package org.pac4j.saml.sso.artifact;

import java.time.Duration;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.opensaml.messaging.handler.MessageHandler;
import org.opensaml.messaging.handler.impl.BasicMessageHandlerChain;
import org.opensaml.messaging.handler.impl.CheckExpectedIssuer;
import org.opensaml.messaging.handler.impl.CheckMandatoryAuthentication;
import org.opensaml.messaging.handler.impl.CheckMandatoryIssuer;
import org.opensaml.messaging.handler.impl.SchemaValidateXMLMessage;
import org.opensaml.messaging.pipeline.httpclient.BasicHttpClientMessagePipeline;
import org.opensaml.messaging.pipeline.httpclient.HttpClientMessagePipeline;
import org.opensaml.messaging.pipeline.httpclient.HttpClientMessagePipelineFactory;
import org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler;
import org.opensaml.saml.common.binding.impl.PopulateSignatureSigningParametersHandler;
import org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler;
import org.opensaml.saml.common.binding.impl.SAMLProtocolAndRoleHandler;
import org.opensaml.saml.common.binding.impl.SAMLSOAPDecoderBodyHandler;
import org.opensaml.saml.common.binding.security.impl.CheckAndRecordServerTLSEntityAuthenticationtHandler;
import org.opensaml.saml.common.binding.security.impl.InResponseToSecurityHandler;
import org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler;
import org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler;
import org.opensaml.saml.common.binding.security.impl.SAMLOutboundProtocolMessageSigningHandler;
import org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver;
import org.opensaml.saml.saml2.binding.decoding.impl.HttpClientResponseSOAP11Decoder;
import org.opensaml.saml.saml2.binding.encoding.impl.HttpClientRequestSOAP11Encoder;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.xmlsec.impl.BasicSignatureValidationParametersResolver;
import org.opensaml.xmlsec.messaging.impl.PopulateSignatureValidationParametersHandler;
import org.opensaml.xmlsec.signature.support.SignatureTrustEngine;
import org.pac4j.saml.config.SAML2Configuration;
import org.pac4j.saml.crypto.SAML2SignatureTrustEngineProvider;
import org.pac4j.saml.crypto.SignatureSigningParametersProvider;
import org.pac4j.saml.metadata.SAML2MetadataResolver;
import org.pac4j.saml.replay.ReplayCacheProvider;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/pac4j-saml-5.1.0.jar:org/pac4j/saml/sso/artifact/DefaultSOAPPipelineFactory.class */
public class DefaultSOAPPipelineFactory implements HttpClientMessagePipelineFactory {
    protected final SAML2Configuration configuration;
    protected final SAML2MetadataResolver idpMetadataResolver;
    protected final SAML2MetadataResolver spMetadataResolver;
    protected final SignatureSigningParametersProvider signingParametersProvider;
    protected final SAML2SignatureTrustEngineProvider signatureTrustEngineProvider;
    protected final ReplayCacheProvider replayCache;

    public DefaultSOAPPipelineFactory(SAML2Configuration sAML2Configuration, SAML2MetadataResolver sAML2MetadataResolver, SAML2MetadataResolver sAML2MetadataResolver2, SignatureSigningParametersProvider signatureSigningParametersProvider, SAML2SignatureTrustEngineProvider sAML2SignatureTrustEngineProvider, ReplayCacheProvider replayCacheProvider) {
        this.configuration = sAML2Configuration;
        this.idpMetadataResolver = sAML2MetadataResolver;
        this.spMetadataResolver = sAML2MetadataResolver2;
        this.signingParametersProvider = signatureSigningParametersProvider;
        this.signatureTrustEngineProvider = sAML2SignatureTrustEngineProvider;
        this.replayCache = replayCacheProvider;
    }

    protected List<MessageHandler> getInboundHandlers() throws ComponentInitializationException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(buildSAMLProtocolAndRoleHandler(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
        arrayList.add(buildSAMLMetadataLookupHandler(this.idpMetadataResolver));
        arrayList.add(buildSchemaValidateXMLMessage());
        arrayList.add(buildCheckMessageVersionHandler());
        arrayList.add(buildMessageLifetimeSecurityHandler());
        arrayList.add(buildInResponseToSecurityHandler());
        arrayList.add(buildMessageReplaySecurityHandler());
        arrayList.add(buildCheckMandatoryIssuer());
        arrayList.add(buildCheckExpectedIssuer());
        arrayList.add(buildPopulateSignatureSigningParametersHandler());
        arrayList.add(buildPopulateSignatureValidationParametersHandler());
        arrayList.add(buildSAMLProtocolMessageXMLSignatureSecurityHandler());
        arrayList.add(buildCheckAndRecordServerTLSEntityAuthenticationtHandler());
        arrayList.add(buildCheckMandatoryAuthentication());
        arrayList.add(buildSAMLSOAPDecoderBodyHandler());
        return arrayList;
    }

    protected List<MessageHandler> getOutboundPayloadHandlers() throws ComponentInitializationException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(buildSAMLProtocolAndRoleHandler(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
        arrayList.add(buildSAMLMetadataLookupHandler(this.spMetadataResolver));
        arrayList.add(buildPopulateSignatureSigningParametersHandler());
        arrayList.add(buildSAMLOutboundProtocolMessageSigningHandler());
        return arrayList;
    }

    protected List<MessageHandler> getOutboundTransportHandlers() throws ComponentInitializationException {
        return new ArrayList();
    }

    protected MessageHandler buildSAMLProtocolAndRoleHandler(QName qName) throws ComponentInitializationException {
        SAMLProtocolAndRoleHandler sAMLProtocolAndRoleHandler = new SAMLProtocolAndRoleHandler();
        sAMLProtocolAndRoleHandler.setProtocol(SAMLConstants.SAML20P_NS);
        sAMLProtocolAndRoleHandler.setRole(qName);
        sAMLProtocolAndRoleHandler.initialize();
        return sAMLProtocolAndRoleHandler;
    }

    protected MessageHandler buildSAMLMetadataLookupHandler(SAML2MetadataResolver sAML2MetadataResolver) throws ComponentInitializationException {
        PredicateRoleDescriptorResolver predicateRoleDescriptorResolver = new PredicateRoleDescriptorResolver(sAML2MetadataResolver.resolve());
        predicateRoleDescriptorResolver.initialize();
        SAMLMetadataLookupHandler sAMLMetadataLookupHandler = new SAMLMetadataLookupHandler();
        sAMLMetadataLookupHandler.setRoleDescriptorResolver(predicateRoleDescriptorResolver);
        sAMLMetadataLookupHandler.initialize();
        return sAMLMetadataLookupHandler;
    }

    protected MessageHandler buildSchemaValidateXMLMessage() throws ComponentInitializationException {
        try {
            SchemaValidateXMLMessage schemaValidateXMLMessage = new SchemaValidateXMLMessage(new SAMLSchemaBuilder(SAMLSchemaBuilder.SAML1Version.SAML_11).getSAMLSchema());
            schemaValidateXMLMessage.initialize();
            return schemaValidateXMLMessage;
        } catch (SAXException e) {
            throw new ComponentInitializationException(e);
        }
    }

    protected MessageHandler buildCheckMessageVersionHandler() throws ComponentInitializationException {
        CheckMessageVersionHandler checkMessageVersionHandler = new CheckMessageVersionHandler();
        checkMessageVersionHandler.initialize();
        return checkMessageVersionHandler;
    }

    protected MessageHandler buildMessageLifetimeSecurityHandler() throws ComponentInitializationException {
        MessageLifetimeSecurityHandler messageLifetimeSecurityHandler = new MessageLifetimeSecurityHandler();
        messageLifetimeSecurityHandler.setClockSkew(Duration.ofMillis(this.configuration.getAcceptedSkew() * 1000));
        messageLifetimeSecurityHandler.initialize();
        return messageLifetimeSecurityHandler;
    }

    protected MessageHandler buildInResponseToSecurityHandler() throws ComponentInitializationException {
        InResponseToSecurityHandler inResponseToSecurityHandler = new InResponseToSecurityHandler();
        inResponseToSecurityHandler.initialize();
        return inResponseToSecurityHandler;
    }

    protected MessageHandler buildMessageReplaySecurityHandler() throws ComponentInitializationException {
        MessageReplaySecurityHandler messageReplaySecurityHandler = new MessageReplaySecurityHandler();
        messageReplaySecurityHandler.setExpires(Duration.ofMillis(this.configuration.getAcceptedSkew() * 1000));
        messageReplaySecurityHandler.setReplayCache(this.replayCache.get());
        messageReplaySecurityHandler.initialize();
        return messageReplaySecurityHandler;
    }

    protected MessageHandler buildCheckMandatoryIssuer() throws ComponentInitializationException {
        CheckMandatoryIssuer checkMandatoryIssuer = new CheckMandatoryIssuer();
        checkMandatoryIssuer.setIssuerLookupStrategy(new IssuerFunction());
        checkMandatoryIssuer.initialize();
        return checkMandatoryIssuer;
    }

    protected MessageHandler buildCheckExpectedIssuer() throws ComponentInitializationException {
        CheckExpectedIssuer checkExpectedIssuer = new CheckExpectedIssuer();
        checkExpectedIssuer.setIssuerLookupStrategy(new IssuerFunction());
        checkExpectedIssuer.setExpectedIssuerLookupStrategy(messageContext -> {
            return this.idpMetadataResolver.getEntityId();
        });
        checkExpectedIssuer.initialize();
        return checkExpectedIssuer;
    }

    protected MessageHandler buildPopulateSignatureSigningParametersHandler() throws ComponentInitializationException {
        PopulateSignatureSigningParametersHandler populateSignatureSigningParametersHandler = new PopulateSignatureSigningParametersHandler();
        populateSignatureSigningParametersHandler.setSignatureSigningParametersResolver(new DefaultSignatureSigningParametersResolver(this.signingParametersProvider));
        populateSignatureSigningParametersHandler.initialize();
        return populateSignatureSigningParametersHandler;
    }

    protected MessageHandler buildPopulateSignatureValidationParametersHandler() throws ComponentInitializationException {
        PopulateSignatureValidationParametersHandler populateSignatureValidationParametersHandler = new PopulateSignatureValidationParametersHandler();
        populateSignatureValidationParametersHandler.setSignatureValidationParametersResolver(new BasicSignatureValidationParametersResolver() { // from class: org.pac4j.saml.sso.artifact.DefaultSOAPPipelineFactory.1
            @Override // org.opensaml.xmlsec.impl.BasicSignatureValidationParametersResolver
            protected SignatureTrustEngine resolveSignatureTrustEngine(CriteriaSet criteriaSet) {
                return DefaultSOAPPipelineFactory.this.signatureTrustEngineProvider.build();
            }
        });
        populateSignatureValidationParametersHandler.initialize();
        return populateSignatureValidationParametersHandler;
    }

    protected MessageHandler buildSAMLProtocolMessageXMLSignatureSecurityHandler() throws ComponentInitializationException {
        SAMLProtocolMessageXMLSignatureSecurityHandler sAMLProtocolMessageXMLSignatureSecurityHandler = new SAMLProtocolMessageXMLSignatureSecurityHandler();
        sAMLProtocolMessageXMLSignatureSecurityHandler.initialize();
        return sAMLProtocolMessageXMLSignatureSecurityHandler;
    }

    protected MessageHandler buildCheckAndRecordServerTLSEntityAuthenticationtHandler() throws ComponentInitializationException {
        CheckAndRecordServerTLSEntityAuthenticationtHandler checkAndRecordServerTLSEntityAuthenticationtHandler = new CheckAndRecordServerTLSEntityAuthenticationtHandler();
        checkAndRecordServerTLSEntityAuthenticationtHandler.initialize();
        return checkAndRecordServerTLSEntityAuthenticationtHandler;
    }

    protected MessageHandler buildCheckMandatoryAuthentication() {
        CheckMandatoryAuthentication checkMandatoryAuthentication = new CheckMandatoryAuthentication();
        checkMandatoryAuthentication.setAuthenticationLookupStrategy(messageContext -> {
            return Boolean.valueOf(((SAMLPeerEntityContext) messageContext.getSubcontext(SAMLPeerEntityContext.class)).isAuthenticated());
        });
        return checkMandatoryAuthentication;
    }

    protected MessageHandler buildSAMLSOAPDecoderBodyHandler() throws ComponentInitializationException {
        SAMLSOAPDecoderBodyHandler sAMLSOAPDecoderBodyHandler = new SAMLSOAPDecoderBodyHandler();
        sAMLSOAPDecoderBodyHandler.initialize();
        return sAMLSOAPDecoderBodyHandler;
    }

    protected MessageHandler buildSAMLOutboundProtocolMessageSigningHandler() throws ComponentInitializationException {
        SAMLOutboundProtocolMessageSigningHandler sAMLOutboundProtocolMessageSigningHandler = new SAMLOutboundProtocolMessageSigningHandler();
        sAMLOutboundProtocolMessageSigningHandler.initialize();
        return sAMLOutboundProtocolMessageSigningHandler;
    }

    protected BasicMessageHandlerChain toHandlerChain(List<MessageHandler> list) {
        BasicMessageHandlerChain basicMessageHandlerChain = new BasicMessageHandlerChain();
        basicMessageHandlerChain.setHandlers(list);
        return basicMessageHandlerChain;
    }

    @Override // org.opensaml.messaging.pipeline.httpclient.HttpClientMessagePipelineFactory
    @Nonnull
    public HttpClientMessagePipeline newInstance() {
        BasicHttpClientMessagePipeline basicHttpClientMessagePipeline = new BasicHttpClientMessagePipeline(new HttpClientRequestSOAP11Encoder(), new HttpClientResponseSOAP11Decoder());
        try {
            basicHttpClientMessagePipeline.setInboundHandler(toHandlerChain(getInboundHandlers()));
            basicHttpClientMessagePipeline.setOutboundPayloadHandler(toHandlerChain(getOutboundPayloadHandlers()));
            basicHttpClientMessagePipeline.setOutboundTransportHandler(toHandlerChain(getOutboundTransportHandlers()));
            return basicHttpClientMessagePipeline;
        } catch (ComponentInitializationException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.opensaml.messaging.pipeline.httpclient.HttpClientMessagePipelineFactory
    @Nonnull
    public HttpClientMessagePipeline newInstance(@Nullable String str) {
        return newInstance();
    }
}
