package dk.gov.oio.saml.service;

import dk.gov.oio.saml.config.Configuration;
import dk.gov.oio.saml.extensions.appswitch.AppSwitch;
import dk.gov.oio.saml.extensions.appswitch.AppSwitchPlatform;
import dk.gov.oio.saml.extensions.appswitch.Platform;
import dk.gov.oio.saml.extensions.appswitch.ReturnURL;
import dk.gov.oio.saml.model.NSISLevel;
import dk.gov.oio.saml.util.Constants;
import dk.gov.oio.saml.util.ExternalException;
import dk.gov.oio.saml.util.InternalException;
import dk.gov.oio.saml.util.SamlHelper;
import java.util.ArrayList;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.security.RandomIdentifierGenerationStrategy;
import net.shibboleth.utilities.java.support.xml.BasicParserPool;
import org.apache.commons.lang.StringUtils;
import org.joda.time.DateTime;
import org.opensaml.core.config.InitializationException;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.decoder.MessageDecodingException;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.binding.SAMLBindingSupport;
import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Extensions;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.context.SecurityParametersContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dk/gov/oio/saml/service/AuthnRequestService.class */
public class AuthnRequestService {
    private static final Logger log = LoggerFactory.getLogger(AuthnRequestService.class);
    private static AuthnRequestService singleInstance = new AuthnRequestService();

    public static AuthnRequestService getInstance() {
        return singleInstance;
    }

    public MessageContext<SAMLObject> getMessageContext(HttpServletRequest httpServletRequest) throws ComponentInitializationException, MessageDecodingException {
        log.debug("Decoding Http Redirect deflate");
        HTTPRedirectDeflateDecoder hTTPRedirectDeflateDecoder = new HTTPRedirectDeflateDecoder();
        hTTPRedirectDeflateDecoder.setHttpServletRequest(httpServletRequest);
        BasicParserPool basicParserPool = new BasicParserPool();
        basicParserPool.initialize();
        hTTPRedirectDeflateDecoder.setParserPool(basicParserPool);
        hTTPRedirectDeflateDecoder.initialize();
        hTTPRedirectDeflateDecoder.decode();
        MessageContext<SAMLObject> messageContext = hTTPRedirectDeflateDecoder.getMessageContext();
        hTTPRedirectDeflateDecoder.destroy();
        return messageContext;
    }

    public AuthnRequest getAuthnRequest(HttpServletRequest httpServletRequest) throws ComponentInitializationException, MessageDecodingException {
        return (AuthnRequest) getMessageContext(httpServletRequest).getMessage();
    }

    public MessageContext<SAMLObject> createMessageWithAuthnRequest(boolean z, boolean z2, NSISLevel nSISLevel, String str, AppSwitchPlatform appSwitchPlatform) throws InternalException, ExternalException, InitializationException {
        MessageContext<SAMLObject> messageContext = new MessageContext<>();
        String destination = getDestination();
        messageContext.setMessage(createAuthnRequest(destination, z, z2, nSISLevel, str, appSwitchPlatform));
        SAMLEndpointContext subcontext = messageContext.getSubcontext(SAMLPeerEntityContext.class, true).getSubcontext(SAMLEndpointContext.class, true);
        SingleSignOnService singleSignOnService = (SingleSignOnService) SamlHelper.build(SingleSignOnService.class);
        singleSignOnService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        singleSignOnService.setLocation(destination);
        subcontext.setEndpoint(singleSignOnService);
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(OIOSAML3Service.getCredentialService().getPrimaryBasicX509Credential());
        SAMLBindingSupport.setRelayState(messageContext, "_" + UUID.randomUUID().toString());
        signatureSigningParameters.setSignatureAlgorithm(OIOSAML3Service.getConfig().getSignatureAlgorithm());
        messageContext.getSubcontext(SecurityParametersContext.class, true).setSignatureSigningParameters(signatureSigningParameters);
        return messageContext;
    }

    public AuthnRequest createAuthnRequest(String str, boolean z, boolean z2, NSISLevel nSISLevel, AppSwitchPlatform appSwitchPlatform) throws InitializationException {
        return createAuthnRequest(str, z, z2, nSISLevel, null, appSwitchPlatform);
    }

    public AuthnRequest createAuthnRequest(String str, boolean z, boolean z2, NSISLevel nSISLevel, String str2, AppSwitchPlatform appSwitchPlatform) throws InitializationException {
        AuthnRequest authnRequest = (AuthnRequest) SamlHelper.build(AuthnRequest.class);
        authnRequest.setID(new RandomIdentifierGenerationStrategy().generateIdentifier());
        Configuration config = OIOSAML3Service.getConfig();
        authnRequest.setDestination(str);
        authnRequest.setIssueInstant(new DateTime());
        authnRequest.setIsPassive(Boolean.valueOf(z));
        authnRequest.setForceAuthn(Boolean.valueOf(z2));
        authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        authnRequest.setAssertionConsumerServiceURL(config.getServletAssertionConsumerURL());
        Issuer issuer = (Issuer) SamlHelper.build(Issuer.class);
        authnRequest.setIssuer(issuer);
        issuer.setValue(config.getSpEntityID());
        ArrayList arrayList = new ArrayList();
        if (nSISLevel != null && nSISLevel != NSISLevel.NONE) {
            AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) SamlHelper.build(AuthnContextClassRef.class);
            authnContextClassRef.setAuthnContextClassRef(nSISLevel.getUrl());
            arrayList.add(authnContextClassRef);
        }
        if (Constants.ATTRIBUTE_PROFILE_PERSON.equals(str2) || Constants.ATTRIBUTE_PROFILE_PROFESSIONAL.equals(str2)) {
            AuthnContextClassRef authnContextClassRef2 = (AuthnContextClassRef) SamlHelper.build(AuthnContextClassRef.class);
            authnContextClassRef2.setAuthnContextClassRef(str2);
            arrayList.add(authnContextClassRef2);
        }
        if (!arrayList.isEmpty()) {
            RequestedAuthnContext requestedAuthnContext = (RequestedAuthnContext) SamlHelper.build(RequestedAuthnContext.class);
            if (nSISLevel != null && nSISLevel != NSISLevel.NONE) {
                requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
            }
            requestedAuthnContext.getAuthnContextClassRefs().addAll(arrayList);
            authnRequest.setRequestedAuthnContext(requestedAuthnContext);
        }
        if (appSwitchPlatform != null) {
            addAppSwitchToExtensions(authnRequest, appSwitchPlatform);
        }
        return authnRequest;
    }

    private static void addAppSwitchToExtensions(AuthnRequest authnRequest, AppSwitchPlatform appSwitchPlatform) {
        Configuration config = OIOSAML3Service.getConfig();
        ReturnURL returnURL = (ReturnURL) SamlHelper.build(ReturnURL.class);
        returnURL.setValue(GetReturnURLForPlatform(appSwitchPlatform, config));
        Platform platform = (Platform) SamlHelper.build(Platform.class);
        platform.setValue(appSwitchPlatform);
        AppSwitch appSwitch = (AppSwitch) SamlHelper.build(AppSwitch.class);
        appSwitch.setPlatform(platform);
        appSwitch.setReturnURL(returnURL);
        Extensions extensions = authnRequest.getExtensions();
        if (extensions == null) {
            extensions = (Extensions) SamlHelper.build(Extensions.class);
        }
        extensions.getUnknownXMLObjects().add(appSwitch);
        authnRequest.setExtensions(extensions);
    }

    private static String GetReturnURLForPlatform(AppSwitchPlatform appSwitchPlatform, Configuration configuration) {
        String str = null;
        if (appSwitchPlatform == AppSwitchPlatform.Android) {
            str = configuration.getAppSwitchReturnURLForAndroid();
        } else if (appSwitchPlatform == AppSwitchPlatform.iOS) {
            str = configuration.getAppSwitchReturnURLForIOS();
        }
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("Missing configuration for 'oiosaml.appswitch.returnurl.android'");
        }
        return str;
    }

    private String getDestination() throws ExternalException, InternalException {
        for (SingleSignOnService singleSignOnService : IdPMetadataService.getInstance().getIdPMetadata().getEntityDescriptor().getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol").getSingleSignOnServices()) {
            if ("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect".equals(singleSignOnService.getBinding())) {
                return singleSignOnService.getLocation();
            }
        }
        throw new ExternalException("Could not find SSO endpoint for Redirect binding in metadata");
    }
}
