package dk.digitalidentity.samlmodule.controller;

import dk.digitalidentity.samlmodule.config.settings.DISAML_Configuration;
import dk.digitalidentity.samlmodule.service.DISAML_LoggingService;
import dk.digitalidentity.samlmodule.service.DISAML_SessionHelper;
import dk.digitalidentity.samlmodule.service.DISAML_TokenUserService;
import dk.digitalidentity.samlmodule.service.saml.DISAML_AssertionService;
import dk.digitalidentity.samlmodule.service.saml.DISAML_AuthnRequestService;
import dk.digitalidentity.samlmodule.service.validation.DISAML_AssertionValidationService;
import dk.digitalidentity.samlmodule.service.validation.DISAML_ResponseValidationService;
import dk.digitalidentity.samlmodule.util.LoggingConstants;
import dk.digitalidentity.samlmodule.util.SessionConstant;
import dk.digitalidentity.samlmodule.util.exceptions.ExternalException;
import dk.digitalidentity.samlmodule.util.exceptions.InternalException;
import java.io.IOException;
import java.util.List;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.encoder.MessageEncodingException;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.servlet.ModelAndView;

@Controller
/* loaded from: input_file:dk/digitalidentity/samlmodule/controller/DISAML_LoginController.class */
public class DISAML_LoginController {
    private static final Logger log = LoggerFactory.getLogger(DISAML_LoginController.class);

    @Autowired
    private DISAML_AssertionService assertionService;

    @Autowired
    private DISAML_ResponseValidationService responseValidationService;

    @Autowired
    private DISAML_AssertionValidationService assertionValidationService;

    @Autowired
    private DISAML_LoggingService loggingService;

    @Autowired
    private DISAML_SessionHelper sessionHelper;

    @Autowired
    private DISAML_TokenUserService tokenUserService;

    @Autowired
    private DISAML_AuthnRequestService authnRequestService;

    @Autowired
    private DISAML_Configuration configuration;

    @GetMapping({"${di.saml.pages.prefix:/saml}/login"})
    public ModelAndView initializeLoginFlow(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Model model) throws InternalException, ExternalException {
        if (log.isTraceEnabled()) {
            log.trace("initializeLoginFlow endpoint called");
        }
        MessageContext<SAMLObject> createAuthnRequest = this.authnRequestService.createAuthnRequest();
        AuthnRequest authnRequest = (AuthnRequest) createAuthnRequest.getMessage();
        this.loggingService.logAuthnRequest(authnRequest, LoggingConstants.OUTGOING);
        this.sessionHelper.setAuthnRequest(authnRequest);
        HTTPRedirectDeflateEncoder hTTPRedirectDeflateEncoder = new HTTPRedirectDeflateEncoder();
        hTTPRedirectDeflateEncoder.setHttpServletResponse(httpServletResponse);
        hTTPRedirectDeflateEncoder.setMessageContext(createAuthnRequest);
        try {
            hTTPRedirectDeflateEncoder.initialize();
            hTTPRedirectDeflateEncoder.encode();
            return null;
        } catch (ComponentInitializationException | MessageEncodingException e) {
            throw new InternalException("Encoding error", e);
        }
    }

    @PostMapping({"${di.saml.pages.prefix:/saml}/login"})
    public void assertionConsumer(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InternalException, ExternalException {
        if (log.isTraceEnabled()) {
            log.trace("assertionConsumer endpoint called");
        }
        AuthnRequest authnRequest = this.sessionHelper.getAuthnRequest();
        this.sessionHelper.getRelayState();
        MessageContext<SAMLObject> messageContext = this.assertionService.getMessageContext(httpServletRequest);
        Response response = this.assertionService.getResponse(messageContext);
        this.loggingService.logResponse(response, LoggingConstants.INCOMING);
        if (!"urn:oasis:names:tc:SAML:2.0:status:Success".equals(response.getStatus().getStatusCode().getValue())) {
            String str = "Response status code was not successful. ";
            if (response.getStatus().getStatusMessage() != null) {
                String message = response.getStatus().getStatusMessage().getMessage();
                if (StringUtils.hasLength(message)) {
                    str = str + "Status message: '" + message + "'";
                }
            }
            throw new ExternalException(str);
        }
        this.responseValidationService.validate(httpServletRequest, messageContext, authnRequest);
        Assertion assertion = this.assertionService.getAssertion(response);
        this.loggingService.logAssertion(assertion, LoggingConstants.INCOMING);
        this.assertionValidationService.validate(messageContext, assertion);
        this.tokenUserService.loadUserBySAML(assertion);
        List authnStatements = assertion.getAuthnStatements();
        if (authnStatements != null) {
            Optional findFirst = authnStatements.stream().map((v0) -> {
                return v0.getSessionIndex();
            }).findFirst();
            if (findFirst.isPresent()) {
                this.sessionHelper.setString(SessionConstant.SESSION_INDEX, (String) findFirst.get());
            }
        }
        if (this.sessionHelper.getString(SessionConstant.SESSION_INDEX) == null) {
            log.warn("No SessionIndex was found on assertion, Continuing login, but SLO might be affected");
        }
        String string = this.sessionHelper.getString(SessionConstant.DESIRED_PAGE);
        this.sessionHelper.login();
        try {
            if (StringUtils.hasLength(string)) {
                httpServletResponse.sendRedirect(string);
            } else if (StringUtils.hasLength(this.configuration.getPages().getSuccess())) {
                httpServletResponse.sendRedirect(this.configuration.getPages().getSuccess());
            } else {
                httpServletResponse.sendRedirect("/");
            }
        } catch (IOException e) {
            throw new InternalException("Kunne ikke vidresende bruger efter successfuldt login", e);
        }
    }
}
