package pl.edu.icm.unity.saml.ecp;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.function.Supplier;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.xmlbeans.XmlCursor;
import pl.edu.icm.unity.saml.SAMLHelper;
import pl.edu.icm.unity.saml.metadata.cfg.SPRemoteMetaManager;
import pl.edu.icm.unity.saml.sp.config.SAMLSPConfiguration;
import pl.edu.icm.unity.saml.sp.config.TrustedIdPConfiguration;
import pl.edu.icm.unity.saml.sp.config.TrustedIdPs;
import pl.edu.icm.unity.saml.xmlbeans.ecp.RelayStateDocument;
import pl.edu.icm.unity.saml.xmlbeans.ecp.RelayStateType;
import pl.edu.icm.unity.saml.xmlbeans.ecp.RequestDocument;
import pl.edu.icm.unity.saml.xmlbeans.paos.RequestDocument;
import pl.edu.icm.unity.saml.xmlbeans.paos.RequestType;
import pl.edu.icm.unity.saml.xmlbeans.soap.Envelope;
import pl.edu.icm.unity.saml.xmlbeans.soap.EnvelopeDocument;
import xmlbeans.org.oasis.saml2.assertion.NameIDType;
import xmlbeans.org.oasis.saml2.protocol.AuthnRequestDocument;
import xmlbeans.org.oasis.saml2.protocol.IDPEntryType;
import xmlbeans.org.oasis.saml2.protocol.IDPListType;

/* loaded from: input_file:pl/edu/icm/unity/saml/ecp/ECPStep1Handler.class */
public class ECPStep1Handler {
    private final SPRemoteMetaManager metadataManager;
    private final String myAddress;
    private final ECPContextManagement samlContextManagement;
    private final Supplier<SAMLSPConfiguration> configProvider;

    public ECPStep1Handler(Supplier<SAMLSPConfiguration> supplier, SPRemoteMetaManager sPRemoteMetaManager, ECPContextManagement eCPContextManagement, String str) {
        this.configProvider = supplier;
        this.metadataManager = sPRemoteMetaManager;
        this.myAddress = str;
        this.samlContextManagement = eCPContextManagement;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processECPGetRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            verifyRequestHeaders(httpServletRequest);
            ECPAuthnState eCPAuthnState = new ECPAuthnState();
            EnvelopeDocument generateECPEnvelope = generateECPEnvelope(eCPAuthnState);
            this.samlContextManagement.addAuthnContext(eCPAuthnState);
            httpServletResponse.setContentType(ECPConstants.ECP_CONTENT_TYPE);
            httpServletResponse.addHeader("Cache-Control", "no-cache, no-store, must-revalidate, private");
            httpServletResponse.addHeader("Pragma", "no-cache");
            PrintWriter writer = httpServletResponse.getWriter();
            generateECPEnvelope.save(writer);
            writer.flush();
        } catch (ServletException e) {
            httpServletResponse.sendError(400, e.getMessage());
        }
    }

    private EnvelopeDocument generateECPEnvelope(ECPAuthnState eCPAuthnState) {
        EnvelopeDocument newInstance = EnvelopeDocument.Factory.newInstance();
        Envelope addNewEnvelope = newInstance.addNewEnvelope();
        TrustedIdPs trustedIdPs = this.metadataManager.getTrustedIdPs();
        XmlCursor newCursor = addNewEnvelope.addNewHeader().newCursor();
        newCursor.toFirstContentToken();
        SAMLSPConfiguration sAMLSPConfiguration = this.configProvider.get();
        generateEcpHeaders(sAMLSPConfiguration, trustedIdPs, newCursor, eCPAuthnState);
        generatePaosHeader(newCursor);
        newCursor.dispose();
        XmlCursor newCursor2 = addNewEnvelope.addNewBody().newCursor();
        newCursor2.toFirstContentToken();
        generateSamlRequest(sAMLSPConfiguration, newCursor2, eCPAuthnState);
        newCursor2.dispose();
        return newInstance;
    }

    private void generateSamlRequest(SAMLSPConfiguration sAMLSPConfiguration, XmlCursor xmlCursor, ECPAuthnState eCPAuthnState) {
        boolean z = sAMLSPConfiguration.signRequestByDefault;
        AuthnRequestDocument createSAMLRequest = SAMLHelper.createSAMLRequest(this.myAddress, z, sAMLSPConfiguration.requesterSamlId, null, sAMLSPConfiguration.defaultRequestedNameFormat, true, z ? sAMLSPConfiguration.requesterCredential : null);
        eCPAuthnState.setRequestId(createSAMLRequest.getAuthnRequest().getID());
        XmlCursor newCursor = createSAMLRequest.getAuthnRequest().newCursor();
        newCursor.copyXml(xmlCursor);
        newCursor.dispose();
    }

    private void generatePaosHeader(XmlCursor xmlCursor) {
        RequestType addNewRequest = RequestDocument.Factory.newInstance().addNewRequest();
        addNewRequest.setMustUnderstand(true);
        addNewRequest.setActor("http://schemas.xmlsoap.org/soap/actor/next");
        addNewRequest.setService("urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp");
        addNewRequest.setResponseConsumerURL(this.myAddress);
        XmlCursor newCursor = addNewRequest.newCursor();
        newCursor.copyXml(xmlCursor);
        newCursor.dispose();
    }

    private void generateEcpHeaders(SAMLSPConfiguration sAMLSPConfiguration, TrustedIdPs trustedIdPs, XmlCursor xmlCursor, ECPAuthnState eCPAuthnState) {
        pl.edu.icm.unity.saml.xmlbeans.ecp.RequestType addNewRequest = RequestDocument.Factory.newInstance().addNewRequest();
        addNewRequest.setActor("http://schemas.xmlsoap.org/soap/actor/next");
        addNewRequest.setMustUnderstand(true);
        NameIDType addNewIssuer = addNewRequest.addNewIssuer();
        String str = sAMLSPConfiguration.requesterSamlId;
        addNewIssuer.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
        addNewIssuer.setStringValue(str);
        IDPListType addNewIDPList = addNewRequest.addNewIDPList();
        for (TrustedIdPConfiguration trustedIdPConfiguration : trustedIdPs.getAll()) {
            String str2 = trustedIdPConfiguration.samlId;
            String defaultValue = trustedIdPConfiguration.name.getDefaultValue();
            IDPEntryType addNewIDPEntry = addNewIDPList.addNewIDPEntry();
            addNewIDPEntry.setProviderID(str2);
            addNewIDPEntry.setName(defaultValue);
        }
        RelayStateType addNewRelayState = RelayStateDocument.Factory.newInstance().addNewRelayState();
        addNewRelayState.setActor("http://schemas.xmlsoap.org/soap/actor/next");
        addNewRelayState.setMustUnderstand(true);
        addNewRelayState.setStringValue(eCPAuthnState.getRelayState());
        XmlCursor newCursor = addNewRequest.newCursor();
        newCursor.copyXml(xmlCursor);
        newCursor.dispose();
        XmlCursor newCursor2 = addNewRelayState.newCursor();
        newCursor2.copyXml(xmlCursor);
        newCursor2.dispose();
    }

    private void verifyRequestHeaders(HttpServletRequest httpServletRequest) throws ServletException {
        String header = httpServletRequest.getHeader("Accept");
        if (header == null) {
            throw new ServletException("No Accept header in request, what is mandatory for this service.");
        }
        if (!header.contains(ECPConstants.ECP_CONTENT_TYPE)) {
            throw new ServletException("Client must be able to accept application/vnd.paos+xml what was not advertised in the Accept header.");
        }
        String header2 = httpServletRequest.getHeader("PAOS");
        if (header2 == null) {
            throw new ServletException("No PAOS header in request, what is mandatory for this service.");
        }
        if (!header2.startsWith(ECPConstants.PAOS_VERSION)) {
            throw new ServletException("PAOS version incorrect, supported version is ver=\"urn:liberty:paos:2003-08\"");
        }
        if (!header2.contains("\"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp\"")) {
            throw new ServletException("PAOS header must include support for the ECP profile, which is missing.");
        }
    }
}
