package org.jasig.cas.authentication.principal;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.UnsupportedEncodingException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Random;
import java.util.zip.DataFormatException;
import java.util.zip.Inflater;
import java.util.zip.InflaterInputStream;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Priority;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.jasig.cas.aspect.LogAspect;
import org.jasig.cas.util.SamlUtils;
import org.jdom.Document;
import org.slf4j.Logger;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-3.4.8.jar:org/jasig/cas/authentication/principal/GoogleAccountsService.class */
public class GoogleAccountsService extends AbstractWebApplicationService {
    private static final long serialVersionUID = 6678711809842282833L;
    private static Random random;
    private static final char[] charMapping;
    private static final String CONST_PARAM_SERVICE = "SAMLRequest";
    private static final String CONST_RELAY_STATE = "RelayState";
    private static final String TEMPLATE_SAML_RESPONSE = "<samlp:Response ID=\"<RESPONSE_ID>\" IssueInstant=\"<ISSUE_INSTANT>\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\"><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\" /></samlp:Status><Assertion ID=\"<ASSERTION_ID>\" IssueInstant=\"2003-04-17T00:46:02Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>https://www.opensaml.org/IDP</Issuer><Subject><NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress\"><USERNAME_STRING></NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData Recipient=\"<ACS_URL>\" NotOnOrAfter=\"<NOT_ON_OR_AFTER>\" InResponseTo=\"<REQUEST_ID>\" /></SubjectConfirmation></Subject><Conditions NotBefore=\"2003-04-17T00:46:02Z\" NotOnOrAfter=\"<NOT_ON_OR_AFTER>\"><AudienceRestriction><Audience><ACS_URL></Audience></AudienceRestriction></Conditions><AuthnStatement AuthnInstant=\"<AUTHN_INSTANT>\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>";
    private final String relayState;
    private final PublicKey publicKey;
    private final PrivateKey privateKey;
    private final String requestId;
    private final String alternateUserName;
    private static final /* synthetic */ JoinPoint.StaticPart ajc$tjp_0;
    private static final /* synthetic */ JoinPoint.StaticPart ajc$tjp_1;
    private static final /* synthetic */ JoinPoint.StaticPart ajc$tjp_2;

    static {
        Factory factory = new Factory("GoogleAccountsService.java", Class.forName("org.jasig.cas.authentication.principal.GoogleAccountsService"));
        ajc$tjp_0 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("9", "createServiceFrom", "org.jasig.cas.authentication.principal.GoogleAccountsService", "javax.servlet.http.HttpServletRequest:java.security.PrivateKey:java.security.PublicKey:java.lang.String:", "request:privateKey:publicKey:alternateUserName:", "", "org.jasig.cas.authentication.principal.GoogleAccountsService"), 114);
        ajc$tjp_1 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "getResponse", "org.jasig.cas.authentication.principal.GoogleAccountsService", "java.lang.String:", "ticketId:", "", "org.jasig.cas.authentication.principal.Response"), 140);
        ajc$tjp_2 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "logOutOfService", "org.jasig.cas.authentication.principal.GoogleAccountsService", "java.lang.String:", "sessionIdentifier:", "", "boolean"), 156);
        random = new Random();
        charMapping = new char[]{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p'};
    }

    protected GoogleAccountsService(String str, String str2, String str3, PrivateKey privateKey, PublicKey publicKey, String str4) {
        this(str, str, null, str2, str3, privateKey, publicKey, str4);
    }

    protected GoogleAccountsService(String str, String str2, String str3, String str4, String str5, PrivateKey privateKey, PublicKey publicKey, String str6) {
        super(str, str2, str3, null);
        this.relayState = str4;
        this.privateKey = privateKey;
        this.publicKey = publicKey;
        this.requestId = str5;
        this.alternateUserName = str6;
    }

    public static GoogleAccountsService createServiceFrom(HttpServletRequest httpServletRequest, PrivateKey privateKey, PublicKey publicKey, String str) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, (Object) null, (Object) null, new Object[]{httpServletRequest, privateKey, publicKey, str});
        return (GoogleAccountsService) createServiceFrom_aroundBody1$advice(httpServletRequest, privateKey, publicKey, str, makeJP, LogAspect.aspectOf(), (ProceedingJoinPoint) makeJP);
    }

    @Override // org.jasig.cas.authentication.principal.WebApplicationService
    public Response getResponse(String str) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this, str);
        return (Response) getResponse_aroundBody3$advice(this, str, makeJP, LogAspect.aspectOf(), (ProceedingJoinPoint) makeJP);
    }

    @Override // org.jasig.cas.authentication.principal.AbstractWebApplicationService, org.jasig.cas.authentication.principal.Service
    public boolean logOutOfService(String str) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, str);
        return Conversions.booleanValue(logOutOfService_aroundBody5$advice(this, str, makeJP, LogAspect.aspectOf(), (ProceedingJoinPoint) makeJP));
    }

    private String constructSamlResponse() {
        String id;
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(new Date());
        calendar.add(1, 1);
        if (this.alternateUserName == null) {
            id = getPrincipal().getId();
        } else {
            String str = (String) getPrincipal().getAttributes().get(this.alternateUserName);
            id = str == null ? getPrincipal().getId() : str;
        }
        return TEMPLATE_SAML_RESPONSE.replace("<USERNAME_STRING>", id).replace("<RESPONSE_ID>", createID()).replace("<ISSUE_INSTANT>", SamlUtils.getCurrentDateAndTime()).replace("<AUTHN_INSTANT>", SamlUtils.getCurrentDateAndTime()).replaceAll("<NOT_ON_OR_AFTER>", SamlUtils.getFormattedDateAndTime(calendar.getTime())).replace("<ASSERTION_ID>", createID()).replaceAll("<ACS_URL>", getId()).replace("<REQUEST_ID>", this.requestId);
    }

    private static String createID() {
        byte[] bArr = new byte[20];
        random.nextBytes(bArr);
        char[] cArr = new char[40];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = (bArr[i] >> 4) & 15;
            int i3 = bArr[i] & 15;
            cArr[i * 2] = charMapping[i2];
            cArr[(i * 2) + 1] = charMapping[i3];
        }
        return String.valueOf(cArr);
    }

    private static String decodeAuthnRequestXML(String str) {
        byte[] base64Decode;
        if (str == null || (base64Decode = base64Decode(str)) == null) {
            return null;
        }
        String inflate = inflate(base64Decode);
        return inflate != null ? inflate : zlibDeflate(base64Decode);
    }

    private static String zlibDeflate(byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        InflaterInputStream inflaterInputStream = new InflaterInputStream(byteArrayInputStream);
        byte[] bArr2 = new byte[1024];
        try {
            for (int read = inflaterInputStream.read(bArr2); read != -1; read = inflaterInputStream.read(bArr2)) {
                byteArrayOutputStream.write(bArr2, 0, read);
            }
            String str = new String(byteArrayOutputStream.toByteArray());
            try {
                inflaterInputStream.close();
            } catch (Exception unused) {
            }
            return str;
        } catch (Exception unused2) {
            try {
                inflaterInputStream.close();
                return null;
            } catch (Exception unused3) {
                return null;
            }
        } catch (Throwable th) {
            try {
                inflaterInputStream.close();
            } catch (Exception unused4) {
            }
            throw th;
        }
    }

    private static byte[] base64Decode(String str) {
        try {
            return Base64.decodeBase64(str.getBytes("UTF-8"));
        } catch (Exception unused) {
            return null;
        }
    }

    private static String inflate(byte[] bArr) {
        Inflater inflater = new Inflater(true);
        byte[] bArr2 = new byte[Priority.DEBUG_INT];
        byte[] bArr3 = new byte[bArr.length + 1];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        bArr3[bArr.length] = 0;
        inflater.setInput(bArr3);
        try {
            int inflate = inflater.inflate(bArr2);
            inflater.end();
            if (!inflater.finished()) {
                throw new RuntimeException("buffer not large enough.");
            }
            inflater.end();
            return new String(bArr2, 0, inflate, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("Cannot find encoding: UTF-8", e);
        } catch (DataFormatException unused) {
            return null;
        }
    }

    private static final /* synthetic */ GoogleAccountsService createServiceFrom_aroundBody0(HttpServletRequest httpServletRequest, PrivateKey privateKey, PublicKey publicKey, String str, JoinPoint joinPoint) {
        Document constructDocumentFromXmlString;
        String parameter = httpServletRequest.getParameter(CONST_RELAY_STATE);
        String decodeAuthnRequestXML = decodeAuthnRequestXML(httpServletRequest.getParameter(CONST_PARAM_SERVICE));
        if (StringUtils.hasText(decodeAuthnRequestXML) && (constructDocumentFromXmlString = SamlUtils.constructDocumentFromXmlString(decodeAuthnRequestXML)) != null) {
            return new GoogleAccountsService(constructDocumentFromXmlString.getRootElement().getAttributeValue("AssertionConsumerServiceURL"), parameter, constructDocumentFromXmlString.getRootElement().getAttributeValue("ID"), privateKey, publicKey, str);
        }
        return null;
    }

    private static final /* synthetic */ Object createServiceFrom_aroundBody1$advice(HttpServletRequest httpServletRequest, PrivateKey privateKey, PublicKey publicKey, String str, JoinPoint joinPoint, LogAspect logAspect, ProceedingJoinPoint proceedingJoinPoint) {
        GoogleAccountsService googleAccountsService = null;
        Logger log = logAspect.getLog(proceedingJoinPoint);
        String name = proceedingJoinPoint.getSignature().getName();
        try {
            if (log.isTraceEnabled()) {
                Object[] args = proceedingJoinPoint.getArgs();
                log.trace("Entering method [" + name + " with arguments [" + ((args == null || args.length == 0) ? "" : Arrays.deepToString(args)) + "]");
            }
            googleAccountsService = createServiceFrom_aroundBody0(httpServletRequest, privateKey, publicKey, str, proceedingJoinPoint);
            if (log.isTraceEnabled()) {
                log.trace("Leaving method [" + name + "] with return value [" + (googleAccountsService != null ? googleAccountsService.toString() : "null") + "].");
            }
            return googleAccountsService;
        } catch (Throwable th) {
            if (log.isTraceEnabled()) {
                log.trace("Leaving method [" + name + "] with return value [" + (googleAccountsService != null ? googleAccountsService.toString() : "null") + "].");
            }
            throw th;
        }
    }

    private static final /* synthetic */ Response getResponse_aroundBody2(GoogleAccountsService googleAccountsService, String str, JoinPoint joinPoint) {
        HashMap hashMap = new HashMap();
        hashMap.put("SAMLResponse", SamlUtils.signSamlResponse(googleAccountsService.constructSamlResponse(), googleAccountsService.privateKey, googleAccountsService.publicKey));
        hashMap.put(CONST_RELAY_STATE, googleAccountsService.relayState);
        return Response.getPostResponse(googleAccountsService.getOriginalUrl(), hashMap);
    }

    private static final /* synthetic */ Object getResponse_aroundBody3$advice(GoogleAccountsService googleAccountsService, String str, JoinPoint joinPoint, LogAspect logAspect, ProceedingJoinPoint proceedingJoinPoint) {
        Response response = null;
        Logger log = logAspect.getLog(proceedingJoinPoint);
        String name = proceedingJoinPoint.getSignature().getName();
        try {
            if (log.isTraceEnabled()) {
                Object[] args = proceedingJoinPoint.getArgs();
                log.trace("Entering method [" + name + " with arguments [" + ((args == null || args.length == 0) ? "" : Arrays.deepToString(args)) + "]");
            }
            response = getResponse_aroundBody2(googleAccountsService, str, proceedingJoinPoint);
            if (log.isTraceEnabled()) {
                log.trace("Leaving method [" + name + "] with return value [" + (response != null ? response.toString() : "null") + "].");
            }
            return response;
        } catch (Throwable th) {
            if (log.isTraceEnabled()) {
                log.trace("Leaving method [" + name + "] with return value [" + (response != null ? response.toString() : "null") + "].");
            }
            throw th;
        }
    }

    private static final /* synthetic */ boolean logOutOfService_aroundBody4(GoogleAccountsService googleAccountsService, String str, JoinPoint joinPoint) {
        return false;
    }

    private static final /* synthetic */ Object logOutOfService_aroundBody5$advice(GoogleAccountsService googleAccountsService, String str, JoinPoint joinPoint, LogAspect logAspect, ProceedingJoinPoint proceedingJoinPoint) {
        Object obj = null;
        Logger log = logAspect.getLog(proceedingJoinPoint);
        String name = proceedingJoinPoint.getSignature().getName();
        try {
            if (log.isTraceEnabled()) {
                Object[] args = proceedingJoinPoint.getArgs();
                log.trace("Entering method [" + name + " with arguments [" + ((args == null || args.length == 0) ? "" : Arrays.deepToString(args)) + "]");
            }
            obj = Conversions.booleanObject(logOutOfService_aroundBody4(googleAccountsService, str, proceedingJoinPoint));
            if (log.isTraceEnabled()) {
                log.trace("Leaving method [" + name + "] with return value [" + (obj != null ? obj.toString() : "null") + "].");
            }
            return obj;
        } catch (Throwable th) {
            if (log.isTraceEnabled()) {
                log.trace("Leaving method [" + name + "] with return value [" + (obj != null ? obj.toString() : "null") + "].");
            }
            throw th;
        }
    }
}
