package org.webswing.server.services.security.modules.saml2;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import main.Main;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.webswing.server.common.util.CommonUtil;
import org.webswing.server.services.security.api.AbstractWebswingUser;
import org.webswing.server.services.security.api.WebswingAuthenticationException;
import org.webswing.server.services.security.modules.AbstractExtendableSecurityModule;
import org.webswing.server.services.security.modules.saml2.com.lastpass.saml.AttributeSet;
import org.webswing.server.services.security.modules.saml2.com.lastpass.saml.IdPConfig;
import org.webswing.server.services.security.modules.saml2.com.lastpass.saml.SAMLClient;
import org.webswing.server.services.security.modules.saml2.com.lastpass.saml.SAMLException;
import org.webswing.server.services.security.modules.saml2.com.lastpass.saml.SAMLInit;
import org.webswing.server.services.security.modules.saml2.com.lastpass.saml.SAMLUtils;
import org.webswing.server.services.security.modules.saml2.com.lastpass.saml.SPConfig;

/* loaded from: input_file:org/webswing/server/services/security/modules/saml2/Saml2SecurityModule.class */
public class Saml2SecurityModule extends AbstractExtendableSecurityModule<Saml2SecurityModuleConfig> {
    private static final Logger log = LoggerFactory.getLogger(Saml2SecurityModule.class);
    private static boolean staticInit;
    private static final String SAML_PARAMETER = "SAMLResponse";
    private SAMLClient client;

    public Saml2SecurityModule(Saml2SecurityModuleConfig saml2SecurityModuleConfig) {
        super(saml2SecurityModuleConfig);
    }

    @Override // org.webswing.server.services.security.modules.AbstractExtendableSecurityModule, org.webswing.server.services.security.modules.AbstractSecurityModule, org.webswing.server.services.security.api.WebswingSecurityModule
    public void init() {
        super.init();
        if (!staticInit) {
            throw new RuntimeException("SAML2 module was not initialized correctly. Not possible to configure security module. ");
        }
        try {
            String identityProviderMetadataFile = ((Saml2SecurityModuleConfig) getConfig()).getIdentityProviderMetadataFile();
            File metadataFile = getMetadataFile(identityProviderMetadataFile);
            if (metadataFile == null || !metadataFile.isFile()) {
                throw new SAMLException("The SAML2 Identity provider metadata file " + identityProviderMetadataFile + " does not exist.");
            }
            String serviceProviderConsumerUrl = ((Saml2SecurityModuleConfig) getConfig()).getServiceProviderConsumerUrl();
            if (StringUtils.isEmpty(serviceProviderConsumerUrl)) {
                throw new SAMLException("The SAML2 serviceProviderConsumerUrl property must not be empty.");
            }
            String serviceProviderEntityId = ((Saml2SecurityModuleConfig) getConfig()).getServiceProviderEntityId();
            if (StringUtils.isEmpty(serviceProviderEntityId)) {
                throw new RuntimeException("The SAML2 Service provider entityId property must not be empty.");
            }
            String replaceVariables = ((Saml2SecurityModuleConfig) getConfig()).getContext().replaceVariables(((Saml2SecurityModuleConfig) getConfig()).getDecryptionKeyStore());
            PrivateKey privateKey = null;
            if (StringUtils.isNotEmpty(replaceVariables)) {
                File resolveFile = ((Saml2SecurityModuleConfig) getConfig()).getContext().resolveFile(replaceVariables);
                if (metadataFile == null || !metadataFile.exists()) {
                    log.error("Failed to load keystore.", new Exception(replaceVariables + " does not exits."));
                } else {
                    String str = "p12".equals(FilenameUtils.getExtension(resolveFile.getName())) ? "PKCS12" : "JKS";
                    String replaceVariables2 = ((Saml2SecurityModuleConfig) getConfig()).getContext().replaceVariables(((Saml2SecurityModuleConfig) getConfig()).getDecryptionKeyAlias());
                    String replaceVariables3 = ((Saml2SecurityModuleConfig) getConfig()).getContext().replaceVariables(((Saml2SecurityModuleConfig) getConfig()).getDecryptionKeyStorePwd());
                    String replaceVariables4 = ((Saml2SecurityModuleConfig) getConfig()).getContext().replaceVariables(((Saml2SecurityModuleConfig) getConfig()).getDecryptionKeyPwd());
                    try {
                        privateKey = (PrivateKey) loadKeyStore(resolveFile, replaceVariables3, str).getKey(replaceVariables2, null == replaceVariables4 ? null : replaceVariables4.toCharArray());
                    } catch (Exception e) {
                        log.error("Failed to load private key from keystore", e);
                    }
                }
            }
            IdPConfig idPConfig = new IdPConfig(metadataFile);
            try {
                SPConfig sPConfig = new SPConfig(new ByteArrayInputStream(IOUtils.toString(getClass().getClassLoader().getResourceAsStream("saml2/saml2-sp-template.xml")).replace("${entityID}", serviceProviderEntityId).replace("${consumerUrl}", serviceProviderConsumerUrl).getBytes("UTF-8")));
                if (privateKey != null) {
                    sPConfig.setPrivateKey(privateKey);
                }
                this.client = new SAMLClient(sPConfig, idPConfig);
            } catch (IOException e2) {
                throw new SAMLException("The SAML2 template file could not be loaded.", e2);
            }
        } catch (SAMLException e3) {
            throw new RuntimeException("Failed to initialize SAML2 webswing security module. ", e3);
        }
    }

    private File getMetadataFile(String str) throws SAMLException {
        File resolveFile = ((Saml2SecurityModuleConfig) getConfig()).getContext().resolveFile(str);
        if (resolveFile != null) {
            return resolveFile;
        }
        try {
            File file = new File(Main.getTempDir(), Base64.encodeBase64URLSafeString(str.getBytes()));
            FileUtils.copyURLToFile(new URL(str), file);
            return file;
        } catch (MalformedURLException e) {
            return null;
        } catch (IOException e2) {
            throw new SAMLException("Failed to load SAML2 Identity provider metadata.", e2);
        }
    }

    @Override // org.webswing.server.services.security.modules.AbstractSecurityModule
    protected void serveLoginPartial(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, WebswingAuthenticationException webswingAuthenticationException) throws IOException {
        if (webswingAuthenticationException != null) {
            sendPartialHtml(httpServletRequest, httpServletResponse, "errorPartial.html", webswingAuthenticationException);
        } else {
            sendRedirect(httpServletRequest, httpServletResponse, getSaml2RedirectUrl(httpServletRequest));
        }
    }

    private String getSaml2RedirectUrl(HttpServletRequest httpServletRequest) throws IOException {
        try {
            String generateAuthnRequest = this.client.generateAuthnRequest(SAMLUtils.generateRequestId());
            String loginUrl = this.client.getIdPConfig().getLoginUrl();
            String queryString = httpServletRequest.getQueryString();
            if (StringUtils.isNotBlank(queryString)) {
                loginUrl = CommonUtil.addParam(loginUrl, queryString);
            }
            return CommonUtil.addParam(loginUrl, "SAMLRequest=" + URLEncoder.encode(generateAuthnRequest, "UTF-8"));
        } catch (SAMLException e) {
            throw new IOException("Failed to build SAML request.", e);
        }
    }

    @Override // org.webswing.server.services.security.modules.AbstractSecurityModule
    protected AbstractWebswingUser authenticate(HttpServletRequest httpServletRequest) throws WebswingAuthenticationException {
        String parameter = httpServletRequest.getParameter(SAML_PARAMETER);
        if (StringUtils.isEmpty(parameter)) {
            return null;
        }
        try {
            AttributeSet validateResponse = this.client.validateResponse(parameter);
            String nameId = validateResponse.getNameId();
            logSuccess(httpServletRequest, nameId);
            return new Saml2User(parameter, nameId, validateResponse.getAttributes());
        } catch (SAMLException e) {
            logFailure(httpServletRequest, null, "Failed to authenticate." + e.getMessage());
            log.error("Failed to authenticate", e);
            throw new WebswingAuthenticationException("Failed to auhenticate. " + e.getMessage(), WebswingAuthenticationException.FAILED_TO_AUTHENTICATE, e);
        }
    }

    @Override // org.webswing.server.services.security.modules.AbstractSecurityModule
    public void doLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        logoutRedirect(httpServletRequest, httpServletResponse, replaceVar(((Saml2SecurityModuleConfig) getConfig()).getLogoutUrl()));
    }

    public static KeyStore loadKeyStore(File file, String str, String str2) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        URL url = file.toURI().toURL();
        KeyStore keyStore = KeyStore.getInstance(str2);
        InputStream inputStream = null;
        try {
            inputStream = url.openStream();
            keyStore.load(inputStream, null == str ? null : str.toCharArray());
            if (null != inputStream) {
                inputStream.close();
            }
            return keyStore;
        } catch (Throwable th) {
            if (null != inputStream) {
                inputStream.close();
            }
            throw th;
        }
    }

    static {
        staticInit = false;
        try {
            SAMLInit.initialize();
            staticInit = true;
        } catch (SAMLException e) {
            log.error("Initializing SAML2 client failed.", e);
        }
    }
}
