package org.apereo.cas.support.saml.web.idp.profile.artifact;

import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import net.shibboleth.utilities.java.support.xml.ParserPool;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectSignatureValidator;
import org.apereo.cas.ticket.artifact.SamlArtifactTicket;
import org.apereo.cas.ticket.artifact.SamlArtifactTicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.CollectionUtils;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml2.core.ArtifactResolve;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.PostMapping;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/artifact/Saml1ArtifactResolutionProfileHandlerController.class */
public class Saml1ArtifactResolutionProfileHandlerController extends AbstractSamlProfileHandlerController {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(Saml1ArtifactResolutionProfileHandlerController.class);
    private final TicketRegistry ticketRegistry;
    private final SamlArtifactTicketFactory artifactTicketFactory;
    private final SamlProfileObjectBuilder<? extends SAMLObject> samlFaultResponseBuilder;

    public Saml1ArtifactResolutionProfileHandlerController(SamlIdPObjectSigner samlIdPObjectSigner, ParserPool parserPool, AuthenticationSystemSupport authenticationSystemSupport, ServicesManager servicesManager, ServiceFactory<WebApplicationService> serviceFactory, SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, OpenSamlConfigBean openSamlConfigBean, SamlProfileObjectBuilder<? extends SAMLObject> samlProfileObjectBuilder, CasConfigurationProperties casConfigurationProperties, SamlObjectSignatureValidator samlObjectSignatureValidator, TicketRegistry ticketRegistry, SamlArtifactTicketFactory samlArtifactTicketFactory, SamlProfileObjectBuilder<? extends SAMLObject> samlProfileObjectBuilder2) {
        super(samlIdPObjectSigner, parserPool, authenticationSystemSupport, servicesManager, serviceFactory, samlRegisteredServiceCachingMetadataResolver, openSamlConfigBean, samlProfileObjectBuilder, casConfigurationProperties, samlObjectSignatureValidator);
        this.ticketRegistry = ticketRegistry;
        this.artifactTicketFactory = samlArtifactTicketFactory;
        this.samlFaultResponseBuilder = samlProfileObjectBuilder2;
    }

    @PostMapping(path = {"/idp/profile/SAML1/SOAP/ArtifactResolution"})
    protected void handlePostRequest(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        MessageContext decodeSoapRequest = decodeSoapRequest(httpServletRequest);
        ArtifactResolve artifactResolve = (ArtifactResolve) decodeSoapRequest.getMessage();
        try {
            String value = artifactResolve.getIssuer().getValue();
            SamlRegisteredService verifySamlRegisteredService = verifySamlRegisteredService(value);
            Optional<SamlRegisteredServiceServiceProviderMetadataFacade> samlMetadataFacadeFor = getSamlMetadataFacadeFor(verifySamlRegisteredService, (RequestAbstractType) artifactResolve);
            if (!samlMetadataFacadeFor.isPresent()) {
                throw new UnauthorizedServiceException("screen.service.error.message", "Cannot find metadata linked to " + value);
            }
            SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = samlMetadataFacadeFor.get();
            verifyAuthenticationContextSignature(decodeSoapRequest, httpServletRequest, (RequestAbstractType) artifactResolve, samlRegisteredServiceServiceProviderMetadataFacade);
            SamlArtifactTicket ticket = this.ticketRegistry.getTicket(this.artifactTicketFactory.createTicketIdFor(artifactResolve.getArtifact().getArtifact()), SamlArtifactTicket.class);
            this.responseBuilder.mo32build(artifactResolve, httpServletRequest, httpServletResponse, buildCasAssertion(ticket.getTicketGrantingTicket().getAuthentication(), this.webApplicationServiceFactory.createService(value), verifySamlRegisteredService, CollectionUtils.wrap("artifact", ticket)), verifySamlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact");
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            httpServletRequest.setAttribute("samlError", e.getMessage());
            this.samlFaultResponseBuilder.mo32build(artifactResolve, httpServletRequest, httpServletResponse, null, null, null, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact");
        }
    }
}
