package pl.edu.icm.unity.saml.ecp;

import eu.unicore.samly2.validators.ReplayAttackChecker;
import eu.unicore.util.configuration.ConfigurationException;
import java.io.CharArrayWriter;
import java.io.IOException;
import java.io.StringReader;
import java.net.URL;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import pl.edu.icm.unity.engine.api.EntityManagement;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.engine.api.authn.AuthenticationFlow;
import pl.edu.icm.unity.engine.api.authn.remote.RemoteAuthnResultTranslator;
import pl.edu.icm.unity.engine.api.endpoint.AbstractWebEndpoint;
import pl.edu.icm.unity.engine.api.endpoint.SharedEndpointManagement;
import pl.edu.icm.unity.engine.api.endpoint.WebAppEndpointInstance;
import pl.edu.icm.unity.engine.api.files.URIAccessService;
import pl.edu.icm.unity.engine.api.server.AdvertisedAddressProvider;
import pl.edu.icm.unity.engine.api.server.NetworkServer;
import pl.edu.icm.unity.engine.api.session.SessionManagement;
import pl.edu.icm.unity.engine.api.token.TokensManagement;
import pl.edu.icm.unity.engine.api.utils.ExecutorsService;
import pl.edu.icm.unity.engine.api.utils.PrototypeComponent;
import pl.edu.icm.unity.saml.metadata.MetadataProviderFactory;
import pl.edu.icm.unity.saml.metadata.MultiMetadataServlet;
import pl.edu.icm.unity.saml.metadata.cfg.SPRemoteMetaManager;
import pl.edu.icm.unity.saml.sp.config.SAMLSPConfiguration;
import pl.edu.icm.unity.saml.sp.config.SAMLSPConfigurationParser;
import xmlbeans.org.oasis.saml2.metadata.IndexedEndpointType;

@PrototypeComponent
/* loaded from: input_file:pl/edu/icm/unity/saml/ecp/ECPEndpoint.class */
public class ECPEndpoint extends AbstractWebEndpoint implements WebAppEndpointInstance {
    private final PKIManagement pkiManagement;
    private final ECPContextManagement samlContextManagement;
    private final ReplayAttackChecker replayAttackChecker;
    private final TokensManagement tokensMan;
    private final EntityManagement identitiesMan;
    private final SessionManagement sessionMan;
    private final ExecutorsService executorsService;
    private final SAMLSPConfigurationParser configurationParser;
    private final RemoteAuthnResultTranslator remoteAuthnProcessor;
    private final URIAccessService uriAccessService;
    private final SPRemoteMetaManager.Factory remoteMetadataManagerFactory;
    private final URL baseAddress;
    private final String responseConsumerAddress;
    private Properties properties;
    private SAMLECPProperties samlProperties;
    private Map<String, SPRemoteMetaManager> remoteMetadataManagersBySamlId;
    private SPRemoteMetaManager myMetadataManager;
    private MultiMetadataServlet metadataServlet;
    private SAMLSPConfiguration spConfiguration;

    @Autowired
    public ECPEndpoint(NetworkServer networkServer, @Qualifier("insecure") PKIManagement pKIManagement, ECPContextManagement eCPContextManagement, ReplayAttackChecker replayAttackChecker, RemoteAuthnResultTranslator remoteAuthnResultTranslator, TokensManagement tokensManagement, EntityManagement entityManagement, SessionManagement sessionManagement, ExecutorsService executorsService, SharedEndpointManagement sharedEndpointManagement, URIAccessService uRIAccessService, AdvertisedAddressProvider advertisedAddressProvider, SAMLSPConfigurationParser sAMLSPConfigurationParser, SPRemoteMetaManager.Factory factory) {
        super(networkServer, advertisedAddressProvider);
        this.pkiManagement = pKIManagement;
        this.samlContextManagement = eCPContextManagement;
        this.configurationParser = sAMLSPConfigurationParser;
        this.remoteMetadataManagerFactory = factory;
        this.baseAddress = advertisedAddressProvider.get();
        this.replayAttackChecker = replayAttackChecker;
        this.remoteAuthnProcessor = remoteAuthnResultTranslator;
        this.tokensMan = tokensManagement;
        this.identitiesMan = entityManagement;
        this.sessionMan = sessionManagement;
        this.executorsService = executorsService;
        this.responseConsumerAddress = this.baseAddress + sharedEndpointManagement.getBaseContextPath() + "/spSAMLResponseConsumer";
        this.uriAccessService = uRIAccessService;
    }

    public void init(Map<String, SPRemoteMetaManager> map, MultiMetadataServlet multiMetadataServlet) {
        this.remoteMetadataManagersBySamlId = map;
        this.metadataServlet = multiMetadataServlet;
    }

    protected void setSerializedConfiguration(String str) {
        this.spConfiguration = this.configurationParser.parse(str);
        this.properties = new Properties();
        try {
            this.properties.load(new StringReader(str));
            this.samlProperties = new SAMLECPProperties(this.properties, this.pkiManagement);
            if (this.spConfiguration.publishMetadata) {
                exposeMetadata();
            }
            this.myMetadataManager = this.remoteMetadataManagersBySamlId.computeIfAbsent(this.spConfiguration.requesterSamlId, str2 -> {
                return this.remoteMetadataManagerFactory.getInstance();
            });
            this.myMetadataManager.setBaseConfiguration(this.spConfiguration);
        } catch (Exception e) {
            throw new ConfigurationException("Can't initialize the SAML ECP endpoint's configuration", e);
        }
    }

    public void destroyOverridable() {
        this.myMetadataManager.unregisterAll();
    }

    private void exposeMetadata() {
        String str = this.spConfiguration.metadataURLPath;
        IndexedEndpointType newInstance = IndexedEndpointType.Factory.newInstance();
        newInstance.setIndex(1);
        newInstance.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:PAOS");
        newInstance.setLocation(this.responseConsumerAddress);
        newInstance.setIsDefault(true);
        this.metadataServlet.addProvider("/" + str, MetadataProviderFactory.newSPInstance(this.spConfiguration, this.uriAccessService, this.executorsService, new IndexedEndpointType[]{newInstance}, null));
    }

    public String getSerializedConfiguration() {
        CharArrayWriter charArrayWriter = new CharArrayWriter();
        try {
            this.properties.store(charArrayWriter, "");
            return charArrayWriter.toString();
        } catch (IOException e) {
            throw new IllegalStateException("Can not serialize endpoint's configuration", e);
        }
    }

    public ServletContextHandler getServletContextHandler() {
        ECPServlet eCPServlet = new ECPServlet(this.samlProperties.getJWTConfig(), () -> {
            return this.spConfiguration;
        }, this.myMetadataManager, this.samlContextManagement, this.baseAddress.toExternalForm() + this.description.getEndpoint().getContextAddress() + "/saml2-ecp", this.replayAttackChecker, this.remoteAuthnProcessor, this.tokensMan, this.pkiManagement, this.identitiesMan, this.sessionMan, this.description.getRealm(), this.baseAddress.toExternalForm());
        ServletContextHandler servletContextHandler = new ServletContextHandler(0);
        servletContextHandler.setContextPath(this.description.getEndpoint().getContextAddress());
        servletContextHandler.addServlet(new ServletHolder(eCPServlet), "/saml2-ecp/*");
        return servletContextHandler;
    }

    public void updateAuthenticationFlows(List<AuthenticationFlow> list) throws UnsupportedOperationException {
        throw new UnsupportedOperationException();
    }
}
