package pl.edu.icm.unity.unicore.samlidp.web;

import eu.unicore.security.dsig.DSigException;
import java.io.IOException;
import java.util.Calendar;
import java.util.TimeZone;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.ObjectFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.EnquiryManagement;
import pl.edu.icm.unity.engine.api.PreferencesManagement;
import pl.edu.icm.unity.engine.api.attributes.AttributeTypeSupport;
import pl.edu.icm.unity.engine.api.authn.AuthenticationException;
import pl.edu.icm.unity.engine.api.idp.IdPEngine;
import pl.edu.icm.unity.engine.api.policyAgreement.PolicyAgreementManagement;
import pl.edu.icm.unity.engine.api.session.SessionManagement;
import pl.edu.icm.unity.engine.api.translation.out.TranslationResult;
import pl.edu.icm.unity.engine.api.utils.FreemarkerAppHandler;
import pl.edu.icm.unity.engine.api.utils.PrototypeComponent;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.saml.SamlProperties;
import pl.edu.icm.unity.saml.idp.SamlIdpStatisticReporter;
import pl.edu.icm.unity.saml.idp.ctx.SAMLAuthnContext;
import pl.edu.icm.unity.saml.idp.preferences.SamlPreferences;
import pl.edu.icm.unity.saml.idp.web.filter.IdpConsentDeciderServlet;
import pl.edu.icm.unity.saml.idp.web.filter.IdpConsentDeciderServletFactory;
import pl.edu.icm.unity.saml.slo.SamlRoutableSignableMessage;
import pl.edu.icm.unity.types.basic.IdentityParam;
import pl.edu.icm.unity.types.endpoint.Endpoint;
import pl.edu.icm.unity.unicore.samlidp.preferences.SamlPreferencesWithETD;
import pl.edu.icm.unity.unicore.samlidp.saml.AuthnWithETDResponseProcessor;
import pl.edu.icm.unity.webui.idpcommon.EopException;
import xmlbeans.org.oasis.saml2.protocol.ResponseDocument;

@PrototypeComponent
/* loaded from: input_file:pl/edu/icm/unity/unicore/samlidp/web/UnicoreIdpConsentDeciderServlet.class */
public class UnicoreIdpConsentDeciderServlet extends IdpConsentDeciderServlet {
    private static final Logger log = Log.getLogger("unity.server.saml", UnicoreIdpConsentDeciderServlet.class);

    @Component
    /* loaded from: input_file:pl/edu/icm/unity/unicore/samlidp/web/UnicoreIdpConsentDeciderServlet$Factory.class */
    public static class Factory implements IdpConsentDeciderServletFactory {

        @Autowired
        private ObjectFactory<UnicoreIdpConsentDeciderServlet> factory;

        public IdpConsentDeciderServlet getInstance(String str, String str2, Endpoint endpoint) {
            UnicoreIdpConsentDeciderServlet unicoreIdpConsentDeciderServlet = (UnicoreIdpConsentDeciderServlet) this.factory.getObject();
            unicoreIdpConsentDeciderServlet.init(str, str2, endpoint);
            return unicoreIdpConsentDeciderServlet;
        }
    }

    @Autowired
    public UnicoreIdpConsentDeciderServlet(AttributeTypeSupport attributeTypeSupport, PreferencesManagement preferencesManagement, IdPEngine idPEngine, FreemarkerAppHandler freemarkerAppHandler, SessionManagement sessionManagement, @Qualifier("insecure") EnquiryManagement enquiryManagement, PolicyAgreementManagement policyAgreementManagement, MessageSource messageSource, SamlIdpStatisticReporter.SamlIdpStatisticReporterFactory samlIdpStatisticReporterFactory) {
        super(attributeTypeSupport, preferencesManagement, idPEngine, freemarkerAppHandler, sessionManagement, enquiryManagement, policyAgreementManagement, messageSource, samlIdpStatisticReporterFactory);
    }

    protected SamlPreferences.SPSettings loadPreferences(SAMLAuthnContext sAMLAuthnContext) throws EngineException {
        return SamlPreferencesWithETD.getPreferences(this.preferencesMan).getSPSettings(sAMLAuthnContext.getRequest().getIssuer());
    }

    protected void autoReplay(SamlPreferences.SPSettings sPSettings, SAMLAuthnContext sAMLAuthnContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws EopException, IOException {
        AuthnWithETDResponseProcessor authnWithETDResponseProcessor = new AuthnWithETDResponseProcessor(this.aTypeSupport, sAMLAuthnContext, Calendar.getInstance(TimeZone.getTimeZone("UTC")));
        String serviceUrl = getServiceUrl(sAMLAuthnContext);
        if (!sPSettings.isDefaultAccept()) {
            this.ssoResponseHandler.handleException(authnWithETDResponseProcessor, new AuthenticationException("Authentication was declined"), SamlProperties.Binding.HTTP_POST, serviceUrl, sAMLAuthnContext, httpServletRequest, httpServletResponse, false);
        }
        try {
            SamlPreferencesWithETD.SPETDSettings sPETDSettings = SamlPreferencesWithETD.getPreferences(this.preferencesMan).getSPETDSettings(sAMLAuthnContext.getRequest().getIssuer());
            TranslationResult userInfo = getUserInfo(sAMLAuthnContext.getSamlConfiguration(), authnWithETDResponseProcessor, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
            IdentityParam identity = getIdentity(userInfo, authnWithETDResponseProcessor, sPSettings);
            log.debug("Authentication of " + identity);
            SamlRoutableSignableMessage<ResponseDocument> processAuthnRequest = authnWithETDResponseProcessor.processAuthnRequest(identity, authnWithETDResponseProcessor.getAttributes(userInfo, sPSettings), sAMLAuthnContext.getResponseDestination(), sPETDSettings.toDelegationRestrictions(), sAMLAuthnContext.getRelayState());
            addSessionParticipant(sAMLAuthnContext, authnWithETDResponseProcessor.getAuthenticatedSubject().getNameID(), authnWithETDResponseProcessor.getSessionId(), this.sessionMan);
            try {
                this.ssoResponseHandler.sendResponse(sAMLAuthnContext, processAuthnRequest, SamlProperties.Binding.HTTP_POST, httpServletRequest, httpServletResponse);
            } catch (DSigException e) {
                this.ssoResponseHandler.handleException(authnWithETDResponseProcessor, e, SamlProperties.Binding.HTTP_POST, serviceUrl, sAMLAuthnContext, httpServletRequest, httpServletResponse, false);
            }
        } catch (Exception e2) {
            this.ssoResponseHandler.handleException(authnWithETDResponseProcessor, e2, SamlProperties.Binding.HTTP_POST, serviceUrl, sAMLAuthnContext, httpServletRequest, httpServletResponse, false);
        }
    }
}
