package org.jasig.cas.client.validation;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apache.maven.model.interpolation.MavenBuildTimestamp;
import org.jasig.cas.client.authentication.AttributePrincipalImpl;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAttribute;
import org.opensaml.SAMLAttributeStatement;
import org.opensaml.SAMLAuthenticationStatement;
import org.opensaml.SAMLException;
import org.opensaml.SAMLResponse;
import org.opensaml.SAMLStatement;
import org.opensaml.SAMLSubject;
import org.springframework.security.cas.SamlServiceProperties;
import org.springframework.security.cas.ServiceProperties;

/* loaded from: input_file:WEB-INF/lib/cas-client-core-3.1.10.jar:org/jasig/cas/client/validation/Saml11TicketValidator.class */
public final class Saml11TicketValidator extends AbstractUrlBasedTicketValidator {
    private long tolerance;

    public Saml11TicketValidator(String str) {
        super(str);
        this.tolerance = 1000L;
    }

    @Override // org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator
    protected String getUrlSuffix() {
        return "samlValidate";
    }

    @Override // org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator
    protected void populateUrlAttributeMap(Map map) {
        String str = (String) map.get(ServiceProperties.DEFAULT_CAS_SERVICE_PARAMETER);
        map.remove(ServiceProperties.DEFAULT_CAS_SERVICE_PARAMETER);
        map.remove(ServiceProperties.DEFAULT_CAS_ARTIFACT_PARAMETER);
        map.put(SamlServiceProperties.DEFAULT_SAML_SERVICE_PARAMETER, str);
    }

    @Override // org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator
    protected Assertion parseResponseFromServer(String str) throws TicketValidationException {
        try {
            String substring = str.substring(str.indexOf("<SOAP-ENV:Body>") + 15);
            SAMLResponse sAMLResponse = new SAMLResponse(new ByteArrayInputStream(substring.substring(0, substring.indexOf("</SOAP-ENV:Body>")).getBytes()));
            if (!sAMLResponse.getAssertions().hasNext()) {
                throw new TicketValidationException("No assertions found.");
            }
            Iterator assertions = sAMLResponse.getAssertions();
            while (assertions.hasNext()) {
                SAMLAssertion sAMLAssertion = (SAMLAssertion) assertions.next();
                if (isValidAssertion(sAMLAssertion)) {
                    SAMLAuthenticationStatement sAMLAuthenticationStatement = getSAMLAuthenticationStatement(sAMLAssertion);
                    if (sAMLAuthenticationStatement == null) {
                        throw new TicketValidationException("No AuthentiationStatement found in SAML Assertion.");
                    }
                    SAMLSubject subject = sAMLAuthenticationStatement.getSubject();
                    if (subject == null) {
                        throw new TicketValidationException("No Subject found in SAML Assertion.");
                    }
                    SAMLAttribute[] attributesFor = getAttributesFor(sAMLAssertion, subject);
                    HashMap hashMap = new HashMap();
                    for (SAMLAttribute sAMLAttribute : attributesFor) {
                        List valuesFrom = getValuesFrom(sAMLAttribute);
                        hashMap.put(sAMLAttribute.getName(), valuesFrom.size() == 1 ? valuesFrom.get(0) : valuesFrom);
                    }
                    AttributePrincipalImpl attributePrincipalImpl = new AttributePrincipalImpl(subject.getNameIdentifier().getName(), hashMap);
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put("samlAuthenticationStatement::authMethod", sAMLAuthenticationStatement.getAuthMethod());
                    return new AssertionImpl(attributePrincipalImpl, hashMap2);
                }
            }
            throw new TicketValidationException("No valid assertions from the SAML response found.");
        } catch (SAMLException e) {
            throw new TicketValidationException((Throwable) e);
        }
    }

    private boolean isValidAssertion(SAMLAssertion sAMLAssertion) {
        Date notBefore = sAMLAssertion.getNotBefore();
        Date notOnOrAfter = sAMLAssertion.getNotOnOrAfter();
        if (sAMLAssertion.getNotBefore() == null || sAMLAssertion.getNotOnOrAfter() == null) {
            this.log.debug("Assertion has no bounding dates. Will not process.");
            return false;
        }
        long time = new Date().getTime();
        if (time + this.tolerance < notBefore.getTime()) {
            this.log.debug("skipping assertion that's not yet valid...");
            return false;
        }
        if (notOnOrAfter.getTime() > time - this.tolerance) {
            return true;
        }
        this.log.debug("skipping expired assertion...");
        return false;
    }

    private SAMLAuthenticationStatement getSAMLAuthenticationStatement(SAMLAssertion sAMLAssertion) {
        Iterator statements = sAMLAssertion.getStatements();
        while (statements.hasNext()) {
            SAMLAuthenticationStatement sAMLAuthenticationStatement = (SAMLStatement) statements.next();
            if (sAMLAuthenticationStatement instanceof SAMLAuthenticationStatement) {
                return sAMLAuthenticationStatement;
            }
        }
        return null;
    }

    private SAMLAttribute[] getAttributesFor(SAMLAssertion sAMLAssertion, SAMLSubject sAMLSubject) {
        ArrayList arrayList = new ArrayList();
        Iterator statements = sAMLAssertion.getStatements();
        while (statements.hasNext()) {
            SAMLAttributeStatement sAMLAttributeStatement = (SAMLStatement) statements.next();
            if (sAMLAttributeStatement instanceof SAMLAttributeStatement) {
                SAMLAttributeStatement sAMLAttributeStatement2 = sAMLAttributeStatement;
                if (sAMLSubject.getNameIdentifier().getName().equals(sAMLAttributeStatement2.getSubject().getNameIdentifier().getName())) {
                    Iterator attributes = sAMLAttributeStatement2.getAttributes();
                    while (attributes.hasNext()) {
                        arrayList.add(attributes.next());
                    }
                }
            }
        }
        return (SAMLAttribute[]) arrayList.toArray(new SAMLAttribute[arrayList.size()]);
    }

    private List getValuesFrom(SAMLAttribute sAMLAttribute) {
        ArrayList arrayList = new ArrayList();
        Iterator values = sAMLAttribute.getValues();
        while (values.hasNext()) {
            arrayList.add(values.next());
        }
        return arrayList;
    }

    private static String getFormattedDateAndTime(Date date) {
        return new SimpleDateFormat(MavenBuildTimestamp.DEFAULT_BUILD_TIMESTAMP_FORMAT).format(date);
    }

    @Override // org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator
    protected String retrieveResponseFromServer(URL url, String str) {
        String stringBuffer;
        String stringBuffer2 = new StringBuffer().append("<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\"  MajorVersion=\"1\" MinorVersion=\"1\" RequestID=\"").append(UUID.randomUUID().toString()).append("\" IssueInstant=\"").append(getFormattedDateAndTime(new Date())).append("\">").append("<samlp:AssertionArtifact>").append(str).append("</samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope>").toString();
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                httpURLConnection = (HttpURLConnection) url.openConnection();
                httpURLConnection.setRequestMethod("POST");
                httpURLConnection.setRequestProperty("Content-Type", "text/xml");
                httpURLConnection.setRequestProperty("Content-Length", Integer.toString(stringBuffer2.length()));
                httpURLConnection.setRequestProperty("SOAPAction", "http://www.oasis-open.org/committees/security");
                httpURLConnection.setUseCaches(false);
                httpURLConnection.setDoInput(true);
                httpURLConnection.setDoOutput(true);
                DataOutputStream dataOutputStream = new DataOutputStream(httpURLConnection.getOutputStream());
                dataOutputStream.writeBytes(stringBuffer2);
                dataOutputStream.flush();
                dataOutputStream.close();
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
                StringBuffer stringBuffer3 = new StringBuffer(256);
                synchronized (stringBuffer3) {
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        stringBuffer3.append(readLine);
                    }
                    stringBuffer = stringBuffer3.toString();
                }
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                return stringBuffer;
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    public void setTolerance(long j) {
        this.tolerance = j;
    }
}
