package at.gv.egiz.eaaf.modules.pvp2.idp.impl;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IAction;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException;
import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.joda.time.DateTime;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;

@Service("PVPAuthenticationRequestAction")
/* loaded from: input_file:at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.class */
public class AuthenticationAction implements IAction {
    private static final Logger log = LoggerFactory.getLogger(AuthenticationAction.class);
    private static final String CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION = "protocols.pvp2.assertion.encryption.active";

    @Autowired(required = true)
    private IPVPMetadataProvider metadataProvider;

    @Autowired(required = true)
    ApplicationContext springContext;

    @Autowired(required = true)
    IConfiguration authConfig;

    @Autowired(required = true)
    PVP2AssertionBuilder assertionBuilder;

    @Autowired(required = true)
    IPVP2BasicConfiguration pvpBasicConfiguration;

    @Autowired(required = true)
    IRevisionLogger revisionsLogger;
    private AbstractCredentialProvider pvpIDPCredentials;

    public void setPvpIDPCredentials(AbstractCredentialProvider abstractCredentialProvider) {
        this.pvpIDPCredentials = abstractCredentialProvider;
    }

    public SLOInformationInterface processRequest(IRequest iRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IAuthData iAuthData) throws ResponderErrorException {
        PVPSProfilePendingRequest pVPSProfilePendingRequest = (PVPSProfilePendingRequest) iRequest;
        try {
            PVPSProfileRequest request = pVPSProfilePendingRequest.getRequest();
            AuthnRequest samlRequest = request.getSamlRequest();
            EntityDescriptor entityMetadata = request.getEntityMetadata(this.metadataProvider);
            AssertionConsumerService assertionConsumerService = (AssertionConsumerService) SAML2Utils.createSAMLObject(AssertionConsumerService.class);
            assertionConsumerService.setBinding(pVPSProfilePendingRequest.getBinding());
            assertionConsumerService.setLocation(pVPSProfilePendingRequest.getConsumerURL());
            DateTime dateTime = new DateTime();
            SLOInformationInterface sLOInformationImpl = new SLOInformationImpl();
            String iDPEntityId = this.pvpBasicConfiguration.getIDPEntityId(pVPSProfilePendingRequest.getAuthURL());
            Response buildResponse = AuthResponseBuilder.buildResponse(this.metadataProvider, iDPEntityId, samlRequest, dateTime, this.assertionBuilder.buildAssertion(iDPEntityId, pVPSProfilePendingRequest, samlRequest, iAuthData, entityMetadata, dateTime, assertionConsumerService, sLOInformationImpl), this.authConfig.getBasicConfigurationBoolean(CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION, true));
            IEncoder iEncoder = null;
            if (assertionConsumerService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
                iEncoder = (IEncoder) this.springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
            } else if (assertionConsumerService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
                iEncoder = (IEncoder) this.springContext.getBean("PVPPOSTBinding", PostBinding.class);
            }
            if (iEncoder == null) {
                throw new BindingNotSupportedException(assertionConsumerService.getBinding());
            }
            iEncoder.encodeRespone(httpServletRequest, httpServletResponse, buildResponse, assertionConsumerService.getLocation(), request.getRelayState(), this.pvpIDPCredentials.getIDPAssertionSigningCredential(), iRequest);
            this.revisionsLogger.logEvent(iRequest, 3105, buildResponse.getID());
            sLOInformationImpl.setProtocolType(iRequest.requestedModule());
            sLOInformationImpl.setSpEntityID(iRequest.getServiceProviderConfiguration().getUniqueIdentifier());
            return sLOInformationImpl;
        } catch (MessageEncodingException | SecurityException e) {
            log.warn("Message Encoding exception", e);
            throw new ResponderErrorException("pvp2.01", null, e);
        } catch (Exception e2) {
            log.warn("Response generation error", e2);
            throw new ResponderErrorException("pvp2.01", null, e2);
        } catch (EAAFException e3) {
            log.info("Response generation error: Msg: ", e3.getMessage());
            throw new ResponderErrorException(e3.getErrorId(), e3.getParams(), e3);
        }
    }

    public boolean needAuthentication(IRequest iRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return true;
    }

    public String getDefaultActionName() {
        return "PVPAuthenticationRequestAction";
    }

    @PostConstruct
    private void verifyInitialization() {
        if (this.pvpIDPCredentials == null) {
            log.error("No SAML2 credentialProvider injected!");
            throw new RuntimeException("No SAML2 credentialProvider injected!");
        }
    }
}
