package org.wso2.carbon.hostobjects.sso;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import javax.script.ScriptException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.mozilla.javascript.Context;
import org.mozilla.javascript.Function;
import org.mozilla.javascript.Scriptable;
import org.mozilla.javascript.ScriptableObject;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.SessionIndex;
import org.opensaml.saml2.core.Subject;
import org.wso2.carbon.hostobjects.sso.internal.SSOConstants;
import org.wso2.carbon.hostobjects.sso.internal.SessionInfo;
import org.wso2.carbon.hostobjects.sso.internal.builder.AuthReqBuilder;
import org.wso2.carbon.hostobjects.sso.internal.builder.LogoutRequestBuilder;
import org.wso2.carbon.hostobjects.sso.internal.util.Util;

/* loaded from: input_file:org/wso2/carbon/hostobjects/sso/SAMLSSORelyingPartyObject.class */
public class SAMLSSORelyingPartyObject extends ScriptableObject {
    private Properties ssoConfigProperties = new Properties();
    private String loggedInUserName;
    private static final Log log = LogFactory.getLog(SAMLSSORelyingPartyObject.class);
    private static Map<String, String> relayStateMap = new HashMap();
    private static Map<String, SAMLSSORelyingPartyObject> ssoRelyingPartyMap = new HashMap();
    private static Map<String, SessionInfo> sessionIdMap = new ConcurrentHashMap();

    public String getClassName() {
        return "SSORelyingParty";
    }

    public static Scriptable jsConstructor(Context context, Object[] objArr, Function function, boolean z) throws Exception {
        if (objArr.length != 1 || !(objArr[0] instanceof String)) {
            throw new ScriptException("Invalid arguments!, IssuerId is missing in parameters.");
        }
        SAMLSSORelyingPartyObject sAMLSSORelyingPartyObject = ssoRelyingPartyMap.get((String) objArr[0]);
        if (sAMLSSORelyingPartyObject == null) {
            sAMLSSORelyingPartyObject = new SAMLSSORelyingPartyObject();
            sAMLSSORelyingPartyObject.setSSOProperty(SSOConstants.ISSUER_ID, (String) objArr[0]);
            ssoRelyingPartyMap.put((String) objArr[0], sAMLSSORelyingPartyObject);
        }
        return sAMLSSORelyingPartyObject;
    }

    public static boolean jsFunction_validateSignature(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
        if (objArr.length != 1 || !(objArr[0] instanceof String)) {
            throw new ScriptException("Invalid argument. SAML response is missing.");
        }
        Response unmarshall = Util.unmarshall(Util.decode((String) objArr[0]));
        String domainName = Util.getDomainName(unmarshall);
        int tenantId = Util.getRealmService().getTenantManager().getTenantId(domainName);
        if (!(unmarshall instanceof Response)) {
            if (!log.isWarnEnabled()) {
                return false;
            }
            log.warn("SAML response in signature validation is not a SAML Response.");
            return false;
        }
        Response response = unmarshall;
        SAMLSSORelyingPartyObject sAMLSSORelyingPartyObject = (SAMLSSORelyingPartyObject) scriptable;
        boolean validateSignature = Util.validateSignature(response, sAMLSSORelyingPartyObject.getSSOProperty(SSOConstants.KEY_STORE_NAME), sAMLSSORelyingPartyObject.getSSOProperty(SSOConstants.KEY_STORE_PASSWORD), sAMLSSORelyingPartyObject.getSSOProperty(SSOConstants.IDP_ALIAS), tenantId, domainName);
        if (!validateSignature && !"carbon.super".equals(domainName)) {
            validateSignature = Util.validateSignature(response, sAMLSSORelyingPartyObject.getSSOProperty(SSOConstants.KEY_STORE_NAME), sAMLSSORelyingPartyObject.getSSOProperty(SSOConstants.KEY_STORE_PASSWORD), sAMLSSORelyingPartyObject.getSSOProperty(SSOConstants.IDP_ALIAS), -1234, "carbon.super");
        }
        return validateSignature;
    }

    public static boolean jsFunction_isLogoutRequest(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
        if (objArr.length == 1 && (objArr[0] instanceof String)) {
            return Util.unmarshall(Util.decode((String) objArr[0])) instanceof LogoutRequest;
        }
        throw new ScriptException("Invalid argument. Logout request xml is missing.");
    }

    public static boolean jsFunction_isLogoutResponse(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
        if (objArr.length == 1 && (objArr[0] instanceof String)) {
            return Util.unmarshall(Util.decode((String) objArr[0])) instanceof LogoutResponse;
        }
        throw new ScriptException("Invalid argument. Logout response xml is missing.");
    }

    public static String jsFunction_encode(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
        if (objArr.length == 1 && (objArr[0] instanceof String)) {
            return Util.encode((String) objArr[0]);
        }
        throw new ScriptException("Invalid argument. String to be encoded is missing.");
    }

    public static String jsFunction_getSAMLToken(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
        if (objArr.length != 1 || !(objArr[0] instanceof String)) {
            throw new ScriptException("Invalid argument. Session Id is missing.");
        }
        SessionInfo sessionInfo = ((SAMLSSORelyingPartyObject) scriptable).getSessionInfo((String) objArr[0]);
        if (sessionInfo != null) {
            return sessionInfo.getSamlToken();
        }
        return null;
    }

    public static String jsFunction_decode(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
        if (objArr.length == 1 && (objArr[0] instanceof String)) {
            return Util.decode((String) objArr[0]);
        }
        throw new ScriptException("Invalid argument. String to be decoded is missing.");
    }

    public static String jsFunction_getUUID(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
        return UUID.randomUUID().toString();
    }

    public static String jsFunction_getSAMLAuthRequest(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
        return Util.marshall(new AuthReqBuilder().buildAuthenticationRequest(((SAMLSSORelyingPartyObject) scriptable).getSSOProperty(SSOConstants.ISSUER_ID)));
    }

    public static String jsFunction_getSAMLLogoutRequest(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
        if (objArr.length != 2 || (!(objArr[0] instanceof String) && (objArr[1] instanceof String))) {
            throw new ScriptException("Invalid argument. The user to be logout is missing.");
        }
        SAMLSSORelyingPartyObject sAMLSSORelyingPartyObject = (SAMLSSORelyingPartyObject) scriptable;
        return Util.marshall(new LogoutRequestBuilder().buildLogoutRequest((String) objArr[0], sAMLSSORelyingPartyObject.getSessionInfo((String) objArr[1]).getSessionIndex(), SSOConstants.LOGOUT_USER, sAMLSSORelyingPartyObject.getSSOProperty(SSOConstants.ISSUER_ID)));
    }

    public static String jsFunction_getSAMLResponseNameId(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
        List assertions;
        Subject subject;
        if (objArr.length != 1 || !(objArr[0] instanceof String)) {
            throw new ScriptException("Invalid argument. The SAML response is missing.");
        }
        Response unmarshall = Util.unmarshall(Util.decode((String) objArr[0]));
        String str = null;
        if ((unmarshall instanceof Response) && (assertions = unmarshall.getAssertions()) != null && assertions.size() > 0 && (subject = ((Assertion) assertions.get(0)).getSubject()) != null && subject.getNameID() != null) {
            str = subject.getNameID().getValue();
        }
        if (str == null) {
            throw new Exception("Failed to get subject assertion from SAML response.");
        }
        return str;
    }

    public static void jsFunction_setProperty(Context context, Scriptable scriptable, Object[] objArr, Function function) throws ScriptException {
        if (objArr.length != 2 || !(objArr[0] instanceof String) || !(objArr[1] instanceof String)) {
            throw new ScriptException("Invalid arguments when setting sso configuration values.");
        }
        ((SAMLSSORelyingPartyObject) scriptable).setSSOProperty((String) objArr[0], (String) objArr[1]);
    }

    public static boolean jsFunction_isSessionAuthenticated(Context context, Scriptable scriptable, Object[] objArr, Function function) throws ScriptException {
        if (objArr.length == 1 && (objArr[0] instanceof String)) {
            return ((SAMLSSORelyingPartyObject) scriptable).isSessionIdExists((String) objArr[0]);
        }
        throw new ScriptException("Invalid argument. Session id is missing.");
    }

    public static String jsFunction_getIdentitySessionId(Context context, Scriptable scriptable, Object[] objArr, Function function) throws ScriptException {
        String str = null;
        if (objArr.length != 1 || !(objArr[0] instanceof String)) {
            throw new ScriptException("Invalid argument. Session id is missing.");
        }
        SessionInfo sessionInfo = ((SAMLSSORelyingPartyObject) scriptable).getSessionInfo((String) objArr[0]);
        if (sessionInfo != null) {
            str = sessionInfo.getSessionId();
        }
        return str;
    }

    public static String jsFunction_getLoggedInUser(Context context, Scriptable scriptable, Object[] objArr, Function function) throws ScriptException {
        if (objArr.length != 1 || !(objArr[0] instanceof String)) {
            throw new ScriptException("Invalid argument. Session id is missing.");
        }
        SessionInfo sessionInfo = ((SAMLSSORelyingPartyObject) scriptable).getSessionInfo((String) objArr[0]);
        String str = null;
        if (sessionInfo != null && sessionInfo.getLoggedInUser() != null) {
            str = sessionInfo.getLoggedInUser();
        }
        return str;
    }

    public static void jsFunction_invalidateSessionBySAMLResponse(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
        List sessionIndexes;
        if (objArr.length != 1 || !(objArr[0] instanceof String)) {
            throw new ScriptException("Invalid argument. SAML log out request is missing.");
        }
        SAMLSSORelyingPartyObject sAMLSSORelyingPartyObject = (SAMLSSORelyingPartyObject) scriptable;
        LogoutRequest unmarshall = Util.unmarshall(Util.decode((String) objArr[0]));
        String str = null;
        if ((unmarshall instanceof LogoutRequest) && (sessionIndexes = unmarshall.getSessionIndexes()) != null && sessionIndexes.size() > 0) {
            str = ((SessionIndex) sessionIndexes.get(0)).getSessionIndex();
        }
        if (str == null) {
            throw new Exception("Failed to get session index from session indexes in SAML logout request.");
        }
        sAMLSSORelyingPartyObject.invalidateSessionBySessionIndex(str);
        invalidateRelyingPartyObject(sAMLSSORelyingPartyObject.getSSOProperty(SSOConstants.ISSUER_ID));
    }

    public static void jsFunction_invalidateSessionBySessionId(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
        if (objArr.length != 1 || !(objArr[0] instanceof String)) {
            throw new ScriptException("Invalid argument. Session id is missing.");
        }
        SAMLSSORelyingPartyObject sAMLSSORelyingPartyObject = (SAMLSSORelyingPartyObject) scriptable;
        sAMLSSORelyingPartyObject.invalidateSessionBySessionId((String) objArr[0]);
        invalidateRelyingPartyObject(sAMLSSORelyingPartyObject.getSSOProperty(SSOConstants.ISSUER_ID));
    }

    public static void jsFunction_setSessionAuthenticated(Context context, Scriptable scriptable, Object[] objArr, Function function) throws Exception {
        Subject subject;
        AuthnStatement authnStatement;
        if (objArr.length != 2 || !(objArr[0] instanceof String) || !(objArr[1] instanceof String)) {
            throw new ScriptException("Invalid argument. Current session id and SAML response are missing.");
        }
        SAMLSSORelyingPartyObject sAMLSSORelyingPartyObject = (SAMLSSORelyingPartyObject) scriptable;
        Response unmarshall = Util.unmarshall(Util.decode((String) objArr[1]));
        String str = null;
        String str2 = null;
        if (unmarshall instanceof Response) {
            List assertions = unmarshall.getAssertions();
            if (assertions != null && assertions.size() > 0 && (authnStatement = (AuthnStatement) ((Assertion) assertions.get(0)).getAuthnStatements().get(0)) != null && authnStatement.getSessionIndex() != null) {
                str = authnStatement.getSessionIndex();
            }
            if (assertions != null && assertions.size() > 0 && (subject = ((Assertion) assertions.get(0)).getSubject()) != null && subject.getNameID() != null) {
                str2 = subject.getNameID().getValue();
            }
        }
        if (str == null) {
            throw new Exception("Failed to get session index from authentication statement in SAML response.");
        }
        if (str2 == null) {
            throw new Exception("Failed to get subject assertion from SAML response.");
        }
        SessionInfo sessionInfo = new SessionInfo((String) objArr[0]);
        sessionInfo.setSessionIndex(str);
        sessionInfo.setLoggedInUser(str2);
        sessionInfo.setSamlToken((String) objArr[1]);
        sAMLSSORelyingPartyObject.addSessionInfo(sessionInfo);
    }

    public static String jsFunction_getProperty(Context context, Scriptable scriptable, Object[] objArr, Function function) throws ScriptException {
        if (objArr.length == 1 && (objArr[0] instanceof String)) {
            return ((SAMLSSORelyingPartyObject) scriptable).getSSOProperty((String) objArr[0]);
        }
        throw new ScriptException("Invalid argument. SSO configuratin key is missing.");
    }

    public static void jsFunction_setRelayStateProperty(Context context, Scriptable scriptable, Object[] objArr, Function function) throws ScriptException {
        if (objArr.length != 2 || !(objArr[0] instanceof String) || !(objArr[1] instanceof String)) {
            throw new ScriptException("Invalid argument. RelayState and requested URI are missing.");
        }
        relayStateMap.put((String) objArr[0], (String) objArr[1]);
    }

    public static String jsFunction_getRelayStateProperty(Context context, Scriptable scriptable, Object[] objArr, Function function) throws ScriptException {
        if (objArr.length != 1 || !(objArr[0] instanceof String)) {
            throw new ScriptException("Invalid argument. Relay state value is missing.");
        }
        String str = relayStateMap.get((String) objArr[0]);
        relayStateMap.remove((String) objArr[0]);
        return str;
    }

    public static String jsFunction_xmlDecode(Context context, Scriptable scriptable, Object[] objArr, Function function) throws ScriptException {
        if (objArr.length == 1 && (objArr[0] instanceof String)) {
            return ((String) objArr[0]).replaceAll("&gt;", ">").replaceAll("&lt;", "<");
        }
        throw new ScriptException("Invalid argument. Relay state value is missing.");
    }

    public static String jsFunction_xmlEncode(Context context, Scriptable scriptable, Object[] objArr, Function function) throws ScriptException {
        if (objArr.length == 1 && (objArr[0] instanceof String)) {
            return ((String) objArr[0]).replaceAll(">", "&gt;").replaceAll("<", "&lt;");
        }
        throw new ScriptException("Invalid argument. Relay state value is missing.");
    }

    private String getSSOProperty(String str) {
        return this.ssoConfigProperties.getProperty(str);
    }

    private void setSSOProperty(String str, String str2) {
        this.ssoConfigProperties.put(str, str2);
    }

    public static String decode(String str) {
        return str.replaceAll("&gt;", ">").replaceAll("&lt;", "<").replaceAll("&apos;", "'").replaceAll("&quot;", "\"").replaceAll("&amp;", "&");
    }

    private void addSessionInfo(SessionInfo sessionInfo) {
        sessionIdMap.put(sessionInfo.getSessionId(), sessionInfo);
    }

    private void invalidateSessionBySessionIndex(String str) {
        SessionInfo value;
        for (Map.Entry<String, SessionInfo> entry : sessionIdMap.entrySet()) {
            if ((entry.getValue() instanceof SessionInfo) && (value = entry.getValue()) != null && str.equals(value.getSessionIndex())) {
                sessionIdMap.remove(entry.getKey());
            }
        }
    }

    private void invalidateSessionBySessionId(String str) {
        sessionIdMap.remove(str);
    }

    private boolean isSessionIdExists(String str) {
        return sessionIdMap.containsKey(str);
    }

    private SessionInfo getSessionInfo(String str) {
        return sessionIdMap.get(str);
    }

    private static void invalidateRelyingPartyObject(String str) {
        ssoRelyingPartyMap.remove(str);
    }
}
