package pl.edu.icm.unity.saml.sp;

import eu.unicore.samly2.messages.RedirectedMessage;
import eu.unicore.samly2.messages.XMLExpandedMessage;
import java.io.IOException;
import java.net.URISyntaxException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.client.utils.URIBuilder;
import org.apache.logging.log4j.Logger;
import org.apache.xmlbeans.XmlException;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.remote.RemoteAuthenticationContextManagement;
import pl.edu.icm.unity.engine.api.authn.remote.SharedRemoteAuthenticationContextStore;
import pl.edu.icm.unity.saml.SamlHttpResponseServlet;
import pl.edu.icm.unity.saml.SamlProperties;
import xmlbeans.org.oasis.saml2.protocol.ResponseDocument;

/* loaded from: input_file:pl/edu/icm/unity/saml/sp/SAMLResponseConsumerServlet.class */
public class SAMLResponseConsumerServlet extends SamlHttpResponseServlet {
    private static final Logger log = Log.getLogger("unity.server.saml", SAMLResponseConsumerServlet.class);
    public static final String PATH = "/spSAMLResponseConsumer";
    private final SamlContextManagement contextManagement;
    private final SharedRemoteAuthenticationContextStore remoteAuthnContextStore;

    public SAMLResponseConsumerServlet(SamlContextManagement samlContextManagement, SharedRemoteAuthenticationContextStore sharedRemoteAuthenticationContextStore) {
        super(true);
        this.contextManagement = samlContextManagement;
        this.remoteAuthnContextStore = sharedRemoteAuthenticationContextStore;
    }

    @Override // pl.edu.icm.unity.saml.SamlHttpResponseServlet
    protected void postProcessResponse(boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws IOException {
        try {
            RemoteAuthnContext authnContext = this.contextManagement.getAuthnContext(str2);
            authnContext.setResponse(str, z ? SamlProperties.Binding.HTTP_REDIRECT : SamlProperties.Binding.HTTP_POST, z ? new RedirectedMessage(httpServletRequest.getQueryString()) : getDocumentSignedMessage(str));
            log.debug("SAML response for authenticator {} was stored in context, redirecting to originating endpoint {}", authnContext.getAuthenticationStepContext().authnOptionId, authnContext.getReturnUrl());
            this.remoteAuthnContextStore.addAuthnContext(authnContext);
            httpServletResponse.sendRedirect(getRedirectWithContextIdParam(authnContext.getReturnUrl(), str2));
        } catch (RemoteAuthenticationContextManagement.UnboundRelayStateException e) {
            log.warn("Got a request to the SAML response consumer endpoint, with invalid relay state.");
            httpServletResponse.sendError(400, "Wrong 'RelayState' value");
        }
    }

    private String getRedirectWithContextIdParam(String str, String str2) throws IOException {
        try {
            URIBuilder uRIBuilder = new URIBuilder(str);
            uRIBuilder.addParameter("__remote_authn_context_id", str2);
            return uRIBuilder.build().toString();
        } catch (URISyntaxException e) {
            throw new IOException("Can't build return URL", e);
        }
    }

    private XMLExpandedMessage getDocumentSignedMessage(String str) throws IOException {
        ResponseDocument parseResponse = parseResponse(str);
        return new XMLExpandedMessage(parseResponse, parseResponse.getResponse());
    }

    private ResponseDocument parseResponse(String str) throws IOException {
        try {
            return ResponseDocument.Factory.parse(str);
        } catch (XmlException e) {
            throw new IOException("The SAML response can not be parsed - XML data is corrupted", e);
        }
    }
}
