package dk.itst.oiosaml.sp.service.util;

import dk.itst.oiosaml.common.OIOSAMLConstants;
import dk.itst.oiosaml.common.SAMLUtil;
import dk.itst.oiosaml.error.Layer;
import dk.itst.oiosaml.error.WrappedException;
import dk.itst.oiosaml.logging.Audit;
import dk.itst.oiosaml.logging.Logger;
import dk.itst.oiosaml.logging.LoggerFactory;
import dk.itst.oiosaml.logging.Operation;
import dk.itst.oiosaml.sp.metadata.IdpMetadata;
import dk.itst.oiosaml.sp.model.OIOResponse;
import dk.itst.oiosaml.sp.util.BRSArtifact;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.opensaml.common.binding.BindingException;
import org.opensaml.saml2.core.ArtifactResolve;
import org.opensaml.saml2.core.ArtifactResponse;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.util.XMLHelper;
import org.opensaml.xml.validation.ValidationException;

/* loaded from: input_file:dk/itst/oiosaml/sp/service/util/ArtifactExtractor.class */
public class ArtifactExtractor {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ArtifactExtractor.class);
    private final String spEntityID;
    private String resolveUsername;
    private String resolvePassword;
    private final IdpMetadata idpMetadata;
    private final SOAPClient client;
    private final boolean ignoreCertPath;

    public ArtifactExtractor(IdpMetadata idpMetadata, String str, SOAPClient sOAPClient, String str2, String str3, boolean z) {
        this.idpMetadata = idpMetadata;
        this.spEntityID = str;
        this.client = sOAPClient;
        this.resolveUsername = str2;
        this.resolvePassword = str3;
        this.ignoreCertPath = z;
    }

    public OIOResponse extract(HttpServletRequest httpServletRequest) throws IOException {
        String parameter = httpServletRequest.getParameter(Constants.SAML_SAMLART);
        if (log.isDebugEnabled()) {
            log.debug("Got SAMLart..:" + parameter);
        }
        if (parameter == null) {
            throw new IllegalArgumentException(" Parameter 'SAMLart' is null...");
        }
        try {
            BRSArtifact bRSArtifact = new BRSArtifact(parameter, (String[]) this.idpMetadata.getEntityIDs().toArray(new String[0]));
            int endpointIndex = bRSArtifact.getEndpointIndex();
            if (log.isDebugEnabled()) {
                log.debug("Got endpointIndex..:" + endpointIndex);
            }
            String artifactResolutionServiceLocation = this.idpMetadata.getMetadata(bRSArtifact.getEntityId()).getArtifactResolutionServiceLocation("urn:oasis:names:tc:SAML:2.0:bindings:SOAP");
            String generateUUID = Utils.generateUUID();
            XMLObject buildArtifactResolve = buildArtifactResolve(parameter, generateUUID, artifactResolutionServiceLocation);
            Audit.log(Operation.ARTIFACTRESOLVE, true, buildArtifactResolve.getID(), XMLHelper.nodeToString(SAMLUtil.marshallObject(buildArtifactResolve)));
            ArtifactResponse artifactResponse = (ArtifactResponse) this.client.wsCall(buildArtifactResolve, artifactResolutionServiceLocation, this.resolveUsername, this.resolvePassword, this.ignoreCertPath).getBody().getUnknownXMLObjects().get(0);
            try {
                artifactResponse.validate(false);
                if (!generateUUID.equals(artifactResponse.getInResponseTo())) {
                    RuntimeException runtimeException = new RuntimeException("Received different id than I sent: Expected " + generateUUID + ". Was " + artifactResponse.getInResponseTo());
                    Audit.logError(Operation.ARTIFACTRESOLVE, false, buildArtifactResolve.getID(), (Throwable) runtimeException);
                    throw runtimeException;
                }
                String value = artifactResponse.getStatus().getStatusCode().getValue();
                if ("urn:oasis:names:tc:SAML:2.0:status:Success".equals(value)) {
                    OIOResponse oIOResponse = new OIOResponse(artifactResponse.getMessage());
                    Audit.log(Operation.ARTIFACTRESOLVE, false, buildArtifactResolve.getID(), oIOResponse.toXML());
                    return oIOResponse;
                }
                RuntimeException runtimeException2 = new RuntimeException("Got ArtifactResponse:StatusCode " + value + " should be urn:oasis:names:tc:SAML:2.0:status:Success");
                Audit.logError(Operation.ARTIFACTRESOLVE, false, buildArtifactResolve.getID(), (Throwable) runtimeException2);
                throw runtimeException2;
            } catch (ValidationException e) {
                throw new WrappedException(Layer.CLIENT, e);
            }
        } catch (BindingException e2) {
            throw new WrappedException(Layer.BUSINESS, e2);
        } catch (NullPointerException e3) {
            throw new IllegalArgumentException(parameter, e3);
        }
    }

    private ArtifactResolve buildArtifactResolve(String str, String str2, String str3) {
        if (log.isDebugEnabled()) {
            log.debug("buildArtifactResolve...");
        }
        ArtifactResolve buildXMLObject = SAMLUtil.buildXMLObject(ArtifactResolve.class);
        buildXMLObject.addNamespace(OIOSAMLConstants.SAML20_NAMESPACE);
        buildXMLObject.setIssuer(SAMLUtil.createIssuer(this.spEntityID));
        buildXMLObject.setID(str2);
        buildXMLObject.setIssueInstant(new DateTime(DateTimeZone.UTC));
        buildXMLObject.setArtifact(SAMLUtil.createArtifact(str));
        buildXMLObject.setDestination(str3);
        try {
            buildXMLObject.validate(true);
            return buildXMLObject;
        } catch (ValidationException e) {
            throw new WrappedException(Layer.CLIENT, e);
        }
    }
}
