package pl.edu.icm.unity.saml.sp;

import eu.unicore.samly2.binding.HttpRedirectBindingSupport;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.bouncycastle.util.encoders.Base64;
import pl.edu.icm.unity.exceptions.WrongArgumentException;
import pl.edu.icm.unity.saml.sp.SAMLSPProperties;
import pl.edu.icm.unity.server.utils.Log;

/* loaded from: input_file:pl/edu/icm/unity/saml/sp/SAMLResponseConsumerServlet.class */
public class SAMLResponseConsumerServlet extends HttpServlet {
    private static final Logger log = Log.getLogger("unity.server.saml", SAMLResponseConsumerServlet.class);
    public static final String PATH = "/spSAMLResponseConsumer";
    private SamlContextManagement contextManagement;

    public SAMLResponseConsumerServlet(SamlContextManagement samlContextManagement) {
        this.contextManagement = samlContextManagement;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        process(true, httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        process(false, httpServletRequest, httpServletResponse);
    }

    private void process(boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter("SAMLResponse");
        if (parameter == null) {
            log.warn("Got a request to the SAML response consumer endpoint, but no 'SAMLResponse' is present in HTTP message parameters.");
            httpServletResponse.sendError(400, "No 'SAMLResponse' parameter");
            return;
        }
        String parameter2 = httpServletRequest.getParameter("RelayState");
        if (parameter2 == null) {
            log.warn("Got a request to the SAML response consumer endpoint, but no 'RelayState' is present in HTTP message parameters.");
            httpServletResponse.sendError(400, "No 'RelayState' parameter");
            return;
        }
        try {
            RemoteAuthnContext remoteAuthnContext = (RemoteAuthnContext) this.contextManagement.getAuthnContext(parameter2);
            if (z) {
                handleRedirectBinding(parameter, remoteAuthnContext);
            } else {
                handlePostBinding(parameter, remoteAuthnContext);
            }
            httpServletResponse.sendRedirect(remoteAuthnContext.getReturnUrl());
        } catch (WrongArgumentException e) {
            log.warn("Got a request to the SAML response consumer endpoint, with invalid relay state.");
            httpServletResponse.sendError(400, "Wrong 'RelayState' value");
        }
    }

    private void handlePostBinding(String str, RemoteAuthnContext remoteAuthnContext) {
        String str2 = new String(Base64.decode(str));
        if (log.isTraceEnabled()) {
            log.trace("Got SAML response using the HTTP POST binding:\n" + str2);
        } else {
            log.debug("Got SAML response using the HTTP POST binding");
        }
        remoteAuthnContext.setResponse(str2, SAMLSPProperties.Binding.HTTP_POST);
    }

    private void handleRedirectBinding(String str, RemoteAuthnContext remoteAuthnContext) {
        try {
            String inflateSAMLRequest = HttpRedirectBindingSupport.inflateSAMLRequest(str);
            if (log.isTraceEnabled()) {
                log.trace("Got SAML response using the HTTP Redirect binding:\n" + inflateSAMLRequest);
            } else {
                log.debug("Got SAML response using the HTTP Redirect binding");
            }
            remoteAuthnContext.setResponse(inflateSAMLRequest, SAMLSPProperties.Binding.HTTP_REDIRECT);
        } catch (IOException e) {
            log.warn("Got an improperly encoded SAML response (using HTTP Redirect binding), ignoring it.", e);
        }
    }
}
