package org.jenkinsci.plugins.saml;

import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.config.InitializationService;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.http.callback.NoParameterCallbackUrlResolver;
import org.pac4j.jee.context.JEEContext;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.config.SAML2Configuration;

/* loaded from: input_file:WEB-INF/lib/saml.jar:org/jenkinsci/plugins/saml/OpenSAMLWrapper.class */
public abstract class OpenSAMLWrapper<T> {
    private static final Logger LOG = Logger.getLogger(OpenSAMLWrapper.class.getName());
    private static final BundleKeyStore KS = new BundleKeyStore();
    protected SamlPluginConfig samlPluginConfig;
    protected StaplerRequest request;
    protected StaplerResponse response;

    public T get() {
        try {
            LOG.finest("adapt TCCL");
            Thread currentThread = Thread.currentThread();
            ClassLoader contextClassLoader = currentThread.getContextClassLoader();
            currentThread.setContextClassLoader(InitializationService.class.getClassLoader());
            try {
                InitializationService.initialize();
                T process = process();
                LOG.finest("reset TCCL");
                currentThread.setContextClassLoader(contextClassLoader);
                return process;
            } catch (Throwable th) {
                LOG.finest("reset TCCL");
                currentThread.setContextClassLoader(contextClassLoader);
                throw th;
            }
        } catch (InitializationException e) {
            LOG.log(Level.SEVERE, "Could not initialize opensaml service.", (Throwable) e);
            throw new IllegalStateException(e);
        }
    }

    protected abstract T process();

    /* JADX INFO: Access modifiers changed from: protected */
    public WebContext createWebContext() {
        return new JEEContext(this.request, this.response);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SAML2Client createSAML2Client() {
        SAML2Configuration sAML2Configuration = new SAML2Configuration();
        sAML2Configuration.setIdentityProviderMetadataResource(new SamlFileResource(SamlSecurityRealm.getIDPMetadataFilePath()));
        sAML2Configuration.setAuthnRequestBindingType(this.samlPluginConfig.getBinding());
        SamlEncryptionData encryptionData = this.samlPluginConfig.getEncryptionData();
        if (encryptionData != null) {
            sAML2Configuration.setAuthnRequestSigned(encryptionData.isForceSignRedirectBindingAuthnRequest());
            sAML2Configuration.setWantsAssertionsSigned(encryptionData.isWantsAssertionsSigned());
        } else {
            sAML2Configuration.setAuthnRequestSigned(false);
            sAML2Configuration.setWantsAssertionsSigned(false);
        }
        if (encryptionData == null || !StringUtils.isNotBlank(encryptionData.getKeystorePath())) {
            if (!KS.isValid()) {
                KS.init();
            }
            if (KS.isUsingDemoKeyStore()) {
                LOG.warning("Using bundled keystore : " + KS.getKeystorePath());
            }
            sAML2Configuration.setKeystorePath(KS.getKeystorePath());
            sAML2Configuration.setKeystorePassword(KS.getKsPassword());
            sAML2Configuration.setPrivateKeyPassword(KS.getKsPkPassword());
            sAML2Configuration.setKeystoreAlias(KS.getKsPkAlias());
        } else {
            sAML2Configuration.setKeystorePath(encryptionData.getKeystorePath());
            sAML2Configuration.setKeystorePassword(encryptionData.getKeystorePasswordPlainText());
            sAML2Configuration.setPrivateKeyPassword(encryptionData.getPrivateKeyPasswordPlainText());
            sAML2Configuration.setKeystoreAlias(encryptionData.getPrivateKeyAlias());
        }
        sAML2Configuration.setMaximumAuthenticationLifetime(this.samlPluginConfig.getMaximumAuthenticationLifetime().intValue());
        sAML2Configuration.setResponseDestinationAttributeMandatory(false);
        if (this.samlPluginConfig.getAdvancedConfiguration() != null) {
            sAML2Configuration.setForceAuth(this.samlPluginConfig.getForceAuthn().booleanValue());
            if (this.samlPluginConfig.getSpEntityId() != null) {
                sAML2Configuration.setServiceProviderEntityId(this.samlPluginConfig.getSpEntityId());
            }
            if (this.samlPluginConfig.getAuthnContextClassRef() != null) {
                sAML2Configuration.setAuthnContextClassRefs(Arrays.asList(this.samlPluginConfig.getAuthnContextClassRef()));
                sAML2Configuration.setComparisonType("exact");
            }
            if (this.samlPluginConfig.getNameIdPolicyFormat() != null) {
                sAML2Configuration.setNameIdPolicyFormat(this.samlPluginConfig.getNameIdPolicyFormat());
            }
        }
        sAML2Configuration.setForceServiceProviderMetadataGeneration(true);
        sAML2Configuration.setServiceProviderMetadataResource(new SamlFileResource(SamlSecurityRealm.getSPMetadataFilePath()));
        SAML2Client sAML2Client = new SAML2Client(sAML2Configuration);
        sAML2Client.setCallbackUrl(this.samlPluginConfig.getConsumerServiceUrl());
        sAML2Client.setCallbackUrlResolver(new NoParameterCallbackUrlResolver());
        sAML2Client.init();
        if (LOG.isLoggable(Level.FINE)) {
            try {
                LOG.fine(sAML2Client.getServiceProviderMetadataResolver().getMetadata());
            } catch (TechnicalException e) {
                LOG.fine("Is not possible to show the metadata : " + e.getMessage());
            }
        }
        return sAML2Client;
    }
}
