package com.ibm.ws.security.saml.sso20.binding;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.structures.Cache;
import com.ibm.ws.security.saml.Constants;
import com.ibm.ws.security.saml.SsoConfig;
import com.ibm.ws.security.saml.SsoRequest;
import com.ibm.ws.security.saml.SsoSamlService;
import com.ibm.ws.security.saml.error.SamlException;
import com.ibm.ws.security.saml.sso20.internal.utils.HttpRequestInfo;
import com.ibm.ws.security.saml.sso20.internal.utils.InitialRequestUtil;
import com.ibm.ws.security.saml.sso20.internal.utils.RequestUtil;
import com.ibm.ws.security.saml.sso20.internal.utils.UserData;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.namespace.QName;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.encryption.Decrypter;
import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.security.SecurityPolicyResolver;
import org.opensaml.xml.encryption.ChainingEncryptedKeyResolver;
import org.opensaml.xml.encryption.InlineEncryptedKeyResolver;
import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver;
import org.opensaml.xml.util.DatatypeHelper;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/saml/sso20/binding/BasicMessageContext.class */
public class BasicMessageContext<InboundMessageType extends SAMLObject, OutboundMessageType extends SAMLObject, NameIdentifierType extends SAMLObject> extends BasicSAMLMessageContext<InboundMessageType, OutboundMessageType, NameIdentifierType> {
    SsoConfig ssoConfig;
    SsoSamlService ssoService;
    IDPSSODescriptor idpSsoDescriptor;
    QName peerEntityRole;
    EntityDescriptor peerEntityMetadata;
    String inboundSAMLProtocol;
    Assertion validatedAssertion;
    Decrypter decrypter;
    String externalRelayState;
    SsoRequest samlRequest;
    HttpRequestInfo cachedRequestInfo;
    Status logoutResponseStatus;
    String inResponseTo;
    HttpServletRequest request;
    HttpServletResponse response;
    private SecurityPolicyResolver idpSecurityPolicyResolver;
    static final long serialVersionUID = 5868612116434424473L;
    public static final TraceComponent tc = Tr.register(BasicMessageContext.class, "SAML20", "com.ibm.ws.security.saml.sso20.internal.resources.SamlSso20Messages");
    static ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver();
    boolean bSetIDPSSODescriptor = false;
    InitialRequestUtil irUtil = new InitialRequestUtil();

    public BasicMessageContext(SsoSamlService ssoSamlService) {
        this.ssoService = ssoSamlService;
        this.ssoConfig = ssoSamlService.getConfig();
    }

    public BasicMessageContext(SsoSamlService ssoSamlService, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.ssoService = ssoSamlService;
        this.ssoConfig = ssoSamlService.getConfig();
        this.request = httpServletRequest;
        this.response = httpServletResponse;
    }

    public SsoSamlService getSsoService() {
        return this.ssoService;
    }

    public HttpServletRequest getHttpServletRequest() {
        return getInboundMessageTransport().getWrappedRequest();
    }

    public Status getSLOResponseStatus() {
        return this.logoutResponseStatus;
    }

    public void setSLOResponseStatus(Status status) {
        this.logoutResponseStatus = status;
    }

    public void setPeerEntityRole(QName qName) {
        this.peerEntityRole = qName;
    }

    public QName getPeerEntityRole() {
        if (this.peerEntityRole == null) {
            if (!this.bSetIDPSSODescriptor) {
                setIDPSSODescriptor();
            }
            if (this.idpSsoDescriptor != null) {
                this.peerEntityRole = this.idpSsoDescriptor.getElementQName();
            }
        }
        if (this.peerEntityRole == null) {
            this.peerEntityRole = IDPSSODescriptor.DEFAULT_ELEMENT_NAME;
        }
        return this.peerEntityRole;
    }

    public EntityDescriptor getPeerEntityMetadata() {
        if (!this.bSetIDPSSODescriptor) {
            setIDPSSODescriptor();
        }
        return this.peerEntityMetadata;
    }

    void setIDPSSODescriptor() {
        this.bSetIDPSSODescriptor = true;
        Response inboundSAMLMessage = getInboundSAMLMessage();
        if (inboundSAMLMessage != null) {
            if ((inboundSAMLMessage instanceof Response) || (inboundSAMLMessage instanceof LogoutResponse) || (inboundSAMLMessage instanceof LogoutRequest)) {
                String str = null;
                if (inboundSAMLMessage instanceof Response) {
                    str = inboundSAMLMessage.getIssuer().getValue();
                } else if (inboundSAMLMessage instanceof LogoutResponse) {
                    str = ((LogoutResponse) inboundSAMLMessage).getIssuer().getValue();
                } else if (inboundSAMLMessage instanceof LogoutRequest) {
                    str = ((LogoutRequest) inboundSAMLMessage).getIssuer().getValue();
                }
                MetadataProvider metadataProvider = getMetadataProvider();
                if (metadataProvider == null) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "No IdP metadata exists. Need to fall down to local trust store.", new Object[0]);
                        return;
                    }
                    return;
                }
                try {
                    EntityDescriptor entityDescriptor = metadataProvider.getEntityDescriptor(str);
                    if (entityDescriptor != null) {
                        this.peerEntityMetadata = entityDescriptor;
                        this.idpSsoDescriptor = entityDescriptor.getIDPSSODescriptor(Constants.SAML20P_NS);
                    } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Can not find a valid IDP Metadata for issuer:" + str, new Object[0]);
                    }
                } catch (MetadataProviderException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.saml.sso20.binding.BasicMessageContext", "219", this, new Object[0]);
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "setIDPSSODescriptor hit  MetadataProviderException", new Object[]{e});
                    }
                }
            }
        }
    }

    public void setInboundSAMLProtocol(String str) {
        this.inboundSAMLProtocol = DatatypeHelper.safeTrimOrNullString(str);
    }

    public String getInboundSAMLProtocol() {
        Response inboundSAMLMessage;
        if (this.inboundSAMLProtocol == null && (inboundSAMLMessage = getInboundSAMLMessage()) != null && (inboundSAMLMessage instanceof Response)) {
            this.inboundSAMLProtocol = inboundSAMLMessage.getElementQName().getNamespaceURI();
        }
        return this.inboundSAMLProtocol;
    }

    public SecurityPolicyResolver getIdpSecurityPolicyResolver() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "BasicMessageContext:getSecurityPolicyResolver(mc):" + this.idpSecurityPolicyResolver, new Object[0]);
        }
        return this.idpSecurityPolicyResolver;
    }

    public void setIdpSecurityPolicyResolver(SecurityPolicyResolver securityPolicyResolver) {
        this.idpSecurityPolicyResolver = securityPolicyResolver;
    }

    public Assertion getValidatedAssertion() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "BasicMessageContext:getValidatedAssertion(mc):" + this.validatedAssertion, new Object[0]);
        }
        return this.validatedAssertion;
    }

    public void setValidatedAssertion(Assertion assertion) {
        this.validatedAssertion = assertion;
    }

    public UserData getUserDataIfReady() throws SamlException {
        if (this.validatedAssertion != null) {
            return new UserData(this.validatedAssertion, this.ssoService.getProviderId());
        }
        return null;
    }

    public void setDecrypter() throws SamlException {
        if (this.decrypter == null) {
            this.decrypter = new Decrypter((KeyInfoCredentialResolver) null, new StaticKeyInfoCredentialResolver(RequestUtil.getDecryptingCredential(this.ssoService)), encryptedKeyResolver);
            this.decrypter.setRootInNewDocument(true);
        }
    }

    public Decrypter getDecrypter() throws SamlException {
        if (this.decrypter == null) {
            setDecrypter();
        }
        return this.decrypter;
    }

    public void setAndRemoveCachedRequestInfo(String str, SsoRequest ssoRequest) throws SamlException {
        this.externalRelayState = str;
        this.samlRequest = ssoRequest;
        if (str != null) {
            Cache acsCookieCache = this.ssoService.getAcsCookieCache(ssoRequest.getProviderName());
            String substring = str.substring(Constants.SP_INITAL.length());
            this.cachedRequestInfo = (HttpRequestInfo) acsCookieCache.get(substring);
            if (this.cachedRequestInfo != null) {
                acsCookieCache.remove(substring);
                this.irUtil.removeCookie(str, this.request, this.response);
                return;
            }
            try {
                this.cachedRequestInfo = this.irUtil.recreateHttpRequestInfo(str, this.request, this.response, this.ssoService);
                if (this.cachedRequestInfo == null) {
                    throw new SamlException("SAML20_POTENTIAL_REPLAY_ATTACK", (Exception) null, new Object[]{str});
                }
            } catch (SamlException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.saml.sso20.binding.BasicMessageContext", "325", this, new Object[]{str, ssoRequest});
                Tr.debug(tc, "cannot recreate HttpRequestInfo using InitialRequest cookie", new Object[]{e});
                throw e;
            }
        }
    }

    public void setCachedRequestInfo(HttpRequestInfo httpRequestInfo) {
        this.cachedRequestInfo = httpRequestInfo;
    }

    public HttpRequestInfo getCachedRequestInfo() {
        return this.cachedRequestInfo;
    }

    public String getExternalRelayState() {
        return this.externalRelayState;
    }

    public SsoConfig getSsoConfig() {
        return this.ssoConfig;
    }

    public void setInResponseTo(String str) {
        this.inResponseTo = str;
    }

    public String getInResponseTo() {
        return this.inResponseTo;
    }

    static {
        encryptedKeyResolver.getResolverChain().add(new InlineEncryptedKeyResolver());
        encryptedKeyResolver.getResolverChain().add(new EncryptedElementTypeEncryptedKeyResolver());
        encryptedKeyResolver.getResolverChain().add(new SimpleRetrievalMethodEncryptedKeyResolver());
    }
}
