package no.kantega.security.api.impl.signicat.identity;

import com.signicat.services.client.ScResponseException;
import com.signicat.services.client.ScSecurityException;
import com.signicat.services.client.saml.SamlFacadeFactory;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import no.kantega.security.api.identity.AuthenticatedIdentity;
import no.kantega.security.api.identity.DefaultAuthenticatedIdentity;
import no.kantega.security.api.identity.IdentificationFailedException;
import no.kantega.security.api.identity.IdentityResolver;
import no.kantega.security.api.identity.LoginContext;
import no.kantega.security.api.identity.LogoutContext;
import no.kantega.security.api.impl.signicat.SignicatConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/kantega/security/api/impl/signicat/identity/SignicatIdentityResolver.class */
public class SignicatIdentityResolver implements IdentityResolver {
    private static final String SOURCE = SignicatIdentityResolver.class.getSimpleName();
    private static final String SESSION_ATTR_IDENTITY = "identity";
    private static final String SIGNICAT_PARAM_DEBUG = "debug";
    private static final String SIGNICAT_PARAM_TRUSTED_CERTIFICATE = "asserting.party.certificate.subject.dn";
    private static final String SIGNICAT_PARAM_TIME_SKEW = "time.skew";
    public static final String REQUEST_URL = "SignicatIdentityResolver_RequestUrl";
    private String authenticationContext;
    private String authenticationContextDescription;
    private String authenticationContextIconUrl;
    private SignicatConfiguration configuration;
    private Logger log = LoggerFactory.getLogger(getClass());

    public AuthenticatedIdentity getIdentity(HttpServletRequest httpServletRequest) throws IdentificationFailedException {
        String parameter;
        HttpSession session = httpServletRequest.getSession();
        AuthenticatedIdentity authenticatedIdentity = (AuthenticatedIdentity) session.getAttribute(SESSION_ATTR_IDENTITY);
        if (authenticatedIdentity == null && (parameter = httpServletRequest.getParameter("SAMLResponse")) != null && parameter.length() > 0) {
            try {
                authenticatedIdentity = parseAssertion(parameter, httpServletRequest);
                session.setAttribute(SESSION_ATTR_IDENTITY, authenticatedIdentity);
            } catch (ScSecurityException e) {
                this.log.error(SOURCE, new Object[]{e, null, null});
                throw new IdentificationFailedException(SOURCE, "ERROR: The login was aborted.");
            } catch (ScResponseException e2) {
                this.log.error(SOURCE, new Object[]{e2, null, null});
                throw new IdentificationFailedException(SOURCE, "ERROR: The user was not authenticated.");
            } catch (MalformedURLException e3) {
                this.log.error(SOURCE, new Object[]{e3, null, null});
                throw new IdentificationFailedException(SOURCE, "ERROR: The login failed.");
            }
        }
        return authenticatedIdentity;
    }

    private AuthenticatedIdentity parseAssertion(String str, HttpServletRequest httpServletRequest) throws ScResponseException, ScSecurityException, MalformedURLException {
        Properties properties = new Properties();
        properties.setProperty(SIGNICAT_PARAM_DEBUG, Boolean.toString(this.configuration.isDebug()));
        properties.setProperty(SIGNICAT_PARAM_TRUSTED_CERTIFICATE, this.configuration.getTrustedCertificate());
        if (this.configuration.getTimeSkew() != 0) {
            properties.setProperty(SIGNICAT_PARAM_TIME_SKEW, Integer.toString(this.configuration.getTimeSkew()));
        }
        Map readAssertion = new SamlFacadeFactory(properties).createSamlFacade().readAssertion(str, getRequestUrl(httpServletRequest));
        DefaultAuthenticatedIdentity defaultAuthenticatedIdentity = new DefaultAuthenticatedIdentity(this);
        defaultAuthenticatedIdentity.setDomain(this.authenticationContext);
        List list = (List) readAssertion.get(this.configuration.getUserIdAttribute());
        if (list != null && list.size() > 0) {
            defaultAuthenticatedIdentity.setUserId((String) list.get(0));
        }
        Properties properties2 = new Properties();
        properties2.putAll(readAssertion);
        defaultAuthenticatedIdentity.setRawAttributes(properties2);
        return defaultAuthenticatedIdentity;
    }

    public void initateLogin(LoginContext loginContext) {
        try {
            loginContext.getResponse().sendRedirect(this.configuration.getLoginUrl() + loginContext.getTargetUri().toString());
        } catch (IOException e) {
            this.log.error(SOURCE, new Object[]{e, null, null});
        }
    }

    public void initiateLogout(LogoutContext logoutContext) {
        logoutContext.getRequest().getSession().removeAttribute(SESSION_ATTR_IDENTITY);
        if (logoutContext.getTargetUri() != null) {
            try {
                logoutContext.getResponse().sendRedirect(logoutContext.getTargetUri().toString());
            } catch (IOException e) {
                throw new RuntimeException("Could not redirect to url " + logoutContext.getTargetUri(), e);
            }
        }
    }

    public String getAuthenticationContext() {
        return this.authenticationContext;
    }

    public void setAuthenticationContext(String str) {
        this.authenticationContext = str;
    }

    public String getAuthenticationContextDescription() {
        return this.authenticationContextDescription;
    }

    public void setAuthenticationContextDescription(String str) {
        this.authenticationContextDescription = str;
    }

    public String getAuthenticationContextIconUrl() {
        return this.authenticationContextIconUrl;
    }

    public void setAuthenticationContextIconUrl(String str) {
        this.authenticationContextIconUrl = str;
    }

    public void setConfiguration(SignicatConfiguration signicatConfiguration) {
        this.configuration = signicatConfiguration;
    }

    private URL getRequestUrl(HttpServletRequest httpServletRequest) throws MalformedURLException {
        URL url = null;
        try {
            url = (URL) httpServletRequest.getAttribute(REQUEST_URL);
        } catch (Exception e) {
        }
        if (url != null) {
            return url;
        }
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        String str = (String) httpServletRequest.getAttribute("javax.servlet.error.request_uri");
        if (str != null) {
            int serverPort = httpServletRequest.getServerPort();
            String scheme = httpServletRequest.getScheme();
            String str2 = "";
            if (("http".equals(scheme) && serverPort != 80) || ("https".equals(scheme) && serverPort != 443)) {
                str2 = ":" + serverPort;
            }
            stringBuffer = scheme + "://" + httpServletRequest.getServerName() + str2 + str;
        }
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null && queryString.length() > 0) {
            stringBuffer = stringBuffer + "?" + queryString;
        }
        return new URL(stringBuffer);
    }
}
