package de.adorsys.saml.idp;

import de.adorsys.saml.idp.nl.surfnet.mujina.AssertionGenerator;
import de.adorsys.saml.idp.nl.surfnet.mujina.StatusGenerator;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.util.Enumeration;
import java.util.UUID;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.runtime.RuntimeConstants;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.impl.IssuerBuilder;
import org.opensaml.saml2.core.impl.ResponseBuilder;
import org.opensaml.saml2.metadata.AuthzService;
import org.opensaml.saml2.metadata.impl.AuthzServiceBuilder;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@WebServlet(urlPatterns = {"/*"})
/* loaded from: input_file:WEB-INF/classes/de/adorsys/saml/idp/IdpServlet.class */
public class IdpServlet extends HttpServlet {
    private static final long serialVersionUID = -4726333893148785903L;
    private static final Logger LOG = LoggerFactory.getLogger(IdpServlet.class);
    private XMLObjectBuilderFactory builderFactory;
    private String idpUrl = "http://docker:8081/saml.idp";
    private String idpEntityName = "saml.idp";
    protected KeyStoreX509CredentialAdapter credential;
    private AssertionGenerator assertionGenerator;
    private StatusGenerator statusGenerator;
    private VelocityEngine velocityEngine;

    public void init() throws ServletException {
        super.init();
        try {
            DefaultBootstrap.bootstrap();
            this.builderFactory = Configuration.getBuilderFactory();
            initVelocityEngine();
            KeyStore loadKeyStore = loadKeyStore("/opt/jboss/standalone/certs/saml.idp.keystore", "jks", "storepass".toCharArray());
            try {
                Enumeration<String> aliases = loadKeyStore.aliases();
                while (aliases.hasMoreElements()) {
                    LOG.debug("Key alias: " + aliases.nextElement());
                }
                String str = this.idpEntityName;
                char[] charArray = "keypass".toCharArray();
                try {
                    if (loadKeyStore.getKey(str, charArray) == null) {
                        throw new IllegalStateException("can not read saml signing key. ");
                    }
                    this.credential = new KeyStoreX509CredentialAdapter(loadKeyStore, str, charArray);
                    this.assertionGenerator = new AssertionGenerator(this.idpEntityName);
                    this.statusGenerator = new StatusGenerator();
                } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                    throw new IllegalStateException(e);
                }
            } catch (Exception e2) {
                throw new IllegalStateException(e2);
            }
        } catch (ConfigurationException e3) {
            throw new IllegalStateException(e3);
        }
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        BasicSAMLMessageContext basicSAMLMessageContext = new BasicSAMLMessageContext();
        basicSAMLMessageContext.setInboundMessageTransport(new HttpServletRequestAdapter(httpServletRequest));
        try {
            new HTTPPostDecoder().decode(basicSAMLMessageContext);
            AuthnRequest authnRequest = (AuthnRequest) basicSAMLMessageContext.getInboundSAMLMessage();
            String assertionConsumerServiceURL = authnRequest.getAssertionConsumerServiceURL();
            Response generateAuthnResponse = generateAuthnResponse(assertionConsumerServiceURL, "adreas.boetscher", "GA_DIKS_STU_CM_BENUTZERKONTEN,XXXY", assertionConsumerServiceURL, 300, authnRequest.getID(), new DateTime());
            BasicSAMLMessageContext basicSAMLMessageContext2 = new BasicSAMLMessageContext();
            basicSAMLMessageContext2.setInboundMessage(authnRequest);
            basicSAMLMessageContext2.setOutboundSAMLMessage(generateAuthnResponse);
            basicSAMLMessageContext2.setOutboundSAMLMessageSigningCredential(this.credential);
            AuthzService mo1731buildObject = new AuthzServiceBuilder().mo1731buildObject();
            mo1731buildObject.setLocation(assertionConsumerServiceURL);
            basicSAMLMessageContext2.setPeerEntityEndpoint(mo1731buildObject);
            basicSAMLMessageContext2.setRelayState(basicSAMLMessageContext.getRelayState());
            basicSAMLMessageContext2.setOutboundMessageTransport(new HttpServletResponseAdapter(httpServletResponse, StringUtils.containsIgnoreCase(this.idpUrl, "https://")));
            try {
                new DiksHttpPostEncoder(this.velocityEngine, "templates/saml2-post-binding.vm").encode(basicSAMLMessageContext2);
            } catch (MessageEncodingException e) {
                throw new IllegalStateException(e);
            }
        } catch (MessageDecodingException | SecurityException e2) {
            throw new IllegalStateException(e2);
        }
    }

    public Response generateAuthnResponse(String str, String str2, String str3, String str4, int i, String str5, DateTime dateTime) {
        Response mo1731buildObject = ((ResponseBuilder) this.builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME)).mo1731buildObject();
        Issuer mo1731buildObject2 = new IssuerBuilder().mo1731buildObject();
        mo1731buildObject2.setValue(this.idpUrl);
        Assertion generateAssertion = this.assertionGenerator.generateAssertion(str, str2, str3, str4, i, str5, dateTime, this.idpUrl);
        mo1731buildObject.setIssuer(mo1731buildObject2);
        mo1731buildObject.setID(UUID.randomUUID().toString());
        mo1731buildObject.setIssueInstant(new DateTime());
        mo1731buildObject.setInResponseTo(str5);
        mo1731buildObject.getAssertions().add(generateAssertion);
        mo1731buildObject.setDestination(str4);
        mo1731buildObject.setStatus(this.statusGenerator.generateStatus(StatusCode.SUCCESS_URI));
        return mo1731buildObject;
    }

    private KeyStore loadKeyStore(String str, String str2, char[] cArr) {
        try {
            if (StringUtils.isBlank(str2)) {
                str2 = KeyStore.getDefaultType();
            }
            KeyStore keyStore = KeyStore.getInstance(str2);
            FileInputStream fileInputStream = null;
            try {
                fileInputStream = new FileInputStream(str);
                keyStore.load(fileInputStream, cArr);
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                return keyStore;
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private void initVelocityEngine() {
        this.velocityEngine = new VelocityEngine();
        this.velocityEngine.setProperty("ISO-8859-1", "UTF-8");
        this.velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
        this.velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
        this.velocityEngine.setProperty("classpath.resource.loader.class", "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
        try {
            this.velocityEngine.init();
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }
}
