package org.cloudfoundry.identity.uaa.provider.saml.idp;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.namespace.QName;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
import org.opensaml.common.SAMLException;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.signature.SignatureException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.saml.context.SAMLMessageContext;
import org.springframework.security.saml.metadata.ExtendedMetadata;
import org.springframework.security.saml.metadata.MetadataManager;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.19.2.jar:org/cloudfoundry/identity/uaa/provider/saml/idp/IdpSamlAuthenticationSuccessHandler.class */
public class IdpSamlAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) IdpSamlAuthenticationSuccessHandler.class);
    private IdpWebSsoProfile idpWebSsoProfile;
    private MetadataManager metadataManager;

    @Override // org.springframework.security.web.authentication.AuthenticationSuccessHandler
    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        SAMLMessageContext samlMessageContext = ((UaaAuthentication) authentication).getSamlMessageContext();
        try {
            IdpExtendedMetadata idpExtendedMetadata = (IdpExtendedMetadata) this.metadataManager.getExtendedMetadata(samlMessageContext.getLocalEntityId());
            try {
                populatePeerContext(samlMessageContext);
                try {
                    IdpWebSSOProfileOptions idpWebSSOProfileOptions = new IdpWebSSOProfileOptions();
                    idpWebSSOProfileOptions.setAssertionsSigned(idpExtendedMetadata.isAssertionsSigned());
                    idpWebSSOProfileOptions.setAssertionTimeToLiveSeconds(idpExtendedMetadata.getAssertionTimeToLiveSeconds());
                    this.idpWebSsoProfile.sendResponse(authentication, samlMessageContext, idpWebSSOProfileOptions);
                } catch (SAMLException e) {
                    LOGGER.debug("Incoming SAML message is invalid.", (Throwable) e);
                    throw new AuthenticationServiceException("Incoming SAML message is invalid.", e);
                } catch (MetadataProviderException e2) {
                    LOGGER.debug("Error determining metadata contracts.", (Throwable) e2);
                    throw new AuthenticationServiceException("Error determining metadata contracts.", e2);
                } catch (MessageEncodingException e3) {
                    LOGGER.debug("Error decoding incoming SAML message.", (Throwable) e3);
                    throw new AuthenticationServiceException("Error encoding outgoing SAML message.", e3);
                } catch (MarshallingException | SecurityException | SignatureException e4) {
                    LOGGER.debug("Error signing SAML assertion.", e4);
                    throw new AuthenticationServiceException("Error signing SAML assertion.", e4);
                }
            } catch (MetadataProviderException e5) {
                throw new ServletException("Failed to populate peer SAML SP context.", e5);
            }
        } catch (MetadataProviderException e6) {
            throw new ServletException("Failed to obtain local SAML IdP extended metadata.", e6);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void populatePeerContext(SAMLMessageContext sAMLMessageContext) throws MetadataProviderException {
        String peerEntityId = sAMLMessageContext.getPeerEntityId();
        QName peerEntityRole = sAMLMessageContext.getPeerEntityRole();
        if (peerEntityId == null) {
            throw new MetadataProviderException("Peer entity ID wasn't specified, but is requested");
        }
        EntityDescriptor entityDescriptor = this.metadataManager.getEntityDescriptor(peerEntityId);
        RoleDescriptor role = this.metadataManager.getRole(peerEntityId, peerEntityRole, SAMLConstants.SAML20P_NS);
        ExtendedMetadata extendedMetadata = this.metadataManager.getExtendedMetadata(peerEntityId);
        if (entityDescriptor == null || role == null) {
            throw new MetadataProviderException("Metadata for entity " + peerEntityId + " and role " + peerEntityRole + " wasn't found");
        }
        sAMLMessageContext.setPeerEntityMetadata(entityDescriptor);
        sAMLMessageContext.setPeerEntityRoleMetadata(role);
        sAMLMessageContext.setPeerExtendedMetadata(extendedMetadata);
    }

    @Autowired
    public void setIdpWebSsoProfile(IdpWebSsoProfile idpWebSsoProfile) {
        Assert.notNull(idpWebSsoProfile, "SAML Web SSO profile can't be null.");
        this.idpWebSsoProfile = idpWebSsoProfile;
    }

    @Autowired
    public void setMetadataManager(MetadataManager metadataManager) {
        Assert.notNull(metadataManager, "SAML metadata manager can't be null.");
        this.metadataManager = metadataManager;
    }
}
