package org.n52.security.authentication.saml2.sp;

import java.io.ByteArrayOutputStream;
import java.util.List;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.joda.time.DateTime;
import org.n52.security.authentication.saml2.SAML2Binding;
import org.n52.security.common.crypto.KeyPair;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.MessageContext;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/n52/security/authentication/saml2/sp/AuthnRequestBindingHandler.class */
public abstract class AuthnRequestBindingHandler {
    private static final Logger LOG = LoggerFactory.getLogger(AuthnRequestBindingHandler.class);
    public static final String URN_OASIS_NAMES_TC_SAML_2_0_PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol";

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract boolean canHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse);

    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        encodeBinding(prepareMessageContext(httpServletRequest, httpServletResponse));
    }

    private String getIdpEntityId(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("idpEntityId");
        if (parameter == null || parameter.length() == 0) {
            List<String> idpEntityIds = getSpConfig().getIdpEntityIds();
            if (idpEntityIds.isEmpty()) {
                throw new IllegalStateException("Missing or empty 'idpEntityId' parameter");
            }
            parameter = idpEntityIds.get(0);
        }
        return parameter;
    }

    private MessageContext prepareMessageContext(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        SAML2Binding binding = getBinding();
        String idpEntityId = getIdpEntityId(httpServletRequest);
        AuthnRequest createAuthnRequest = createAuthnRequest(binding, idpEntityId);
        KeyPair signingKeyPair = getSpConfig().getSigningKeyPair();
        BasicSAMLMessageContext basicSAMLMessageContext = new BasicSAMLMessageContext();
        basicSAMLMessageContext.setOutboundMessageTransport(new HttpServletResponseAdapter(httpServletResponse, httpServletRequest.isSecure()));
        basicSAMLMessageContext.setOutboundSAMLMessageSigningCredential(getSaml2Env().keyPairToX509Credential(signingKeyPair));
        basicSAMLMessageContext.setPeerEntityEndpoint(findSingleSignOnService(binding, idpEntityId));
        basicSAMLMessageContext.setOutboundSAMLMessage(createAuthnRequest);
        basicSAMLMessageContext.setRelayState(getReturnURL(httpServletRequest));
        return basicSAMLMessageContext;
    }

    protected abstract void encodeBinding(MessageContext messageContext);

    protected abstract SAML2Binding getBinding();

    protected final String getReturnURL(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("returnURL");
        if (parameter == null || parameter.length() == 0) {
            throw new IllegalStateException("Missing or empty 'returnURL' parameter");
        }
        return parameter;
    }

    private AuthnRequest createAuthnRequest(SAML2Binding sAML2Binding, String str) {
        AuthnRequest buildObject = getSaml2Env().buildObject(AuthnRequest.DEFAULT_ELEMENT_NAME);
        Issuer buildObject2 = getSaml2Env().buildObject(Issuer.DEFAULT_ELEMENT_NAME);
        buildObject.setID("_" + UUID.randomUUID().toString());
        buildObject.setIssueInstant(new DateTime());
        org.opensaml.saml2.metadata.AssertionConsumerService findAssertionConsumerService = findAssertionConsumerService(sAML2Binding);
        if (findAssertionConsumerService == null) {
            throw new IllegalArgumentException("No AssertionConsumerService defined in metadata for binding <" + sAML2Binding.getId() + ">");
        }
        buildObject.setAssertionConsumerServiceURL(findAssertionConsumerService.getLocation());
        buildObject.setProtocolBinding(sAML2Binding.getId());
        buildObject2.setValue(getSpConfig().getEntityId());
        buildObject.setIssuer(buildObject2);
        buildObject.setDestination(findSingleSignOnService(getIdpRequestBinding(), str).getLocation());
        return buildObject;
    }

    public abstract SAML2Binding getIdpRequestBinding();

    /* JADX INFO: Access modifiers changed from: protected */
    public final org.opensaml.saml2.metadata.AssertionConsumerService findAssertionConsumerService(SAML2Binding sAML2Binding) {
        LOG.debug("Looking up local SP metadata for <{}>", getSpConfig().getEntityId());
        SAMLObject entityDescriptorSelf = getEntityDescriptorSelf();
        if (LOG.isDebugEnabled()) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new OpenSAMLWriter().write(entityDescriptorSelf, byteArrayOutputStream);
            LOG.debug("Found entity descriptor: \n" + new String(byteArrayOutputStream.toByteArray()));
        }
        LOG.debug("Looking up SPSSODescriptor for protocol <{}>", "urn:oasis:names:tc:SAML:2.0:protocol");
        SPSSODescriptor sPSSODescriptor = entityDescriptorSelf.getSPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
        LOG.debug("Selecting appropriate AssertionConsumerService for requested binding: <{}>", sAML2Binding.getId());
        for (org.opensaml.saml2.metadata.AssertionConsumerService assertionConsumerService : sPSSODescriptor.getAssertionConsumerServices()) {
            if (assertionConsumerService.getBinding().equals(sAML2Binding.getId())) {
                return assertionConsumerService;
            }
        }
        return null;
    }

    private SingleSignOnService findSingleSignOnService(SAML2Binding sAML2Binding, String str) {
        for (SingleSignOnService singleSignOnService : getEntityDescriptor(str).getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol").getSingleSignOnServices()) {
            if (singleSignOnService.getBinding().equals(sAML2Binding.getId())) {
                return singleSignOnService;
            }
        }
        return null;
    }

    private EntityDescriptor getEntityDescriptor(String str) {
        try {
            return getSpConfig().getMetadataProvider().getEntityDescriptor(str);
        } catch (MetadataProviderException e) {
            throw new IllegalStateException("Could not find entity <" + str + ">", e);
        }
    }

    private EntityDescriptor getEntityDescriptorSelf() {
        try {
            EntityDescriptor entityDescriptor = getSpConfig().getMetadataProvider().getEntityDescriptor(getSpConfig().getEntityId());
            if (entityDescriptor == null) {
                throw new IllegalStateException("Could not find entity <" + getSpConfig().getEntityId() + ">");
            }
            return entityDescriptor;
        } catch (MetadataProviderException e) {
            throw new IllegalStateException("Could not find entity <" + getSpConfig().getEntityId() + ">", e);
        }
    }

    public abstract OpenSAML getSaml2Env();

    public abstract ServiceProviderConfig getSpConfig();
}
