package org.apereo.cas.support.saml.idp;

import com.google.errorprone.annotations.CanIgnoreReturnValue;
import java.io.ByteArrayInputStream;
import java.io.Serializable;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.zip.Inflater;
import java.util.zip.InflaterInputStream;
import lombok.Generated;
import net.shibboleth.shared.codec.Base64Support;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlIdPConstants;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.authentication.SamlIdPAuthenticationContext;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.function.FunctionUtils;
import org.apereo.cas.web.support.ArgumentExtractor;
import org.jooq.lambda.Unchecked;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.common.binding.SAMLBindingSupport;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.jee.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ConfigurableApplicationContext;

/* loaded from: input_file:org/apereo/cas/support/saml/idp/SamlIdPSessionManager.class */
public class SamlIdPSessionManager {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlIdPSessionManager.class);
    private final OpenSamlConfigBean openSamlConfigBean;
    private final SessionStore sessionStore;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apereo/cas/support/saml/idp/SamlIdPSessionManager$SamlIdPSessionEntry.class */
    public static final class SamlIdPSessionEntry implements Serializable {
        private static final long serialVersionUID = 8119055575574523810L;
        private String id;
        private String samlRequest;
        private String relayState;
        private String context;

        @Generated
        public String getId() {
            return this.id;
        }

        @Generated
        public String getSamlRequest() {
            return this.samlRequest;
        }

        @Generated
        public String getRelayState() {
            return this.relayState;
        }

        @Generated
        public String getContext() {
            return this.context;
        }

        @Generated
        public SamlIdPSessionEntry setId(String str) {
            this.id = str;
            return this;
        }

        @Generated
        public SamlIdPSessionEntry setSamlRequest(String str) {
            this.samlRequest = str;
            return this;
        }

        @Generated
        public SamlIdPSessionEntry setRelayState(String str) {
            this.relayState = str;
            return this;
        }

        @Generated
        public SamlIdPSessionEntry setContext(String str) {
            this.context = str;
            return this;
        }

        @Generated
        public SamlIdPSessionEntry() {
        }
    }

    public static SamlIdPSessionManager of(OpenSamlConfigBean openSamlConfigBean, SessionStore sessionStore) {
        return new SamlIdPSessionManager(openSamlConfigBean, sessionStore);
    }

    @CanIgnoreReturnValue
    public SamlIdPSessionManager store(WebContext webContext, Pair<? extends SignableSAMLObject, MessageContext> pair) throws Exception {
        AuthnRequest authnRequest = (AuthnRequest) pair.getLeft();
        MessageContext messageContext = (MessageContext) pair.getValue();
        StringWriter transformSamlObject = SamlUtils.transformSamlObject(this.openSamlConfigBean, authnRequest);
        try {
            String encodeBase64 = EncodingUtils.encodeBase64(transformSamlObject.toString().getBytes(StandardCharsets.UTF_8));
            SamlIdPSessionEntry context = new SamlIdPSessionEntry().setId(authnRequest.getID()).setSamlRequest(encodeBase64).setRelayState(SAMLBindingSupport.getRelayState(messageContext)).setContext(SamlIdPAuthenticationContext.from(messageContext).encode());
            Map map = (Map) this.sessionStore.get(webContext, SamlIdPSessionEntry.class.getName()).map(obj -> {
                return (Map) obj;
            }).orElseGet(HashMap::new);
            map.put(context.getId(), context);
            this.sessionStore.set(webContext, SamlIdPSessionEntry.class.getName(), map);
            if (transformSamlObject != null) {
                transformSamlObject.close();
            }
            return this;
        } catch (Throwable th) {
            if (transformSamlObject != null) {
                try {
                    transformSamlObject.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public Optional<Pair<? extends RequestAbstractType, MessageContext>> fetch(WebContext webContext, Class<? extends RequestAbstractType> cls) {
        LOGGER.trace("Attempting to fetch SAML2 authentication session from [{}]", webContext.getFullRequestURL());
        return this.sessionStore.get(webContext, SamlIdPSessionEntry.class.getName()).map(obj -> {
            return (Map) obj;
        }).flatMap(map -> {
            Optional requestParameter = webContext.getRequestParameter(SamlIdPConstants.AUTHN_REQUEST_ID);
            Objects.requireNonNull(map);
            return requestParameter.map((v1) -> {
                return r1.get(v1);
            }).or(Unchecked.supplier(() -> {
                ConfigurableApplicationContext applicationContext = this.openSamlConfigBean.getApplicationContext();
                WebApplicationService extractService = ((ArgumentExtractor) applicationContext.getBean("argumentExtractor", ArgumentExtractor.class)).extractService(((JEEContext) webContext).getNativeRequest());
                return Optional.ofNullable(extractService).map(Unchecked.function(webApplicationService -> {
                    Optional map = CollectionUtils.firstElement((List) ((AuthenticationServiceSelectionPlan) applicationContext.getBean("authenticationServiceSelectionPlan", AuthenticationServiceSelectionPlan.class)).resolveService(extractService).getAttributes().get(SamlIdPConstants.AUTHN_REQUEST_ID)).map((v0) -> {
                        return v0.toString();
                    });
                    Objects.requireNonNull(map);
                    return (SamlIdPSessionEntry) map.map((v1) -> {
                        return r1.get(v1);
                    }).orElse(null);
                }));
            }));
        }).filter(samlIdPSessionEntry -> {
            return StringUtils.isNotBlank(samlIdPSessionEntry.getSamlRequest());
        }).map(samlIdPSessionEntry2 -> {
            MessageContext messageContext = SamlIdPAuthenticationContext.decode(samlIdPSessionEntry2.getContext()).toMessageContext(fetch(cls, samlIdPSessionEntry2.getSamlRequest()));
            return Pair.of((AuthnRequest) messageContext.getMessage(), messageContext);
        });
    }

    public <T extends RequestAbstractType> T fetch(Class<T> cls, String str) {
        try {
            LOGGER.trace("Retrieving SAML request from [{}]", str);
            InflaterInputStream inflaterInputStream = new InflaterInputStream(new ByteArrayInputStream(Base64Support.decode(str)), new Inflater(true));
            try {
                T cast = cls.cast(XMLObjectSupport.unmarshallFromInputStream(this.openSamlConfigBean.getParserPool(), inflaterInputStream));
                inflaterInputStream.close();
                return cast;
            } finally {
            }
        } catch (Throwable th) {
            return (T) FunctionUtils.doUnchecked(() -> {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(EncodingUtils.decodeBase64(str.getBytes(StandardCharsets.UTF_8)));
                try {
                    RequestAbstractType requestAbstractType = (RequestAbstractType) cls.cast(XMLObjectSupport.unmarshallFromInputStream(this.openSamlConfigBean.getParserPool(), byteArrayInputStream));
                    byteArrayInputStream.close();
                    return requestAbstractType;
                } catch (Throwable th2) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th3) {
                        th2.addSuppressed(th3);
                    }
                    throw th2;
                }
            });
        }
    }

    @Generated
    public SamlIdPSessionManager(OpenSamlConfigBean openSamlConfigBean, SessionStore sessionStore) {
        this.openSamlConfigBean = openSamlConfigBean;
        this.sessionStore = sessionStore;
    }
}
