package com.alfaariss.oa.profile.saml2.profile.artifactresolution;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.RequestorEvent;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.session.SessionState;
import com.alfaariss.oa.profile.saml2.profile.artifactresolution.protocol.ArtifactResolutionProtocol;
import com.alfaariss.oa.util.logging.RequestorEventLogItem;
import com.alfaariss.oa.util.saml2.ISAML2Requestors;
import com.alfaariss.oa.util.saml2.SAML2IssueInstantWindow;
import com.alfaariss.oa.util.saml2.SAML2SecurityException;
import com.alfaariss.oa.util.saml2.StatusException;
import com.alfaariss.oa.util.saml2.binding.AbstractDecodingFactory;
import com.alfaariss.oa.util.saml2.binding.AbstractEncodingFactory;
import com.alfaariss.oa.util.saml2.binding.BindingProperties;
import com.alfaariss.oa.util.saml2.binding.soap11.SOAP11Utils;
import com.alfaariss.oa.util.saml2.crypto.SAML2CryptoUtils;
import com.alfaariss.oa.util.saml2.metadata.role.sso.IDPSSODescriptorBuilder;
import com.alfaariss.oa.util.saml2.profile.AbstractSAML2Profile;
import com.alfaariss.oa.util.saml2.storage.artifact.ArtifactStoreFactory;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.security.SecurityException;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/profile/saml2/profile/artifactresolution/ArtifactResolutionService.class */
public class ArtifactResolutionService extends AbstractSAML2Profile {
    private static Log _logger = LogFactory.getLog(ArtifactResolutionService.class);
    private ArtifactResolutionProtocol _protocol;
    private Log _eventLogger = LogFactory.getLog("com.alfaariss.oa.EventLogger");
    protected XMLObjectBuilderFactory _builderFactory = Configuration.getBuilderFactory();

    public void init(IConfigurationManager iConfigurationManager, Element element, EntityDescriptor entityDescriptor, String str, String str2, ISAML2Requestors iSAML2Requestors, SAML2IssueInstantWindow sAML2IssueInstantWindow, String str3) throws OAException {
        super.init(iConfigurationManager, element, entityDescriptor, str, str2, iSAML2Requestors, sAML2IssueInstantWindow, str3);
        ArtifactStoreFactory artifactStoreFactory = ArtifactStoreFactory.getInstance();
        artifactStoreFactory.init(iConfigurationManager, element, this._cryptoManager);
        this._protocol = new ArtifactResolutionProtocol(this._cryptoManager.getSecureRandom(), artifactStoreFactory.getStoreInstance(), this._sProfileURL, this._issueInstantWindow);
        new IDPSSODescriptorBuilder(iConfigurationManager, element, entityDescriptor.getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol")).buildArtifactResolutionService(this._sProfileURL);
        _logger.info("ArtifactResolutionService Started at endpoint: " + this._sProfileURL);
    }

    public void process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OAException {
        try {
            AbstractDecodingFactory createInstance = AbstractDecodingFactory.createInstance(httpServletRequest, httpServletResponse, "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", (BindingProperties) null);
            SAMLMessageDecoder decoder = createInstance.getDecoder();
            SAMLMessageContext<SignableSAMLObject, SignableSAMLObject, SAMLObject> context = createInstance.getContext();
            context.setLocalEntityId(this._sEntityID);
            context.setLocalEntityMetadata(this._entityDescriptor);
            try {
                decoder.decode(context);
                SignableSAMLObject inboundSAMLMessage = context.getInboundSAMLMessage();
                if (_logger.isDebugEnabled() && inboundSAMLMessage != null) {
                    logXML(inboundSAMLMessage);
                }
                validateRequest(context, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
                this._protocol.processProtocol(context);
                this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.TOKEN_DEREFERENCE_SUCCESSFUL, (String) null, httpServletRequest.getRemoteAddr(), context.getInboundMessageIssuer(), this, context.getOutboundSAMLMessageId()));
                sendResponse(context, httpServletRequest, httpServletResponse);
            } catch (SecurityException e) {
                _logger.debug("Could not decode inbound message due to security exception", e);
                throw new SAML2SecurityException(RequestorEvent.REQUEST_INVALID);
            }
        } catch (OAException e2) {
            throw e2;
        } catch (Exception e3) {
            _logger.fatal("Could not process SAML request message", e3);
            throw new OAException(1);
        } catch (StatusException e4) {
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, e4.getEvent(), (String) null, httpServletRequest.getRemoteAddr(), e4.getRequestorID(), this, e4.getMessage()));
            sendResponse(null, httpServletRequest, httpServletResponse);
        } catch (SAML2SecurityException e5) {
            _logger.debug("Security error", e5);
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, e5.getEvent(), (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "Security Fault"));
            try {
                if (!httpServletResponse.isCommitted()) {
                    httpServletResponse.sendError(403);
                }
            } catch (IOException e6) {
                _logger.warn("Could not send response", e6);
            }
        } catch (MessageDecodingException e7) {
            _logger.debug("SOAP decoding error", e7);
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.REQUEST_INVALID, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "SOAP Fault"));
            SOAP11Utils.sendSOAPFault((SAMLMessageContext) null, RequestorEvent.REQUEST_INVALID);
        }
    }

    public void destroy() {
        ArtifactStoreFactory.getInstance().stop();
        super.destroy();
    }

    private void sendResponse(SAMLMessageContext<SignableSAMLObject, SignableSAMLObject, SAMLObject> sAMLMessageContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OAException {
        SAMLObject outboundSAMLMessage;
        try {
            if (this._signingEnabled) {
                sAMLMessageContext.setOutboundSAMLMessageSigningCredential(SAML2CryptoUtils.retrieveMySigningCredentials(this._cryptoManager, this._sEntityID));
            }
            AbstractEncodingFactory.createInstance(httpServletRequest, httpServletResponse, "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", (BindingProperties) null).getEncoder().encode(sAMLMessageContext);
            if (_logger.isDebugEnabled() && (outboundSAMLMessage = sAMLMessageContext.getOutboundSAMLMessage()) != null) {
                logXML(outboundSAMLMessage);
            }
        } catch (MessageEncodingException e) {
            _logger.error("Could not send reponse with binding urn:oasis:names:tc:SAML:2.0:bindings:SOAP", e);
            throw new OAException(1);
        }
    }
}
