package pl.edu.icm.unity.unicore.samlidp.ws;

import eu.unicore.samly2.exceptions.SAMLServerException;
import eu.unicore.samly2.messages.XMLExpandedMessage;
import eu.unicore.samly2.webservice.SAMLAuthnInterface;
import eu.unicore.security.etd.DelegationRestrictions;
import java.util.Date;
import org.apache.cxf.interceptor.Fault;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.PreferencesManagement;
import pl.edu.icm.unity.engine.api.attributes.AttributeTypeSupport;
import pl.edu.icm.unity.engine.api.idp.IdPEngine;
import pl.edu.icm.unity.engine.api.translation.out.TranslationResult;
import pl.edu.icm.unity.saml.idp.SamlIdpProperties;
import pl.edu.icm.unity.saml.idp.ctx.SAMLAuthnContext;
import pl.edu.icm.unity.saml.idp.preferences.SamlPreferences;
import pl.edu.icm.unity.saml.idp.ws.SAMLAuthnImpl;
import pl.edu.icm.unity.types.basic.IdentityParam;
import pl.edu.icm.unity.unicore.samlidp.preferences.SamlPreferencesWithETD;
import pl.edu.icm.unity.unicore.samlidp.saml.AuthnWithETDResponseProcessor;
import pl.edu.icm.unity.unicore.samlidp.saml.SoapAuthWithETDRequestValidator;
import xmlbeans.org.oasis.saml2.assertion.NameIDType;
import xmlbeans.org.oasis.saml2.protocol.AuthnRequestDocument;
import xmlbeans.org.oasis.saml2.protocol.ResponseDocument;

/* loaded from: input_file:pl/edu/icm/unity/unicore/samlidp/ws/SAMLETDAuthnImpl.class */
public class SAMLETDAuthnImpl extends SAMLAuthnImpl implements SAMLAuthnInterface {
    private static final Logger log = Log.getLogger("unity.server.saml", SAMLETDAuthnImpl.class);

    public SAMLETDAuthnImpl(AttributeTypeSupport attributeTypeSupport, SamlIdpProperties samlIdpProperties, String str, IdPEngine idPEngine, PreferencesManagement preferencesManagement) {
        super(attributeTypeSupport, samlIdpProperties, str, idPEngine, preferencesManagement);
    }

    public ResponseDocument authnRequest(AuthnRequestDocument authnRequestDocument) {
        ResponseDocument errorResponse;
        SAMLAuthnContext sAMLAuthnContext = new SAMLAuthnContext(authnRequestDocument, this.samlProperties, new XMLExpandedMessage(authnRequestDocument, authnRequestDocument.getAuthnRequest()));
        try {
            validate(sAMLAuthnContext);
            AuthnWithETDResponseProcessor authnWithETDResponseProcessor = new AuthnWithETDResponseProcessor(this.aTypeSupport, sAMLAuthnContext);
            NameIDType issuer = sAMLAuthnContext.getRequest().getIssuer();
            try {
                SamlPreferencesWithETD preferences = SamlPreferencesWithETD.getPreferences(this.preferencesMan);
                SamlPreferencesWithETD.SPETDSettings sPETDSettings = preferences.getSPETDSettings(issuer);
                SamlPreferences.SPSettings sPSettings = preferences.getSPSettings(issuer);
                TranslationResult userInfo = getUserInfo(authnWithETDResponseProcessor);
                IdentityParam identity = getIdentity(userInfo, authnWithETDResponseProcessor, sPSettings);
                log.info("Authentication of " + identity);
                errorResponse = (ResponseDocument) authnWithETDResponseProcessor.processAuthnRequest(identity, authnWithETDResponseProcessor.getAttributes(userInfo, sPSettings), sAMLAuthnContext.getResponseDestination(), getRestrictions(sPETDSettings), null).getSignedMessage();
            } catch (Exception e) {
                log.warn("Throwing SAML fault, caused by processing exception", e);
                errorResponse = authnWithETDResponseProcessor.getErrorResponse(authnWithETDResponseProcessor.convert2SAMLError(e, null, true));
            }
            return errorResponse;
        } catch (SAMLServerException e2) {
            log.warn("Throwing SAML fault, caused by validation exception", e2);
            throw new Fault(e2);
        }
    }

    protected DelegationRestrictions getRestrictions(SamlPreferencesWithETD.SPETDSettings sPETDSettings) {
        if (!sPETDSettings.isGenerateETD()) {
            return null;
        }
        long etdValidity = sPETDSettings.getEtdValidity();
        Date date = new Date();
        return new DelegationRestrictions(date, new Date(date.getTime() + etdValidity), -1);
    }

    protected void validate(SAMLAuthnContext sAMLAuthnContext) throws SAMLServerException {
        new SoapAuthWithETDRequestValidator(this.endpointAddress, this.samlProperties.getSoapTrustChecker(), this.samlProperties.getRequestValidity(), this.samlProperties.getReplayChecker()).validate((AuthnRequestDocument) sAMLAuthnContext.getRequestDocument(), sAMLAuthnContext.getVerifiableElement());
    }
}
