package no.kantega.security.api.impl.identity;

import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import no.kantega.security.api.identity.DefaultIdentity;
import no.kantega.security.api.identity.Identity;
import no.ntnu.it.fw.saml2api.EduPerson;
import no.ntnu.it.fw.saml2api.IDPConf;
import no.ntnu.it.fw.saml2api.SAML2Exception;
import no.ntnu.it.fw.saml2api.SAML2Util;
import no.ntnu.it.fw.saml2api.http.Common;
import org.eclipse.higgins.saml2idp.saml2.SAMLAssertion;
import org.eclipse.higgins.saml2idp.saml2.SAMLResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;

/* loaded from: input_file:no/kantega/security/api/impl/identity/FeideSAML2LoginController.class */
public class FeideSAML2LoginController extends AbstractFeideConfigurable implements Controller {
    private static Logger log = LoggerFactory.getLogger(FeideSAML2LoginController.class);
    private String authenticationContext;
    private String defaultUnAuthenticatedUrl;
    private UrlJumpTokenManager tokenManager = new UrlJumpTokenManager();
    private UserSessionManager userSessionManager = new UserSessionManager();

    public ModelAndView handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        HttpSession session = httpServletRequest.getSession();
        init(session);
        String parameter = httpServletRequest.getParameter("SAMLResponse");
        UserSession userSession = null;
        if (parameter != null) {
            userSession = createUserSession(session, parameter);
        }
        if (userSession == null) {
            httpServletResponse.sendRedirect(this.defaultUnAuthenticatedUrl);
            return null;
        }
        this.userSessionManager.saveUserSession(userSession);
        String createJumpToken = this.tokenManager.createJumpToken(userSession.getIdentity());
        String parameter2 = httpServletRequest.getParameter("RelayState");
        httpServletResponse.sendRedirect((parameter2.contains("?") ? parameter2 + "&" : parameter2 + "?") + FeideSAML2IdentityResolver.URL_JUMP_TOKEN + "=" + createJumpToken);
        return null;
    }

    private UserSession createUserSession(HttpSession httpSession, String str) {
        try {
            return initiateUserSession(httpSession, str);
        } catch (SAML2Exception e) {
            log.error("Could not create EduPerson", e);
            return null;
        }
    }

    private UserSession initiateUserSession(HttpSession httpSession, String str) throws SAML2Exception {
        if (log.isDebugEnabled()) {
            log.debug("SAMLResponse:" + str);
        }
        SAMLResponse parseSAMLResponse = SAML2Util.parseSAMLResponse(str);
        ServletContext servletContext = httpSession.getServletContext();
        IDPConf configIDP = Common.getConfigIDP(servletContext);
        if (Common.getConfigSP(servletContext).getWantSignedAssertions()) {
            SAML2Util.verifySignature(parseSAMLResponse, configIDP.getPublicKey());
        }
        if (!parseSAMLResponse.getStatusCodeValue().equals("urn:oasis:names:tc:SAML:2.0:status:Success")) {
            log.error("Samlresponse statuscode not STATUSCODE_SUCCESS");
        }
        SAMLAssertion sAMLAssertion = parseSAMLResponse.getSAMLAssertion();
        EduPerson createEduPerson = SAML2Util.createEduPerson(sAMLAssertion, configIDP.isAttribValuesBase64Encoded(), configIDP.getFeideSplitChar());
        if (log.isDebugEnabled()) {
            log.debug(createEduPerson.dump());
        }
        log.info("Authenticated as username:" + createEduPerson.getUsername() + ", orgDN:" + createEduPerson.getOrgDN());
        Identity defaultIdentity = new DefaultIdentity();
        defaultIdentity.setUserId(createEduPerson.getUsername());
        defaultIdentity.setDomain(this.authenticationContext);
        UserSession userSession = new UserSession();
        userSession.setIdentity(defaultIdentity);
        userSession.setSamlNameId(sAMLAssertion.getSubject().getNameID());
        userSession.setSamlSessionIndex(SAML2Util.parseSessionIndex(sAMLAssertion));
        return userSession;
    }

    @Required
    public void setDefaultUnAuthenticatedUrl(String str) {
        this.defaultUnAuthenticatedUrl = str;
    }

    @Required
    public void setAuthenticationContext(String str) {
        this.authenticationContext = str;
    }
}
