package pl.edu.icm.unity.saml.idp.ws;

import eu.unicore.samly2.exceptions.SAMLRequesterException;
import eu.unicore.samly2.exceptions.SAMLResponderException;
import eu.unicore.samly2.exceptions.SAMLServerException;
import eu.unicore.samly2.webservice.SAMLQueryInterface;
import java.util.Collection;
import java.util.Optional;
import org.apache.cxf.interceptor.Fault;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.PreferencesManagement;
import pl.edu.icm.unity.engine.api.attributes.AttributeTypeSupport;
import pl.edu.icm.unity.engine.api.idp.IdPEngine;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.saml.idp.SAMLIdPConfiguration;
import pl.edu.icm.unity.saml.idp.ctx.SAMLAttributeQueryContext;
import pl.edu.icm.unity.saml.idp.preferences.SamlPreferences;
import pl.edu.icm.unity.saml.idp.processor.AttributeQueryResponseProcessor;
import pl.edu.icm.unity.saml.validator.UnityAttributeQueryValidator;
import pl.edu.icm.unity.types.basic.Attribute;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.types.basic.IdentityTaV;
import xmlbeans.org.oasis.saml2.protocol.AssertionIDRequestDocument;
import xmlbeans.org.oasis.saml2.protocol.AttributeQueryDocument;
import xmlbeans.org.oasis.saml2.protocol.AuthnQueryDocument;
import xmlbeans.org.oasis.saml2.protocol.AuthzDecisionQueryDocument;
import xmlbeans.org.oasis.saml2.protocol.ResponseDocument;

/* loaded from: input_file:pl/edu/icm/unity/saml/idp/ws/SAMLAssertionQueryImpl.class */
public class SAMLAssertionQueryImpl implements SAMLQueryInterface {
    private static final Logger log = Log.getLogger("unity.server.saml", SAMLAssertionQueryImpl.class);
    protected SAMLIdPConfiguration samlIdPConfiguration;
    protected String endpointAddress;
    protected IdPEngine idpEngine;
    protected PreferencesManagement preferencesMan;
    private AttributeTypeSupport aTypeSupport;

    public SAMLAssertionQueryImpl(AttributeTypeSupport attributeTypeSupport, SAMLIdPConfiguration sAMLIdPConfiguration, String str, IdPEngine idPEngine, PreferencesManagement preferencesManagement) {
        this.aTypeSupport = attributeTypeSupport;
        this.samlIdPConfiguration = sAMLIdPConfiguration;
        this.endpointAddress = str;
        this.idpEngine = idPEngine;
        this.preferencesMan = preferencesManagement;
    }

    public ResponseDocument attributeQuery(AttributeQueryDocument attributeQueryDocument) {
        ResponseDocument errorResponse;
        if (log.isTraceEnabled()) {
            log.trace("Received SAML AttributeQuery: " + attributeQueryDocument.xmlText());
        }
        SAMLAttributeQueryContext sAMLAttributeQueryContext = new SAMLAttributeQueryContext(attributeQueryDocument, this.samlIdPConfiguration);
        try {
            validate(sAMLAttributeQueryContext);
            AttributeQueryResponseProcessor attributeQueryResponseProcessor = new AttributeQueryResponseProcessor(this.aTypeSupport, sAMLAttributeQueryContext);
            try {
                IdentityTaV subjectsIdentity = attributeQueryResponseProcessor.getSubjectsIdentity();
                errorResponse = attributeQueryResponseProcessor.processAtributeRequest(getAttributes(subjectsIdentity, attributeQueryResponseProcessor, SamlPreferences.getPreferences(this.preferencesMan, new EntityParam(subjectsIdentity)).getSPSettings(attributeQueryDocument.getAttributeQuery().getIssuer())));
            } catch (SAMLRequesterException e) {
                log.warn("Throwing SAML fault, caused by processing exception", e);
                errorResponse = attributeQueryResponseProcessor.getErrorResponse((SAMLServerException) e);
            } catch (Exception e2) {
                log.warn("Throwing SAML fault, caused by processing exception", e2);
                errorResponse = attributeQueryResponseProcessor.getErrorResponse(attributeQueryResponseProcessor.convert2SAMLError(e2, null, true));
            }
            if (log.isTraceEnabled()) {
                log.trace("Returning SAML Response: " + errorResponse.xmlText());
            }
            return errorResponse;
        } catch (SAMLServerException e3) {
            log.warn("Throwing SAML fault, caused by validation exception", e3);
            throw new Fault(e3);
        }
    }

    public ResponseDocument assertionIDRequest(AssertionIDRequestDocument assertionIDRequestDocument) {
        throw new Fault(new SAMLResponderException("This SAML operation is not supported by this service"));
    }

    public ResponseDocument authnQuery(AuthnQueryDocument authnQueryDocument) {
        throw new Fault(new SAMLResponderException("This SAML operation is not supported by this service"));
    }

    public ResponseDocument authzDecisionQuery(AuthzDecisionQueryDocument authzDecisionQueryDocument) {
        throw new Fault(new SAMLResponderException("This SAML operation is not supported by this service"));
    }

    protected Collection<Attribute> getAttributes(IdentityTaV identityTaV, AttributeQueryResponseProcessor attributeQueryResponseProcessor, SamlPreferences.SPSettings sPSettings) throws EngineException {
        return attributeQueryResponseProcessor.getAttributes(this.idpEngine.obtainUserInformationWithEarlyImport(identityTaV, attributeQueryResponseProcessor.getChosenGroup(), this.samlIdPConfiguration.getOutputTranslationProfile(), attributeQueryResponseProcessor.getIdentityTarget(), Optional.empty(), "SAML2", "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", false, this.samlIdPConfiguration.userImportConfigs), sPSettings);
    }

    protected void validate(SAMLAttributeQueryContext sAMLAttributeQueryContext) throws SAMLServerException {
        new UnityAttributeQueryValidator(this.endpointAddress, this.samlIdPConfiguration.getSoapTrustChecker(), this.samlIdPConfiguration.requestValidityPeriod.toMillis(), this.samlIdPConfiguration.getReplayChecker()).validate((AttributeQueryDocument) sAMLAttributeQueryContext.getRequestDocument());
    }
}
