastResponse = logoutResponse.getLogoutResponseXml();
            if (!logoutResponse.isValid(str).booleanValue()) {
                this.errors.add("invalid_logout_response");
                LOGGER.error("processSLO error. invalid_logout_response");
                LOGGER.debug(" --> " + parameter2);
                this.errorReason = logoutResponse.getError();
                return;
            }
            String status = logoutResponse.getStatus();
            if (status == null || !status.equals(Constants.STATUS_SUCCESS)) {
                this.errors.add("logout_not_success");
                LOGGER.error("processSLO error. logout_not_success");
                LOGGER.debug(" --> " + parameter2);
                return;
            } else {
                this.lastMessageId = logoutResponse.getId();
                LOGGER.debug("processSLO success --> " + parameter2);
                if (bool.booleanValue()) {
                    return;
                }
                this.request.getSession().invalidate();
                return;
            }
        }
        if (parameter == null) {
            this.errors.add("invalid_binding");
            LOGGER.error("processSLO error.SAML LogoutRequest/LogoutResponse not found. Only supported HTTP_REDIRECT Binding");
            throw new Error("SAML LogoutRequest/LogoutResponse not found. Only supported HTTP_REDIRECT Binding", 4);
        }
        LogoutRequest logoutRequest = new LogoutRequest(this.settings, makeHttpRequest);
        this.lastRequest = logoutRequest.getLogoutRequestXml();
        if (!logoutRequest.isValid().booleanValue()) {
            this.errors.add("invalid_logout_request");
            LOGGER.error("processSLO error. invalid_logout_request");
            LOGGER.debug(" --> " + parameter);
            this.errorReason = logoutRequest.getError();
            return;
        }
        this.lastMessageId = logoutRequest.getId();
        LOGGER.debug("processSLO success --> " + parameter);
        if (!bool.booleanValue()) {
            this.request.getSession().invalidate();
        }
        String str2 = logoutRequest.id;
        LogoutResponse logoutResponse2 = new LogoutResponse(this.settings, makeHttpRequest);
        logoutResponse2.build(str2);
        this.lastResponse = logoutResponse2.getLogoutResponseXml();
        String encodedLogoutResponse = logoutResponse2.getEncodedLogoutResponse();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("SAMLResponse", encodedLogoutResponse);
        String parameter3 = this.request.getParameter("RelayState");
        if (parameter3 != null) {
            linkedHashMap.put("RelayState", parameter3);
        }
        if (this.settings.getLogoutResponseSigned()) {
            String signatureAlgorithm = this.settings.getSignatureAlgorithm();
            String buildResponseSignature = buildResponseSignature(encodedLogoutResponse, parameter3, signatureAlgorithm);
            linkedHashMap.put("SigAlg", signatureAlgorithm);
            linkedHashMap.put("Signature", buildResponseSignature);
        }
        String sLOResponseUrl = getSLOResponseUrl();
        LOGGER.debug("Logout response sent to " + sLOResponseUrl + " --> " + encodedLogoutResponse);
        ServletUtils.sendRedirect(this.response, sLOResponseUrl, linkedHashMap);
    }

    public void processSLO() throws Exception {
        processSLO(false, null);
    }

    public final boolean isAuthenticated() {
        return this.authenticated;
    }

    public final List<String> getAttributesName() {
        return new ArrayList(this.attributes.keySet());
    }

    public final Map<String, List<String>> getAttributes() {
        return this.attributes;
    }

    public final Collection<String> getAttribute(String str) {
        return this.attributes.get(str);
    }

    public final String getNameId() {
        return this.nameid;
    }

    public final String getNameIdFormat() {
        return this.nameidFormat;
    }

    public final String getNameIdNameQualifier() {
        return this.nameidNameQualifier;
    }

    public final String getNameIdSPNameQualifier() {
        return this.nameidSPNameQualifier;
    }

    public final String getSessionIndex() {
        return this.sessionIndex;
    }

    public final DateTime getSessionExpiration() {
        return this.sessionExpiration;
    }

    public String getLastMessageId() {
        return this.lastMessageId;
    }

    public String getLastAssertionId() {
        return this.lastAssertionId;
    }

    public List<Instant> getLastAssertionNotOnOrAfter() {
        return this.lastAssertionNotOnOrAfter;
    }

    public List<String> getErrors() {
        return this.errors;
    }

    public String getLastErrorReason() {
        return this.errorReason;
    }

    public String getLastRequestId() {
        return this.lastRequestId;
    }

    public Saml2Settings getSettings() {
        return this.settings;
    }

    public Boolean isDebugActive() {
        return Boolean.valueOf(this.settings.isDebugActive());
    }

    public String buildRequestSignature(String str, String str2, String str3) throws SettingsException {
        return buildSignature(str, str2, str3, "SAMLRequest");
    }

    public String buildResponseSignature(String str, String str2, String str3) throws SettingsException {
        return buildSignature(str, str2, str3, "SAMLResponse");
    }

    private String buildSignature(String str, String str2, String str3, String str4) throws SettingsException, IllegalArgumentException {
        String str5 = "";
        if (!this.settings.checkSPCerts()) {
            String str6 = "Trying to sign the " + str4 + " but can't load the SP private key";
            LOGGER.error("buildSignature error. " + str6);
            throw new SettingsException(str6, 4);
        }
        PrivateKey sPkey = this.settings.getSPkey();
        String str7 = str4 + "=" + Util.urlEncoder(str);
        if (StringUtils.isNotEmpty(str2)) {
            str7 = str7 + "&RelayState=" + Util.urlEncoder(str2);
        }
        if (StringUtils.isEmpty(str3)) {
            str3 = Constants.RSA_SHA1;
        }
        try {
            str5 = Util.base64encoder(Util.sign(str7 + "&SigAlg=" + Util.urlEncoder(str3), sPkey, str3));
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            LOGGER.error("buildSignature error." + e.getMessage());
        }
        if (!str5.isEmpty()) {
            LOGGER.debug("buildResponseSignature success. --> " + str5);
            return str5;
        }
        String str8 = "There was a problem when calculating the Signature of the " + str4;
        LOGGER.error("buildSignature error. " + str8);
        throw new IllegalArgumentException(str8);
    }

    public String getLastRequestXML() {
        return this.lastRequest;
    }

    public String getLastResponseXML() {
        return this.lastResponse;
    }
}
