package pl.edu.icm.unity.saml.idp.processor;

import eu.emi.security.authn.x509.X509Credential;
import eu.unicore.samly2.assertion.Assertion;
import eu.unicore.samly2.exceptions.SAMLServerException;
import eu.unicore.samly2.proto.AssertionResponse;
import eu.unicore.security.dsig.DSigException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TimeZone;
import org.apache.logging.log4j.Logger;
import org.apache.xmlbeans.XmlObject;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.attributes.AttributeTypeSupport;
import pl.edu.icm.unity.engine.api.attributes.AttributeValueSyntax;
import pl.edu.icm.unity.engine.api.translation.out.TranslationResult;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.saml.SAMLProcessingException;
import pl.edu.icm.unity.saml.idp.SamlAttributeMapper;
import pl.edu.icm.unity.saml.idp.ctx.SAMLAssertionResponseContext;
import pl.edu.icm.unity.saml.idp.preferences.SamlPreferences;
import pl.edu.icm.unity.types.basic.Attribute;
import pl.edu.icm.unity.types.basic.DynamicAttribute;
import xmlbeans.org.oasis.saml2.assertion.AttributeType;
import xmlbeans.org.oasis.saml2.assertion.SubjectConfirmationDataType;
import xmlbeans.org.oasis.saml2.assertion.SubjectConfirmationType;
import xmlbeans.org.oasis.saml2.assertion.SubjectType;
import xmlbeans.org.oasis.saml2.protocol.RequestAbstractType;
import xmlbeans.org.oasis.saml2.protocol.ResponseDocument;

/* loaded from: input_file:pl/edu/icm/unity/saml/idp/processor/BaseResponseProcessor.class */
public abstract class BaseResponseProcessor<T extends XmlObject, C extends RequestAbstractType> extends StatusResponseProcessor<T, C> {
    private static final Logger log = Log.getLogger("unity.server.saml", BaseResponseProcessor.class);
    private AttributeTypeSupport aTypeSupport;
    private String chosenGroup;
    private Calendar authnTime;

    public BaseResponseProcessor(AttributeTypeSupport attributeTypeSupport, SAMLAssertionResponseContext<T, C> sAMLAssertionResponseContext, Calendar calendar) {
        super(sAMLAssertionResponseContext);
        this.aTypeSupport = attributeTypeSupport;
        this.chosenGroup = this.samlConfiguration.getGroupChooser().chooseGroup(getRequestIssuer());
        this.authnTime = calendar;
    }

    public AssertionResponse getOKResponseDocument() {
        return new AssertionResponse(getResponseIssuer(), getContext().getRequest().getID());
    }

    public ResponseDocument getErrorResponse(Exception exc) throws SAMLProcessingException {
        return getErrorResponse(convert2SAMLError(exc, null, true));
    }

    public ResponseDocument getErrorResponse(Exception exc, String str) throws SAMLProcessingException {
        return getErrorResponse(convert2SAMLError(exc, str, false));
    }

    public String getRequestIssuer() {
        return getContext().getRequest().getIssuer().getStringValue();
    }

    public ResponseDocument getErrorResponse(SAMLServerException sAMLServerException) {
        String str = null;
        C request = getContext().getRequest();
        if (request != null) {
            str = request.getID();
        }
        return new AssertionResponse(getResponseIssuer(), str, sAMLServerException).getXMLBeanDoc();
    }

    public String getChosenGroup() {
        return this.chosenGroup;
    }

    public Calendar getAuthnTime() {
        return this.authnTime;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Assertion createAttributeAssertion(SubjectType subjectType, Collection<Attribute> collection) throws SAMLProcessingException {
        if (collection.size() == 0) {
            return null;
        }
        Assertion assertion = new Assertion();
        assertion.setIssuer(this.samlConfiguration.issuerURI, "urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
        assertion.setSubject(subjectType);
        if (!addAttributesToAssertion(assertion, collection)) {
            return null;
        }
        signAssertion(assertion);
        return assertion;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean addAttributesToAssertion(Assertion assertion, Collection<Attribute> collection) throws SAMLProcessingException {
        if (collection.size() == 0) {
            return false;
        }
        SamlAttributeMapper samlAttributeMapper = this.samlConfiguration.attributesMapper;
        ArrayList arrayList = new ArrayList(collection.size());
        Iterator<Attribute> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(samlAttributeMapper.convertToSaml(it.next()));
        }
        filterRequested(arrayList);
        if (arrayList.size() == 0) {
            return false;
        }
        Iterator<AttributeType> it2 = arrayList.iterator();
        while (it2.hasNext()) {
            assertion.addAttribute(it2.next());
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addAssertionEncrypting(AssertionResponse assertionResponse, Assertion assertion) throws SAMLProcessingException {
        X509Certificate encryptionCertificateForRequester = this.samlConfiguration.getEncryptionCertificateForRequester(this.context.getRequest().getIssuer());
        if (encryptionCertificateForRequester == null) {
            assertionResponse.addAssertion(assertion);
            return;
        }
        try {
            assertionResponse.getXMLBean().addNewEncryptedAssertion().set(assertion.encrypt(encryptionCertificateForRequester, 128).getEncryptedAssertion());
        } catch (Exception e) {
            throw new SAMLProcessingException("Problem during assertion encryption", e);
        }
    }

    protected void filterRequested(List<AttributeType> list) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void signAssertion(Assertion assertion) throws SAMLProcessingException {
        try {
            X509Credential samlIssuerCredential = this.samlConfiguration.getSamlIssuerCredential();
            assertion.sign(samlIssuerCredential.getKey(), samlIssuerCredential.getCertificateChain());
        } catch (DSigException e) {
            throw new SAMLProcessingException("Signing assertion problem", e);
        }
    }

    protected void signResponse(AssertionResponse assertionResponse) throws SAMLProcessingException {
        try {
            X509Credential samlIssuerCredential = this.samlConfiguration.getSamlIssuerCredential();
            assertionResponse.sign(samlIssuerCredential.getKey(), samlIssuerCredential.getCertificateChain());
        } catch (DSigException e) {
            throw new SAMLProcessingException("Signing response problem", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SubjectType cloneSubject(SubjectType subjectType) {
        SubjectType newInstance = SubjectType.Factory.newInstance();
        newInstance.set(subjectType.copy());
        return newInstance;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SubjectType setSenderVouchesSubjectConfirmation(SubjectType subjectType) {
        SubjectConfirmationType newInstance = SubjectConfirmationType.Factory.newInstance();
        newInstance.setMethod("urn:oasis:names:tc:SAML:2.0:cm:sender-vouches");
        SubjectConfirmationDataType addNewSubjectConfirmationData = newInstance.addNewSubjectConfirmationData();
        Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
        calendar.setTimeInMillis(this.authnTime.getTimeInMillis() + this.samlConfiguration.requestValidityPeriod.toMillis());
        addNewSubjectConfirmationData.setNotOnOrAfter(calendar);
        subjectType.setSubjectConfirmationArray(new SubjectConfirmationType[]{newInstance});
        return subjectType;
    }

    public Collection<Attribute> getAttributes(TranslationResult translationResult, SamlPreferences.SPSettings sPSettings) throws EngineException {
        Map<String, Attribute> filterSupportedBySamlAttributes = filterSupportedBySamlAttributes(translationResult);
        filterAttributesWithPreferences(sPSettings, filterSupportedBySamlAttributes);
        return filterSupportedBySamlAttributes.values();
    }

    private void filterAttributesWithPreferences(SamlPreferences.SPSettings sPSettings, Map<String, Attribute> map) {
        for (Map.Entry<String, Attribute> entry : sPSettings.getHiddenAttribtues().entrySet()) {
            if (map.containsKey(entry.getKey())) {
                if (entry.getValue() == null) {
                    map.remove(entry.getKey());
                } else {
                    Attribute attribute = map.get(entry.getKey());
                    ArrayList arrayList = new ArrayList();
                    for (String str : attribute.getValues()) {
                        if (!findValue(str, entry.getValue())) {
                            arrayList.add(str);
                        }
                    }
                    attribute.setValues(arrayList);
                }
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("Processed attributes to be returned: " + map.values());
        }
    }

    private boolean findValue(String str, Attribute attribute) {
        AttributeValueSyntax syntaxFallingBackToDefault = this.aTypeSupport.getSyntaxFallingBackToDefault(attribute);
        Iterator it = attribute.getValues().iterator();
        while (it.hasNext()) {
            if (syntaxFallingBackToDefault.areEqualStringValue(str, (String) it.next())) {
                return true;
            }
        }
        return false;
    }

    private Map<String, Attribute> filterSupportedBySamlAttributes(TranslationResult translationResult) {
        HashMap hashMap = new HashMap();
        SamlAttributeMapper attributesMapper = this.samlConfiguration.getAttributesMapper();
        Iterator it = translationResult.getAttributes().iterator();
        while (it.hasNext()) {
            Attribute attribute = ((DynamicAttribute) it.next()).getAttribute();
            if (attributesMapper.isHandled(attribute)) {
                hashMap.put(attribute.getName(), attribute);
            }
        }
        return hashMap;
    }

    public String getIdentityTarget() {
        return this.context.getRequest().getIssuer().getStringValue();
    }
}
