package coldfusion.saml;

import coldfusion.filter.FusionContext;
import coldfusion.runtime.ApplicationException;
import coldfusion.runtime.VariableScope;
import coldfusion.saml.SAMLServiceImpl;
import coldfusion.saml.util.SignatureCreator;
import coldfusion.server.ServiceFactory;
import coldfusion.tagext.lang.IncludeTag;
import coldfusion.util.RB;
import com.onelogin.saml2.authn.AuthnRequest;
import com.onelogin.saml2.exception.SettingsException;
import com.onelogin.saml2.logout.LogoutRequest;
import com.onelogin.saml2.servlet.ServletUtils;
import com.onelogin.saml2.settings.Saml2Settings;
import com.onelogin.saml2.util.Util;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.jsp.JspException;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:coldfusion/saml/SamlRequestBuilder.class */
public class SamlRequestBuilder {
    public final String ssoTemplatePath = "/WEB-INF/saml/login.cfm";
    public final String logoutTemplatePath = "/WEB-INF/saml/logout.cfm";
    public static final String IDP = "IDP";
    public static final String SP = "SP";
    public static final String NAME = "NAME";
    public static final String APPLICATION_SCOPE_SECURITY_KEY = "SECURITY";
    public static final String APPLICATION_SCOPE_SETTINGS_KEY = "SAMLSETTINGS";
    public static final String IDP_URL = "URL";
    public static final String IDP_FILE = "FILE";
    public static final String IDP_RAW = "RAWXML";
    public static final String ENTITYID = "ENTITYID";
    public static final String SSOURL = "SSOURL";
    public static final String SSOBINDING = "SSOBINDING";
    public static final String SLOURL = "SLOURL";
    public static final String SLOBINDING = "SLOBINDING";
    public static final String LOGOUTRESPONSEURL = "LOGOUTRESPONSEURL";
    public static final String SIGNREQUESTS = "SIGNREQUESTS";
    public static final String ENCRYPTREQUESTS = "ENCRYPTREQUESTS";
    public static final String SIGNCERTIFICATE = "SIGNCERTIFICATE";
    public static final String ENCRYPTCERTIFICATE = "ENCRYPTCERTIFICATE";
    public static final String ACSURL = "ACSURL";
    public static final String ACSBINDING = "ACSBINDING";
    public static final String WANTASSERTIONSSIGNED = "WANTASSERTIONSSIGNED";
    public static final String LOGOUTRESPONSESIGNED = "LOGOUTRESPONSESIGNED";
    public static final String KEYSTORE = "KEYSTORE";
    public static final String PASSWORD = "PASSWORD";
    public static final String KEYSTOREALIAS = "KEYSTOREALIAS";
    public static final String RELAYSTATE = "RELAYSTATE";
    public static final String TEMPLATE = "TEMPLATE";
    public static final String SAMLREQUEST = "SAMLREQUEST";
    public static final String LOGOUTREQUEST = "LOGOUTREQUEST";
    public static final String IDPURL = "IDPURL";
    public static final String LOGIN_NAMEID = "NAMEID";
    public static final String LOGIN_NAMEID_FORMAT = "NAMEIDFORMAT";
    public static final String LOGIN_NAMEIDQUALIFIER = "NAMEIDQUALIFIER";
    public static final String LOGIN_NAMEIDSPQUALIFIER = "NAMEIDSPQUALIFIER";
    public static final String LOGIN_SESSIONINDEX = "SESSIONINDEX";
    public static final String COLDFUSION = "COLDFUSION";
    public static final String LIFETIME = "LIFETIME";
    public static final int DEFAULT_LIFETIME = 300;
    private String idpConfig;
    private String spConfig;
    private static Map<String, RequestOptions> requestMap = new ConcurrentHashMap();

    /* loaded from: input_file:coldfusion/saml/SamlRequestBuilder$SamlRequestException.class */
    public class SamlRequestException extends ApplicationException {
        public String message;

        public SamlRequestException(String str) {
            this.message = "";
            this.message = str;
        }

        public SamlRequestException(String str, Throwable th) {
            super(th);
            this.message = "";
            this.message = str;
        }
    }

    /* loaded from: input_file:coldfusion/saml/SamlRequestBuilder$XMLEntityException.class */
    public class XMLEntityException extends ApplicationException {
        public XMLEntityException() {
        }
    }

    public String buildAuthnRequest(Map map) {
        return new AuthnRequest(SamlHelper.getSamlSettings(getIdp(map), getSp(map))).getAuthnRequestXml();
    }

    public String buildLogoutRequest(Map map) {
        Saml2Settings samlSettings = SamlHelper.getSamlSettings(getIdp(map), getSp(map));
        if (samlSettings.getIdpSingleLogoutServiceUrl() == null) {
            throw new SamlRequestException(RB.getString(this, "LogoutMissingSlo"));
        }
        FusionContext current = FusionContext.getCurrent();
        String structEmptyValue = getStructEmptyValue(LOGIN_NAMEID, map);
        String structEmptyValue2 = getStructEmptyValue(LOGIN_NAMEID_FORMAT, map);
        try {
            return new LogoutRequest(samlSettings, ServletUtils.makeHttpRequest(current.getRequest()), structEmptyValue, getStructEmptyValue(LOGIN_SESSIONINDEX, map), structEmptyValue2, getStructEmptyValue(LOGIN_NAMEIDQUALIFIER, map), getStructEmptyValue(LOGIN_NAMEIDSPQUALIFIER, map)).getLogoutRequestXml();
        } catch (com.onelogin.saml2.exception.XMLEntityException e) {
            throw new XMLEntityException();
        }
    }

    public void initAuthRequest(Map map) {
        IdpConfiguration idp = getIdp(map);
        SpConfiguration sp = getSp(map);
        Saml2Settings samlSettings = SamlHelper.getSamlSettings(idp, sp);
        RequestOptions requestOptions = new RequestOptions(this.idpConfig, this.spConfig, SamlState.LOGIN_PENDING, map.get(LIFETIME) != null ? ((Integer) map.get(LIFETIME)).intValue() : DEFAULT_LIFETIME);
        FusionContext current = FusionContext.getCurrent();
        if (StringUtils.equals(samlSettings.getIdpSingleSignOnServiceBinding(), SamlBindings.REDIRECT.toString())) {
            try {
                new SamlAuth(samlSettings, current.getRequest(), current.getResponse(), requestOptions, sp).login((String) map.get(RELAYSTATE));
                return;
            } catch (SettingsException | IOException e) {
                throw new SamlRequestException(RB.getString(this, "CannotLoadSPCert"));
            }
        }
        AuthnRequest authnRequest = new AuthnRequest(samlSettings, false, false, true);
        SamlCacheHelper.updateCache(authnRequest.getId(), requestOptions, sp);
        try {
            String authnRequestXml = authnRequest.getAuthnRequestXml();
            if (samlSettings.getAuthnRequestsSigned()) {
                authnRequestXml = new SignatureCreator().signRequest(authnRequestXml, samlSettings, authnRequest.getId());
            }
            String str = map.containsKey(TEMPLATE) ? (String) map.get(TEMPLATE) : "/WEB-INF/saml/login.cfm";
            if (!str.startsWith("/")) {
                str = "/" + str;
            }
            checkTemplateFileExists(str);
            String str2 = map.containsKey(RELAYSTATE) ? (String) map.get(RELAYSTATE) : "";
            VariableScope variableScope = FusionContext.getCurrent().pageContext.getVariableScope();
            variableScope.put(SAMLREQUEST, Util.base64encoder(authnRequestXml));
            variableScope.put(RELAYSTATE, str2);
            variableScope.put(IDPURL, samlSettings.getIdpSingleSignOnServiceUrl().toString());
            IncludeTag includeTag = new IncludeTag();
            includeTag.setPageContext(FusionContext.getCurrent().pageContext);
            includeTag.setTemplate(str);
            try {
                includeTag.doStartTag();
            } catch (JspException e2) {
                throw new SamlRequestException(RB.getString(this, "IncludePageError"));
            }
        } catch (Throwable th) {
            throw new SamlRequestException(th.getMessage(), th);
        }
    }

    public void initLogoutRequest(Map map) {
        IdpConfiguration idp = getIdp(map);
        SpConfiguration sp = getSp(map);
        Saml2Settings samlSettings = SamlHelper.getSamlSettings(idp, sp);
        if (samlSettings.getIdpSingleLogoutServiceUrl() == null) {
            throw new SamlRequestException(RB.getString(this, "LogoutMissingSlo"));
        }
        RequestOptions requestOptions = new RequestOptions(this.idpConfig, this.spConfig, SamlState.LOGOUT_PENDING, map.get(LIFETIME) != null ? ((Integer) map.get(LIFETIME)).intValue() : DEFAULT_LIFETIME);
        FusionContext current = FusionContext.getCurrent();
        String structValue = getStructValue(LOGIN_NAMEID, map);
        String structValue2 = getStructValue(LOGIN_NAMEID_FORMAT, map);
        String structValue3 = getStructValue(LOGIN_SESSIONINDEX, map);
        String structValue4 = getStructValue(LOGIN_NAMEIDQUALIFIER, map);
        String structValue5 = getStructValue(LOGIN_NAMEIDSPQUALIFIER, map);
        String structValue6 = getStructValue(RELAYSTATE, map);
        if (StringUtils.equals(samlSettings.getIdpSingleLogoutServiceBinding(), SamlBindings.REDIRECT.toString())) {
            try {
                new SamlAuth(samlSettings, current.getRequest(), current.getResponse(), requestOptions, sp).logout(structValue6, structValue, structValue3, false, structValue2, structValue4, structValue5);
                return;
            } catch (com.onelogin.saml2.exception.XMLEntityException e) {
                throw new XMLEntityException();
            } catch (SettingsException | IOException e2) {
                throw new SamlRequestException(RB.getString(this, "CannotLoadSPCert"));
            }
        }
        try {
            LogoutRequest logoutRequest = new LogoutRequest(samlSettings, ServletUtils.makeHttpRequest(current.getRequest()), structValue, structValue3, structValue2, structValue4, structValue5);
            SamlCacheHelper.updateCache(logoutRequest.getId(), requestOptions, sp);
            try {
                String logoutRequestXml = logoutRequest.getLogoutRequestXml();
                if (samlSettings.getLogoutRequestSigned()) {
                    logoutRequestXml = new SignatureCreator().signRequest(logoutRequestXml, samlSettings, logoutRequest.id);
                }
                String str = map.containsKey(TEMPLATE) ? (String) map.get(TEMPLATE) : "/WEB-INF/saml/logout.cfm";
                if (!str.startsWith("/")) {
                    str = "/" + str;
                }
                checkTemplateFileExists(str);
                String str2 = map.containsKey(RELAYSTATE) ? (String) map.get(RELAYSTATE) : "";
                VariableScope variableScope = FusionContext.getCurrent().pageContext.getVariableScope();
                variableScope.put(LOGOUTREQUEST, Util.base64encoder(logoutRequestXml));
                variableScope.put(RELAYSTATE, str2);
                variableScope.put(IDPURL, samlSettings.getIdpSingleLogoutServiceUrl().toString());
                IncludeTag includeTag = new IncludeTag();
                includeTag.setPageContext(FusionContext.getCurrent().pageContext);
                includeTag.setTemplate(str);
                try {
                    includeTag.doStartTag();
                } catch (JspException e3) {
                    throw new SamlRequestException(RB.getString(this, "IncludePageError"));
                }
            } catch (Throwable th) {
                throw new SamlRequestException(th.getMessage(), th);
            }
        } catch (com.onelogin.saml2.exception.XMLEntityException e4) {
            throw new XMLEntityException();
        }
    }

    private void checkTemplateFileExists(String str) {
        if (!Files.exists(Paths.get(FusionContext.getCurrent().getRealPath(str), new String[0]), new LinkOption[0])) {
            throw new SamlRequestException(RB.getString(this, "TemplateFileMissing", str));
        }
    }

    private String getStructValue(String str, Map map) {
        if (map.containsKey(str)) {
            return (String) map.get(str);
        }
        return null;
    }

    private String getStructEmptyValue(String str, Map map) {
        return map.containsKey(str) ? (String) map.get(str) : "";
    }

    public static RequestOptions getRequestOptions(String str) {
        return requestMap.get(str);
    }

    private IdpConfiguration getIdp(Map map) {
        String str = null;
        IdpConfiguration idpConfiguration = null;
        Map map2 = (Map) map.get(IDP);
        if (map2 != null) {
            str = (String) map2.get(NAME);
            this.idpConfig = str;
        }
        if (str != null) {
            Map structFromAppScope = SamlHelper.getStructFromAppScope(IDP, str);
            if (structFromAppScope != null) {
                idpConfiguration = SamlHelper.createIdpConfigFromStruct(structFromAppScope);
            }
            if (idpConfiguration == null) {
                idpConfiguration = (IdpConfiguration) ServiceFactory.getSamlService().getIdpMetadata(str);
            }
            if (idpConfiguration == null) {
                throw new SamlRequestException(RB.getString(this, "MissingIDPConfig"));
            }
            List<String> validateIdpSettings = SamlHelper.validateIdpSettings(idpConfiguration);
            if (!validateIdpSettings.isEmpty()) {
                throw new SAMLServiceImpl.IdpException(validateIdpSettings);
            }
        }
        return idpConfiguration;
    }

    private SpConfiguration getSp(Map map) {
        String str = null;
        SpConfiguration spConfiguration = null;
        Map map2 = (Map) map.get(SP);
        if (map2 != null) {
            str = (String) map2.get(NAME);
            this.spConfig = str;
        }
        if (str != null) {
            Map structFromAppScope = SamlHelper.getStructFromAppScope(SP, str);
            if (structFromAppScope != null) {
                spConfiguration = SamlHelper.createSpConfigFromStruct(structFromAppScope);
            }
            if (spConfiguration == null) {
                spConfiguration = (SpConfiguration) ServiceFactory.getSamlService().getSpMetadata(str);
            }
            if (spConfiguration == null) {
                throw new SamlRequestException(RB.getString(this, "MissingSPConfig"));
            }
            List<String> validateSpSettings = SamlHelper.validateSpSettings(spConfiguration);
            if (!validateSpSettings.isEmpty()) {
                throw new SAMLServiceImpl.SpException(validateSpSettings);
            }
        }
        return spConfiguration;
    }
}
