package dk.digitalidentity.samlmodule.service.saml;

import dk.digitalidentity.samlmodule.config.settings.DISAML_Configuration;
import dk.digitalidentity.samlmodule.service.DISAML_CredentialService;
import dk.digitalidentity.samlmodule.service.metadata.DISAML_IdPMetadataService;
import dk.digitalidentity.samlmodule.service.metadata.DISAML_SPMetadataService;
import dk.digitalidentity.samlmodule.util.exceptions.ExternalException;
import dk.digitalidentity.samlmodule.util.exceptions.InternalException;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.security.RandomIdentifierGenerationStrategy;
import net.shibboleth.utilities.java.support.xml.BasicParserPool;
import org.joda.time.DateTime;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.decoder.MessageDecodingException;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.context.SecurityParametersContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;

@Service
/* loaded from: input_file:dk/digitalidentity/samlmodule/service/saml/DISAML_AuthnRequestService.class */
public class DISAML_AuthnRequestService {

    @Autowired
    private DISAML_IdPMetadataService idPMetadataService;

    @Autowired
    private DISAML_SPMetadataService sPMetadataService;

    @Autowired
    private DISAML_OpenSAMLHelperService samlHelperService;

    @Autowired
    private DISAML_CredentialService credentialService;

    @Autowired
    private DISAML_Configuration configuration;

    public MessageContext<SAMLObject> getMessageContext(HttpServletRequest httpServletRequest) throws InternalException, ExternalException {
        try {
            HTTPRedirectDeflateDecoder hTTPRedirectDeflateDecoder = new HTTPRedirectDeflateDecoder();
            hTTPRedirectDeflateDecoder.setHttpServletRequest(httpServletRequest);
            BasicParserPool basicParserPool = new BasicParserPool();
            basicParserPool.initialize();
            hTTPRedirectDeflateDecoder.setParserPool(basicParserPool);
            hTTPRedirectDeflateDecoder.initialize();
            hTTPRedirectDeflateDecoder.decode();
            MessageContext<SAMLObject> messageContext = hTTPRedirectDeflateDecoder.getMessageContext();
            hTTPRedirectDeflateDecoder.destroy();
            return messageContext;
        } catch (ComponentInitializationException e) {
            throw new InternalException("Could not initialize decoder", e);
        } catch (MessageDecodingException e2) {
            throw new ExternalException("Could not decode request", e2);
        }
    }

    public AuthnRequest getAuthnRequest(MessageContext<SAMLObject> messageContext) {
        return (AuthnRequest) messageContext.getMessage();
    }

    public MessageContext<SAMLObject> createAuthnRequest() throws InternalException, ExternalException {
        MessageContext<SAMLObject> messageContext = new MessageContext<>();
        String location = this.idPMetadataService.getAuthnRequestEndpoint().getLocation();
        messageContext.setMessage(createAuthnRequestObject(location));
        SAMLEndpointContext subcontext = messageContext.getSubcontext(SAMLPeerEntityContext.class, true).getSubcontext(SAMLEndpointContext.class, true);
        SingleSignOnService singleSignOnService = (SingleSignOnService) this.samlHelperService.buildSAMLObject(SingleSignOnService.class);
        singleSignOnService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        singleSignOnService.setLocation(location);
        subcontext.setEndpoint(singleSignOnService);
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(this.credentialService.getBasicX509Credential());
        signatureSigningParameters.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        messageContext.getSubcontext(SecurityParametersContext.class, true).setSignatureSigningParameters(signatureSigningParameters);
        return messageContext;
    }

    private AuthnRequest createAuthnRequestObject(String str) {
        AuthnRequest authnRequest = (AuthnRequest) this.samlHelperService.buildSAMLObject(AuthnRequest.class);
        authnRequest.setID(new RandomIdentifierGenerationStrategy().generateIdentifier());
        authnRequest.setDestination(str);
        authnRequest.setIssueInstant(new DateTime());
        authnRequest.setIsPassive(Boolean.valueOf(this.configuration.getSp().isPassive()));
        authnRequest.setForceAuthn(Boolean.valueOf(this.configuration.getSp().isForceAuthn()));
        authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        authnRequest.setAssertionConsumerServiceURL(this.sPMetadataService.getAssertionConsumerService());
        Issuer issuer = (Issuer) this.samlHelperService.buildSAMLObject(Issuer.class);
        authnRequest.setIssuer(issuer);
        issuer.setValue(this.configuration.getSp().getEntityId());
        if (this.configuration.getIdp().isContextClassRefEnabled() && (this.configuration.getIdp().isRequireSubstantial() || this.configuration.getIdp().isRequirePersonProfile())) {
            RequestedAuthnContext requestedAuthnContext = (RequestedAuthnContext) this.samlHelperService.buildSAMLObject(RequestedAuthnContext.class);
            authnRequest.setRequestedAuthnContext(requestedAuthnContext);
            requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
            if (this.configuration.getIdp().isRequireSubstantial()) {
                AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) this.samlHelperService.buildSAMLObject(AuthnContextClassRef.class);
                requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
                authnContextClassRef.setAuthnContextClassRef("https://data.gov.dk/concept/core/nsis/loa/Substantial");
            }
            if (this.configuration.getIdp().isRequirePersonProfile()) {
                AuthnContextClassRef authnContextClassRef2 = (AuthnContextClassRef) this.samlHelperService.buildSAMLObject(AuthnContextClassRef.class);
                requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef2);
                authnContextClassRef2.setAuthnContextClassRef("https://data.gov.dk/eid/Person");
            }
        }
        return authnRequest;
    }

    public String getConsumerEndpoint(AuthnRequest authnRequest) throws InternalException {
        try {
            String assertionConsumerServiceURL = authnRequest.getAssertionConsumerServiceURL();
            if (!StringUtils.hasLength(assertionConsumerServiceURL)) {
                assertionConsumerServiceURL = this.sPMetadataService.getSSODescriptor().getDefaultAssertionConsumerService().getLocation();
            }
            return assertionConsumerServiceURL;
        } catch (Exception e) {
            throw new InternalException("Unable to retrieve AssertionConsumerURL", e);
        }
    }
}
