package pl.edu.icm.unity.saml.idp.web.filter;

import eu.unicore.samly2.SAMLConstants;
import eu.unicore.samly2.exceptions.SAMLServerException;
import io.imunity.idp.LastIdPClinetAccessAttributeManagement;
import io.imunity.vaadin.endpoint.common.EopException;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.HashMap;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.attributes.AttributeTypeSupport;
import pl.edu.icm.unity.engine.api.utils.FreemarkerAppHandler;
import pl.edu.icm.unity.saml.SAMLProcessingException;
import pl.edu.icm.unity.saml.idp.ctx.SAMLAuthnContext;
import pl.edu.icm.unity.saml.idp.processor.AuthnResponseProcessor;
import pl.edu.icm.unity.saml.slo.SamlMessageHandler;

/* loaded from: input_file:pl/edu/icm/unity/saml/idp/web/filter/ErrorHandler.class */
public class ErrorHandler {
    private Logger log = Log.getLogger("unity.server.saml", ErrorHandler.class);
    private AttributeTypeSupport aTypeSupport;
    private final SamlMessageHandler messageHandler;
    private final FreemarkerAppHandler freemarker;
    private final LastIdPClinetAccessAttributeManagement lastAccessAttributeManagement;

    public ErrorHandler(AttributeTypeSupport attributeTypeSupport, LastIdPClinetAccessAttributeManagement lastIdPClinetAccessAttributeManagement, FreemarkerAppHandler freemarkerAppHandler) {
        this.aTypeSupport = attributeTypeSupport;
        this.freemarker = freemarkerAppHandler;
        this.lastAccessAttributeManagement = lastIdPClinetAccessAttributeManagement;
        this.messageHandler = new SamlMessageHandler(freemarkerAppHandler);
    }

    public void commitErrorResponse(SAMLAuthnContext sAMLAuthnContext, SAMLServerException sAMLServerException, HttpServletResponse httpServletResponse) throws SAMLProcessingException, IOException, EopException {
        String returnAddressForRequester = sAMLAuthnContext.getSamlConfiguration().getReturnAddressForRequester(sAMLAuthnContext.getRequest());
        if (returnAddressForRequester == null) {
            throw new SAMLProcessingException("No return URL in the SAML request. Can't return the SAML error response.", sAMLServerException);
        }
        this.log.warn("SAML error is going to be returned to the SAML requester by the IdP", sAMLServerException);
        sendBackErrorResponse(sAMLServerException, returnAddressForRequester, processError(new AuthnResponseProcessor(this.aTypeSupport, this.lastAccessAttributeManagement, sAMLAuthnContext), sAMLServerException), sAMLAuthnContext.getRelayState(), httpServletResponse);
    }

    private String processError(AuthnResponseProcessor authnResponseProcessor, SAMLServerException sAMLServerException) {
        return Base64.getEncoder().encodeToString(authnResponseProcessor.getErrorResponse(sAMLServerException).xmlText().getBytes(StandardCharsets.UTF_8));
    }

    private void sendBackErrorResponse(SAMLServerException sAMLServerException, String str, String str2, String str3, HttpServletResponse httpServletResponse) throws SAMLProcessingException, IOException, EopException {
        SAMLConstants.SubStatus samlSubErrorId = sAMLServerException.getSamlSubErrorId();
        if (samlSubErrorId != null && samlSubErrorId.equals(SAMLConstants.SubStatus.STATUS2_REQUEST_DENIED)) {
            this.log.warn("Returning of an error response to the requester was blocked for security reasons. Instead an error page should be presented.");
            throw new SAMLProcessingException((Throwable) sAMLServerException);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("SAMLResponse", str2);
        hashMap.put("samlService", str);
        hashMap.put("samlError", sAMLServerException.getMessage());
        if (str3 != null) {
            hashMap.put("RelayState", str3);
        }
        httpServletResponse.setContentType("application/xhtml+xml; charset=utf-8");
        this.freemarker.printGenericPage(httpServletResponse.getWriter(), "samlFinish.ftl", hashMap);
        throw new EopException();
    }

    public void showErrorPage(SAMLProcessingException sAMLProcessingException, HttpServletResponse httpServletResponse) throws IOException, EopException {
        this.log.warn("SAML error is going to be shown to the user redirected to Unity IdP by the SAML requester", sAMLProcessingException);
        this.messageHandler.showError(sAMLProcessingException, httpServletResponse);
    }
}
