package coldfusion.saml;

import coldfusion.filter.FusionContext;
import coldfusion.runtime.ApplicationScope;
import coldfusion.runtime.CFBoolean;
import coldfusion.runtime.Cast;
import coldfusion.runtime.Struct;
import coldfusion.saml.SAMLServiceImpl;
import coldfusion.saml.SpConfiguration;
import coldfusion.saml.util.Utils;
import coldfusion.server.ServiceFactory;
import coldfusion.util.KeystoreUtils;
import coldfusion.util.RB;
import coldfusion.wddx.Base64Encoder;
import com.onelogin.saml2.servlet.ServletUtils;
import com.onelogin.saml2.settings.IdPMetadataParser;
import com.onelogin.saml2.settings.Saml2Settings;
import com.onelogin.saml2.settings.SettingsBuilder;
import com.onelogin.saml2.util.Util;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.StringReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.xml.sax.InputSource;

/* loaded from: input_file:coldfusion/saml/SamlHelper.class */
public class SamlHelper {
    private static final String SAML_FOLDER_PREFIX = ServiceFactory.getSamlService().getRootDir() + File.separator + "lib" + File.separator + "saml" + File.separator;
    private static final String KEYSTORE_FILE_SUFFIX = ".p12";
    private static final String SP_ENTITYID = "ENTITYID";
    private static final String SP_ACSURL = "ACSURL";
    private static final String SP_ACSBINDING = "ACSBINDING";
    private static final String SP_SLOURL = "SLOURL";
    private static final String SP_SLOBINDING = "SLOBINDING";
    private static final String SP_SIGNREQUESTS = "SIGNREQUESTS";
    private static final String SP_WANTASSERTIONSSIGNED = "WANTASSERTIONSSIGNED";
    private static final String SP_LOGOUTRESPONSESIGNED = "LOGOUTRESPONSESIGNED";
    private static final String SP_SIGNKEYSTOREPATH = "SIGNKEYSTOREPATH";
    private static final String SP_SIGNKEYSTOREPASSWORD = "SIGNKEYSTOREPASSWORD";
    private static final String SP_SIGNKEYSTOREALIAS = "SIGNKEYSTOREALIAS";
    private static final String SP_STATESTORE = "REQUESTSTORE";
    private static final String SP_STRICT = "STRICT";
    private static final String SP_ALLOW_IDP_INITIATED_SSO = "ALLOWIDPINITIATEDSSO";
    private static final String SP_SIGNMETADATA = "SIGNMETADATA";
    private static final String SP_FILEPATH = "FILEPATH";
    private static final String SP_PREFIX = "CFGenerated_";
    private static final String BINDING_REDIRECT = "REDIRECT";

    public static Map generateSpStruct(Map map) {
        HashMap hashMap = new HashMap();
        SpConfiguration spConfiguration = (SpConfiguration) generateDefaultSpMetadata(true, map, false).get("sp");
        if (spConfiguration == null) {
            return null;
        }
        hashMap.put("ENTITYID", spConfiguration.getEntityId());
        hashMap.put("ACSURL", spConfiguration.getAcsUrl());
        hashMap.put("ACSBINDING", spConfiguration.getAcsBinding());
        hashMap.put("SLOURL", spConfiguration.getSloUrl());
        hashMap.put("SLOBINDING", spConfiguration.getSloBinding());
        hashMap.put(SP_SIGNMETADATA, Boolean.valueOf(spConfiguration.isSignMetadata()));
        hashMap.put("SIGNREQUESTS", Boolean.valueOf(spConfiguration.isSignRequests()));
        hashMap.put("WANTASSERTIONSSIGNED", Boolean.valueOf(spConfiguration.isWantAssertionsSigned()));
        hashMap.put(SP_SIGNKEYSTOREPATH, spConfiguration.getSignKeystorePath());
        hashMap.put(SP_SIGNKEYSTOREPASSWORD, ServiceFactory.getSamlService().decryptPassword(spConfiguration.getSignKeystorePassword()));
        hashMap.put(SP_STATESTORE, spConfiguration.getStateStore());
        return hashMap;
    }

    public static Map generateDefaultSpMetadata(boolean z, Map map) {
        return generateDefaultSpMetadata(z, map, true);
    }

    public static Map generateDefaultSpMetadata(boolean z, Map map, boolean z2) {
        String str = SP_PREFIX + RandomStringUtils.random(10, true, true);
        SpConfiguration spConfiguration = new SpConfiguration();
        spConfiguration.setGenerated(z);
        boolean z3 = map != null;
        if (!z3 || map.get("ENTITYID") == null) {
            spConfiguration.setEntityId("http://coldfusion.adobe.com/" + str);
        } else {
            spConfiguration.setEntityId((String) map.get("ENTITYID"));
        }
        if (!z3 || map.get("ACSURL") == null) {
            spConfiguration.setAcsUrl("http://localhost:8500/" + str + ".cfm");
        } else {
            spConfiguration.setAcsUrl((String) map.get("ACSURL"));
        }
        if (z2) {
            spConfiguration.setAcsUrl(null);
        }
        if (!z3 || map.get("ACSBINDING") == null) {
            spConfiguration.setAcsBinding(BINDING_REDIRECT);
        } else {
            spConfiguration.setAcsBinding((String) map.get("ACSBINDING"));
        }
        if (!z3 || map.get("SLOURL") == null) {
            spConfiguration.setSloUrl("http://localhost:8500/" + str + ".cfm");
        } else {
            spConfiguration.setSloUrl((String) map.get("SLOURL"));
        }
        if (z2) {
            spConfiguration.setSloUrl(null);
        }
        if (!z3 || map.get("SLOBINDING") == null) {
            spConfiguration.setSloBinding(BINDING_REDIRECT);
        } else {
            spConfiguration.setSloBinding((String) map.get("SLOBINDING"));
        }
        if (!z3 || map.get("SIGNREQUESTS") == null) {
            spConfiguration.setSignRequests(true);
        } else {
            spConfiguration.setSignRequests(Boolean.valueOf((String) map.get("SIGNREQUESTS")).booleanValue());
        }
        if (!z3 || map.get("WANTASSERTIONSSIGNED") == null) {
            spConfiguration.setWantAssertionsSigned(true);
        } else {
            spConfiguration.setWantAssertionsSigned(Boolean.valueOf((String) map.get("WANTASSERTIONSSIGNED")).booleanValue());
        }
        if (!z3 || map.get("LOGOUTRESPONSESIGNED") == null) {
            spConfiguration.setLogoutResponseSigned(true);
        } else {
            spConfiguration.setLogoutResponseSigned(Boolean.valueOf((String) map.get("LOGOUTRESPONSESIGNED")).booleanValue());
        }
        if (!z3 || map.get(SP_SIGNMETADATA) == null) {
            spConfiguration.setSignMetadata(false);
        } else {
            spConfiguration.setSignMetadata(Boolean.valueOf((String) map.get(SP_SIGNMETADATA)).booleanValue());
        }
        if (!z3 || map.get(SP_STATESTORE) == null) {
            spConfiguration.setStateStore("");
        } else {
            spConfiguration.setStateStore((String) map.get(SP_STATESTORE));
        }
        Map generateSAMLSPMetadataKeyPair = KeystoreUtils.generateSAMLSPMetadataKeyPair();
        if (generateSAMLSPMetadataKeyPair == null) {
            throw new SAMLServiceImpl.SpMetadataException(RB.getString(SamlHelper.class, "GenerateKeyStoreError"));
        }
        spConfiguration.setSignKeystorePath(writeKeystoreToFile(generateSAMLSPMetadataKeyPair));
        spConfiguration.setSignKeystorePassword((String) generateSAMLSPMetadataKeyPair.get("keystorepassword"));
        spConfiguration.setSignKeystoreAlias((String) generateSAMLSPMetadataKeyPair.get("keystorealias"));
        if (z3) {
            List<String> validateSpSettings = validateSpSettings(spConfiguration);
            if (!validateSpSettings.isEmpty()) {
                throw new SAMLServiceImpl.SpException(validateSpSettings);
            }
            if (map.containsKey(SP_FILEPATH)) {
                exportSpMetadata(spConfiguration, (String) map.get(SP_FILEPATH));
            }
        }
        if (z) {
            ServiceFactory.getSamlService().addSpMetadata(str, spConfiguration);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("name", str);
        hashMap.put("sp", spConfiguration);
        return hashMap;
    }

    private static String writeKeystoreToFile(Map map) {
        KeyStore keyStore = (KeyStore) map.get("keystore");
        String str = (String) map.get("keystorename");
        String str2 = (String) map.get("keystorepassword");
        FileOutputStream fileOutputStream = null;
        if (keyStore == null) {
            return null;
        }
        String str3 = SAML_FOLDER_PREFIX + str + KEYSTORE_FILE_SUFFIX;
        File file = new File(str3);
        try {
            try {
                file.createNewFile();
                try {
                    try {
                        fileOutputStream = new FileOutputStream(file);
                        KeystoreUtils.writeKeystoreToFile(keyStore, fileOutputStream, str2.toCharArray());
                        if (fileOutputStream != null) {
                            try {
                                fileOutputStream.close();
                            } catch (IOException e) {
                            }
                        }
                        return str3;
                    } catch (FileNotFoundException e2) {
                        throw new SAMLServiceImpl.SpMetadataException(RB.getString(SamlHelper.class, "CreateFileError", str3));
                    } catch (KeyStoreException e3) {
                        throw new SAMLServiceImpl.SpMetadataException(RB.getString(SamlHelper.class, "KeystoreToFileError"));
                    }
                } catch (IOException e4) {
                    throw new SAMLServiceImpl.SpMetadataException(RB.getString(SamlHelper.class, "KeystoreToFileError"));
                } catch (NoSuchAlgorithmException e5) {
                    throw new SAMLServiceImpl.SpMetadataException(RB.getString(SamlHelper.class, "NoSuchAlgorithmException"));
                } catch (CertificateException e6) {
                    throw new SAMLServiceImpl.SpMetadataException(RB.getString(SamlHelper.class, "CertificateException"));
                }
            } catch (IOException e7) {
                throw new SAMLServiceImpl.SpMetadataException(RB.getString(SamlHelper.class, "CreateFileError", str3));
            }
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e8) {
                }
            }
            throw th;
        }
    }

    public static void exportSpMetadata(SpConfiguration spConfiguration, String str) {
        try {
            FileUtils.writeStringToFile(new File(str), SpConfiguration.spConfigToSamlSettings(spConfiguration).getSPMetadata());
        } catch (IOException | CertificateEncodingException e) {
            throw new SAMLServiceImpl.SpMetadataException(RB.getString(SamlHelper.class, "SPMetadataExportError"));
        }
    }

    public static List<String> validateIdpSettings(IdpConfiguration idpConfiguration) {
        List<String> checkIdPSettings;
        if (!Utils.isEmpty(idpConfiguration.getMetadataUrl())) {
            try {
                checkIdPSettings = new SettingsBuilder().fromValues(IdPMetadataParser.parseRemoteXML(new URL(idpConfiguration.getMetadataUrl()))).build().checkIdPSettings();
            } catch (MalformedURLException e) {
                throw new SAMLServiceImpl.IdpMetadataException(RB.getString(SAMLServiceImpl.class, "MetadataMalformedURL", idpConfiguration.getMetadataUrl()));
            } catch (Exception e2) {
                throw new SAMLServiceImpl.IdpMetadataException(RB.getString(SAMLServiceImpl.class, "MetadataURLFetchException", idpConfiguration.getMetadataUrl()));
            }
        } else if (Utils.isEmpty(idpConfiguration.getMetadataFilePath()) && Utils.isEmpty(idpConfiguration.getMetadataRaw())) {
            checkIdPSettings = new ArrayList();
            if (Utils.isEmpty(idpConfiguration.getEntityId())) {
                checkIdPSettings.add("idp_entityId_not_found");
            }
            if (Utils.isEmpty(idpConfiguration.getSsoUrl())) {
                checkIdPSettings.add("idp_sso_url_invalid");
            }
        } else {
            try {
                checkIdPSettings = new SettingsBuilder().fromValues(IdPMetadataParser.parseXML(idpConfiguration.getMetadataRaw() != null ? Util.parseXML(new InputSource(new StringReader(idpConfiguration.getMetadataRaw()))) : Util.parseXML(new InputSource(new StringReader(coldfusion.tagext.io.FileUtils.readFile(idpConfiguration.getMetadataFilePath(), (String) null)))))).build().checkIdPSettings();
            } catch (ParserConfigurationException e3) {
                throw new SAMLServiceImpl.IdpMetadataException(RB.getString(SAMLServiceImpl.class, "ParserConfigError"));
            } catch (Exception e4) {
                throw new SAMLServiceImpl.IdpMetadataException(RB.getString(SAMLServiceImpl.class, "ParsingError"));
            }
        }
        return checkIdPSettings;
    }

    public static List<String> validateSpSettings(SpConfiguration spConfiguration) {
        ArrayList arrayList = new ArrayList();
        if (spConfiguration.getEntityId() == null) {
            arrayList.add("entity_id");
        }
        if (spConfiguration.getAcsUrl() == null) {
            arrayList.add("acs_url");
        } else {
            try {
                new URL(spConfiguration.getAcsUrl());
            } catch (MalformedURLException e) {
                throw new SAMLServiceImpl.SpMetadataException(RB.getString(SAMLServiceImpl.class, "AcsUrlMalformed", spConfiguration.getAcsUrl()));
            }
        }
        return arrayList;
    }

    public static IdpConfiguration createIdpConfigFromStruct(Map map) {
        IdpConfiguration idpConfiguration = new IdpConfiguration();
        if (map.containsKey(SamlRequestBuilder.IDP_URL)) {
            idpConfiguration.setMetadataUrl((String) map.get(SamlRequestBuilder.IDP_URL));
        } else if (map.containsKey(SamlRequestBuilder.IDP_FILE)) {
            idpConfiguration.setMetadataFilePath((String) map.get(SamlRequestBuilder.IDP_FILE));
        } else if (map.containsKey(SamlRequestBuilder.IDP_RAW)) {
            idpConfiguration.setMetadataRaw((String) map.get(SamlRequestBuilder.IDP_RAW));
        } else {
            if (map.containsKey("ENTITYID")) {
                idpConfiguration.setEntityId((String) map.get("ENTITYID"));
            }
            if (map.containsKey(SamlRequestBuilder.SSOURL)) {
                idpConfiguration.setSsoUrl((String) map.get(SamlRequestBuilder.SSOURL));
            }
            if (map.containsKey(SamlRequestBuilder.SSOBINDING)) {
                idpConfiguration.setSsoBinding((String) map.get(SamlRequestBuilder.SSOBINDING));
            }
            if (map.containsKey("SLOURL")) {
                idpConfiguration.setSloUrl((String) map.get("SLOURL"));
            }
            if (map.containsKey("SLOBINDING")) {
                idpConfiguration.setSloBinding((String) map.get("SLOBINDING"));
            }
            if (map.containsKey(SamlRequestBuilder.LOGOUTRESPONSEURL)) {
                idpConfiguration.setLogoutResponseUrl((String) map.get(SamlRequestBuilder.LOGOUTRESPONSEURL));
            }
            if (map.containsKey("SIGNREQUESTS")) {
                idpConfiguration.setSignRequests(Cast._boolean((CFBoolean) map.get("SIGNREQUESTS")));
            }
            if (map.containsKey(SamlRequestBuilder.ENCRYPTREQUESTS)) {
                idpConfiguration.setEncryptRequests(Cast._boolean((CFBoolean) map.get(SamlRequestBuilder.ENCRYPTREQUESTS)));
            }
            if (map.containsKey(SamlRequestBuilder.SIGNCERTIFICATE)) {
                idpConfiguration.setSignCertificate((String) map.get(SamlRequestBuilder.SIGNCERTIFICATE));
            }
            if (map.containsKey(SamlRequestBuilder.ENCRYPTCERTIFICATE)) {
                idpConfiguration.setEncryptCertificate((String) map.get(SamlRequestBuilder.ENCRYPTCERTIFICATE));
            }
        }
        return idpConfiguration;
    }

    public static SpConfiguration createSpConfigFromStruct(Map map) {
        SpConfiguration spConfiguration = new SpConfiguration();
        if (map.containsKey("ENTITYID")) {
            spConfiguration.setEntityId((String) map.get("ENTITYID"));
        }
        if (map.containsKey("ACSURL")) {
            spConfiguration.setAcsUrl((String) map.get("ACSURL"));
        }
        if (map.containsKey("ACSBINDING")) {
            spConfiguration.setAcsBinding((String) map.get("ACSBINDING"));
        }
        if (map.containsKey("SLOURL")) {
            spConfiguration.setSloUrl((String) map.get("SLOURL"));
        }
        if (map.containsKey("SLOBINDING")) {
            spConfiguration.setSloBinding((String) map.get("SLOBINDING"));
        }
        if (map.containsKey("SIGNREQUESTS")) {
            spConfiguration.setSignRequests(Cast._boolean(map.get("SIGNREQUESTS")));
        }
        if (map.containsKey("WANTASSERTIONSSIGNED")) {
            spConfiguration.setWantAssertionsSigned(Cast._boolean(map.get("WANTASSERTIONSSIGNED")));
        }
        if (map.containsKey("LOGOUTRESPONSESIGNED")) {
            spConfiguration.setLogoutResponseSigned(Cast._boolean(map.get("LOGOUTRESPONSESIGNED")));
        }
        if (map.containsKey(SP_SIGNKEYSTOREPATH)) {
            spConfiguration.setSignKeystorePath((String) map.get(SP_SIGNKEYSTOREPATH));
        }
        if (map.containsKey(SP_SIGNKEYSTOREPASSWORD)) {
            spConfiguration.setSignKeystorePassword((String) map.get(SP_SIGNKEYSTOREPASSWORD));
        }
        if (map.containsKey(SP_SIGNKEYSTOREALIAS)) {
            spConfiguration.setSignKeystoreAlias((String) map.get(SP_SIGNKEYSTOREALIAS));
        }
        if (map.containsKey(SP_STATESTORE)) {
            spConfiguration.setStateStore((String) map.get(SP_STATESTORE));
        }
        if (map.containsKey(SP_STRICT)) {
            spConfiguration.setStrict(Cast._boolean(map.get(SP_STRICT)));
        }
        if (map.containsKey(SP_ALLOW_IDP_INITIATED_SSO)) {
            spConfiguration.setAllowIdpInitiatedSso(Cast._boolean(map.get(SP_ALLOW_IDP_INITIATED_SSO)));
        }
        return spConfiguration;
    }

    public static Map getStructFromAppScope(String str, String str2) {
        ApplicationScope applicationScope = FusionContext.getApplicationScope();
        if (applicationScope == null) {
            return null;
        }
        Map map = (Map) applicationScope.getApplicationSettingsMap().get(SamlRequestBuilder.APPLICATION_SCOPE_SECURITY_KEY);
        if (map != null) {
            boolean z = -1;
            switch (str.hashCode()) {
                case 2653:
                    if (str.equals(SamlRequestBuilder.SP)) {
                        z = true;
                        break;
                    }
                    break;
                case 72341:
                    if (str.equals(SamlRequestBuilder.IDP)) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    Map map2 = (Map) map.get(SamlRequestBuilder.APPLICATION_SCOPE_SETTINGS_KEY);
                    if (map2 != null) {
                        return getProviderStruct((List) map2.get(SamlRequestBuilder.IDP), str2);
                    }
                    return null;
                case true:
                    Map map3 = (Map) map.get(SamlRequestBuilder.APPLICATION_SCOPE_SETTINGS_KEY);
                    if (map3 != null) {
                        return getProviderStruct((List) map3.get(SamlRequestBuilder.SP), str2);
                    }
                    return null;
                default:
                    return null;
            }
        }
        if (!applicationScope.getApplicationPath().toLowerCase().endsWith(".cfm")) {
            return null;
        }
        Map map4 = (Map) applicationScope.getApplicationSettingsMap().get(SamlRequestBuilder.APPLICATION_SCOPE_SETTINGS_KEY);
        boolean z2 = -1;
        switch (str.hashCode()) {
            case 2653:
                if (str.equals(SamlRequestBuilder.SP)) {
                    z2 = true;
                    break;
                }
                break;
            case 72341:
                if (str.equals(SamlRequestBuilder.IDP)) {
                    z2 = false;
                    break;
                }
                break;
        }
        switch (z2) {
            case false:
                if (map4 != null) {
                    return getProviderStruct((List) map4.get(SamlRequestBuilder.IDP), str2);
                }
                return null;
            case true:
                if (map4 != null) {
                    return getProviderStruct((List) map4.get(SamlRequestBuilder.SP), str2);
                }
                return null;
            default:
                return null;
        }
    }

    private static Map getProviderStruct(List list, String str) {
        String str2;
        if (list == null) {
            return null;
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            Map map = (Map) it.next();
            if (map != null && (str2 = (String) map.get(SamlRequestBuilder.NAME)) != null && str2.trim().length() == str.trim().length() && str2.indexOf(str) == 0) {
                return map;
            }
        }
        return null;
    }

    public static Saml2Settings getSamlSettings(IdpConfiguration idpConfiguration, SpConfiguration spConfiguration) {
        String keyAlias;
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        Saml2Settings saml2Settings = null;
        if (!Utils.isEmpty(idpConfiguration.getMetadataUrl())) {
            try {
                saml2Settings = new SettingsBuilder().fromValues(IdPMetadataParser.parseRemoteXML(new URL(idpConfiguration.getMetadataUrl()))).build();
            } catch (MalformedURLException e) {
                throw new SAMLServiceImpl.IdpMetadataException(RB.getString(SAMLServiceImpl.class, "MetadataMalformedURL", idpConfiguration.getMetadataUrl()));
            } catch (Exception e2) {
                throw new SAMLServiceImpl.IdpMetadataException(RB.getString(SAMLServiceImpl.class, "MetadataURLFetchException", idpConfiguration.getMetadataUrl()));
            }
        } else if (Utils.isEmpty(idpConfiguration.getMetadataFilePath()) && Utils.isEmpty(idpConfiguration.getMetadataRaw())) {
            if (!Utils.isEmpty(idpConfiguration.getEntityId())) {
                linkedHashMap.put("onelogin.saml2.idp.entityid", idpConfiguration.getEntityId());
            }
            if (!Utils.isEmpty(idpConfiguration.getSsoUrl())) {
                linkedHashMap.put("onelogin.saml2.idp.single_sign_on_service.url", idpConfiguration.getSsoUrl());
            }
            if (!Utils.isEmpty(idpConfiguration.getSsoBinding())) {
                String upperCase = idpConfiguration.getSsoBinding().toUpperCase();
                boolean z = -1;
                switch (upperCase.hashCode()) {
                    case 2461856:
                        if (upperCase.equals("POST")) {
                            z = true;
                            break;
                        }
                        break;
                    case 6481884:
                        if (upperCase.equals(BINDING_REDIRECT)) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        linkedHashMap.put("onelogin.saml2.idp.single_sign_on_service.binding", SamlBindings.REDIRECT.toString());
                        break;
                    case true:
                        linkedHashMap.put("onelogin.saml2.idp.single_sign_on_service.binding", SamlBindings.POST.toString());
                        break;
                    default:
                        linkedHashMap.put("onelogin.saml2.idp.single_sign_on_service.binding", SamlBindings.REDIRECT.toString());
                        break;
                }
            } else {
                linkedHashMap.put("onelogin.saml2.idp.single_sign_on_service.binding", SamlBindings.REDIRECT.toString());
            }
            if (!Utils.isEmpty(idpConfiguration.getSloUrl())) {
                linkedHashMap.put("onelogin.saml2.idp.single_logout_service.url", idpConfiguration.getSloUrl());
            }
            if (!Utils.isEmpty(idpConfiguration.getSloBinding())) {
                String upperCase2 = idpConfiguration.getSloBinding().toUpperCase();
                boolean z2 = -1;
                switch (upperCase2.hashCode()) {
                    case 2461856:
                        if (upperCase2.equals("POST")) {
                            z2 = true;
                            break;
                        }
                        break;
                    case 6481884:
                        if (upperCase2.equals(BINDING_REDIRECT)) {
                            z2 = false;
                            break;
                        }
                        break;
                }
                switch (z2) {
                    case false:
                        linkedHashMap.put("onelogin.saml2.idp.single_logout_service.binding", SamlBindings.REDIRECT.toString());
                        break;
                    case true:
                        linkedHashMap.put("onelogin.saml2.idp.single_logout_service.binding", SamlBindings.POST.toString());
                        break;
                    default:
                        linkedHashMap.put("onelogin.saml2.idp.single_logout_service.binding", SamlBindings.REDIRECT.toString());
                        break;
                }
            } else {
                linkedHashMap.put("onelogin.saml2.idp.single_logout_service.binding", SamlBindings.REDIRECT.toString());
            }
            if (!Utils.isEmpty(idpConfiguration.getLogoutResponseUrl())) {
                linkedHashMap.put("onelogin.saml2.idp.single_logout_service.response.url", idpConfiguration.getLogoutResponseUrl());
            }
            linkedHashMap.put("onelogin.saml2.security.want_messages_signed", Boolean.valueOf(idpConfiguration.isSignRequests()));
            if (idpConfiguration.isEncryptRequests() && idpConfiguration.isSignRequests()) {
                if (!Utils.isEmpty(idpConfiguration.getEncryptCertificate())) {
                    linkedHashMap.put("onelogin.saml2.idp.x509cert", stringToCert(idpConfiguration.getEncryptCertificate()));
                }
                if (!Utils.isEmpty(idpConfiguration.getSignCertificate())) {
                    linkedHashMap.put("onelogin.saml2.idp.x509certMulti.0", stringToCert(idpConfiguration.getSignCertificate()));
                }
            } else if (idpConfiguration.isEncryptRequests()) {
                if (!Utils.isEmpty(idpConfiguration.getEncryptCertificate())) {
                    linkedHashMap.put("onelogin.saml2.idp.x509cert", stringToCert(idpConfiguration.getEncryptCertificate()));
                }
            } else if (idpConfiguration.isSignRequests() && !Utils.isEmpty(idpConfiguration.getSignCertificate())) {
                linkedHashMap.put("onelogin.saml2.idp.x509cert", stringToCert(idpConfiguration.getSignCertificate()));
            }
        } else {
            try {
                saml2Settings = new SettingsBuilder().fromValues(IdPMetadataParser.parseXML(idpConfiguration.getMetadataRaw() != null ? Util.parseXML(new InputSource(new StringReader(idpConfiguration.getMetadataRaw()))) : Util.parseXML(new InputSource(new StringReader(coldfusion.tagext.io.FileUtils.readFile(idpConfiguration.getMetadataFilePath(), (String) null)))))).build();
            } catch (ParserConfigurationException e3) {
                throw new SAMLServiceImpl.IdpMetadataException(RB.getString(SAMLServiceImpl.class, "ParserConfigError"));
            } catch (Exception e4) {
                throw new SAMLServiceImpl.IdpMetadataException(RB.getString(SAMLServiceImpl.class, "ParsingError"));
            }
        }
        if (saml2Settings != null) {
            linkedHashMap.put("onelogin.saml2.idp.entityid", saml2Settings.getIdpEntityId());
            linkedHashMap.put("onelogin.saml2.idp.single_sign_on_service.url", saml2Settings.getIdpSingleSignOnServiceUrl());
            linkedHashMap.put("onelogin.saml2.idp.single_sign_on_service.binding", saml2Settings.getIdpSingleSignOnServiceBinding());
            linkedHashMap.put("onelogin.saml2.idp.single_logout_service.url", saml2Settings.getIdpSingleLogoutServiceUrl());
            linkedHashMap.put("onelogin.saml2.idp.single_logout_service.binding", saml2Settings.getIdpSingleLogoutServiceBinding());
            linkedHashMap.put("onelogin.saml2.idp.single_logout_service.response.url", saml2Settings.getIdpSingleLogoutServiceResponseUrl());
            linkedHashMap.put("onelogin.saml2.idp.x509cert", saml2Settings.getIdpx509cert());
            List idpx509certMulti = saml2Settings.getIdpx509certMulti();
            for (int i = 0; i < idpx509certMulti.size(); i++) {
                linkedHashMap.put("onelogin.saml2.idp.x509certMulti." + i, idpx509certMulti.get(i));
            }
        }
        linkedHashMap.put("onelogin.saml2.strict", Boolean.valueOf(spConfiguration.isStrict()));
        if (!Utils.isEmpty(spConfiguration.getEntityId())) {
            linkedHashMap.put(SpConfiguration.SP_ENTITYID_PROPERTY_KEY, spConfiguration.getEntityId());
        }
        if (!Utils.isEmpty(spConfiguration.getAcsUrl())) {
            linkedHashMap.put(SpConfiguration.SP_ASSERTION_CONSUMER_SERVICE_URL_PROPERTY_KEY, spConfiguration.getAcsUrl());
        }
        if (!Utils.isEmpty(spConfiguration.getAcsBinding())) {
            String upperCase3 = spConfiguration.getAcsBinding().toUpperCase();
            boolean z3 = -1;
            switch (upperCase3.hashCode()) {
                case 2461856:
                    if (upperCase3.equals("POST")) {
                        z3 = true;
                        break;
                    }
                    break;
                case 6481884:
                    if (upperCase3.equals(BINDING_REDIRECT)) {
                        z3 = false;
                        break;
                    }
                    break;
            }
            switch (z3) {
                case false:
                    linkedHashMap.put(SpConfiguration.SP_ASSERTION_CONSUMER_SERVICE_BINDING_PROPERTY_KEY, SamlBindings.REDIRECT.toString());
                    break;
                case true:
                    linkedHashMap.put(SpConfiguration.SP_ASSERTION_CONSUMER_SERVICE_BINDING_PROPERTY_KEY, SamlBindings.POST.toString());
                    break;
                default:
                    linkedHashMap.put(SpConfiguration.SP_ASSERTION_CONSUMER_SERVICE_BINDING_PROPERTY_KEY, SamlBindings.REDIRECT.toString());
                    break;
            }
        } else {
            linkedHashMap.put(SpConfiguration.SP_ASSERTION_CONSUMER_SERVICE_BINDING_PROPERTY_KEY, SamlBindings.REDIRECT.toString());
        }
        if (!Utils.isEmpty(spConfiguration.getSloUrl())) {
            linkedHashMap.put(SpConfiguration.SP_SINGLE_LOGOUT_SERVICE_URL_PROPERTY_KEY, spConfiguration.getSloUrl());
        }
        if (!Utils.isEmpty(spConfiguration.getSloBinding())) {
            String upperCase4 = spConfiguration.getSloBinding().toUpperCase();
            boolean z4 = -1;
            switch (upperCase4.hashCode()) {
                case 2461856:
                    if (upperCase4.equals("POST")) {
                        z4 = true;
                        break;
                    }
                    break;
                case 6481884:
                    if (upperCase4.equals(BINDING_REDIRECT)) {
                        z4 = false;
                        break;
                    }
                    break;
            }
            switch (z4) {
                case false:
                    linkedHashMap.put(SpConfiguration.SP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY, SamlBindings.REDIRECT.toString());
                    break;
                case true:
                    linkedHashMap.put(SpConfiguration.SP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY, SamlBindings.POST.toString());
                    break;
                default:
                    linkedHashMap.put(SpConfiguration.SP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY, SamlBindings.REDIRECT.toString());
                    break;
            }
        } else {
            linkedHashMap.put(SpConfiguration.SP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY, SamlBindings.REDIRECT.toString());
        }
        if (spConfiguration.isSignRequests()) {
            linkedHashMap.put(SpConfiguration.SECURITY_AUTHREQUEST_SIGNED, Boolean.valueOf(spConfiguration.isSignRequests()));
            linkedHashMap.put(SpConfiguration.SECURITY_LOGOUTREQUEST_SIGNED, Boolean.valueOf(spConfiguration.isSignRequests()));
        }
        if (spConfiguration.isWantAssertionsSigned()) {
            linkedHashMap.put(SpConfiguration.SECURITY_WANT_ASSERTIONS_SIGNED, Boolean.valueOf(spConfiguration.isWantAssertionsSigned()));
        }
        if (spConfiguration.isLogoutResponseSigned()) {
            linkedHashMap.put(SpConfiguration.SECURITY_LOGOUTRESPONSE_SIGNED, Boolean.valueOf(spConfiguration.isLogoutResponseSigned()));
        }
        if (spConfiguration.isSignMetadata()) {
            linkedHashMap.put(SpConfiguration.SECURITY_SIGN_METADATA, Boolean.valueOf(spConfiguration.isSignMetadata()));
        }
        if (!Utils.isEmpty(spConfiguration.getSignKeystorePath())) {
            if (spConfiguration.getSignKeystorePath().trim().length() == 0 || !new File(spConfiguration.getSignKeystorePath()).exists()) {
                throw new SpConfiguration.KeystoreException(RB.getString(SpConfiguration.class, "KeystoreNotFound", spConfiguration.getSignKeystorePath()));
            }
            KeystoreUtils.addBCProvider();
            KeyStore keyStore = KeystoreUtils.getKeyStore(spConfiguration.getSignKeystorePath(), spConfiguration.getSignKeystorePassword());
            KeystoreUtils.removeBCProvider();
            if (spConfiguration.getSignKeystoreAlias() == null || spConfiguration.getSignKeystoreAlias().trim().length() == 0) {
                try {
                    keyAlias = KeystoreUtils.getKeyAlias(keyStore);
                } catch (KeyStoreException e5) {
                    throw new SpConfiguration.KeystoreException(RB.getString(SpConfiguration.class, "AliasNotFound"));
                }
            } else {
                keyAlias = spConfiguration.getSignKeystoreAlias();
            }
            try {
                Certificate[] certificateChain = keyStore.getCertificateChain(keyAlias);
                if (certificateChain == null || certificateChain.length == 0) {
                    throw new SpConfiguration.KeystoreException(RB.getString(SpConfiguration.class, "NoCertificate"));
                }
                try {
                    linkedHashMap.put(SpConfiguration.SP_PRIVATEKEY_PROPERTY_KEY, (PrivateKey) keyStore.getKey(keyAlias, spConfiguration.getSignKeystorePassword().toCharArray()));
                    linkedHashMap.put(SpConfiguration.SP_X509CERT_PROPERTY_KEY, (X509Certificate) certificateChain[0]);
                } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e6) {
                    throw new SpConfiguration.KeystoreException(RB.getString(SpConfiguration.class, "KeyRetrieveError"));
                }
            } catch (KeyStoreException e7) {
                throw new SpConfiguration.KeystoreException(RB.getString(SpConfiguration.class, "CertificateError"));
            }
        }
        linkedHashMap.put("onelogin.saml2.unique_id_prefix", SamlRequestBuilder.COLDFUSION);
        return new SettingsBuilder().fromValues(linkedHashMap).build();
    }

    private static X509Certificate stringToCert(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64Encoder.decode(str)));
        } catch (CertificateException e) {
            throw new KeystoreUtils.CertificateException(RB.getString(SamlHelper.class, "CertificateException"));
        }
    }

    public static boolean isSamlLogoutRequest() {
        return ServletUtils.makeHttpRequest(FusionContext.getCurrent().getRequest()).getParameter("SAMLRequest") != null;
    }

    public static boolean isSamlLogoutResponse() {
        return ServletUtils.makeHttpRequest(FusionContext.getCurrent().getRequest()).getParameter("SAMLResponse") != null;
    }

    public static Struct toSpStruct(SpConfiguration spConfiguration) {
        Struct struct = new Struct();
        if (!Utils.isEmpty(spConfiguration.getEntityId())) {
            struct.put("ENTITYID", spConfiguration.getEntityId());
        }
        if (!Utils.isEmpty(spConfiguration.getAcsUrl())) {
            struct.put("ACSURL", spConfiguration.getAcsUrl());
        }
        if (!Utils.isEmpty(spConfiguration.getAcsBinding())) {
            struct.put("ACSBINDING", spConfiguration.getAcsBinding());
        }
        if (!Utils.isEmpty(spConfiguration.getSloUrl())) {
            struct.put("SLOURL", spConfiguration.getSloUrl());
        }
        if (!Utils.isEmpty(spConfiguration.getSloBinding())) {
            struct.put("SLOBINDING", spConfiguration.getSloBinding());
        }
        struct.put("SIGNREQUESTS", Boolean.valueOf(spConfiguration.isSignRequests()));
        struct.put("WANTASSERTIONSSIGNED", Boolean.valueOf(spConfiguration.isWantAssertionsSigned()));
        struct.put("LOGOUTRESPONSESIGNED", Boolean.valueOf(spConfiguration.isLogoutResponseSigned()));
        if (!Utils.isEmpty(spConfiguration.getSignKeystorePath())) {
            struct.put(SP_SIGNKEYSTOREPATH, spConfiguration.getSignKeystorePath());
        }
        if (!Utils.isEmpty(spConfiguration.getSignKeystorePassword())) {
            struct.put(SP_SIGNKEYSTOREPASSWORD, spConfiguration.getSignKeystorePassword());
        }
        if (!Utils.isEmpty(spConfiguration.getSignKeystoreAlias())) {
            struct.put(SP_SIGNKEYSTOREALIAS, spConfiguration.getSignKeystoreAlias());
        }
        return struct;
    }

    public static Struct toIdpStruct(IdpConfiguration idpConfiguration) {
        Struct struct = new Struct();
        if (!Utils.isEmpty(idpConfiguration.getMetadataUrl())) {
            struct.put(SamlRequestBuilder.IDP_URL, idpConfiguration.getMetadataUrl());
        } else if (!Utils.isEmpty(idpConfiguration.getMetadataRaw())) {
            struct.put(SamlRequestBuilder.IDP_RAW, idpConfiguration.getMetadataRaw());
        } else if (Utils.isEmpty(idpConfiguration.getMetadataFilePath())) {
            if (!Utils.isEmpty(idpConfiguration.getEntityId())) {
                struct.put("ENTITYID", idpConfiguration.getEntityId());
            }
            if (!Utils.isEmpty(idpConfiguration.getSsoUrl())) {
                struct.put(SamlRequestBuilder.SSOURL, idpConfiguration.getSsoUrl());
            }
            if (!Utils.isEmpty(idpConfiguration.getSsoBinding())) {
                struct.put(SamlRequestBuilder.SSOBINDING, idpConfiguration.getSsoBinding());
            }
            if (!Utils.isEmpty(idpConfiguration.getSloUrl())) {
                struct.put("SLOURL", idpConfiguration.getSloUrl());
            }
            if (!Utils.isEmpty(idpConfiguration.getSloBinding())) {
                struct.put("SLOBINDING", idpConfiguration.getSloBinding());
            }
            if (!Utils.isEmpty(idpConfiguration.getLogoutResponseUrl())) {
                struct.put(SamlRequestBuilder.LOGOUTRESPONSEURL, idpConfiguration.getLogoutResponseUrl());
            }
            struct.put("SIGNREQUESTS", Boolean.valueOf(idpConfiguration.isSignRequests()));
            struct.put(SamlRequestBuilder.ENCRYPTREQUESTS, Boolean.valueOf(idpConfiguration.isEncryptRequests()));
            if (!Utils.isEmpty(idpConfiguration.getSignCertificate())) {
                struct.put(SamlRequestBuilder.SIGNCERTIFICATE, idpConfiguration.getSignCertificate());
            }
            if (!Utils.isEmpty(idpConfiguration.getEncryptCertificate())) {
                struct.put(SamlRequestBuilder.ENCRYPTCERTIFICATE, idpConfiguration.getEncryptCertificate());
            }
        } else {
            struct.put(SamlRequestBuilder.IDP_FILE, idpConfiguration.getMetadataFilePath());
        }
        return struct;
    }

    public static void mergeSp(SpConfiguration spConfiguration, SpConfiguration spConfiguration2) {
        if (Utils.isEmpty(spConfiguration2.getEntityId())) {
            spConfiguration2.setEntityId(spConfiguration.getEntityId());
        }
        if (Utils.isEmpty(spConfiguration2.getDescription())) {
            spConfiguration2.setDescription(spConfiguration.getDescription());
        }
        if (Utils.isEmpty(spConfiguration2.getAcsUrl())) {
            spConfiguration2.setAcsUrl(spConfiguration.getAcsUrl());
        }
        if (Utils.isEmpty(spConfiguration2.getAcsBinding())) {
            spConfiguration2.setAcsBinding(spConfiguration.getAcsBinding());
        }
        if (Utils.isEmpty(spConfiguration2.getSloUrl())) {
            spConfiguration2.setSloUrl(spConfiguration.getSloUrl());
        }
        if (Utils.isEmpty(spConfiguration2.getSloBinding())) {
            spConfiguration2.setSloBinding(spConfiguration.getSloBinding());
        }
        if (Utils.isEmpty(spConfiguration2.getSignKeystorePath())) {
            spConfiguration2.setSignKeystorePath(spConfiguration.getSignKeystorePath());
        }
        if (Utils.isEmpty(spConfiguration2.getSignKeystorePassword())) {
            spConfiguration2.setSignKeystorePassword(spConfiguration.getSignKeystorePassword());
        }
        if (Utils.isEmpty(spConfiguration2.getSignKeystoreAlias())) {
            spConfiguration2.setSignKeystoreAlias(spConfiguration.getSignKeystoreAlias());
        }
        if (spConfiguration.isGenerated()) {
            spConfiguration2.setGenerated(spConfiguration.isGenerated());
        }
    }
}
