package com.adobe.granite.auth.saml.binding;

import com.adobe.granite.auth.saml.model.AuthnRequest;
import com.adobe.granite.auth.saml.model.LogoutRequest;
import com.adobe.granite.auth.saml.model.LogoutResponse;
import com.adobe.granite.auth.saml.spi.Message;
import com.adobe.granite.auth.saml.util.SamlReader;
import com.adobe.granite.auth.saml.util.SamlReaderException;
import com.adobe.granite.auth.saml.util.SamlWriter;
import com.adobe.granite.auth.saml.util.SamlWriterException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.Certificate;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.sling.xss.XSSAPI;
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.utils.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/granite/auth/saml/binding/PostBinding.class */
public class PostBinding implements RequestBinding, ResponseBinding {
    public static final String SAML_RESPONSE_PARAM = "SAMLResponse";
    public static final String SAML_REQUEST_PARAM = "SAMLRequest";
    public static final String RELAY_STATE_PARAM = "RelayState";
    public static final String REQUEST_PATH_COOKIE = "saml_request_path";
    private XSSAPI xssAPI;
    private final Logger log = LoggerFactory.getLogger(getClass());
    private SamlWriter samlWriter = new SamlWriter();
    private SamlReader samlReader = new SamlReader();

    public void setXSSAPI(XSSAPI xssapi) {
        this.xssAPI = xssapi;
    }

    @Override // com.adobe.granite.auth.saml.binding.ResponseBinding
    public MessageContext receive(MessageContext messageContext, HttpServletRequest httpServletRequest, KeyStore keyStore, KeyStore keyStore2) throws IOException {
        String str = null;
        boolean z = false;
        if (httpServletRequest.getParameter(SAML_RESPONSE_PARAM) != null) {
            str = httpServletRequest.getParameter(SAML_RESPONSE_PARAM);
        } else if (httpServletRequest.getParameter(SAML_REQUEST_PARAM) != null) {
            str = httpServletRequest.getParameter(SAML_REQUEST_PARAM);
            z = true;
        }
        if (null == str || str.isEmpty()) {
            return null;
        }
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(Base64.decode(str));
                Certificate certificate = messageContext.getIdpConfiguration().getCertificate(keyStore);
                if (certificate == null) {
                    this.log.error("Unable to receive SAML message. Could not read IdP certificate from truststore.");
                    if (null != byteArrayInputStream2) {
                        try {
                            byteArrayInputStream2.close();
                        } catch (IOException e) {
                            this.log.warn("Unable to close input stream while receiving SAML message.");
                        }
                    }
                    return null;
                }
                PublicKey publicKey = certificate.getPublicKey();
                Key key = null;
                if (messageContext.getSpConfiguration().getUseEncryption()) {
                    key = messageContext.getSpConfiguration().getDecryptionKey(keyStore2);
                }
                messageContext.setMessage(this.samlReader.read(byteArrayInputStream2, key, publicKey, z));
                String parameter = httpServletRequest.getParameter(RELAY_STATE_PARAM);
                if (null != parameter) {
                    messageContext.setRelayState(parameter.getBytes());
                }
                if (null != byteArrayInputStream2) {
                    try {
                        byteArrayInputStream2.close();
                    } catch (IOException e2) {
                        this.log.warn("Unable to close input stream while receiving SAML message.");
                    }
                }
                return messageContext;
            } catch (SamlReaderException e3) {
                this.log.error("Unable to read SAML message.", e3);
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (IOException e4) {
                        this.log.warn("Unable to close input stream while receiving SAML message.");
                    }
                }
                return null;
            } catch (Base64DecodingException e5) {
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (IOException e6) {
                        this.log.warn("Unable to close input stream while receiving SAML message.");
                    }
                }
                return null;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    byteArrayInputStream.close();
                } catch (IOException e7) {
                    this.log.warn("Unable to close input stream while receiving SAML message.");
                }
            }
            throw th;
        }
    }

    @Override // com.adobe.granite.auth.saml.binding.RequestBinding
    public void send(MessageContext messageContext, HttpServletResponse httpServletResponse, Key key) throws IOException {
        String idpLogoutPostUrl;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            try {
                Message message = messageContext.getMessage();
                boolean z = message instanceof AuthnRequest;
                String str = SAML_REQUEST_PARAM;
                if (z) {
                    idpLogoutPostUrl = messageContext.getIdpConfiguration().getIdpPostUrl();
                } else if (message instanceof LogoutRequest) {
                    idpLogoutPostUrl = messageContext.getIdpConfiguration().getIdpLogoutPostUrl();
                } else {
                    if (!(message instanceof LogoutResponse)) {
                        throw new RuntimeException("Messages of type " + message.getClass().getName() + " are not currently supported.");
                    }
                    idpLogoutPostUrl = messageContext.getIdpConfiguration().getIdpLogoutPostUrl();
                    str = SAML_RESPONSE_PARAM;
                }
                this.samlWriter.write(message, byteArrayOutputStream, key);
                String encode = Base64.encode(byteArrayOutputStream.toByteArray());
                String encodeForJSString = (messageContext.getContextPath() == null || messageContext.getContextPath().isEmpty()) ? "/" : this.xssAPI.encodeForJSString(messageContext.getContextPath());
                StringBuilder sb = new StringBuilder();
                sb.append("<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>");
                sb.append("<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>");
                sb.append("<head>");
                sb.append("<meta http-equiv='content-type' content='text/html; charset=utf-8' />");
                sb.append("<title>POST data</title>");
                if (z) {
                    sb.append("<script>    function setRequestPathCookies() {");
                    if (StringUtils.isBlank(messageContext.getRequestPathParameter())) {
                        sb.append("        var requestPath = window.location.pathname+window.location.search+window.location.hash;");
                    } else {
                        sb.append("        var requestPath = \"" + messageContext.getRequestPathParameter() + "\";");
                    }
                    sb.append("       document.cookie = \"saml_request_path=\"+encodeURIComponent(requestPath)+\";path=" + encodeForJSString + ";\";   }</script>");
                }
                sb.append("</head>");
                sb.append("<body onload='");
                if (z) {
                    sb.append("setRequestPathCookies(); ");
                }
                sb.append("document.forms[0].submit();'>");
                sb.append("<noscript>");
                sb.append("<p><strong>Note:</strong> Since your browser does not support JavaScript, you must press the button below once to proceed.</p>");
                sb.append("</noscript>");
                sb.append("<form method='post' action='");
                sb.append(idpLogoutPostUrl);
                sb.append("'>");
                byte[] relayState = messageContext.getRelayState();
                if (null != relayState && 0 < relayState.length) {
                    sb.append("<input type='hidden' name='");
                    sb.append(RELAY_STATE_PARAM);
                    sb.append("' value='");
                    sb.append(this.xssAPI.encodeForHTMLAttr(new String(relayState)));
                    sb.append("' />");
                }
                sb.append("<input type='hidden' name='");
                sb.append(str);
                sb.append("' value='");
                sb.append(encode);
                sb.append("' />");
                sb.append("<noscript><input type='submit' value='Submit' /></noscript>");
                sb.append("</form>");
                sb.append("</body>");
                sb.append("</html>");
                httpServletResponse.setContentType("text/html");
                httpServletResponse.addHeader("cache-control", "private, max-age=0, no-cache, no-store");
                httpServletResponse.getOutputStream().print(sb.toString());
                httpServletResponse.flushBuffer();
            } finally {
                try {
                    byteArrayOutputStream.close();
                } catch (IOException e) {
                    this.log.warn("Could not close output stream while sending Authn request.");
                }
            }
        } catch (SamlWriterException e2) {
            this.log.error("Fatal error while sending Authn request.", e2);
            httpServletResponse.sendError(500, "Internal server error, please contact your administrator");
            try {
                byteArrayOutputStream.close();
            } catch (IOException e3) {
                this.log.warn("Could not close output stream while sending Authn request.");
            }
        }
    }

    @Override // com.adobe.granite.auth.saml.binding.RequestBinding
    public void setDigestMethod(String str) {
        this.samlWriter.setDigestMethod(str);
    }

    @Override // com.adobe.granite.auth.saml.binding.RequestBinding
    public void setSignatureMethod(String str) {
        this.samlWriter.setSignatureMethod(str);
    }
}
