package pt.digitalis.dif.centralauth.impl;

import com.coveo.saml.SamlClient;
import com.coveo.saml.SamlException;
import com.coveo.saml.SamlResponse;
import java.io.StringReader;
import java.net.URLEncoder;
import java.util.Calendar;
import java.util.Map;
import java.util.UUID;
import org.opensaml.saml2.common.Extensions;
import org.opensaml.xml.util.Base64;
import pt.digitalis.dif.centralauth.configurations.SAMLConfigurations;
import pt.digitalis.dif.centralauth.interfaces.ICentralAuthentication;
import pt.digitalis.dif.controller.interfaces.IDIFContext;
import pt.digitalis.dif.controller.objects.DIFRedirect;
import pt.digitalis.dif.controller.objects.RedirectAction;
import pt.digitalis.dif.exception.InternalFrameworkException;
import pt.digitalis.dif.ioc.DIFIoCRegistry;
import pt.digitalis.dif.utils.http.HttpUtils;
import pt.digitalis.dif.utils.logging.IErrorLogManager;
import pt.digitalis.utils.common.StringUtils;
import pt.digitalis.utils.config.ConfigurationException;

/* loaded from: input_file:WEB-INF/lib/dif-remote-auth-2.6.1-3.jar:pt/digitalis/dif/centralauth/impl/AbstractCentralAuthenticationSAML.class */
public abstract class AbstractCentralAuthenticationSAML extends AbstractAuthentication implements ICentralAuthentication {
    private static final String RELAY_PARAMETER = "RelayState";
    private static final String REQUEST_PARAMETER = "SAMLRequest";
    private static final String RESPONSE_PARAMETER = "SAMLResponse";
    private static final String SESSION_VERIFIED_MANDATORY_AND_BUSINESS_ASSERTION = "mandatoryAndBusinessAssertion";
    private static SamlClient clientSAML = null;
    private static Calendar timestampSAMLConfs = null;
    private IErrorLogManager errorLog = (IErrorLogManager) DIFIoCRegistry.getRegistry().getImplementation(IErrorLogManager.class);
    private String SESSION_INDEX_ID = "SAMLSessionIndexId";
    private String USER_ID = "SAMLUserId";

    @Override // pt.digitalis.dif.centralauth.interfaces.ICentralAuthentication
    public void cleanUp(IDIFContext iDIFContext) {
        iDIFContext.getRequest().addParameter(RESPONSE_PARAMETER, null);
    }

    protected Map<String, String> getAttributeMappings() throws ConfigurationException {
        return SAMLConfigurations.getInstance().getAttributesMapping();
    }

    @Override // pt.digitalis.dif.centralauth.impl.AbstractAuthentication
    public Boolean getChangePasswordAvailable() {
        return SAMLConfigurations.getInstance().getAllowChangePassword();
    }

    protected Extensions getLoginExtensions() {
        return null;
    }

    protected Extensions getLogoutExtensions() {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getNameIDPolicy() {
        return null;
    }

    @Override // pt.digitalis.dif.centralauth.impl.AbstractAuthentication
    public Boolean getRecoverPasswordAvailable() {
        return SAMLConfigurations.getInstance().getAllowRecoverPassword();
    }

    @Override // pt.digitalis.dif.centralauth.interfaces.ICentralAuthentication
    public DIFRedirect getRedirectLogin(IDIFContext iDIFContext) {
        DIFRedirect dIFRedirect = null;
        try {
            SamlClient samlClient = getSamlClient(iDIFContext);
            String identityProviderLoginUrl = samlClient.getIdentityProviderLoginUrl();
            String samlLoginRequest = samlClient.getSamlLoginRequest(getLoginExtensions());
            RedirectAction redirectAction = RedirectAction.POST;
            if (!samlClient.isLoginMethodPost()) {
                redirectAction = RedirectAction.GET;
                samlLoginRequest = URLEncoder.encode(samlLoginRequest, "UTF-8");
            }
            dIFRedirect = new DIFRedirect(redirectAction, identityProviderLoginUrl);
            dIFRedirect.addParameter(REQUEST_PARAMETER, samlLoginRequest);
            dIFRedirect.addParameter("RelayState", Base64.encodeBytes(UUID.randomUUID().toString().getBytes()));
        } catch (Exception e) {
            e.printStackTrace();
            this.errorLog.logError("Central Authentication SAML", "Get Redirect Login", e);
        }
        return dIFRedirect;
    }

    @Override // pt.digitalis.dif.centralauth.interfaces.ICentralAuthentication
    public DIFRedirect getRedirectLogout(IDIFContext iDIFContext) {
        DIFRedirect dIFRedirect = null;
        try {
            String samlLogoutRequest = getSamlClient(iDIFContext).getSamlLogoutRequest((String) iDIFContext.getSession().getAttribute(this.USER_ID), (String) iDIFContext.getSession().getAttribute(this.SESSION_INDEX_ID), null, getLogoutExtensions());
            String identityProviderLogoutUrl = getSamlClient(iDIFContext).getIdentityProviderLogoutUrl();
            SamlClient samlClient = getSamlClient(iDIFContext);
            RedirectAction redirectAction = RedirectAction.POST;
            if (!samlClient.isLogoutMethodPost()) {
                redirectAction = RedirectAction.GET;
                samlLogoutRequest = URLEncoder.encode(samlLogoutRequest, "UTF-8");
            }
            dIFRedirect = new DIFRedirect(redirectAction, identityProviderLogoutUrl);
            dIFRedirect.addParameter(REQUEST_PARAMETER, samlLogoutRequest);
        } catch (Exception e) {
            this.errorLog.logError("Central Authentication SAML", "Get Redirect Logout", e);
        }
        return dIFRedirect;
    }

    @Override // pt.digitalis.dif.centralauth.impl.AbstractAuthentication
    public Boolean getRegistrationAvailable() {
        return SAMLConfigurations.getInstance().getAllowRegistration();
    }

    protected SamlClient getSamlClient(IDIFContext iDIFContext) throws SamlException, InternalFrameworkException {
        if (clientSAML == null || timestampSAMLConfs == null || timestampSAMLConfs.before(SAMLConfigurations.getInstance().getTimestamp())) {
            String baseURL = HttpUtils.getBaseURL();
            if (!baseURL.endsWith("/")) {
                baseURL = baseURL + "/";
            }
            clientSAML = SamlClient.fromMetadata(SAMLConfigurations.getInstance().getName(), baseURL + "page?stage=difhomestage", new StringReader(StringUtils.nvl(SAMLConfigurations.getInstance().getMetadata(), "")), SAMLConfigurations.getInstance().getKeyStorePrivateKeyPathSMAL(), SAMLConfigurations.getInstance().getKeyStorePrivateKeyPasswordSMAL(), SAMLConfigurations.getInstance().getPrivateKeyAliasSMAL(), SAMLConfigurations.getInstance().getPrivateKeyPasswordSMAL(), getNameIDPolicy());
            timestampSAMLConfs = SAMLConfigurations.getInstance().getTimestamp();
            if (SAMLConfigurations.getInstance().getNotBeforeSkew() != null) {
                clientSAML.setNotBeforeSkew(SAMLConfigurations.getInstance().getNotBeforeSkew().longValue());
            }
        }
        return clientSAML;
    }

    /* JADX WARN: Code restructure failed: missing block: B:33:0x0193, code lost:
    
        r16 = true;
        r0 = pt.digitalis.dif.centralauth.configurations.SAMLConfigurations.getInstance().getInvalidMissingMandatoryFieldValuesMessage();
        r15 = "User doesn't have all required information for authentication";
     */
    @Override // pt.digitalis.dif.centralauth.interfaces.ICentralAuthentication
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public pt.digitalis.dif.centralauth.objects.CentralUserData getUserData(pt.digitalis.dif.controller.interfaces.IDIFContext r8) {
        /*
            Method dump skipped, instructions count: 1680
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: pt.digitalis.dif.centralauth.impl.AbstractCentralAuthenticationSAML.getUserData(pt.digitalis.dif.controller.interfaces.IDIFContext):pt.digitalis.dif.centralauth.objects.CentralUserData");
    }

    protected String getUserID(SamlResponse samlResponse) {
        String nameID = samlResponse.getNameID();
        Map<String, Object> userAttributes = samlResponse.getUserAttributes();
        if (StringUtils.isNotBlank(SAMLConfigurations.getInstance().getIdAttribute()) && userAttributes.containsKey(SAMLConfigurations.getInstance().getIdAttribute())) {
            nameID = (String) userAttributes.get(SAMLConfigurations.getInstance().getIdAttribute());
        }
        return nameID;
    }

    protected String getUserName(SamlResponse samlResponse) {
        return samlResponse.getNameID();
    }

    @Override // pt.digitalis.dif.centralauth.impl.AbstractAuthentication, pt.digitalis.dif.features.IDIFFeatureBaseAuthentication
    public boolean isExclusiveAuthentication() {
        return true;
    }

    @Override // pt.digitalis.dif.features.IDIFFeatureBaseAuthentication
    public Boolean isLocal() {
        return false;
    }

    protected boolean processResponse(SamlResponse samlResponse) {
        return samlResponse.isSigned();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void publishUserAttributesOnSession(IDIFContext iDIFContext, Map<String, Object> map) {
    }

    @Override // pt.digitalis.dif.centralauth.interfaces.ICentralAuthentication
    public boolean supportSingleLogout(IDIFContext iDIFContext) {
        boolean z = false;
        try {
            z = getSamlClient(iDIFContext).supportSingleLogout();
        } catch (Exception e) {
            this.errorLog.logError("Central Authentication SAML", "Support Single Logout", e);
        }
        return z;
    }
}
