package net.shibboleth.idp.test.flows.saml2;

import java.net.MalformedURLException;
import java.time.Instant;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.idp.test.flows.AbstractFlowTest;
import net.shibboleth.utilities.java.support.net.SimpleURLCanonicalizer;
import net.shibboleth.utilities.java.support.net.URLBuilder;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.encryption.Encrypter;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.context.SecurityParametersContext;
import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters;
import org.opensaml.xmlsec.encryption.support.EncryptionException;
import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/test/flows/saml2/AbstractSAML2SSOFlowTest.class */
public abstract class AbstractSAML2SSOFlowTest extends AbstractSAML2FlowTest {

    @Nonnull
    protected final Logger log = LoggerFactory.getLogger(AbstractSAML2SSOFlowTest.class);

    public String getDestinationRedirect(HttpServletRequest httpServletRequest) {
        try {
            URLBuilder uRLBuilder = new URLBuilder(SimpleURLCanonicalizer.canonicalize(getBaseUrl(httpServletRequest)));
            uRLBuilder.setPath("/idp/profile/SAML2/Redirect/SSO");
            return uRLBuilder.buildURL();
        } catch (MalformedURLException e) {
            this.log.error("Couldn't parse base URL, reverting to internal default destination");
            return "http://localhost:8080" + "/idp/profile/SAML2/Redirect/SSO";
        }
    }

    public String getDestinationPost(HttpServletRequest httpServletRequest) {
        String baseUrl = getBaseUrl(httpServletRequest);
        try {
            URLBuilder uRLBuilder = new URLBuilder(baseUrl);
            uRLBuilder.setPath("/idp/profile/SAML2/POST/SSO");
            return uRLBuilder.buildURL();
        } catch (MalformedURLException e) {
            this.log.error("Couldn't parse base URL, reverting to internal default destination: {}", baseUrl);
            return "http://localhost:8080" + "/idp/profile/SAML2/POST/SSO";
        }
    }

    public String getDestinationPostSimpleSign(HttpServletRequest httpServletRequest) {
        String baseUrl = getBaseUrl(httpServletRequest);
        try {
            URLBuilder uRLBuilder = new URLBuilder(baseUrl);
            uRLBuilder.setPath("/idp/profile/SAML2/POST-SimpleSign/SSO");
            return uRLBuilder.buildURL();
        } catch (MalformedURLException e) {
            this.log.error("Couldn't parse base URL, reverting to internal default destination: {}", baseUrl);
            return "http://localhost:8080" + "/idp/profile/SAML2/POST-SimpleSign/SSO";
        }
    }

    public AuthnRequest buildAuthnRequest(HttpServletRequest httpServletRequest) throws EncryptionException {
        AuthnRequest buildObject = builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME).buildObject(AuthnRequest.DEFAULT_ELEMENT_NAME);
        buildObject.setID(this.idGenerator.generateIdentifier());
        buildObject.setIssueInstant(Instant.now());
        buildObject.setAssertionConsumerServiceURL(getAcsUrl(httpServletRequest));
        buildObject.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        Issuer buildObject2 = builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME).buildObject(Issuer.DEFAULT_ELEMENT_NAME);
        buildObject2.setValue(AbstractFlowTest.SP_ENTITY_ID);
        buildObject.setIssuer(buildObject2);
        NameIDPolicy buildObject3 = builderFactory.getBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME).buildObject(NameIDPolicy.DEFAULT_ELEMENT_NAME);
        buildObject3.setAllowCreate(true);
        buildObject.setNameIDPolicy(buildObject3);
        NameID buildObject4 = builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME).buildObject(NameID.DEFAULT_ELEMENT_NAME);
        buildObject4.setValue("jdoe");
        Subject buildObject5 = builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME).buildObject(Subject.DEFAULT_ELEMENT_NAME);
        buildObject5.setEncryptedID(getEncrypter().encrypt(buildObject4));
        buildObject.setSubject(buildObject5);
        RequestedAuthnContext buildObject6 = builderFactory.getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME).buildObject(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
        AuthnContextClassRef buildObject7 = builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME).buildObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
        buildObject7.setURI("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
        buildObject6.getAuthnContextClassRefs().add(buildObject7);
        buildObject.setRequestedAuthnContext(buildObject6);
        return buildObject;
    }

    public Encrypter getEncrypter() {
        DataEncryptionParameters dataEncryptionParameters = new DataEncryptionParameters();
        dataEncryptionParameters.setAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
        keyEncryptionParameters.setAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        keyEncryptionParameters.setEncryptionCredential(this.idpCredential);
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
        keyEncryptionParameters.setKeyInfoGenerator(x509KeyInfoGeneratorFactory.newInstance());
        Encrypter encrypter = new Encrypter(dataEncryptionParameters, keyEncryptionParameters);
        encrypter.setKeyPlacement(Encrypter.KeyPlacement.PEER);
        return encrypter;
    }

    public String getAcsUrl(HttpServletRequest httpServletRequest) {
        String baseUrl = getBaseUrl(httpServletRequest);
        try {
            URLBuilder uRLBuilder = new URLBuilder(SimpleURLCanonicalizer.canonicalize(baseUrl));
            uRLBuilder.setPath("/sp/SAML2/POST/ACS");
            return uRLBuilder.buildURL();
        } catch (MalformedURLException e) {
            this.log.error("Couldn't parse base URL, reverting to internal default ACS: {}", baseUrl);
            return "http://localhost:8080" + "/sp/SAML2/POST/ACS";
        }
    }

    public SingleSignOnService buildIdpSsoEndpoint(String str, String str2) {
        SingleSignOnService buildObject = builderFactory.getBuilder(SingleSignOnService.DEFAULT_ELEMENT_NAME).buildObject(SingleSignOnService.DEFAULT_ELEMENT_NAME);
        buildObject.setBinding(str);
        buildObject.setLocation(str2);
        return buildObject;
    }

    public String getBaseUrl(HttpServletRequest httpServletRequest) {
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        try {
            URLBuilder uRLBuilder = new URLBuilder(stringBuffer);
            uRLBuilder.setUsername((String) null);
            uRLBuilder.setPassword((String) null);
            uRLBuilder.setPath((String) null);
            uRLBuilder.getQueryParams().clear();
            uRLBuilder.setFragment((String) null);
            return uRLBuilder.buildURL();
        } catch (MalformedURLException e) {
            this.log.error("Couldn't parse request URL, reverting to internal default base URL: {}", stringBuffer);
            return "http://localhost:8080";
        }
    }

    public MessageContext buildOutboundMessageContext(AuthnRequest authnRequest, String str) {
        MessageContext messageContext = new MessageContext();
        messageContext.setMessage(authnRequest);
        SAMLPeerEntityContext subcontext = messageContext.getSubcontext(SAMLPeerEntityContext.class, true);
        subcontext.setEntityId(AbstractFlowTest.IDP_ENTITY_ID);
        subcontext.getSubcontext(SAMLEndpointContext.class, true).setEndpoint(buildIdpSsoEndpoint(str, authnRequest.getDestination()));
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(this.spCredential);
        messageContext.getSubcontext(SecurityParametersContext.class, true).setSignatureSigningParameters(signatureSigningParameters);
        return messageContext;
    }
}
