package dk.gov.oio.saml.servlet;

import dk.gov.oio.saml.model.NSISLevel;
import dk.gov.oio.saml.service.AssertionService;
import dk.gov.oio.saml.service.OIOSAML3Service;
import dk.gov.oio.saml.service.validation.AssertionValidationService;
import dk.gov.oio.saml.session.AssertionWrapper;
import dk.gov.oio.saml.session.AuthnRequestWrapper;
import dk.gov.oio.saml.util.Constants;
import dk.gov.oio.saml.util.ExternalException;
import dk.gov.oio.saml.util.InternalException;
import dk.gov.oio.saml.util.LoggingUtil;
import dk.gov.oio.saml.util.SamlHelper;
import dk.gov.oio.saml.util.StringUtil;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.assertion.AssertionValidationException;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.Response;

/* loaded from: input_file:dk/gov/oio/saml/servlet/AssertionHandler.class */
public class AssertionHandler extends SAMLHandler {
    @Override // dk.gov.oio.saml.servlet.SAMLHandler
    public void handleGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        throw new UnsupportedOperationException("GET not allowed");
    }

    @Override // dk.gov.oio.saml.servlet.SAMLHandler
    public void handlePost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ExternalException, InternalException, IOException {
        MessageContext<SAMLObject> decodePost = decodePost(httpServletRequest);
        Response response = (SAMLObject) decodePost.getMessage();
        if (!(response instanceof Response)) {
            throw new ExternalException("Saml message was not a response");
        }
        Response response2 = response;
        LoggingUtil.logResponse(response2, "Incoming");
        Assertion assertion = new AssertionService().getAssertion(response2);
        HttpSession session = httpServletRequest.getSession();
        AuthnRequestWrapper authnRequestWrapper = (AuthnRequestWrapper) session.getAttribute(Constants.SESSION_AUTHN_REQUEST);
        try {
            if (authnRequestWrapper == null) {
                throw new InternalException("No AuthnRequest found on session");
            }
            try {
                new AssertionValidationService().validate(httpServletRequest, decodePost, response2, assertion, authnRequestWrapper);
                LoggingUtil.logAssertion(assertion);
                if (assertion.getAttributeStatements() == null || assertion.getAttributeStatements().size() != 1) {
                    throw new ExternalException("Assertion AttributeStatements were null or had more than one");
                }
                session.setAttribute(Constants.SESSION_NSIS_LEVEL, NSISLevel.getNSISLevelFromLOA(SamlHelper.extractAttributeValues((AttributeStatement) assertion.getAttributeStatements().get(0)).get(Constants.LOA), NSISLevel.NONE));
                session.setAttribute(Constants.SESSION_AUTHENTICATED, "true");
                session.setAttribute(Constants.SESSION_SESSION_INDEX, getSessionIndex(assertion));
                session.setAttribute(Constants.SESSION_ASSERTION, new AssertionWrapper(assertion));
                NameID nameID = assertion.getSubject().getNameID();
                session.setAttribute(Constants.SESSION_NAME_ID, nameID.getValue());
                session.setAttribute(Constants.SESSION_NAME_ID_FORMAT, nameID.getFormat());
                Object attribute = session.getAttribute(Constants.SESSION_REQUESTED_PATH);
                if (attribute != null) {
                    httpServletResponse.sendRedirect((String) attribute);
                } else {
                    httpServletResponse.sendRedirect(StringUtil.getUrl(httpServletRequest, OIOSAML3Service.getConfig().getLoginPage()));
                }
            } catch (AssertionValidationException e) {
                throw new ExternalException((Exception) e);
            }
        } catch (Throwable th) {
            LoggingUtil.logAssertion(assertion);
            throw th;
        }
    }

    private String getSessionIndex(Assertion assertion) {
        if (assertion.getAuthnStatements() == null || assertion.getAuthnStatements().size() <= 0) {
            return null;
        }
        for (AuthnStatement authnStatement : assertion.getAuthnStatements()) {
            if (authnStatement.getSessionIndex() != null && authnStatement.getSessionIndex().length() > 0) {
                return authnStatement.getSessionIndex();
            }
        }
        return null;
    }
}
