package org.jenkinsci.plugins.saml;

import java.util.logging.Level;
import java.util.logging.Logger;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.config.InitializationService;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.client.SAML2ClientConfiguration;

/* loaded from: input_file:WEB-INF/lib/saml.jar:org/jenkinsci/plugins/saml/OpenSAMLWrapper.class */
public abstract class OpenSAMLWrapper<T> {
    private static final Logger LOG = Logger.getLogger(OpenSAMLWrapper.class.getName());
    private static final BundleKeyStore KS = new BundleKeyStore();
    protected SamlPluginConfig samlPluginConfig;
    protected StaplerRequest request;
    protected StaplerResponse response;

    public T get() {
        try {
            LOG.finest("adapt TCCL");
            Thread currentThread = Thread.currentThread();
            ClassLoader contextClassLoader = currentThread.getContextClassLoader();
            currentThread.setContextClassLoader(InitializationService.class.getClassLoader());
            try {
                InitializationService.initialize();
                T process = process();
                LOG.finest("reset TCCL");
                currentThread.setContextClassLoader(contextClassLoader);
                return process;
            } catch (Throwable th) {
                LOG.finest("reset TCCL");
                currentThread.setContextClassLoader(contextClassLoader);
                throw th;
            }
        } catch (InitializationException e) {
            LOG.log(Level.SEVERE, "Could not initialize opensaml service.", (Throwable) e);
            throw new IllegalStateException(e);
        }
    }

    protected abstract T process();

    /* JADX INFO: Access modifiers changed from: protected */
    public WebContext createWebContext() {
        return new J2EContext(this.request, this.response);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SAML2Client createSAML2Client() {
        SAML2ClientConfiguration sAML2ClientConfiguration = new SAML2ClientConfiguration();
        sAML2ClientConfiguration.setIdentityProviderMetadataResource(new SamlFileResource(SamlSecurityRealm.getIDPMetadataFilePath()));
        sAML2ClientConfiguration.setDestinationBindingType(this.samlPluginConfig.getBinding());
        if (this.samlPluginConfig.getEncryptionData() != null) {
            sAML2ClientConfiguration.setWantsAssertionsSigned(true);
            sAML2ClientConfiguration.setKeystorePath(this.samlPluginConfig.getEncryptionData().getKeystorePath());
            sAML2ClientConfiguration.setKeystorePassword(this.samlPluginConfig.getEncryptionData().getKeystorePasswordPlainText());
            sAML2ClientConfiguration.setPrivateKeyPassword(this.samlPluginConfig.getEncryptionData().getPrivateKeyPasswordPlainText());
            sAML2ClientConfiguration.setKeystoreAlias(this.samlPluginConfig.getEncryptionData().getPrivateKeyAlias());
        } else {
            if (!KS.isValid()) {
                KS.init();
            }
            if (KS.isUsingDemoKeyStore()) {
                LOG.warning("Using bundled keystore is INSECURE: " + KS.getKeystorePath());
            }
            sAML2ClientConfiguration.setKeystorePath(KS.getKeystorePath());
            sAML2ClientConfiguration.setKeystorePassword(KS.getKsPassword());
            sAML2ClientConfiguration.setPrivateKeyPassword(KS.getKsPkPassword());
            sAML2ClientConfiguration.setKeystoreAlias(KS.getKsPkAlias());
        }
        sAML2ClientConfiguration.setMaximumAuthenticationLifetime(this.samlPluginConfig.getMaximumAuthenticationLifetime().intValue());
        if (this.samlPluginConfig.getAdvancedConfiguration() != null) {
            sAML2ClientConfiguration.setForceAuth(this.samlPluginConfig.getForceAuthn().booleanValue());
            if (this.samlPluginConfig.getSpEntityId() != null) {
                sAML2ClientConfiguration.setServiceProviderEntityId(this.samlPluginConfig.getSpEntityId());
            }
            if (this.samlPluginConfig.getAuthnContextClassRef() != null) {
                sAML2ClientConfiguration.setAuthnContextClassRef(this.samlPluginConfig.getAuthnContextClassRef());
                sAML2ClientConfiguration.setComparisonType("exact");
            }
        }
        sAML2ClientConfiguration.setForceServiceProviderMetadataGeneration(true);
        sAML2ClientConfiguration.setServiceProviderMetadataResource(new SamlFileResource(SamlSecurityRealm.getSPMetadataFilePath()));
        SAML2Client sAML2Client = new SAML2Client(sAML2ClientConfiguration);
        sAML2Client.setCallbackUrl(this.samlPluginConfig.getConsumerServiceUrl());
        sAML2Client.init(createWebContext());
        if (LOG.isLoggable(Level.FINE)) {
            LOG.fine(sAML2Client.getServiceProviderMetadataResolver().getMetadata());
        }
        return sAML2Client;
    }
}
