package org.apereo.cas.support.saml.web.idp.profile.sso;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.Date;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.text.StringEscapeUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.DefaultAuthenticationBuilder;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredServiceAccessStrategyUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.support.saml.util.AbstractSaml20ObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.cas.util.DateTimeUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.web.BaseCasActuatorEndpoint;
import org.jasig.cas.client.authentication.AttributePrincipalImpl;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.AssertionImpl;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.context.ScratchContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.actuate.endpoint.web.annotation.RestControllerEndpoint;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.ResponseBody;

@RestControllerEndpoint(id = "samlPostProfileResponse", enableByDefault = false)
/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/sso/SSOSamlIdPPostProfileHandlerEndpoint.class */
public class SSOSamlIdPPostProfileHandlerEndpoint extends BaseCasActuatorEndpoint {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SSOSamlIdPPostProfileHandlerEndpoint.class);
    private final ServicesManager servicesManager;
    private final AuthenticationSystemSupport authenticationSystemSupport;
    private final ServiceFactory<WebApplicationService> serviceFactory;
    private final PrincipalFactory principalFactory;
    private final SamlProfileObjectBuilder<? extends SAMLObject> responseBuilder;
    private final SamlRegisteredServiceCachingMetadataResolver defaultSamlRegisteredServiceCachingMetadataResolver;
    private final AbstractSaml20ObjectBuilder saml20ObjectBuilder;

    public SSOSamlIdPPostProfileHandlerEndpoint(CasConfigurationProperties casConfigurationProperties, ServicesManager servicesManager, AuthenticationSystemSupport authenticationSystemSupport, ServiceFactory<WebApplicationService> serviceFactory, PrincipalFactory principalFactory, SamlProfileObjectBuilder<? extends SAMLObject> samlProfileObjectBuilder, SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, AbstractSaml20ObjectBuilder abstractSaml20ObjectBuilder) {
        super(casConfigurationProperties);
        this.servicesManager = servicesManager;
        this.authenticationSystemSupport = authenticationSystemSupport;
        this.serviceFactory = serviceFactory;
        this.principalFactory = principalFactory;
        this.responseBuilder = samlProfileObjectBuilder;
        this.defaultSamlRegisteredServiceCachingMetadataResolver = samlRegisteredServiceCachingMetadataResolver;
        this.saml20ObjectBuilder = abstractSaml20ObjectBuilder;
    }

    @GetMapping(produces = {"application/xml"})
    @ResponseBody
    @Operation(summary = "Produce SAML2 response entity", parameters = {@Parameter(name = "username", required = true), @Parameter(name = "password", required = true), @Parameter(name = "entityId", required = true), @Parameter(name = "encrypt")})
    public ResponseEntity<Object> produceGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return produce(httpServletRequest, httpServletResponse, httpServletRequest.getParameter("username"), httpServletRequest.getParameter("password"), httpServletRequest.getParameter("entityId"), Boolean.parseBoolean(httpServletRequest.getParameter("encrypt")));
    }

    @PostMapping(produces = {"application/xml"})
    @ResponseBody
    @Operation(summary = "Produce SAML2 response entity", parameters = {@Parameter(name = "username", required = true), @Parameter(name = "password", required = true), @Parameter(name = "entityId", required = true), @Parameter(name = "encrypt")})
    public ResponseEntity<Object> producePost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @RequestBody Map<String, String> map) {
        return produce(httpServletRequest, httpServletResponse, map.get("username"), map.get("password"), map.get("entityId"), Boolean.parseBoolean(map.get("encrypt")));
    }

    private ResponseEntity<Object> produce(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, boolean z) {
        try {
            SamlRegisteredService findServiceBy = this.servicesManager.findServiceBy(this.serviceFactory.createService(str3), SamlRegisteredService.class);
            RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(findServiceBy);
            SamlRegisteredService samlRegisteredService = (SamlRegisteredService) BeanUtils.cloneBean(findServiceBy);
            samlRegisteredService.setEncryptAssertions(z);
            samlRegisteredService.setEncryptAttributes(z);
            AuthnRequest buildObject = new AuthnRequestBuilder().buildObject();
            buildObject.setIssuer(this.saml20ObjectBuilder.newIssuer(str3));
            Optional optional = SamlRegisteredServiceServiceProviderMetadataFacade.get(this.defaultSamlRegisteredServiceCachingMetadataResolver, samlRegisteredService, str3);
            if (!optional.isPresent()) {
                return new ResponseEntity<>(HttpStatus.NO_CONTENT);
            }
            SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) optional.get();
            MessageContext messageContext = new MessageContext();
            ((ScratchContext) Objects.requireNonNull(messageContext.getSubcontext(ScratchContext.class, true))).getMap().put("encodeSamlResponse", Boolean.FALSE);
            return new ResponseEntity<>(SamlUtils.transformSamlObject(this.saml20ObjectBuilder.getOpenSamlConfigBean(), this.responseBuilder.mo22build(buildObject, httpServletRequest, httpServletResponse, getAssertion(str, str2, str3), samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", messageContext), true).toString(), HttpStatus.OK);
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            return new ResponseEntity<>(StringEscapeUtils.escapeHtml4(e.getMessage()), HttpStatus.BAD_REQUEST);
        }
    }

    private Assertion getAssertion(String str, String str2, String str3) {
        WebApplicationService createService = this.serviceFactory.createService(str3);
        SamlRegisteredService findServiceBy = this.servicesManager.findServiceBy(createService, SamlRegisteredService.class);
        Authentication authentication = this.authenticationSystemSupport.finalizeAuthenticationTransaction(createService, new Credential[]{new UsernamePasswordCredential(str, str2)}).getAuthentication();
        Principal principal = authentication.getPrincipal();
        Authentication build = DefaultAuthenticationBuilder.of(principal, this.principalFactory, findServiceBy.getAttributeReleasePolicy().getAttributes(principal, createService, findServiceBy), createService, findServiceBy, authentication).build();
        Principal principal2 = build.getPrincipal();
        return new AssertionImpl(new AttributePrincipalImpl(principal2.getId(), principal2.getAttributes()), DateTimeUtils.dateOf(ZonedDateTime.now(ZoneOffset.UTC)), (Date) null, DateTimeUtils.dateOf(ZonedDateTime.now(ZoneOffset.UTC)), build.getAttributes());
    }
}
