package com.floragunn.searchguard.enterprise.auth.saml;

import com.floragunn.searchguard.enterprise.auth.oidc.TestJwts;
import com.floragunn.searchguard.test.helper.cluster.FileHelper;
import com.floragunn.searchguard.test.helper.network.PortAllocator;
import java.io.BufferedReader;
import java.io.Closeable;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.net.BindException;
import java.net.Socket;
import java.net.URISyntaxException;
import java.nio.charset.CharsetDecoder;
import java.nio.charset.CharsetEncoder;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletInputStream;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import net.shibboleth.utilities.java.support.codec.Base64Support;
import net.shibboleth.utilities.java.support.codec.EncodingException;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.apache.http.Header;
import org.apache.http.HttpConnectionFactory;
import org.apache.http.HttpEntityEnclosingRequest;
import org.apache.http.HttpException;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.config.ConnectionConfig;
import org.apache.http.config.MessageConstraints;
import org.apache.http.entity.ContentLengthStrategy;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.ConnSupport;
import org.apache.http.impl.DefaultBHttpServerConnection;
import org.apache.http.impl.bootstrap.HttpServer;
import org.apache.http.impl.bootstrap.SSLServerSetupHandler;
import org.apache.http.impl.bootstrap.ServerBootstrap;
import org.apache.http.io.HttpMessageParserFactory;
import org.apache.http.io.HttpMessageWriterFactory;
import org.apache.http.message.BasicHttpRequest;
import org.apache.http.protocol.HttpContext;
import org.apache.http.protocol.HttpRequestHandler;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.schema.XSAny;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.decoder.MessageDecodingException;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.common.messaging.context.SAMLProtocolContext;
import org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder;
import org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.AttributeValue;
import org.opensaml.saml.saml2.core.AuthnContext;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.NameIDFormat;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.credential.impl.StaticCredentialResolver;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.SignatureValidationParameters;
import org.opensaml.xmlsec.context.SecurityParametersContext;
import org.opensaml.xmlsec.keyinfo.KeyInfoGenerator;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureTrustEngine;
import org.opensaml.xmlsec.signature.support.Signer;
import org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine;
import org.w3c.dom.Document;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/auth/saml/MockSamlIdpServer.class */
class MockSamlIdpServer implements Closeable {
    static final String ENTITY_ID = "http://test.entity";
    static final String CTX_METADATA = "/metadata";
    static final String CTX_SAML_SSO = "/saml/sso";
    static final String CTX_SAML_SLO = "/saml/slo";
    private HttpServer httpServer;
    private int port;
    private String uri;
    private final boolean ssl;
    private boolean wantAuthnRequestsSigned;
    private String idpEntityId;
    private X509Certificate signingCertificate;
    private Credential signingCredential;
    private String authenticateUser;
    private List<String> authenticateUserRoles;
    private int baseId;
    private boolean signResponses;
    private X509Certificate spSignatureCertificate;
    private String endpointQueryString;
    private String defaultAssertionConsumerService;
    private int retry;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/floragunn/searchguard/enterprise/auth/saml/MockSamlIdpServer$FakeHttpServletRequest.class */
    public static class FakeHttpServletRequest implements HttpServletRequest {
        private final HttpRequest delegate;
        private final Map<String, String> queryParams;
        private final URIBuilder uriBuilder;

        FakeHttpServletRequest(HttpRequest httpRequest) throws URISyntaxException {
            this.delegate = httpRequest;
            this.uriBuilder = new URIBuilder(httpRequest.getRequestLine().getUri());
            this.queryParams = (Map) this.uriBuilder.getQueryParams().stream().collect(Collectors.toMap((v0) -> {
                return v0.getName();
            }, (v0) -> {
                return v0.getValue();
            }));
        }

        public Object getAttribute(String str) {
            return null;
        }

        public Enumeration getAttributeNames() {
            return Collections.emptyEnumeration();
        }

        public String getCharacterEncoding() {
            if (this.delegate instanceof HttpEntityEnclosingRequest) {
                return ((HttpEntityEnclosingRequest) this.delegate).getEntity().getContentEncoding().getValue();
            }
            return null;
        }

        public int getContentLength() {
            if (this.delegate instanceof HttpEntityEnclosingRequest) {
                return (int) ((HttpEntityEnclosingRequest) this.delegate).getEntity().getContentLength();
            }
            return 0;
        }

        public String getContentType() {
            if (this.delegate instanceof HttpEntityEnclosingRequest) {
                return ((HttpEntityEnclosingRequest) this.delegate).getEntity().getContentType().getValue();
            }
            return null;
        }

        public ServletInputStream getInputStream() throws IOException {
            if (!(this.delegate instanceof HttpEntityEnclosingRequest)) {
                return null;
            }
            final InputStream content = ((HttpEntityEnclosingRequest) this.delegate).getEntity().getContent();
            return new ServletInputStream() { // from class: com.floragunn.searchguard.enterprise.auth.saml.MockSamlIdpServer.FakeHttpServletRequest.1
                public int read() throws IOException {
                    return content.read();
                }

                public int available() throws IOException {
                    return content.available();
                }

                public void close() throws IOException {
                    content.close();
                }
            };
        }

        public String getLocalAddr() {
            return null;
        }

        public String getLocalName() {
            return null;
        }

        public int getLocalPort() {
            return 0;
        }

        public Locale getLocale() {
            return null;
        }

        public Enumeration getLocales() {
            return null;
        }

        public String getParameter(String str) {
            return this.queryParams.get(str);
        }

        public Map getParameterMap() {
            return Collections.unmodifiableMap(this.queryParams);
        }

        public Enumeration getParameterNames() {
            return Collections.enumeration(this.queryParams.keySet());
        }

        public String[] getParameterValues(String str) {
            String str2 = this.queryParams.get(str);
            if (str2 != null) {
                return new String[]{str2};
            }
            return null;
        }

        public String getProtocol() {
            return null;
        }

        public BufferedReader getReader() throws IOException {
            if (this.delegate instanceof HttpEntityEnclosingRequest) {
                return new BufferedReader(new InputStreamReader(((HttpEntityEnclosingRequest) this.delegate).getEntity().getContent()));
            }
            return null;
        }

        public String getRealPath(String str) {
            return null;
        }

        public String getRemoteAddr() {
            return null;
        }

        public String getRemoteHost() {
            return null;
        }

        public int getRemotePort() {
            return 0;
        }

        public RequestDispatcher getRequestDispatcher(String str) {
            return null;
        }

        public String getScheme() {
            return null;
        }

        public String getServerName() {
            return null;
        }

        public int getServerPort() {
            return 0;
        }

        public boolean isSecure() {
            return false;
        }

        public void removeAttribute(String str) {
        }

        public void setAttribute(String str, Object obj) {
        }

        public void setCharacterEncoding(String str) throws UnsupportedEncodingException {
        }

        public String getAuthType() {
            return null;
        }

        public String getContextPath() {
            return null;
        }

        public Cookie[] getCookies() {
            return null;
        }

        public long getDateHeader(String str) {
            return 0L;
        }

        public String getHeader(String str) {
            Header firstHeader = this.delegate.getFirstHeader(str);
            if (firstHeader != null) {
                return firstHeader.getValue();
            }
            return null;
        }

        public Enumeration getHeaderNames() {
            return Collections.enumeration((Collection) Arrays.asList(this.delegate.getAllHeaders()).stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toSet()));
        }

        public Enumeration getHeaders(String str) {
            Header[] headers = this.delegate.getHeaders(str);
            if (headers != null) {
                return Collections.enumeration((Collection) Arrays.asList(headers).stream().map((v0) -> {
                    return v0.getName();
                }).collect(Collectors.toSet()));
            }
            return null;
        }

        public int getIntHeader(String str) {
            Header firstHeader = this.delegate.getFirstHeader(str);
            if (firstHeader != null) {
                return Integer.parseInt(firstHeader.getValue());
            }
            return 0;
        }

        public String getMethod() {
            return this.delegate.getRequestLine().getMethod();
        }

        public String getPathInfo() {
            return null;
        }

        public String getPathTranslated() {
            return this.uriBuilder.getPath();
        }

        public String getQueryString() {
            return this.delegate.getRequestLine().getUri().replaceAll("^.*\\?", "");
        }

        public String getRemoteUser() {
            return null;
        }

        public String getRequestURI() {
            return this.delegate.getRequestLine().getUri();
        }

        public StringBuffer getRequestURL() {
            return new StringBuffer(this.delegate.getRequestLine().getUri());
        }

        public String getRequestedSessionId() {
            return null;
        }

        public String getServletPath() {
            return null;
        }

        public HttpSession getSession() {
            return null;
        }

        public HttpSession getSession(boolean z) {
            return null;
        }

        public Principal getUserPrincipal() {
            return null;
        }

        public boolean isRequestedSessionIdFromCookie() {
            return false;
        }

        public boolean isRequestedSessionIdFromURL() {
            return false;
        }

        public boolean isRequestedSessionIdFromUrl() {
            return false;
        }

        public boolean isRequestedSessionIdValid() {
            return false;
        }

        public boolean isUserInRole(String str) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/floragunn/searchguard/enterprise/auth/saml/MockSamlIdpServer$SSLTestHttpServerConnection.class */
    public static class SSLTestHttpServerConnection extends DefaultBHttpServerConnection {
        public SSLTestHttpServerConnection(int i, int i2, CharsetDecoder charsetDecoder, CharsetEncoder charsetEncoder, MessageConstraints messageConstraints, ContentLengthStrategy contentLengthStrategy, ContentLengthStrategy contentLengthStrategy2, HttpMessageParserFactory<HttpRequest> httpMessageParserFactory, HttpMessageWriterFactory<HttpResponse> httpMessageWriterFactory) {
            super(i, i2, charsetDecoder, charsetEncoder, messageConstraints, contentLengthStrategy, contentLengthStrategy2, httpMessageParserFactory, httpMessageWriterFactory);
        }

        public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
            return ((SSLSocket) getSocket()).getSession().getPeerCertificates();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MockSamlIdpServer() throws IOException {
        this(false, ENTITY_ID, null);
    }

    MockSamlIdpServer(boolean z, String str, String str2) throws IOException {
        this.baseId = 1;
        this.signResponses = true;
        this.retry = 0;
        this.ssl = z;
        this.idpEntityId = str;
        this.endpointQueryString = str2;
        this.port = PortAllocator.TCP.allocateSingle(MockSamlIdpServer.class.getName(), 2345);
        this.uri = (z ? "https" : "http") + "://localhost:" + this.port;
    }

    public MockSamlIdpServer start() throws IOException {
        try {
            loadSigningKeys("saml/kirk-keystore.jks", "kirk");
            ServerBootstrap registerHandler = ServerBootstrap.bootstrap().setListenerPort(this.port).registerHandler(CTX_METADATA, new HttpRequestHandler() { // from class: com.floragunn.searchguard.enterprise.auth.saml.MockSamlIdpServer.3
                @Override // org.apache.http.protocol.HttpRequestHandler
                public void handle(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws HttpException, IOException {
                    MockSamlIdpServer.this.handleMetadataRequest(httpRequest, httpResponse, httpContext);
                }
            }).registerHandler(CTX_SAML_SSO, new HttpRequestHandler() { // from class: com.floragunn.searchguard.enterprise.auth.saml.MockSamlIdpServer.2
                @Override // org.apache.http.protocol.HttpRequestHandler
                public void handle(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws HttpException, IOException {
                    MockSamlIdpServer.this.handleSsoRequest(httpRequest, httpResponse, httpContext);
                }
            }).registerHandler(CTX_SAML_SLO, new HttpRequestHandler() { // from class: com.floragunn.searchguard.enterprise.auth.saml.MockSamlIdpServer.1
                @Override // org.apache.http.protocol.HttpRequestHandler
                public void handle(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws HttpException, IOException {
                    MockSamlIdpServer.this.handleSloRequest(httpRequest, httpResponse, httpContext);
                }
            });
            if (this.ssl) {
                registerHandler = registerHandler.setSslContext(createSSLContext()).setSslSetupHandler(new SSLServerSetupHandler() { // from class: com.floragunn.searchguard.enterprise.auth.saml.MockSamlIdpServer.5
                    public void initialize(SSLServerSocket sSLServerSocket) throws SSLException {
                        sSLServerSocket.setNeedClientAuth(true);
                    }
                }).setConnectionFactory(new HttpConnectionFactory<DefaultBHttpServerConnection>() { // from class: com.floragunn.searchguard.enterprise.auth.saml.MockSamlIdpServer.4
                    private ConnectionConfig cconfig = ConnectionConfig.DEFAULT;

                    /* renamed from: createConnection, reason: merged with bridge method [inline-methods] */
                    public DefaultBHttpServerConnection m28createConnection(Socket socket) throws IOException {
                        SSLTestHttpServerConnection sSLTestHttpServerConnection = new SSLTestHttpServerConnection(this.cconfig.getBufferSize(), this.cconfig.getFragmentSizeHint(), ConnSupport.createDecoder(this.cconfig), ConnSupport.createEncoder(this.cconfig), this.cconfig.getMessageConstraints(), null, null, null, null);
                        sSLTestHttpServerConnection.bind(socket);
                        return sSLTestHttpServerConnection;
                    }
                });
            }
            this.httpServer = registerHandler.create();
            this.httpServer.start();
            return this;
        } catch (BindException e) {
            this.retry++;
            this.port = PortAllocator.TCP.allocateSingle(MockSamlIdpServer.class.getName(), 2345);
            this.uri = (this.ssl ? "https" : "http") + "://localhost:" + this.port;
            if (this.retry > 5) {
                throw e;
            }
            return start();
        }
    }

    public void shutdown() {
        if (this.httpServer != null) {
            this.httpServer.shutdown(5L, TimeUnit.SECONDS);
            this.httpServer = null;
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        shutdown();
    }

    public HttpServer getHttpServer() {
        return this.httpServer;
    }

    public String getUri() {
        return this.endpointQueryString != null ? this.uri + "?" + this.endpointQueryString : this.uri;
    }

    public String getMetadataUri() {
        return this.endpointQueryString != null ? this.uri + "/metadata?" + this.endpointQueryString : this.uri + "/metadata";
    }

    public String getSamlSsoUri() {
        return this.endpointQueryString != null ? this.uri + "/saml/sso?" + this.endpointQueryString : this.uri + "/saml/sso";
    }

    public String getSamlSloUri() {
        return this.endpointQueryString != null ? this.uri + "/saml/slo?" + this.endpointQueryString : this.uri + "/saml/slo";
    }

    public int getPort() {
        return this.port;
    }

    protected void handleMetadataRequest(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws HttpException, IOException {
        httpResponse.setStatusCode(200);
        httpResponse.setHeader("Cache-Control", "public, max-age=31536000");
        httpResponse.setHeader("Content-Type", "application/xml");
        httpResponse.setEntity(new StringEntity(createMetadata()));
    }

    protected void handleSsoRequest(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws HttpException, IOException {
        if ("GET".equalsIgnoreCase(httpRequest.getRequestLine().getMethod())) {
            handleSsoGetRequestBase(httpRequest);
        } else {
            httpResponse.setStatusCode(405);
        }
    }

    protected void handleSloRequest(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws HttpException, IOException {
        if ("GET".equalsIgnoreCase(httpRequest.getRequestLine().getMethod())) {
            handleSloGetRequestBase(httpRequest);
        } else {
            httpResponse.setStatusCode(405);
        }
    }

    public String handleSsoGetRequestURI(String str) {
        return handleSsoGetRequestBase(new BasicHttpRequest("GET", str));
    }

    public String handleSsoGetRequestBase(HttpRequest httpRequest) {
        try {
            FakeHttpServletRequest fakeHttpServletRequest = new FakeHttpServletRequest(httpRequest);
            HTTPRedirectDeflateDecoder hTTPRedirectDeflateDecoder = new HTTPRedirectDeflateDecoder();
            hTTPRedirectDeflateDecoder.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
            hTTPRedirectDeflateDecoder.setHttpServletRequest(fakeHttpServletRequest);
            hTTPRedirectDeflateDecoder.initialize();
            hTTPRedirectDeflateDecoder.decode();
            MessageContext messageContext = hTTPRedirectDeflateDecoder.getMessageContext();
            if (messageContext.getMessage() instanceof AuthnRequest) {
                return createSamlAuthResponse((AuthnRequest) messageContext.getMessage());
            }
            throw new RuntimeException("Expected AuthnRequest; received: " + String.valueOf(messageContext.getMessage()));
        } catch (URISyntaxException | ComponentInitializationException | MessageDecodingException e) {
            throw new RuntimeException(e);
        }
    }

    public String createUnsolicitedSamlResponse() {
        return createSamlAuthResponse(null);
    }

    public void handleSloGetRequestURI(String str) {
        handleSloGetRequestBase(new BasicHttpRequest("GET", str));
    }

    public void handleSloGetRequestBase(HttpRequest httpRequest) {
        try {
            FakeHttpServletRequest fakeHttpServletRequest = new FakeHttpServletRequest(httpRequest);
            HTTPRedirectDeflateDecoder hTTPRedirectDeflateDecoder = new HTTPRedirectDeflateDecoder();
            hTTPRedirectDeflateDecoder.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
            hTTPRedirectDeflateDecoder.setHttpServletRequest(fakeHttpServletRequest);
            hTTPRedirectDeflateDecoder.initialize();
            hTTPRedirectDeflateDecoder.decode();
            MessageContext messageContext = hTTPRedirectDeflateDecoder.getMessageContext();
            if (!(messageContext.getMessage() instanceof LogoutRequest)) {
                throw new RuntimeException("Expected LogoutRequest; received: " + String.valueOf(messageContext.getMessage()));
            }
            LogoutRequest logoutRequest = (LogoutRequest) messageContext.getMessage();
            SAML2HTTPRedirectDeflateSignatureSecurityHandler sAML2HTTPRedirectDeflateSignatureSecurityHandler = new SAML2HTTPRedirectDeflateSignatureSecurityHandler();
            SignatureValidationParameters signatureValidationParameters = new SignatureValidationParameters();
            SecurityParametersContext subcontext = messageContext.getSubcontext(SecurityParametersContext.class, true);
            SAMLPeerEntityContext subcontext2 = messageContext.getSubcontext(SAMLPeerEntityContext.class, true);
            subcontext2.setEntityId(this.idpEntityId);
            subcontext2.setRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
            messageContext.getSubcontext(SAMLProtocolContext.class, true).setProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
            signatureValidationParameters.setSignatureTrustEngine(buildSignatureTrustEngine(this.spSignatureCertificate));
            subcontext.setSignatureValidationParameters(signatureValidationParameters);
            sAML2HTTPRedirectDeflateSignatureSecurityHandler.setHttpServletRequestSupplier(() -> {
                return fakeHttpServletRequest;
            });
            sAML2HTTPRedirectDeflateSignatureSecurityHandler.initialize();
            sAML2HTTPRedirectDeflateSignatureSecurityHandler.invoke(messageContext);
            if (!this.authenticateUser.equals(logoutRequest.getNameID().getValue())) {
                throw new RuntimeException("Unexpected NameID in LogoutRequest: " + String.valueOf(logoutRequest));
            }
        } catch (URISyntaxException | ComponentInitializationException | MessageDecodingException | MessageHandlerException e) {
            throw new RuntimeException(e);
        }
    }

    private String createSamlAuthResponse(AuthnRequest authnRequest) {
        try {
            Response response = (Response) createSamlElement(Response.class);
            response.setID(nextId());
            if (authnRequest != null) {
                response.setInResponseTo(authnRequest.getID());
            }
            response.setVersion(SAMLVersion.VERSION_20);
            response.setStatus(createStatus("urn:oasis:names:tc:SAML:2.0:status:Success"));
            response.setIssueInstant(Instant.now());
            Assertion assertion = (Assertion) createSamlElement(Assertion.class);
            response.getAssertions().add(assertion);
            assertion.setID(nextId());
            assertion.setIssueInstant(Instant.now());
            assertion.setIssuer(createIssuer());
            AuthnStatement authnStatement = (AuthnStatement) createSamlElement(AuthnStatement.class);
            assertion.getAuthnStatements().add(authnStatement);
            authnStatement.setAuthnInstant(Instant.now());
            authnStatement.setSessionIndex(nextId());
            authnStatement.setAuthnContext(createAuthnCotext());
            Subject subject = (Subject) createSamlElement(Subject.class);
            assertion.setSubject(subject);
            subject.setNameID(createNameID("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", this.authenticateUser));
            if (authnRequest != null) {
                subject.getSubjectConfirmations().add(createSubjectConfirmation("urn:oasis:names:tc:SAML:2.0:cm:bearer", Instant.now().plusSeconds(60L), authnRequest.getID(), authnRequest.getAssertionConsumerServiceURL()));
            } else {
                subject.getSubjectConfirmations().add(createSubjectConfirmation("urn:oasis:names:tc:SAML:2.0:cm:bearer", Instant.now().plusSeconds(60L), null, this.defaultAssertionConsumerService));
            }
            Conditions conditions = (Conditions) createSamlElement(Conditions.class);
            assertion.setConditions(conditions);
            conditions.setNotBefore(Instant.now());
            conditions.setNotOnOrAfter(Instant.now().plus(1L, (TemporalUnit) ChronoUnit.MINUTES));
            if (this.authenticateUserRoles != null) {
                AttributeStatement attributeStatement = (AttributeStatement) createSamlElement(AttributeStatement.class);
                assertion.getAttributeStatements().add(attributeStatement);
                Attribute attribute = (Attribute) createSamlElement(Attribute.class);
                attributeStatement.getAttributes().add(attribute);
                attribute.setName(TestJwts.ROLES_CLAIM);
                attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:basic");
                Iterator<String> it = this.authenticateUserRoles.iterator();
                while (it.hasNext()) {
                    attribute.getAttributeValues().add(createXSAny(AttributeValue.DEFAULT_ELEMENT_NAME, it.next()));
                }
            }
            if (this.signResponses) {
                Signature signature = (Signature) createSamlElement(Signature.class);
                assertion.setSignature(signature);
                signature.setSigningCredential(this.signingCredential);
                signature.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
                signature.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
                XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(assertion).marshall(assertion);
                Signer.signObject(signature);
            }
            return Base64Support.encode(marshallSamlXml(response).getBytes("UTF-8"), false);
        } catch (MarshallingException | SignatureException | UnsupportedEncodingException | EncodingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public static <T> T createSamlElement(Class<T> cls) {
        try {
            XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
            QName qName = (QName) cls.getDeclaredField("DEFAULT_ELEMENT_NAME").get(null);
            return (T) builderFactory.getBuilder(qName).buildObject(qName);
        } catch (IllegalAccessException | IllegalArgumentException | NoSuchFieldException | SecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public XSAny createXSAny(QName qName, String str) {
        XSAny buildObject = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(XSAny.TYPE_NAME).buildObject(qName);
        buildObject.setTextContent(str);
        return buildObject;
    }

    private NameIDFormat createNameIDFormat(String str) {
        NameIDFormat nameIDFormat = (NameIDFormat) createSamlElement(NameIDFormat.class);
        nameIDFormat.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        return nameIDFormat;
    }

    private Status createStatus(String str) {
        Status status = (Status) createSamlElement(Status.class);
        StatusCode statusCode = (StatusCode) createSamlElement(StatusCode.class);
        statusCode.setValue(str);
        status.setStatusCode(statusCode);
        return status;
    }

    private NameID createNameID(String str, String str2) {
        NameID nameID = (NameID) createSamlElement(NameID.class);
        nameID.setFormat(str);
        nameID.setValue(str2);
        return nameID;
    }

    private SubjectConfirmation createSubjectConfirmation(String str, Instant instant, String str2, String str3) {
        SubjectConfirmation subjectConfirmation = (SubjectConfirmation) createSamlElement(SubjectConfirmation.class);
        subjectConfirmation.setMethod(str);
        SubjectConfirmationData subjectConfirmationData = (SubjectConfirmationData) createSamlElement(SubjectConfirmationData.class);
        subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
        subjectConfirmationData.setInResponseTo(str2);
        subjectConfirmationData.setNotOnOrAfter(instant);
        subjectConfirmationData.setRecipient(str3);
        return subjectConfirmation;
    }

    private Issuer createIssuer() {
        Issuer issuer = (Issuer) createSamlElement(Issuer.class);
        issuer.setValue(this.idpEntityId);
        return issuer;
    }

    private AuthnContext createAuthnCotext() {
        AuthnContext authnContext = (AuthnContext) createSamlElement(AuthnContext.class);
        AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) createSamlElement(AuthnContextClassRef.class);
        authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
        authnContext.setAuthnContextClassRef(authnContextClassRef);
        return authnContext;
    }

    public String createMetadata() {
        try {
            EntityDescriptor entityDescriptor = (EntityDescriptor) createSamlElement(EntityDescriptor.class);
            entityDescriptor.setEntityID(this.idpEntityId);
            IDPSSODescriptor iDPSSODescriptor = (IDPSSODescriptor) createSamlElement(IDPSSODescriptor.class);
            entityDescriptor.getRoleDescriptors().add(iDPSSODescriptor);
            iDPSSODescriptor.setWantAuthnRequestsSigned(Boolean.valueOf(this.wantAuthnRequestsSigned));
            iDPSSODescriptor.addSupportedProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
            SingleLogoutService singleLogoutService = (SingleLogoutService) createSamlElement(SingleLogoutService.class);
            iDPSSODescriptor.getSingleLogoutServices().add(singleLogoutService);
            singleLogoutService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
            singleLogoutService.setLocation(getSamlSloUri());
            iDPSSODescriptor.getNameIDFormats().add(createNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"));
            SingleSignOnService singleSignOnService = (SingleSignOnService) createSamlElement(SingleSignOnService.class);
            iDPSSODescriptor.getSingleSignOnServices().add(singleSignOnService);
            singleSignOnService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
            singleSignOnService.setLocation(getSamlSsoUri());
            X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
            x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
            KeyInfoGenerator newInstance = x509KeyInfoGeneratorFactory.newInstance();
            KeyDescriptor keyDescriptor = (KeyDescriptor) createSamlElement(KeyDescriptor.class);
            iDPSSODescriptor.getKeyDescriptors().add(keyDescriptor);
            keyDescriptor.setUse(UsageType.SIGNING);
            keyDescriptor.setKeyInfo(newInstance.generate(new BasicX509Credential(this.signingCertificate)));
            return marshallSamlXml(entityDescriptor);
        } catch (SecurityException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private String marshallSamlXml(XMLObject xMLObject) {
        try {
            Document newDocument = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
            XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(xMLObject).marshall(xMLObject, newDocument);
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            DOMSource dOMSource = new DOMSource(newDocument);
            StringWriter stringWriter = new StringWriter();
            newTransformer.transform(dOMSource, new StreamResult(stringWriter));
            return stringWriter.toString();
        } catch (ParserConfigurationException | MarshallingException | TransformerException | TransformerFactoryConfigurationError e) {
            throw new RuntimeException(e);
        }
    }

    private SignatureTrustEngine buildSignatureTrustEngine(X509Certificate x509Certificate) {
        return new ExplicitKeySignatureTrustEngine(new StaticCredentialResolver(new BasicX509Credential(x509Certificate)), new StaticKeyInfoCredentialResolver(new BasicX509Credential(x509Certificate)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void loadSigningKeys(String str, String str2) {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(FileHelper.getAbsoluteFilePathFromClassPath(str).toFile()), "changeit".toCharArray());
            keyManagerFactory.init(keyStore, "changeit".toCharArray());
            this.signingCertificate = (X509Certificate) keyStore.getCertificate(str2);
            this.signingCredential = new BasicX509Credential(this.signingCertificate, (PrivateKey) keyStore.getKey(str2, "changeit".toCharArray()));
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    private SSLContext createSSLContext() {
        if (!this.ssl) {
            return null;
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(FileHelper.getAbsoluteFilePathFromClassPath("jwt/truststore.jks").toFile()), "changeit".toCharArray());
            trustManagerFactory.init(keyStore);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore2 = KeyStore.getInstance("JKS");
            keyStore2.load(new FileInputStream(FileHelper.getAbsoluteFilePathFromClassPath("jwt/node-0-keystore.jks").toFile()), "changeit".toCharArray());
            keyManagerFactory.init(keyStore2, "changeit".toCharArray());
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            return sSLContext;
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    private String nextId() {
        int i = this.baseId;
        this.baseId = i + 1;
        return "MOCKSAML_" + i;
    }

    public String getIdpEntityId() {
        return this.idpEntityId;
    }

    public String getAuthenticateUser() {
        return this.authenticateUser;
    }

    public void setAuthenticateUser(String str) {
        this.authenticateUser = str;
    }

    public List<String> getAuthenticateUserRoles() {
        return this.authenticateUserRoles;
    }

    public void setAuthenticateUserRoles(List<String> list) {
        this.authenticateUserRoles = list;
    }

    public boolean isSignResponses() {
        return this.signResponses;
    }

    public void setSignResponses(boolean z) {
        this.signResponses = z;
    }

    public X509Certificate getSpSignatureCertificate() {
        return this.spSignatureCertificate;
    }

    public void setSpSignatureCertificate(X509Certificate x509Certificate) {
        this.spSignatureCertificate = x509Certificate;
    }

    public String getEndpointQueryString() {
        return this.endpointQueryString;
    }

    public void setEndpointQueryString(String str) {
        this.endpointQueryString = str;
    }

    public String getDefaultAssertionConsumerService() {
        return this.defaultAssertionConsumerService;
    }

    public void setDefaultAssertionConsumerService(String str) {
        this.defaultAssertionConsumerService = str;
    }
}
