package pl.edu.icm.unity.saml.idp.web.filter;

import eu.unicore.samly2.binding.SAMLMessageType;
import eu.unicore.security.dsig.DSigException;
import io.imunity.vaadin.endpoint.common.EopException;
import io.imunity.vaadin.endpoint.common.consent_utils.LoginInProgressService;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.endpoint.Endpoint;
import pl.edu.icm.unity.base.endpoint.idp.IdpStatistic;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.utils.FreemarkerAppHandler;
import pl.edu.icm.unity.saml.SamlProperties;
import pl.edu.icm.unity.saml.idp.SamlIdpStatisticReporter;
import pl.edu.icm.unity.saml.idp.ctx.SAMLAuthnContext;
import pl.edu.icm.unity.saml.idp.processor.AuthnResponseProcessor;
import pl.edu.icm.unity.saml.idp.web.SamlSessionService;
import pl.edu.icm.unity.saml.slo.SamlMessageHandler;
import pl.edu.icm.unity.saml.slo.SamlRoutableMessage;
import pl.edu.icm.unity.saml.slo.SamlRoutableUnsignedMessage;

/* loaded from: input_file:pl/edu/icm/unity/saml/idp/web/filter/SSOResponseHandler.class */
public class SSOResponseHandler {
    private static final Logger log = Log.getLogger("unity.server.saml", SSOResponseHandler.class);
    private final SamlMessageHandler messageHandler;
    private final SamlIdpStatisticReporter reporter;

    public SSOResponseHandler(FreemarkerAppHandler freemarkerAppHandler, SamlIdpStatisticReporter.SamlIdpStatisticReporterFactory samlIdpStatisticReporterFactory, Endpoint endpoint) {
        this.messageHandler = new SamlMessageHandler(freemarkerAppHandler);
        this.reporter = samlIdpStatisticReporterFactory.getForEndpoint(endpoint);
    }

    public void sendResponse(SAMLAuthnContext sAMLAuthnContext, SamlRoutableMessage samlRoutableMessage, SamlProperties.Binding binding, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, EopException, DSigException {
        try {
            this.messageHandler.sendResponse(binding, samlRoutableMessage, httpServletResponse, "SSO Authentication response");
            this.reporter.reportStatus(sAMLAuthnContext, IdpStatistic.Status.SUCCESSFUL);
            cleanContext(httpServletRequest, false);
        } catch (Throwable th) {
            cleanContext(httpServletRequest, false);
            throw th;
        }
    }

    public void handleException(AuthnResponseProcessor authnResponseProcessor, Exception exc, SamlProperties.Binding binding, String str, SAMLAuthnContext sAMLAuthnContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws EopException, IOException {
        SamlRoutableUnsignedMessage samlRoutableUnsignedMessage = new SamlRoutableUnsignedMessage(authnResponseProcessor.getErrorResponse(authnResponseProcessor.convert2SAMLError(exc, null, true)), SAMLMessageType.SAMLResponse, sAMLAuthnContext.getRelayState(), str);
        log.warn("Sending SAML error to {} in effect of exception handling", str, exc);
        try {
            try {
                this.messageHandler.sendResponse(binding, samlRoutableUnsignedMessage, httpServletResponse, "SSO Authentication error response");
                this.reporter.reportStatus(sAMLAuthnContext, IdpStatistic.Status.FAILED);
                cleanContext(httpServletRequest, z);
            } catch (DSigException e) {
                throw new IllegalStateException("DSIG on unsigned request shouldn't happen", exc);
            }
        } catch (Throwable th) {
            cleanContext(httpServletRequest, z);
            throw th;
        }
    }

    private void cleanContext(HttpServletRequest httpServletRequest, boolean z) {
        SamlSessionService.cleanContext(new LoginInProgressService.HttpContextSession(httpServletRequest));
        if (z) {
            httpServletRequest.getSession().invalidate();
        }
    }
}
