package com.ibm.ws.security.saml.sso20.binding;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.structures.Cache;
import com.ibm.ws.security.saml.Constants;
import com.ibm.ws.security.saml.SsoConfig;
import com.ibm.ws.security.saml.SsoRequest;
import com.ibm.ws.security.saml.SsoSamlService;
import com.ibm.ws.security.saml.error.SamlException;
import com.ibm.ws.security.saml.sso20.internal.utils.HttpRequestInfo;
import com.ibm.ws.security.saml.sso20.internal.utils.InitialRequestUtil;
import com.ibm.ws.security.saml.sso20.internal.utils.RequestUtil;
import com.ibm.ws.security.saml.sso20.internal.utils.UserData;
import com.ibm.ws.security.saml.sso20.metadata.AcsDOMMetadataProvider;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Arrays;
import java.util.List;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.LogoutResponse;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
import org.opensaml.saml.saml2.metadata.Endpoint;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.EncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/saml/sso20/binding/BasicMessageContext.class */
public class BasicMessageContext<InboundMessageType extends SAMLObject, OutboundMessageType extends SAMLObject> {
    public static final TraceComponent tc = Tr.register(BasicMessageContext.class, "SAML20", "com.ibm.ws.security.saml.sso20.internal.resources.SamlSso20Messages");
    SsoConfig ssoConfig;
    SsoSamlService ssoService;
    IDPSSODescriptor idpSsoDescriptor;
    QName peerEntityRole;
    EntityDescriptor peerEntityMetadata;
    String inboundSAMLProtocol;
    Assertion validatedAssertion;
    Decrypter decrypter;
    String externalRelayState;
    SsoRequest samlRequest;
    HttpRequestInfo cachedRequestInfo;
    boolean bSetIDPSSODescriptor;
    Status logoutResponseStatus;
    String inResponseTo;
    AcsDOMMetadataProvider metadataProvider;
    HttpServletRequest request;
    HttpServletResponse response;
    InitialRequestUtil irUtil;
    ChainingEncryptedKeyResolver encryptedKeyResolver;
    private List<EncryptedKeyResolver> resolverChain;
    EncryptedKeyResolver inline;
    EncryptedKeyResolver encryptedelem;
    EncryptedKeyResolver simple;
    SAMLPeerEntityContext samlPeerEntityContext;
    private MessageContext<SAMLObject> messageContext;
    private Endpoint peerEntityEndpoint;
    private String inboundMessageIssuer;
    private NameID subjectNameIdentifer;
    static final long serialVersionUID = 6919671490437637518L;

    public BasicMessageContext(SsoSamlService ssoSamlService) {
        this.bSetIDPSSODescriptor = false;
        this.metadataProvider = null;
        this.irUtil = new InitialRequestUtil();
        this.inline = new InlineEncryptedKeyResolver();
        this.encryptedelem = new EncryptedElementTypeEncryptedKeyResolver();
        this.simple = new SimpleRetrievalMethodEncryptedKeyResolver();
        this.samlPeerEntityContext = new SAMLPeerEntityContext();
        this.ssoService = ssoSamlService;
        this.ssoConfig = ssoSamlService.getConfig();
        this.resolverChain = Arrays.asList(this.inline, this.encryptedelem, this.simple);
        this.encryptedKeyResolver = new ChainingEncryptedKeyResolver(this.resolverChain);
    }

    public BasicMessageContext(SsoSamlService ssoSamlService, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.bSetIDPSSODescriptor = false;
        this.metadataProvider = null;
        this.irUtil = new InitialRequestUtil();
        this.inline = new InlineEncryptedKeyResolver();
        this.encryptedelem = new EncryptedElementTypeEncryptedKeyResolver();
        this.simple = new SimpleRetrievalMethodEncryptedKeyResolver();
        this.samlPeerEntityContext = new SAMLPeerEntityContext();
        this.ssoService = ssoSamlService;
        this.ssoConfig = ssoSamlService.getConfig();
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.resolverChain = Arrays.asList(this.inline, this.encryptedelem, this.simple);
        this.encryptedKeyResolver = new ChainingEncryptedKeyResolver(this.resolverChain);
    }

    public SsoSamlService getSsoService() {
        return this.ssoService;
    }

    public HttpServletRequest getHttpServletRequest() {
        return this.request;
    }

    public void setMetadataProvider(AcsDOMMetadataProvider acsDOMMetadataProvider) {
        this.metadataProvider = acsDOMMetadataProvider;
    }

    public AcsDOMMetadataProvider getMetadataProvider() {
        return this.metadataProvider;
    }

    public Status getSLOResponseStatus() {
        return this.logoutResponseStatus;
    }

    public void setSLOResponseStatus(Status status) {
        this.logoutResponseStatus = status;
    }

    public EntityDescriptor getPeerEntityMetadata() {
        if (!this.bSetIDPSSODescriptor) {
            setIDPSSODescriptor();
        }
        return this.peerEntityMetadata;
    }

    void setIDPSSODescriptor() {
        this.bSetIDPSSODescriptor = true;
        SAMLObject sAMLObject = null;
        if (getMessageContext() != null) {
            sAMLObject = (SAMLObject) getMessageContext().getMessage();
        }
        if (sAMLObject != null) {
            if ((sAMLObject instanceof Response) || (sAMLObject instanceof LogoutResponse) || (sAMLObject instanceof LogoutRequest)) {
                String str = null;
                if (sAMLObject instanceof Response) {
                    str = ((Response) sAMLObject).getIssuer().getValue();
                } else if (sAMLObject instanceof LogoutResponse) {
                    str = ((LogoutResponse) sAMLObject).getIssuer().getValue();
                } else if (sAMLObject instanceof LogoutRequest) {
                    str = ((LogoutRequest) sAMLObject).getIssuer().getValue();
                }
                if (this.metadataProvider == null) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "IdP metadata does not exist, fall back to local trust store.", new Object[0]);
                        return;
                    }
                    return;
                }
                EntityDescriptor entityDescriptor = null;
                try {
                    entityDescriptor = this.metadataProvider.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion(str)}));
                } catch (ResolverException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.saml.sso20.binding.BasicMessageContext", "196", this, new Object[0]);
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "ResolverException in setIDPSSODescriptor : ", new Object[]{e});
                    }
                }
                if (entityDescriptor != null) {
                    this.peerEntityMetadata = entityDescriptor;
                    this.idpSsoDescriptor = entityDescriptor.getIDPSSODescriptor(Constants.SAML20P_NS);
                } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Can not find a valid IDP Metadata for issuer:" + str, new Object[0]);
                }
            }
        }
    }

    public Assertion getValidatedAssertion() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "BasicMessageContext:getValidatedAssertion(mc):" + this.validatedAssertion, new Object[0]);
        }
        return this.validatedAssertion;
    }

    public void setValidatedAssertion(Assertion assertion) {
        this.validatedAssertion = assertion;
    }

    public UserData getUserDataIfReady() throws SamlException {
        if (this.validatedAssertion != null) {
            return new UserData(this.validatedAssertion, this.ssoService.getProviderId());
        }
        return null;
    }

    public void setDecrypter() throws SamlException {
        if (this.decrypter == null) {
            this.decrypter = new Decrypter((KeyInfoCredentialResolver) null, new StaticKeyInfoCredentialResolver(RequestUtil.getDecryptingCredential(this.ssoService)), this.encryptedKeyResolver);
            this.decrypter.setRootInNewDocument(true);
        }
    }

    public Decrypter getDecrypter() throws SamlException {
        if (this.decrypter == null) {
            setDecrypter();
        }
        return this.decrypter;
    }

    public void setAndRemoveCachedRequestInfo(String str, SsoRequest ssoRequest) throws SamlException {
        this.externalRelayState = str;
        this.samlRequest = ssoRequest;
        if (str != null) {
            Cache acsCookieCache = this.ssoService.getAcsCookieCache(ssoRequest.getProviderName());
            String substring = str.substring(Constants.SP_INITAL.length());
            this.cachedRequestInfo = (HttpRequestInfo) acsCookieCache.get(substring);
            if (this.cachedRequestInfo != null) {
                acsCookieCache.remove(substring);
                this.irUtil.removeCookie(str, this.request, this.response);
                return;
            }
            try {
                if (!this.ssoService.getConfig().isDisableInitialRequestCookie()) {
                    this.cachedRequestInfo = this.irUtil.recreateHttpRequestInfo(str, this.request, this.response, this.ssoService);
                }
                if (this.cachedRequestInfo == null) {
                    throw new SamlException("SAML20_POTENTIAL_REPLAY_ATTACK", (Exception) null, new Object[]{str});
                }
            } catch (SamlException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.saml.sso20.binding.BasicMessageContext", "292", this, new Object[]{str, ssoRequest});
                Tr.debug(tc, "cannot recreate HttpRequestInfo using InitialRequest cookie", new Object[]{e.getMessage()});
                throw e;
            }
        }
    }

    public void setCachedRequestInfo(HttpRequestInfo httpRequestInfo) {
        this.cachedRequestInfo = httpRequestInfo;
    }

    public HttpRequestInfo getCachedRequestInfo() {
        return this.cachedRequestInfo;
    }

    public String getExternalRelayState() {
        return this.externalRelayState;
    }

    public SsoConfig getSsoConfig() {
        return this.ssoConfig;
    }

    public void setInResponseTo(String str) {
        this.inResponseTo = str;
    }

    public String getInResponseTo() {
        return this.inResponseTo;
    }

    public void setMessageContext(MessageContext<SAMLObject> messageContext) {
        this.messageContext = messageContext;
    }

    public MessageContext<SAMLObject> getMessageContext() {
        return this.messageContext;
    }

    public void setSubjectNameIdentifier(NameID nameID) {
        this.subjectNameIdentifer = nameID;
    }

    public void setPeerEntityEndpoint(Endpoint endpoint) {
        this.peerEntityEndpoint = endpoint;
    }

    public Endpoint getPeerEntityEndpoint() {
        return this.peerEntityEndpoint;
    }

    public void setInboundSamlMessageIssuer(String str) {
        this.inboundMessageIssuer = str;
    }

    public String getInboundSamlMessageIssuer() {
        return this.inboundMessageIssuer;
    }
}
