package com.alfaariss.oa.profile.saml2.profile.sso.protocol;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.RequestorEvent;
import com.alfaariss.oa.api.attribute.ISessionAttributes;
import com.alfaariss.oa.api.session.ISession;
import com.alfaariss.oa.util.saml2.SAML2IssueInstantWindow;
import com.alfaariss.oa.util.saml2.StatusException;
import com.alfaariss.oa.util.saml2.protocol.AbstractSAML2Protocol;
import com.alfaariss.oa.util.session.ProxyAttributes;
import java.security.SecureRandom;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.joda.time.DateTime;
import org.opensaml.common.SAMLVersion;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;

/* loaded from: input_file:com/alfaariss/oa/profile/saml2/profile/sso/protocol/AbstractAuthenticationRequestProtocol.class */
public abstract class AbstractAuthenticationRequestProtocol extends AbstractSAML2Protocol {
    public static final String SESSION_REQUEST_ID = "ID";
    protected ISession _session;
    protected String _sRequestID;
    protected String _sEntityID;
    protected boolean _bEnableShadowIdp;
    protected String _sShadowedEntityId;
    private Log _logger;

    public AbstractAuthenticationRequestProtocol(SecureRandom secureRandom, String str, ISession iSession, String str2, SAML2IssueInstantWindow sAML2IssueInstantWindow, boolean z) {
        super(secureRandom, str, sAML2IssueInstantWindow);
        this._sShadowedEntityId = null;
        this._logger = LogFactory.getLog(AbstractAuthenticationRequestProtocol.class);
        this._session = iSession;
        this._sEntityID = str2;
        this._bEnableShadowIdp = z;
        readSessionAttributes(this._session);
    }

    public StatusResponseType createErrorResponse(String str, String str2, String str3) throws OAException {
        return createResponse(str, this._builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME).buildObject(), str2, str3);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processRequestAbstractType(RequestAbstractType requestAbstractType) throws OAException, StatusException {
        try {
            ISessionAttributes attributes = this._session.getAttributes();
            this._sRequestID = requestAbstractType.getID();
            if (this._sRequestID != null) {
                attributes.put(AbstractAuthenticationRequestProtocol.class, "ID", this._sRequestID);
            }
            SAMLVersion version = requestAbstractType.getVersion();
            if (!version.equals(SAMLVersion.VERSION_20)) {
                this._logger.error("Unsupported SAML version in request: " + version);
                throw new StatusException(RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch");
            }
            DateTime issueInstant = requestAbstractType.getIssueInstant();
            if (issueInstant == null) {
                this._logger.error("No IssueInstant in request");
                throw new StatusException(RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:Requester");
            }
            if (!this._issueInstantWindow.canAccept(issueInstant)) {
                this._logger.error("Invalid IssueInstant in request: " + issueInstant);
                throw new StatusException(RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:Requester");
            }
            String destination = requestAbstractType.getDestination();
            if (destination != null && !destination.equalsIgnoreCase(this._sProfileURL)) {
                if (!this._bEnableShadowIdp) {
                    this._logger.error("Invalid Destination in request: " + destination);
                    throw new StatusException(RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:Requester");
                }
                if (!destination.startsWith(this._sProfileURL)) {
                    this._logger.warn("Invalid Destination in request for shadowed endpoint: " + destination);
                }
            }
            String consent = requestAbstractType.getConsent();
            if (consent != null) {
                this._logger.debug("Ignoring consent in request: " + consent);
            }
            Issuer issuer = requestAbstractType.getIssuer();
            if (issuer == null) {
                this._logger.error("No Issuer in request");
                throw new StatusException(RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:Requester");
            }
            String format = issuer.getFormat();
            if (format == null || format.equals("urn:oasis:names:tc:SAML:2.0:nameid-format:entity")) {
                return;
            }
            this._logger.error("Invalid Issuer format in request: " + format);
            throw new StatusException(RequestorEvent.REQUEST_INVALID, "urn:oasis:names:tc:SAML:2.0:status:Requester");
        } catch (Exception e) {
            this._logger.fatal("Internal error during request processing", e);
            throw new OAException(1);
        } catch (StatusException e2) {
            throw e2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public StatusResponseType createResponse(String str, StatusResponseType statusResponseType, String str2) throws OAException {
        return createResponse(str, statusResponseType, str2, null);
    }

    protected StatusResponseType createResponse(String str, StatusResponseType statusResponseType, String str2, String str3) throws OAException {
        try {
            populateResponse(statusResponseType, this._session.getId());
            statusResponseType.setInResponseTo(this._sRequestID);
            statusResponseType.setDestination(str);
            Issuer buildObject = this._builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME).buildObject();
            if (this._sShadowedEntityId != null) {
                buildObject.setValue(this._sShadowedEntityId);
            } else {
                buildObject.setValue(this._sEntityID);
            }
            statusResponseType.setIssuer(buildObject);
            statusResponseType.setStatus(constructStatusCode(str2, str3));
            return statusResponseType;
        } catch (Exception e) {
            this._logger.fatal("Internal error during response creation", e);
            throw new OAException(1);
        }
    }

    private void readSessionAttributes(ISession iSession) {
        if (iSession != null) {
            ISessionAttributes attributes = iSession.getAttributes();
            if (attributes.contains(AbstractAuthenticationRequestProtocol.class, "ID")) {
                this._sRequestID = (String) attributes.get(AbstractAuthenticationRequestProtocol.class, "ID");
            }
            if (this._bEnableShadowIdp && attributes.contains(ProxyAttributes.class, "shadowed.idpId")) {
                this._sShadowedEntityId = (String) attributes.get(ProxyAttributes.class, "shadowed.idpId");
                this._logger.debug("Enabling Authn Request ShadowedEntityId support (shadowed entityId: " + this._sShadowedEntityId + ")");
            }
        }
    }
}
