package com.alfaariss.oa.profile.saml2.profile.artifactresolution.protocol;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.RequestorEvent;
import com.alfaariss.oa.util.saml2.SAML2IssueInstantWindow;
import com.alfaariss.oa.util.saml2.StatusException;
import com.alfaariss.oa.util.saml2.protocol.AbstractSAML2Protocol;
import com.alfaariss.oa.util.saml2.protocol.ISynchronousProtocol;
import java.io.UnsupportedEncodingException;
import java.security.SecureRandom;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.joda.time.DateTime;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SAMLVersion;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.binding.artifact.SAMLArtifactMap;
import org.opensaml.saml2.core.Artifact;
import org.opensaml.saml2.core.ArtifactResolve;
import org.opensaml.saml2.core.ArtifactResponse;
import org.opensaml.saml2.core.Issuer;

/* loaded from: input_file:com/alfaariss/oa/profile/saml2/profile/artifactresolution/protocol/ArtifactResolutionProtocol.class */
public class ArtifactResolutionProtocol extends AbstractSAML2Protocol implements ISynchronousProtocol {
    private SAMLArtifactMap _artifactMap;
    private static Log _logger;

    public ArtifactResolutionProtocol(SecureRandom secureRandom, SAMLArtifactMap sAMLArtifactMap, String str, SAML2IssueInstantWindow sAML2IssueInstantWindow) {
        super(secureRandom, str, sAML2IssueInstantWindow);
        _logger = LogFactory.getLog(ArtifactResolutionProtocol.class);
        this._artifactMap = sAMLArtifactMap;
    }

    public void processProtocol(SAMLMessageContext<SignableSAMLObject, SignableSAMLObject, SAMLObject> sAMLMessageContext) throws OAException, StatusException {
        ArtifactResponse artifactResponse = null;
        try {
            ArtifactResponse buildBaseArtifactResponse = buildBaseArtifactResponse(sAMLMessageContext);
            if (!(sAMLMessageContext.getInboundSAMLMessage() instanceof ArtifactResolve)) {
                _logger.debug("Invalid request message: " + sAMLMessageContext.getInboundSAMLMessage());
                throw new StatusException(RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:Requester");
            }
            ArtifactResolve inboundSAMLMessage = sAMLMessageContext.getInboundSAMLMessage();
            Issuer issuer = inboundSAMLMessage.getIssuer();
            if (issuer == null) {
                _logger.debug("Missing issuer");
                throw new StatusException(RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:Requester");
            }
            String value = issuer.getValue();
            if (value == null) {
                _logger.debug("Missing issuer value (requestor)");
                throw new StatusException(RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:Requester");
            }
            String format = issuer.getFormat();
            if (format != null && !"urn:oasis:names:tc:SAML:2.0:nameid-format:entity".equals(format)) {
                _logger.debug("Invalid issuer format: " + format);
                throw new StatusException(value, RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:Requester");
            }
            String id = inboundSAMLMessage.getID();
            if (id == null) {
                _logger.debug("Missing ID");
                throw new StatusException(value, RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:Requester");
            }
            buildBaseArtifactResponse.setInResponseTo(id);
            SAMLVersion version = inboundSAMLMessage.getVersion();
            if (!SAMLVersion.VERSION_20.equals(version)) {
                _logger.debug("Invalid request version: " + version);
                throw new StatusException(value, RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch");
            }
            DateTime issueInstant = inboundSAMLMessage.getIssueInstant();
            if (issueInstant == null) {
                _logger.debug("Missing IssueInstant");
                throw new StatusException(value, RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:Requester");
            }
            if (!this._issueInstantWindow.canAccept(issueInstant)) {
                _logger.debug("Invalid IssueInstant: " + issueInstant);
                throw new StatusException(value, RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:Requester");
            }
            String destination = inboundSAMLMessage.getDestination();
            if (destination != null && !destination.equalsIgnoreCase(this._sProfileURL)) {
                _logger.debug("Invalid destination: " + destination);
                throw new StatusException(value, RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:Requester");
            }
            Artifact artifact = inboundSAMLMessage.getArtifact();
            if (artifact == null) {
                _logger.debug("Missing Artifact");
                throw new StatusException(value, RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:Requester");
            }
            SAMLArtifactMap.SAMLArtifactMapEntry sAMLArtifactMapEntry = this._artifactMap.get(artifact.getArtifact());
            if (sAMLArtifactMapEntry == null) {
                _logger.debug("Artifact unknown, possibly expired: " + artifact.getArtifact());
                throw new StatusException(value, RequestorEvent.TOKEN_DEREFERENCE_FAILED, "urn:oasis:names:tc:SAML:2.0:status:Success");
            }
            if (sAMLArtifactMapEntry.isExpired()) {
                _logger.debug("Artifact expired: " + sAMLArtifactMapEntry.getArtifact());
                throw new StatusException(value, RequestorEvent.TOKEN_DEREFERENCE_FAILED, "urn:oasis:names:tc:SAML:2.0:status:Success");
            }
            String relyingPartyId = sAMLArtifactMapEntry.getRelyingPartyId();
            if (relyingPartyId != null && !relyingPartyId.equals(value)) {
                _logger.debug("Invalid artifact relyingPartyId: " + relyingPartyId);
                throw new StatusException(value, RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:Success");
            }
            buildBaseArtifactResponse.setMessage(sAMLArtifactMapEntry.getSamlMessage());
            buildBaseArtifactResponse.setStatus(constructStatusCode("urn:oasis:names:tc:SAML:2.0:status:Success", null));
            sAMLMessageContext.setOutboundSAMLMessage(buildBaseArtifactResponse);
            this._artifactMap.remove(artifact.getArtifact());
        } catch (Exception e) {
            _logger.fatal("Internal processing error", e);
            throw new OAException(1);
        } catch (StatusException e2) {
            artifactResponse.setStatus(constructStatusCode(e2.getTopLevelstatusCode(), e2.getSecondLevelStatusCode()));
            sAMLMessageContext.setOutboundSAMLMessage((SAMLObject) null);
            throw e2;
        }
    }

    private ArtifactResponse buildBaseArtifactResponse(SAMLMessageContext<SignableSAMLObject, SignableSAMLObject, SAMLObject> sAMLMessageContext) throws OAException {
        ArtifactResponse buildObject = this._builderFactory.getBuilder(ArtifactResponse.DEFAULT_ELEMENT_NAME).buildObject();
        try {
            super.populateResponse(buildObject, (String) null);
            sAMLMessageContext.setOutboundSAMLMessageId(buildObject.getID());
            Issuer buildObject2 = this._builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject2.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
            buildObject2.setValue(sAMLMessageContext.getLocalEntityId());
            buildObject.setIssuer(buildObject2);
            return buildObject;
        } catch (UnsupportedEncodingException e) {
            _logger.error("Could not create response, unsupported encoding", e);
            throw new OAException(1);
        }
    }
}
