package com.ibm.ws.security.saml.sso20.internal.utils;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.jwk.utils.JsonUtils;
import com.ibm.ws.security.saml.Constants;
import com.ibm.ws.security.saml.SsoSamlService;
import com.ibm.ws.security.saml.error.SamlException;
import com.ibm.wsspi.webcontainer.servlet.IExtendedRequest;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.util.HashMap;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/saml/sso20/internal/utils/InitialRequestUtil.class */
public class InitialRequestUtil {
    private static final TraceComponent tc = Tr.register(InitialRequestUtil.class, "SAML20", "com.ibm.ws.security.saml.sso20.internal.resources.SamlSso20Messages");
    static final long serialVersionUID = -4008446782729713095L;

    public String updateInitialRequestCookieNameWithRelayState(String str) {
        return str != null ? Constants.WAS_IR_COOKIE + str : str;
    }

    @FFDCIgnore({KeyStoreException.class, CertificateException.class})
    public String digestInitialRequestCookieValue(String str, SsoSamlService ssoSamlService) {
        String str2 = new String(str);
        PrivateKey privateKey = null;
        try {
            privateKey = ssoSamlService.getPrivateKey();
        } catch (KeyStoreException e) {
        } catch (CertificateException e2) {
        }
        if (privateKey != null) {
            byte[] encoded = privateKey.getEncoded();
            if (encoded != null) {
                "samlsp".concat(JsonUtils.convertToBase64(encoded));
            }
        } else {
            String defaultKeyStorePassword = ssoSamlService.getDefaultKeyStorePassword();
            if (defaultKeyStorePassword != null) {
                "samlsp".concat(defaultKeyStorePassword);
            }
        }
        return str2.concat("_").concat(HashUtils.digest(new String(str).concat("_").concat("samlsp")));
    }

    @FFDCIgnore({IndexOutOfBoundsException.class})
    public String getInitialRequestCookie(String str, SsoSamlService ssoSamlService) {
        String str2 = null;
        try {
            int lastIndexOf = str.lastIndexOf("_");
            if (lastIndexOf < 1 && tc.isDebugEnabled()) {
                Tr.debug(tc, "The cookie may have been tampered with.", new Object[0]);
                if (lastIndexOf < 0) {
                    Tr.debug(tc, "The cookie does not contain an underscore.", new Object[0]);
                }
                if (lastIndexOf == 0) {
                    Tr.debug(tc, "The cookie does not contain a value before the underscore.", new Object[0]);
                }
            }
            str2 = str.substring(0, lastIndexOf);
            if (!str.equals(digestInitialRequestCookieValue(str2, ssoSamlService))) {
                String str3 = "The value for the inital request cookie [" + str2 + "] failed validation.";
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, str3, new Object[0]);
                }
                str2 = null;
            }
        } catch (IndexOutOfBoundsException e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "unexpected exception:", new Object[]{e});
            }
        }
        return str2;
    }

    public HttpRequestInfo createHttpRequestInfoFromInitialRequest(InitialRequest initialRequest) {
        HttpRequestInfo httpRequestInfo = null;
        if (initialRequest.getRequestUrlWithEncodedQueryString() != null) {
            httpRequestInfo = new HttpRequestInfo(initialRequest.getRequestUrl(), initialRequest.getRequestUrlWithEncodedQueryString(), initialRequest.getMethod(), initialRequest.getInResponseToId(), initialRequest.getFormLogoutExitPage(), initialRequest.getPostParamsMap());
        }
        return httpRequestInfo;
    }

    @FFDCIgnore({IOException.class})
    public InitialRequest handleDeserializingInitialRequest(String str) throws IOException, ClassNotFoundException {
        InitialRequest initialRequest = null;
        if (str != null) {
            ObjectInputStream objectInputStream = null;
            try {
                objectInputStream = new ObjectInputStream(new ByteArrayInputStream(JsonUtils.decodeFromBase64(str)));
                initialRequest = (InitialRequest) objectInputStream.readObject();
                if (objectInputStream != null) {
                    try {
                        objectInputStream.close();
                    } catch (IOException e) {
                    }
                }
            } catch (Throwable th) {
                if (objectInputStream != null) {
                    try {
                        objectInputStream.close();
                    } catch (IOException e2) {
                        throw th;
                    }
                }
                throw th;
            }
        }
        return initialRequest;
    }

    @FFDCIgnore({IOException.class, ClassNotFoundException.class})
    public HttpRequestInfo recreateHttpRequestInfo(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SsoSamlService ssoSamlService) throws SamlException {
        HttpRequestInfo httpRequestInfo = null;
        String updateInitialRequestCookieNameWithRelayState = updateInitialRequestCookieNameWithRelayState(str);
        String str2 = null;
        if (updateInitialRequestCookieNameWithRelayState != null && httpServletRequest != null && httpServletResponse != null) {
            str2 = RequestUtil.getCookieId((IExtendedRequest) httpServletRequest, httpServletResponse, updateInitialRequestCookieNameWithRelayState);
            RequestUtil.removeCookie(httpServletRequest, httpServletResponse, updateInitialRequestCookieNameWithRelayState);
        }
        if (str2 == null) {
            return null;
        }
        try {
            InitialRequest handleDeserializingInitialRequest = handleDeserializingInitialRequest(getInitialRequestCookie(str2, ssoSamlService));
            if (handleDeserializingInitialRequest != null) {
                handleDeserializingInitialRequest.setPostParamsMap(httpServletRequest);
                httpRequestInfo = createHttpRequestInfoFromInitialRequest(handleDeserializingInitialRequest);
            }
            return httpRequestInfo;
        } catch (IOException e) {
            throw new SamlException(e);
        } catch (ClassNotFoundException e2) {
            throw new SamlException(e2);
        }
    }

    public void removeCookie(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String updateInitialRequestCookieNameWithRelayState = updateInitialRequestCookieNameWithRelayState(str);
        if (updateInitialRequestCookieNameWithRelayState == null || httpServletRequest == null || httpServletResponse == null) {
            return;
        }
        RequestUtil.removeCookie(httpServletRequest, httpServletResponse, updateInitialRequestCookieNameWithRelayState);
    }

    public String handleSerializingInitialRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, HttpRequestInfo httpRequestInfo, SsoSamlService ssoSamlService) {
        InitialRequest initialRequest = null;
        try {
            initialRequest = createInitialRequestFromHttpRequestInfo(httpServletRequest, httpRequestInfo);
        } catch (SamlException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.saml.sso20.internal.utils.InitialRequestUtil", "236", this, new Object[]{httpServletRequest, httpServletResponse, str, str2, httpRequestInfo, ssoSamlService});
        }
        String str3 = null;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            try {
                ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
                objectOutputStream.writeObject(initialRequest);
                objectOutputStream.flush();
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                if (byteArray != null) {
                    str3 = JsonUtils.convertToBase64(byteArray);
                }
            } catch (IOException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.saml.sso20.internal.utils.InitialRequestUtil", "252", this, new Object[]{httpServletRequest, httpServletResponse, str, str2, httpRequestInfo, ssoSamlService});
            }
            try {
                byteArrayOutputStream.close();
            } catch (IOException e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.saml.sso20.internal.utils.InitialRequestUtil", "259", this, new Object[]{httpServletRequest, httpServletResponse, str, str2, httpRequestInfo, ssoSamlService});
            }
            if (str3 != null) {
                String updateInitialRequestCookieNameWithRelayState = updateInitialRequestCookieNameWithRelayState(str + str2);
                String digestInitialRequestCookieValue = digestInitialRequestCookieValue(str3, ssoSamlService);
                if (updateInitialRequestCookieNameWithRelayState != null && digestInitialRequestCookieValue != null) {
                    RequestUtil.createCookie(httpServletRequest, httpServletResponse, updateInitialRequestCookieNameWithRelayState, digestInitialRequestCookieValue, ((int) ssoSamlService.getConfig().getAuthnRequestTime()) / 1000);
                }
            }
            return str3;
        } catch (Throwable th) {
            try {
                byteArrayOutputStream.close();
            } catch (IOException e4) {
                FFDCFilter.processException(e4, "com.ibm.ws.security.saml.sso20.internal.utils.InitialRequestUtil", "259", this, new Object[]{httpServletRequest, httpServletResponse, str, str2, httpRequestInfo, ssoSamlService});
            }
            throw th;
        }
    }

    private InitialRequest createInitialRequestFromHttpRequestInfo(HttpServletRequest httpServletRequest, HttpRequestInfo httpRequestInfo) throws SamlException {
        InitialRequest initialRequest = null;
        if (httpRequestInfo != null) {
            initialRequest = new InitialRequest(httpServletRequest, httpRequestInfo.getReqUrl(), httpRequestInfo.getRequestUrl(), httpServletRequest.getMethod(), httpRequestInfo.getInResponseToId(), httpRequestInfo.getFormLogoutExitPage(), (HashMap) httpRequestInfo.getSavedPostParams());
        }
        return initialRequest;
    }

    public static String toStringFromByteArray(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        for (byte b : bArr) {
            stringBuffer.append((char) (b & 255));
        }
        return stringBuffer.toString();
    }
}
