package at.gv.egiz.eaaf.modules.pvp2.idp.impl;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IAction;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.data.SloInformationImpl;
import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException;
import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.Pvp2AssertionBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import jakarta.annotation.PostConstruct;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.time.Instant;
import lombok.Generated;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
import org.springframework.util.Assert;

@Service("PVPAuthenticationRequestAction")
/* loaded from: input_file:at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.class */
public class AuthenticationAction implements IAction {
    private static final Logger log = LoggerFactory.getLogger(AuthenticationAction.class);

    @Autowired(required = true)
    ApplicationContext springContext;

    @Autowired(required = true)
    IConfiguration authConfig;

    @Autowired(required = true)
    Pvp2AssertionBuilder assertionBuilder;

    @Autowired(required = true)
    IPvp2BasicConfiguration pvpBasicConfiguration;

    @Autowired(required = true)
    IRevisionLogger revisionsLogger;
    protected IPvp2MetadataProvider metadataProvider;
    private IPvp2CredentialProvider pvpIdpCredentials;

    public void setPvpIdpCredentials(IPvp2CredentialProvider iPvp2CredentialProvider) {
        this.pvpIdpCredentials = iPvp2CredentialProvider;
    }

    public SloInformationInterface processRequest(IRequest iRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IAuthData iAuthData) throws ResponderErrorException {
        PvpSProfilePendingRequest pvpSProfilePendingRequest = (PvpSProfilePendingRequest) iRequest;
        try {
            PvpSProfileRequest request = pvpSProfilePendingRequest.getRequest();
            AuthnRequest samlRequest = request.getSamlRequest();
            EntityDescriptor entityMetadata = request.getEntityMetadata(this.metadataProvider);
            AssertionConsumerService assertionConsumerService = (AssertionConsumerService) Saml2Utils.createSamlObject(AssertionConsumerService.class);
            assertionConsumerService.setBinding(pvpSProfilePendingRequest.getBinding());
            assertionConsumerService.setLocation(pvpSProfilePendingRequest.getConsumerUrl());
            Instant now = Instant.now();
            SloInformationInterface sloInformationImpl = new SloInformationImpl();
            String idpEntityId = this.pvpBasicConfiguration.getIdpEntityId(pvpSProfilePendingRequest.getAuthUrl());
            Response buildResponse = AuthResponseBuilder.buildResponse(this.metadataProvider, idpEntityId, samlRequest, now, this.assertionBuilder.buildAssertion(idpEntityId, pvpSProfilePendingRequest, samlRequest, iAuthData, entityMetadata, now, assertionConsumerService, sloInformationImpl), this.authConfig);
            IEncoder iEncoder = null;
            if (assertionConsumerService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
                iEncoder = (IEncoder) this.springContext.getBean("PvpRedirectBinding", RedirectBinding.class);
            } else if (assertionConsumerService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
                iEncoder = (IEncoder) this.springContext.getBean("PvpPostBinding", PostBinding.class);
            }
            if (iEncoder == null) {
                throw new BindingNotSupportedException(assertionConsumerService.getBinding());
            }
            iEncoder.encodeResponse(httpServletRequest, httpServletResponse, buildResponse, assertionConsumerService.getLocation(), request.getRelayState(), this.pvpIdpCredentials.getMessageSigningCredential(), iRequest);
            this.revisionsLogger.logEvent(iRequest, 3105, buildResponse.getID());
            sloInformationImpl.setProtocolType(iRequest.requestedModule());
            sloInformationImpl.setSpEntityID(iRequest.getServiceProviderConfiguration().getUniqueIdentifier());
            return sloInformationImpl;
        } catch (SecurityException e) {
            log.warn("Message Encoding exception", e);
            throw new ResponderErrorException("pvp2.01", null, e);
        } catch (Exception e2) {
            log.warn("Response generation error", e2);
            throw new ResponderErrorException("pvp2.01", null, e2);
        } catch (EaafException e3) {
            log.info("Response generation error: Msg: ", e3.getMessage());
            throw new ResponderErrorException(e3.getErrorId(), e3.getParams(), e3);
        }
    }

    public boolean needAuthentication(IRequest iRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return true;
    }

    public String getDefaultActionName() {
        return "PVPAuthenticationRequestAction";
    }

    @PostConstruct
    private void verifyInitialization() {
        Assert.notNull(this.metadataProvider, "No SAML2 MetadataProvider injected!");
        Assert.notNull(this.pvpIdpCredentials, "No SAML2 credentialProvider injected!");
    }

    @Generated
    public void setMetadataProvider(IPvp2MetadataProvider iPvp2MetadataProvider) {
        this.metadataProvider = iPvp2MetadataProvider;
    }
}
