package pl.edu.icm.unity.saml.idp.ws;

import eu.unicore.samly2.exceptions.SAMLRequesterException;
import eu.unicore.samly2.exceptions.SAMLServerException;
import eu.unicore.samly2.webservice.SAMLAuthnInterface;
import java.util.Iterator;
import java.util.List;
import org.apache.cxf.interceptor.Fault;
import org.apache.log4j.Logger;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.saml.idp.SamlIdpProperties;
import pl.edu.icm.unity.saml.idp.ctx.SAMLAuthnContext;
import pl.edu.icm.unity.saml.idp.preferences.SamlPreferences;
import pl.edu.icm.unity.saml.idp.processor.AuthnResponseProcessor;
import pl.edu.icm.unity.saml.validator.UnityAuthnRequestValidator;
import pl.edu.icm.unity.server.api.PreferencesManagement;
import pl.edu.icm.unity.server.api.internal.IdPEngine;
import pl.edu.icm.unity.server.authn.InvocationContext;
import pl.edu.icm.unity.server.translation.out.TranslationResult;
import pl.edu.icm.unity.server.utils.Log;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.types.basic.Identity;
import pl.edu.icm.unity.types.basic.IdentityParam;
import xmlbeans.org.oasis.saml2.protocol.AuthnRequestDocument;
import xmlbeans.org.oasis.saml2.protocol.AuthnRequestType;
import xmlbeans.org.oasis.saml2.protocol.ResponseDocument;

/* loaded from: input_file:pl/edu/icm/unity/saml/idp/ws/SAMLAuthnImpl.class */
public class SAMLAuthnImpl implements SAMLAuthnInterface {
    private static final Logger log = Log.getLogger("unity.server.saml", SAMLAuthnImpl.class);
    protected SamlIdpProperties samlProperties;
    protected String endpointAddress;
    protected IdPEngine idpEngine;
    protected PreferencesManagement preferencesMan;

    public SAMLAuthnImpl(SamlIdpProperties samlIdpProperties, String str, IdPEngine idPEngine, PreferencesManagement preferencesManagement) {
        this.samlProperties = samlIdpProperties;
        this.endpointAddress = str;
        this.idpEngine = idPEngine;
        this.preferencesMan = preferencesManagement;
    }

    public ResponseDocument authnRequest(AuthnRequestDocument authnRequestDocument) {
        ResponseDocument errorResponse;
        if (log.isTraceEnabled()) {
            log.trace("Received SAML AuthnRequest: " + authnRequestDocument.xmlText());
        }
        SAMLAuthnContext sAMLAuthnContext = new SAMLAuthnContext(authnRequestDocument, this.samlProperties);
        try {
            validate(sAMLAuthnContext);
            AuthnResponseProcessor authnResponseProcessor = new AuthnResponseProcessor(sAMLAuthnContext);
            try {
                SamlPreferences.SPSettings sPSettings = SamlPreferences.getPreferences(this.preferencesMan).getSPSettings(((AuthnRequestType) sAMLAuthnContext.getRequest()).getIssuer());
                TranslationResult userInfo = getUserInfo(authnResponseProcessor);
                IdentityParam identity = getIdentity(userInfo, authnResponseProcessor, sPSettings);
                log.debug("Authentication of " + identity);
                errorResponse = authnResponseProcessor.processAuthnRequest(identity, authnResponseProcessor.getAttributes(userInfo, sPSettings));
            } catch (Exception e) {
                log.debug("Throwing SAML fault, caused by processing exception", e);
                errorResponse = authnResponseProcessor.getErrorResponse(authnResponseProcessor.convert2SAMLError(e, null, true));
            }
            if (log.isTraceEnabled()) {
                log.trace("Returning SAML Response: " + errorResponse.xmlText());
            }
            return errorResponse;
        } catch (SAMLServerException e2) {
            log.debug("Throwing SAML fault, caused by validation exception", e2);
            throw new Fault(e2);
        }
    }

    protected TranslationResult getUserInfo(AuthnResponseProcessor authnResponseProcessor) throws EngineException {
        return this.idpEngine.obtainUserInformation(new EntityParam(Long.valueOf(InvocationContext.getCurrent().getLoginSession().getEntityId())), authnResponseProcessor.getChosenGroup(), this.samlProperties.getValue("translationProfile"), authnResponseProcessor.getIdentityTarget(), "SAML2", "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", authnResponseProcessor.isIdentityCreationAllowed());
    }

    protected IdentityParam getIdentity(TranslationResult translationResult, AuthnResponseProcessor authnResponseProcessor, SamlPreferences.SPSettings sPSettings) throws EngineException, SAMLRequesterException {
        List<IdentityParam> compatibleIdentities = authnResponseProcessor.getCompatibleIdentities(translationResult.getIdentities());
        if (compatibleIdentities.size() > 0) {
            Iterator<IdentityParam> it = compatibleIdentities.iterator();
            while (it.hasNext()) {
                Identity identity = (IdentityParam) it.next();
                if (identity instanceof Identity) {
                    if (identity.getComparableValue().equals(sPSettings.getSelectedIdentity())) {
                        return identity;
                    }
                } else if (identity.getValue().equals(sPSettings.getSelectedIdentity())) {
                    return identity;
                }
            }
        }
        return compatibleIdentities.get(0);
    }

    protected void validate(SAMLAuthnContext sAMLAuthnContext) throws SAMLServerException {
        new UnityAuthnRequestValidator(this.endpointAddress, this.samlProperties.getSoapTrustChecker(), this.samlProperties.getRequestValidity(), this.samlProperties.getReplayChecker()).validate((AuthnRequestDocument) sAMLAuthnContext.getRequestDocument());
    }
}
