package pl.edu.icm.unity.saml.idp.web;

import com.vaadin.annotations.Theme;
import com.vaadin.server.Resource;
import com.vaadin.server.Sizeable;
import com.vaadin.server.VaadinRequest;
import com.vaadin.ui.Alignment;
import com.vaadin.ui.CheckBox;
import com.vaadin.ui.Label;
import com.vaadin.ui.VerticalLayout;
import eu.unicore.samly2.exceptions.SAMLRequesterException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Map;
import java.util.TimeZone;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.AttributeTypeManagement;
import pl.edu.icm.unity.engine.api.PreferencesManagement;
import pl.edu.icm.unity.engine.api.attributes.AttributeTypeSupport;
import pl.edu.icm.unity.engine.api.authn.AuthenticationException;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.engine.api.identity.IdentityTypeSupport;
import pl.edu.icm.unity.engine.api.idp.IdPEngine;
import pl.edu.icm.unity.engine.api.msg.UnityMessageSource;
import pl.edu.icm.unity.engine.api.session.SessionManagement;
import pl.edu.icm.unity.engine.api.translation.out.TranslationResult;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.saml.idp.FreemarkerHandler;
import pl.edu.icm.unity.saml.idp.SamlIdpProperties;
import pl.edu.icm.unity.saml.idp.ctx.SAMLAuthnContext;
import pl.edu.icm.unity.saml.idp.preferences.SamlPreferences;
import pl.edu.icm.unity.saml.idp.processor.AuthnResponseProcessor;
import pl.edu.icm.unity.saml.idp.web.filter.IdpConsentDeciderServlet;
import pl.edu.icm.unity.types.basic.Attribute;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.webui.UnityEndpointUIBase;
import pl.edu.icm.unity.webui.UnityWebUI;
import pl.edu.icm.unity.webui.authn.WebAuthenticationProcessor;
import pl.edu.icm.unity.webui.common.Styles;
import pl.edu.icm.unity.webui.common.TopHeaderLight;
import pl.edu.icm.unity.webui.common.attributes.AttributeHandlerRegistry;
import pl.edu.icm.unity.webui.common.safehtml.HtmlTag;
import pl.edu.icm.unity.webui.common.safehtml.SafePanel;
import pl.edu.icm.unity.webui.forms.enquiry.EnquiresDialogLauncher;
import pl.edu.icm.unity.webui.idpcommon.EopException;
import pl.edu.icm.unity.webui.idpcommon.ExposedSelectableAttributesComponent;
import pl.edu.icm.unity.webui.idpcommon.IdPButtonsBar;
import pl.edu.icm.unity.webui.idpcommon.IdentitySelectorComponent;
import pl.edu.icm.unity.webui.idpcommon.SPInfoComponent;
import xmlbeans.org.oasis.saml2.assertion.NameIDType;
import xmlbeans.org.oasis.saml2.protocol.AuthnRequestType;
import xmlbeans.org.oasis.saml2.protocol.ResponseDocument;

@Theme("unityThemeValo")
@Scope("prototype")
@Component("SamlIdPWebUI")
/* loaded from: input_file:pl/edu/icm/unity/saml/idp/web/SamlIdPWebUI.class */
public class SamlIdPWebUI extends UnityEndpointUIBase implements UnityWebUI {
    private static final Logger log = Log.getLogger("unity.server.saml", SamlIdPWebUI.class);
    protected UnityMessageSource msg;
    protected IdPEngine idpEngine;
    protected FreemarkerHandler freemarkerHandler;
    protected AttributeHandlerRegistry handlersRegistry;
    protected IdentityTypeSupport identityTypeSupport;
    protected PreferencesManagement preferencesMan;
    protected WebAuthenticationProcessor authnProcessor;
    protected SessionManagement sessionMan;
    protected IdentitySelectorComponent idSelector;
    protected ExposedSelectableAttributesComponent attrsPresenter;
    protected AuthnResponseProcessor samlProcessor;
    protected SamlResponseHandler samlResponseHandler;
    protected CheckBox rememberCB;
    private AttributeTypeManagement attrsMan;
    protected AttributeTypeSupport aTypeSupport;

    @Autowired
    public SamlIdPWebUI(UnityMessageSource unityMessageSource, FreemarkerHandler freemarkerHandler, AttributeHandlerRegistry attributeHandlerRegistry, PreferencesManagement preferencesManagement, WebAuthenticationProcessor webAuthenticationProcessor, IdPEngine idPEngine, IdentityTypeSupport identityTypeSupport, SessionManagement sessionManagement, AttributeTypeManagement attributeTypeManagement, EnquiresDialogLauncher enquiresDialogLauncher, AttributeTypeSupport attributeTypeSupport) {
        super(unityMessageSource, enquiresDialogLauncher);
        this.msg = unityMessageSource;
        this.freemarkerHandler = freemarkerHandler;
        this.handlersRegistry = attributeHandlerRegistry;
        this.preferencesMan = preferencesManagement;
        this.authnProcessor = webAuthenticationProcessor;
        this.idpEngine = idPEngine;
        this.identityTypeSupport = identityTypeSupport;
        this.sessionMan = sessionManagement;
        this.attrsMan = attributeTypeManagement;
        this.aTypeSupport = attributeTypeSupport;
    }

    protected TranslationResult getUserInfo(SAMLAuthnContext sAMLAuthnContext, AuthnResponseProcessor authnResponseProcessor) throws EngineException {
        String value = sAMLAuthnContext.getSamlConfiguration().getValue("translationProfile");
        boolean booleanValue = sAMLAuthnContext.getSamlConfiguration().getBooleanValue("skipUserImport").booleanValue();
        return this.idpEngine.obtainUserInformation(new EntityParam(Long.valueOf(InvocationContext.getCurrent().getLoginSession().getEntityId())), authnResponseProcessor.getChosenGroup(), value, this.samlProcessor.getIdentityTarget(), "SAML2", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", authnResponseProcessor.isIdentityCreationAllowed(), !booleanValue);
    }

    protected void appInit(VaadinRequest vaadinRequest) {
        SAMLAuthnContext context = SAMLContextSupport.getContext();
        this.samlProcessor = new AuthnResponseProcessor(this.aTypeSupport, context, Calendar.getInstance(TimeZone.getTimeZone("UTC")));
        this.samlResponseHandler = new SamlResponseHandler(this.freemarkerHandler, this.samlProcessor);
        VerticalLayout verticalLayout = new VerticalLayout();
        verticalLayout.addComponent(new TopHeaderLight(this.endpointDescription.getEndpoint().getConfiguration().getDisplayedName().getValue(this.msg), this.msg));
        VerticalLayout verticalLayout2 = new VerticalLayout();
        verticalLayout2.addStyleName(Styles.maxWidthColumn.toString());
        verticalLayout2.setMargin(true);
        verticalLayout2.setSpacing(true);
        verticalLayout.addComponent(verticalLayout2);
        verticalLayout.setComponentAlignment(verticalLayout2, Alignment.TOP_CENTER);
        try {
            createInfoPart(context, verticalLayout2);
            createExposedDataPart(context, verticalLayout2);
            createButtonsPart(context, verticalLayout2);
            setContent(verticalLayout);
            loadPreferences(context);
        } catch (EopException e) {
        }
    }

    protected void createInfoPart(SAMLAuthnContext sAMLAuthnContext, VerticalLayout verticalLayout) {
        String stringValue = ((AuthnRequestType) sAMLAuthnContext.getRequest()).getIssuer().getStringValue();
        String assertionConsumerServiceURL = ((AuthnRequestType) sAMLAuthnContext.getRequest()).getAssertionConsumerServiceURL();
        if (assertionConsumerServiceURL == null) {
            assertionConsumerServiceURL = sAMLAuthnContext.getSamlConfiguration().getReturnAddressForRequester(((AuthnRequestType) sAMLAuthnContext.getRequest()).getIssuer());
        }
        com.vaadin.ui.Component label = new Label(this.msg.getMessage("SamlIdPWebUI.info1", new Object[0]));
        label.addStyleName(Styles.vLabelH1.toString());
        verticalLayout.addComponents(new com.vaadin.ui.Component[]{label, new SPInfoComponent(this.msg, (Resource) null, stringValue, assertionConsumerServiceURL), HtmlTag.br(), new Label(this.msg.getMessage("SamlIdPWebUI.info2", new Object[0]))});
    }

    protected void createExposedDataPart(SAMLAuthnContext sAMLAuthnContext, VerticalLayout verticalLayout) throws EopException {
        SafePanel safePanel = new SafePanel();
        verticalLayout.addComponent(safePanel);
        VerticalLayout verticalLayout2 = new VerticalLayout();
        verticalLayout2.setMargin(true);
        verticalLayout2.setSpacing(true);
        verticalLayout2.setWidth(100.0f, Sizeable.Unit.PERCENTAGE);
        safePanel.setContent(verticalLayout2);
        try {
            TranslationResult userInfo = getUserInfo(sAMLAuthnContext, this.samlProcessor);
            createIdentityPart(userInfo, verticalLayout2);
            verticalLayout2.addComponent(HtmlTag.br());
            createAttributesPart(userInfo, verticalLayout2, sAMLAuthnContext.getSamlConfiguration().getBooleanValue(SamlIdpProperties.USER_EDIT_CONSENT).booleanValue());
            this.rememberCB = new CheckBox(this.msg.getMessage("SamlIdPWebUI.rememberSettings", new Object[0]));
            verticalLayout.addComponent(this.rememberCB);
        } catch (SAMLRequesterException e) {
            log.debug("SAML problem when handling client request", e);
            this.samlResponseHandler.handleException(e, true);
        } catch (Exception e2) {
            log.error("Engine problem when handling client request", e2);
            this.samlResponseHandler.handleException(e2, true);
        }
    }

    protected void createIdentityPart(TranslationResult translationResult, VerticalLayout verticalLayout) throws EngineException, SAMLRequesterException {
        this.idSelector = new IdentitySelectorComponent(this.msg, this.identityTypeSupport, this.samlProcessor.getCompatibleIdentities(translationResult.getIdentities()));
        verticalLayout.addComponent(this.idSelector);
    }

    protected void createAttributesPart(TranslationResult translationResult, VerticalLayout verticalLayout, boolean z) throws EngineException {
        this.attrsPresenter = new ExposedSelectableAttributesComponent(this.msg, this.handlersRegistry, this.attrsMan, this.aTypeSupport, translationResult.getAttributes(), z);
        verticalLayout.addComponent(this.attrsPresenter);
    }

    protected void createButtonsPart(final SAMLAuthnContext sAMLAuthnContext, VerticalLayout verticalLayout) {
        IdPButtonsBar idPButtonsBar = new IdPButtonsBar(this.msg, this.authnProcessor, new IdPButtonsBar.ActionListener() { // from class: pl.edu.icm.unity.saml.idp.web.SamlIdPWebUI.1
            public void buttonClicked(IdPButtonsBar.Action action) {
                try {
                    if (IdPButtonsBar.Action.ACCEPT == action) {
                        SamlIdPWebUI.this.confirm(sAMLAuthnContext);
                    } else if (IdPButtonsBar.Action.DENY == action) {
                        SamlIdPWebUI.this.decline();
                    }
                } catch (EopException e) {
                }
            }
        });
        verticalLayout.addComponent(idPButtonsBar);
        verticalLayout.setComponentAlignment(idPButtonsBar, Alignment.MIDDLE_CENTER);
    }

    protected void loadPreferences(SAMLAuthnContext sAMLAuthnContext) throws EopException {
        try {
            updateUIFromPreferences(SamlPreferences.getPreferences(this.preferencesMan).getSPSettings(((AuthnRequestType) sAMLAuthnContext.getRequest()).getIssuer()), sAMLAuthnContext);
        } catch (Exception e) {
            log.error("Engine problem when processing stored preferences", e);
            this.samlResponseHandler.handleException(e, true);
        } catch (EopException e2) {
            throw e2;
        }
    }

    protected void updateUIFromPreferences(SamlPreferences.SPSettings sPSettings, SAMLAuthnContext sAMLAuthnContext) throws EngineException, EopException {
        if (sPSettings == null) {
            return;
        }
        this.attrsPresenter.setInitialState(sPSettings.getHiddenAttribtues());
        this.idSelector.setSelected(sPSettings.getSelectedIdentity());
        if (sPSettings.isDoNotAsk()) {
            if (sPSettings.isDefaultAccept()) {
                confirm(sAMLAuthnContext);
            } else {
                decline();
            }
        }
    }

    protected void updatePreferencesFromUI(SamlPreferences samlPreferences, SAMLAuthnContext sAMLAuthnContext, boolean z) throws EngineException {
        if (((Boolean) this.rememberCB.getValue()).booleanValue()) {
            NameIDType issuer = ((AuthnRequestType) sAMLAuthnContext.getRequest()).getIssuer();
            SamlPreferences.SPSettings sPSettings = samlPreferences.getSPSettings(issuer);
            sPSettings.setDefaultAccept(z);
            sPSettings.setDoNotAsk(true);
            sPSettings.setHiddenAttribtues(this.attrsPresenter.getHiddenAttributes());
            String selectedIdentityForPreferences = this.idSelector.getSelectedIdentityForPreferences();
            if (selectedIdentityForPreferences != null) {
                sPSettings.setSelectedIdentity(selectedIdentityForPreferences);
            }
            samlPreferences.setSPSettings(issuer, sPSettings);
        }
    }

    protected void storePreferences(boolean z) {
        try {
            SAMLAuthnContext context = SAMLContextSupport.getContext();
            SamlPreferences preferences = SamlPreferences.getPreferences(this.preferencesMan);
            updatePreferencesFromUI(preferences, context, z);
            SamlPreferences.savePreferences(this.preferencesMan, preferences);
        } catch (EngineException e) {
            log.error("Unable to store user's preferences", e);
        }
    }

    protected void decline() throws EopException {
        storePreferences(false);
        this.samlResponseHandler.handleException(new AuthenticationException("Authentication was declined"), false);
    }

    protected void confirm(SAMLAuthnContext sAMLAuthnContext) throws EopException {
        storePreferences(true);
        try {
            ResponseDocument processAuthnRequest = this.samlProcessor.processAuthnRequest(this.idSelector.getSelectedIdentity(), getExposedAttributes());
            addSessionParticipant(sAMLAuthnContext, this.samlProcessor.getAuthenticatedSubject().getNameID(), this.samlProcessor.getSessionId());
            this.samlResponseHandler.returnSamlResponse(processAuthnRequest);
        } catch (Exception e) {
            this.samlResponseHandler.handleException(e, false);
        }
    }

    protected Collection<Attribute> getExposedAttributes() {
        Map userFilteredAttributes = this.attrsPresenter.getUserFilteredAttributes();
        ArrayList arrayList = new ArrayList(userFilteredAttributes.size());
        for (Attribute attribute : userFilteredAttributes.values()) {
            if (attribute != null) {
                arrayList.add(attribute);
            }
        }
        return arrayList;
    }

    protected void addSessionParticipant(SAMLAuthnContext sAMLAuthnContext, NameIDType nameIDType, String str) {
        IdpConsentDeciderServlet.addSessionParticipant(sAMLAuthnContext, nameIDType, str, this.sessionMan);
    }
}
