package pl.edu.icm.unity.saml.ecp;

import eu.unicore.samly2.validators.ReplayAttackChecker;
import eu.unicore.util.configuration.ConfigurationException;
import java.io.CharArrayWriter;
import java.io.IOException;
import java.io.StringReader;
import java.net.URL;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.engine.api.EntityManagement;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.engine.api.authn.AuthenticationFlow;
import pl.edu.icm.unity.engine.api.authn.remote.RemoteAuthnResultTranslator;
import pl.edu.icm.unity.engine.api.endpoint.AbstractWebEndpoint;
import pl.edu.icm.unity.engine.api.endpoint.SharedEndpointManagement;
import pl.edu.icm.unity.engine.api.endpoint.WebAppEndpointInstance;
import pl.edu.icm.unity.engine.api.files.URIAccessService;
import pl.edu.icm.unity.engine.api.server.AdvertisedAddressProvider;
import pl.edu.icm.unity.engine.api.server.NetworkServer;
import pl.edu.icm.unity.engine.api.session.SessionManagement;
import pl.edu.icm.unity.engine.api.token.TokensManagement;
import pl.edu.icm.unity.engine.api.utils.ExecutorsService;
import pl.edu.icm.unity.engine.api.utils.PrototypeComponent;
import pl.edu.icm.unity.saml.SamlProperties;
import pl.edu.icm.unity.saml.metadata.MetadataProviderFactory;
import pl.edu.icm.unity.saml.metadata.MultiMetadataServlet;
import pl.edu.icm.unity.saml.metadata.cfg.MetaToSPConfigConverter;
import pl.edu.icm.unity.saml.metadata.cfg.RemoteMetaManager;
import pl.edu.icm.unity.saml.metadata.srv.RemoteMetadataService;
import pl.edu.icm.unity.saml.sp.SAMLResponseConsumerServlet;
import pl.edu.icm.unity.saml.sp.SAMLSPProperties;
import xmlbeans.org.oasis.saml2.metadata.IndexedEndpointType;

@PrototypeComponent
/* loaded from: input_file:pl/edu/icm/unity/saml/ecp/ECPEndpoint.class */
public class ECPEndpoint extends AbstractWebEndpoint implements WebAppEndpointInstance {
    private Properties properties;
    private SAMLECPProperties samlProperties;
    private Map<String, RemoteMetaManager> remoteMetadataManagers;
    private RemoteMetaManager myMetadataManager;
    private PKIManagement pkiManagement;
    private ECPContextManagement samlContextManagement;
    private URL baseAddress;
    private ReplayAttackChecker replayAttackChecker;
    private TokensManagement tokensMan;
    private EntityManagement identitiesMan;
    private SessionManagement sessionMan;
    private ExecutorsService executorsService;
    private String responseConsumerAddress;
    private MultiMetadataServlet metadataServlet;
    private MessageSource msg;
    private RemoteAuthnResultTranslator remoteAuthnProcessor;
    private RemoteMetadataService metadataService;
    private URIAccessService uriAccessService;

    @Autowired
    public ECPEndpoint(NetworkServer networkServer, @Qualifier("insecure") PKIManagement pKIManagement, ECPContextManagement eCPContextManagement, ReplayAttackChecker replayAttackChecker, RemoteAuthnResultTranslator remoteAuthnResultTranslator, TokensManagement tokensManagement, EntityManagement entityManagement, SessionManagement sessionManagement, ExecutorsService executorsService, MessageSource messageSource, SharedEndpointManagement sharedEndpointManagement, RemoteMetadataService remoteMetadataService, URIAccessService uRIAccessService, AdvertisedAddressProvider advertisedAddressProvider) {
        super(networkServer, advertisedAddressProvider);
        this.pkiManagement = pKIManagement;
        this.samlContextManagement = eCPContextManagement;
        this.metadataService = remoteMetadataService;
        this.baseAddress = advertisedAddressProvider.get();
        this.replayAttackChecker = replayAttackChecker;
        this.remoteAuthnProcessor = remoteAuthnResultTranslator;
        this.tokensMan = tokensManagement;
        this.identitiesMan = entityManagement;
        this.sessionMan = sessionManagement;
        this.executorsService = executorsService;
        this.msg = messageSource;
        this.responseConsumerAddress = this.baseAddress + sharedEndpointManagement.getBaseContextPath() + SAMLResponseConsumerServlet.PATH;
        this.uriAccessService = uRIAccessService;
    }

    public void init(Map<String, RemoteMetaManager> map, MultiMetadataServlet multiMetadataServlet) {
        this.remoteMetadataManagers = map;
        this.metadataServlet = multiMetadataServlet;
    }

    protected void setSerializedConfiguration(String str) {
        this.properties = new Properties();
        try {
            this.properties.load(new StringReader(str));
            this.samlProperties = new SAMLECPProperties(this.properties, this.pkiManagement);
            if (this.samlProperties.getBooleanValue(SamlProperties.PUBLISH_METADATA).booleanValue()) {
                exposeMetadata();
            }
            String value = this.samlProperties.getValue(SAMLSPProperties.REQUESTER_ID);
            if (this.remoteMetadataManagers.containsKey(value)) {
                this.myMetadataManager = this.remoteMetadataManagers.get(value);
            } else {
                this.myMetadataManager = new RemoteMetaManager(this.samlProperties, this.pkiManagement, new MetaToSPConfigConverter(this.pkiManagement, this.msg), this.metadataService, SAMLSPProperties.IDPMETA_PREFIX);
                this.remoteMetadataManagers.put(value, this.myMetadataManager);
            }
        } catch (Exception e) {
            throw new ConfigurationException("Can't initialize the SAML ECP endpoint's configuration", e);
        }
    }

    public void destroyOverridable() {
        this.myMetadataManager.unregisterAll();
    }

    private void exposeMetadata() {
        String value = this.samlProperties.getValue(SAMLSPProperties.METADATA_PATH);
        IndexedEndpointType newInstance = IndexedEndpointType.Factory.newInstance();
        newInstance.setIndex(1);
        newInstance.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:PAOS");
        newInstance.setLocation(this.responseConsumerAddress);
        newInstance.setIsDefault(true);
        this.metadataServlet.addProvider("/" + value, MetadataProviderFactory.newSPInstance(this.samlProperties, this.uriAccessService, this.executorsService, new IndexedEndpointType[]{newInstance}, null));
    }

    public String getSerializedConfiguration() {
        CharArrayWriter charArrayWriter = new CharArrayWriter();
        try {
            this.properties.store(charArrayWriter, "");
            return charArrayWriter.toString();
        } catch (IOException e) {
            throw new IllegalStateException("Can not serialize endpoint's configuration", e);
        }
    }

    public ServletContextHandler getServletContextHandler() {
        ECPServlet eCPServlet = new ECPServlet(this.samlProperties, this.myMetadataManager, this.samlContextManagement, this.baseAddress.toExternalForm() + this.description.getEndpoint().getContextAddress() + ECPEndpointFactory.SERVLET_PATH, this.replayAttackChecker, this.remoteAuthnProcessor, this.tokensMan, this.pkiManagement, this.identitiesMan, this.sessionMan, this.description.getRealm(), this.baseAddress.toExternalForm());
        ServletContextHandler servletContextHandler = new ServletContextHandler(0);
        servletContextHandler.setContextPath(this.description.getEndpoint().getContextAddress());
        servletContextHandler.addServlet(new ServletHolder(eCPServlet), "/saml2-ecp/*");
        return servletContextHandler;
    }

    public void updateAuthenticationFlows(List<AuthenticationFlow> list) throws UnsupportedOperationException {
        throw new UnsupportedOperationException();
    }
}
