package dk.itst.oiosaml.sp.service;

import dk.itst.oiosaml.common.SAMLUtil;
import dk.itst.oiosaml.configuration.SAMLConfigurationFactory;
import dk.itst.oiosaml.logging.Audit;
import dk.itst.oiosaml.logging.Logger;
import dk.itst.oiosaml.logging.LoggerFactory;
import dk.itst.oiosaml.logging.Operation;
import dk.itst.oiosaml.sp.AuthenticationHandler;
import dk.itst.oiosaml.sp.PassiveUserAssertion;
import dk.itst.oiosaml.sp.UserAssertion;
import dk.itst.oiosaml.sp.UserAssertionImpl;
import dk.itst.oiosaml.sp.metadata.IdpMetadata;
import dk.itst.oiosaml.sp.model.OIOAssertion;
import dk.itst.oiosaml.sp.model.OIOResponse;
import dk.itst.oiosaml.sp.model.RelayState;
import dk.itst.oiosaml.sp.model.validation.AssertionValidator;
import dk.itst.oiosaml.sp.service.util.ArtifactExtractor;
import dk.itst.oiosaml.sp.service.util.Constants;
import dk.itst.oiosaml.sp.service.util.HTTPUtils;
import dk.itst.oiosaml.sp.service.util.HttpSOAPClient;
import dk.itst.oiosaml.sp.service.util.PostResponseExtractor;
import dk.itst.oiosaml.sp.service.util.SOAPClient;
import dk.itst.oiosaml.sp.service.util.Utils;
import java.io.IOException;
import java.util.Enumeration;
import javax.servlet.ServletException;
import javax.servlet.http.HttpSession;
import org.apache.commons.configuration.Configuration;
import org.opensaml.saml2.core.Assertion;

/* loaded from: input_file:dk/itst/oiosaml/sp/service/SAMLAssertionConsumerHandler.class */
public class SAMLAssertionConsumerHandler implements SAMLHandler {
    private static final long serialVersionUID = -8417816228519917989L;
    public static final String VERSION = "$Id: SAMLAssertionConsumerHandler.java 2910 2008-05-21 13:07:31Z jre $";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SAMLAssertionConsumerHandler.class);
    private SOAPClient client;
    private final AssertionValidator validator;

    public SAMLAssertionConsumerHandler(Configuration configuration) {
        this.validator = (AssertionValidator) Utils.newInstance(configuration, Constants.PROP_VALIDATOR);
        setSoapClient(new HttpSOAPClient());
    }

    public void setSoapClient(SOAPClient sOAPClient) {
        this.client = sOAPClient;
    }

    @Override // dk.itst.oiosaml.sp.service.SAMLHandler
    public void handlePost(RequestContext requestContext) throws IOException, ServletException {
        handleSAMLResponse(requestContext, new PostResponseExtractor().extract(requestContext.getRequest()));
    }

    @Override // dk.itst.oiosaml.sp.service.SAMLHandler
    public void handleGet(RequestContext requestContext) throws IOException, ServletException {
        if (requestContext.getRequest().getParameter(Constants.SAML_SAMLRESPONSE) != null) {
            handlePost(requestContext);
        } else {
            handleSAMLResponse(requestContext, new ArtifactExtractor(requestContext.getIdpMetadata(), requestContext.getSpMetadata().getEntityID(), this.client, requestContext.getConfiguration().getString(Constants.PROP_RESOLVE_USERNAME), requestContext.getConfiguration().getString(Constants.PROP_RESOLVE_PASSWORD), requestContext.getConfiguration().getBoolean(Constants.PROP_IGNORE_CERTPATH, false)).extract(requestContext.getRequest()));
        }
    }

    private void handleSAMLResponse(RequestContext requestContext, OIOResponse oIOResponse) throws IOException, ServletException {
        Audit.log(Operation.AUTHNREQUEST_SEND, false, oIOResponse.getInResponseTo(), oIOResponse.toXML());
        HttpSession session = requestContext.getSession();
        if (log.isDebugEnabled()) {
            log.debug("Calling URL.:" + requestContext.getRequest().getRequestURI() + "?" + requestContext.getRequest().getQueryString());
            log.debug("SessionId..:" + session.getId());
        }
        RelayState fromRequest = RelayState.fromRequest(requestContext.getRequest());
        if (log.isDebugEnabled()) {
            log.debug("Got relayState..:" + fromRequest);
        }
        String originatingIdpEntityId = oIOResponse.getOriginatingIdpEntityId(requestContext.getSessionHandler());
        if (log.isDebugEnabled()) {
            log.debug("Received SAML Response from " + originatingIdpEntityId + ": " + oIOResponse.toXML());
        }
        boolean z = requestContext.getConfiguration().getBoolean(Constants.PROP_PASSIVE, false);
        IdpMetadata.Metadata metadata = requestContext.getIdpMetadata().getMetadata(originatingIdpEntityId);
        oIOResponse.validateResponse(requestContext.getSpMetadata().getAssertionConsumerServiceLocation(0), metadata.getValidCertificates(), z);
        oIOResponse.decryptAssertion(requestContext.getCredential(), !requestContext.getConfiguration().getBoolean(Constants.PROP_REQUIRE_ENCRYPTION, false));
        oIOResponse.validateAssertionSignature(metadata.getValidCertificates());
        HttpSession session2 = SAMLConfigurationFactory.getConfiguration().getSameSiteSessionSynchronizer().getSession(oIOResponse.getInResponseTo());
        if (session2 != null && !session2.getId().equals(session.getId())) {
            log.info("Copying session attributes from orphaned session (" + session2.getId() + ") to new session (" + session.getId() + ")");
            Enumeration attributeNames = session2.getAttributeNames();
            while (attributeNames.hasMoreElements()) {
                String str = (String) attributeNames.nextElement();
                session.setAttribute(str, session2.getAttribute(str));
            }
        }
        if (z && oIOResponse.isPassive()) {
            log.debug("Received passive response, setting passive userassertion");
            Assertion buildXMLObject = SAMLUtil.buildXMLObject(Assertion.class);
            buildXMLObject.setID("" + System.currentTimeMillis());
            requestContext.getSessionHandler().setAssertion(session.getId(), new OIOAssertion(buildXMLObject));
            PassiveUserAssertion passiveUserAssertion = new PassiveUserAssertion(requestContext.getConfiguration().getString(Constants.PROP_PASSIVE_USER_ID));
            session.setAttribute(Constants.SESSION_USER_ASSERTION, passiveUserAssertion);
            Audit.log(Operation.LOGIN, passiveUserAssertion.getSubject());
        } else {
            OIOAssertion assertion = oIOResponse.getAssertion();
            assertion.validateAssertion(this.validator, requestContext.getSpMetadata().getEntityID(), requestContext.getSpMetadata().getAssertionConsumerServiceLocation(0));
            UserAssertionImpl userAssertionImpl = new UserAssertionImpl(assertion);
            if (!invokeAuthenticationHandler(requestContext, userAssertionImpl)) {
                Audit.logError(Operation.LOGIN, false, oIOResponse.getInResponseTo(), "Authentication handler stopped authentication");
                log.error("Authentication handler stopped authentication");
                return;
            }
            Audit.setAssertionId(assertion.getID());
            Audit.log(Operation.LOGIN, assertion.getSubjectNameIDValue() + "/" + assertion.getAssuranceLevel() + " via " + assertion.getIssuer());
            Audit.log(Operation.LOGIN_SESSION, Integer.toString(session.getMaxInactiveInterval()));
            Assertion assertion2 = assertion.getAssertion();
            assertion2.releaseChildrenDOM(true);
            assertion2.releaseDOM();
            assertion2.detach();
            requestContext.getSessionHandler().setAssertion(session.getId(), assertion);
            session.setAttribute(Constants.SESSION_USER_ASSERTION, userAssertionImpl);
        }
        if (fromRequest.getRelayState() != null) {
            HTTPUtils.sendResponse(requestContext.getSessionHandler().getRequest(fromRequest.getRelayState()), requestContext);
        } else {
            HTTPUtils.sendResponse(null, requestContext);
        }
    }

    private static boolean invokeAuthenticationHandler(RequestContext requestContext, UserAssertion userAssertion) {
        String string = requestContext.getConfiguration().getString(Constants.PROP_AUTHENTICATION_HANDLER, (String) null);
        if (string != null) {
            log.debug("Authentication handler: " + string);
            return ((AuthenticationHandler) Utils.newInstance(requestContext.getConfiguration(), Constants.PROP_AUTHENTICATION_HANDLER)).userAuthenticated(userAssertion, requestContext.getRequest(), requestContext.getResponse());
        }
        log.debug("No authentication handler configured");
        return true;
    }
}
