package pl.edu.icm.unity.saml.idp.web;

import eu.unicore.samly2.webservice.SAMLLogoutInterface;
import eu.unicore.util.configuration.ConfigurationException;
import java.util.Arrays;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Map;
import javax.servlet.DispatcherType;
import javax.servlet.Servlet;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.transport.servlet.CXFNonSpringServlet;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.springframework.context.ApplicationContext;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.saml.SamlProperties;
import pl.edu.icm.unity.saml.idp.FreemarkerHandler;
import pl.edu.icm.unity.saml.idp.IdpSamlTrustProvider;
import pl.edu.icm.unity.saml.idp.SamlIdpProperties;
import pl.edu.icm.unity.saml.idp.web.filter.ErrorHandler;
import pl.edu.icm.unity.saml.idp.web.filter.IdpConsentDeciderServletFactory;
import pl.edu.icm.unity.saml.idp.web.filter.SamlGuardFilter;
import pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet;
import pl.edu.icm.unity.saml.idp.ws.SAMLSingleLogoutImpl;
import pl.edu.icm.unity.saml.metadata.MetadataProviderFactory;
import pl.edu.icm.unity.saml.metadata.MetadataServlet;
import pl.edu.icm.unity.saml.metadata.cfg.MetaDownloadManager;
import pl.edu.icm.unity.saml.metadata.cfg.MetaToIDPConfigConverter;
import pl.edu.icm.unity.saml.metadata.cfg.RemoteMetaManager;
import pl.edu.icm.unity.saml.slo.SAMLLogoutProcessor;
import pl.edu.icm.unity.saml.slo.SAMLLogoutProcessorFactory;
import pl.edu.icm.unity.saml.slo.SLOReplyInstaller;
import pl.edu.icm.unity.saml.slo.SLOSAMLServlet;
import pl.edu.icm.unity.server.api.PKIManagement;
import pl.edu.icm.unity.server.api.internal.SessionManagement;
import pl.edu.icm.unity.server.authn.LoginToHttpSessionBinder;
import pl.edu.icm.unity.server.utils.ExecutorsService;
import pl.edu.icm.unity.server.utils.HiddenResourcesFilter;
import pl.edu.icm.unity.server.utils.RoutingServlet;
import pl.edu.icm.unity.server.utils.UnityMessageSource;
import pl.edu.icm.unity.server.utils.UnityServerConfiguration;
import pl.edu.icm.unity.types.endpoint.EndpointTypeDescription;
import pl.edu.icm.unity.webui.EndpointRegistrationConfiguration;
import pl.edu.icm.unity.webui.UnityVaadinServlet;
import pl.edu.icm.unity.webui.VaadinEndpoint;
import pl.edu.icm.unity.webui.authn.AuthenticationFilter;
import pl.edu.icm.unity.webui.authn.AuthenticationUI;
import pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter;
import pl.edu.icm.unity.ws.CXFUtils;
import pl.edu.icm.unity.ws.XmlBeansNsHackOutHandler;
import xmlbeans.org.oasis.saml2.metadata.EndpointType;

/* loaded from: input_file:pl/edu/icm/unity/saml/idp/web/SamlAuthVaadinEndpoint.class */
public class SamlAuthVaadinEndpoint extends VaadinEndpoint {
    public static final String SAML_ENTRY_SERVLET_PATH = "/saml2idp-web-entry";
    public static final String SAML_CONSUMER_SERVLET_PATH = "/saml2idp-web";
    public static final String SAML_UI_SERVLET_PATH = "/saml2idp-web-ui";
    public static final String SAML_CONSENT_DECIDER_SERVLET_PATH = "/saml2idp-web-consentdecider";
    public static final String SAML_META_SERVLET_PATH = "/metadata";
    public static final String SAML_SLO_ASYNC_SERVLET_PATH = "/SLO-WEB";
    public static final String SAML_SLO_SOAP_SERVLET_PATH = "/SLO-SOAP";
    protected String publicEntryPointPath;
    protected SamlIdpProperties samlProperties;
    protected FreemarkerHandler freemarkerHandler;
    protected PKIManagement pkiManagement;
    protected ExecutorsService executorsService;
    protected RemoteMetaManager myMetadataManager;
    protected IdpConsentDeciderServletFactory dispatcherServletFactory;
    private Map<String, RemoteMetaManager> remoteMetadataManagers;
    private MetaDownloadManager downloadManager;
    private UnityServerConfiguration mainConfig;
    private SAMLLogoutProcessorFactory logoutProcessorFactory;
    private SLOReplyInstaller sloReplyInstaller;
    private UnityMessageSource msg;

    public SamlAuthVaadinEndpoint(EndpointTypeDescription endpointTypeDescription, ApplicationContext applicationContext, FreemarkerHandler freemarkerHandler, Class<?> cls, PKIManagement pKIManagement, ExecutorsService executorsService, UnityServerConfiguration unityServerConfiguration, IdpConsentDeciderServletFactory idpConsentDeciderServletFactory, Map<String, RemoteMetaManager> map, MetaDownloadManager metaDownloadManager, SAMLLogoutProcessorFactory sAMLLogoutProcessorFactory, SLOReplyInstaller sLOReplyInstaller, UnityMessageSource unityMessageSource) {
        this(SAML_CONSUMER_SERVLET_PATH, endpointTypeDescription, applicationContext, freemarkerHandler, cls, pKIManagement, executorsService, unityServerConfiguration, idpConsentDeciderServletFactory, map, metaDownloadManager, sAMLLogoutProcessorFactory, sLOReplyInstaller, unityMessageSource);
    }

    protected SamlAuthVaadinEndpoint(String str, EndpointTypeDescription endpointTypeDescription, ApplicationContext applicationContext, FreemarkerHandler freemarkerHandler, Class<?> cls, PKIManagement pKIManagement, ExecutorsService executorsService, UnityServerConfiguration unityServerConfiguration, IdpConsentDeciderServletFactory idpConsentDeciderServletFactory, Map<String, RemoteMetaManager> map, MetaDownloadManager metaDownloadManager, SAMLLogoutProcessorFactory sAMLLogoutProcessorFactory, SLOReplyInstaller sLOReplyInstaller, UnityMessageSource unityMessageSource) {
        super(endpointTypeDescription, applicationContext, cls.getSimpleName(), SAML_UI_SERVLET_PATH);
        this.publicEntryPointPath = str;
        this.freemarkerHandler = freemarkerHandler;
        this.dispatcherServletFactory = idpConsentDeciderServletFactory;
        this.pkiManagement = pKIManagement;
        this.executorsService = executorsService;
        this.remoteMetadataManagers = map;
        this.downloadManager = metaDownloadManager;
        this.mainConfig = unityServerConfiguration;
        this.logoutProcessorFactory = sAMLLogoutProcessorFactory;
        this.sloReplyInstaller = sLOReplyInstaller;
        this.msg = unityMessageSource;
    }

    public void setSerializedConfiguration(String str) {
        super.setSerializedConfiguration(str);
        try {
            this.samlProperties = new SamlIdpProperties(this.properties, this.pkiManagement);
            String id = getEndpointDescription().getId();
            if (this.remoteMetadataManagers.containsKey(id)) {
                this.myMetadataManager = this.remoteMetadataManagers.get(id);
                this.myMetadataManager.setBaseConfiguration(this.samlProperties);
            } else {
                this.myMetadataManager = new RemoteMetaManager(this.samlProperties, this.mainConfig, this.executorsService, this.pkiManagement, new MetaToIDPConfigConverter(this.pkiManagement, this.msg), this.downloadManager, SamlIdpProperties.SPMETA_PREFIX);
                this.remoteMetadataManagers.put(id, this.myMetadataManager);
                this.myMetadataManager.start();
            }
            try {
                this.sloReplyInstaller.enable();
            } catch (EngineException e) {
                throw new ConfigurationException("Can't initialize the SAML SLO Reply servlet", e);
            }
        } catch (Exception e2) {
            throw new ConfigurationException("Can't initialize the SAML Web IdP endpoint's configuration", e2);
        }
    }

    public ServletContextHandler getServletContextHandler() {
        ServletContextHandler servletContextHandler = new ServletContextHandler(1);
        servletContextHandler.setContextPath(this.description.getContextAddress());
        String servletUrl = getServletUrl(this.publicEntryPointPath);
        servletContextHandler.addServlet(createServletHolder(getSamlParseServlet(servletUrl, getServletUrl(SAML_ENTRY_SERVLET_PATH)), true), this.publicEntryPointPath + "/*");
        servletContextHandler.addFilter(new FilterHolder(new SamlGuardFilter(new ErrorHandler(this.freemarkerHandler))), SAML_ENTRY_SERVLET_PATH, EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD));
        servletContextHandler.addServlet(createServletHolder(new RoutingServlet(SAML_CONSENT_DECIDER_SERVLET_PATH), true), "/saml2idp-web-entry/*");
        servletContextHandler.addServlet(createServletHolder(this.dispatcherServletFactory.getInstance(SAML_UI_SERVLET_PATH), true), "/saml2idp-web-consentdecider/*");
        String servletUrl2 = getServletUrl(SAML_SLO_ASYNC_SERVLET_PATH);
        servletContextHandler.addServlet(createServletHolder(getSLOAsyncServlet(servletUrl2), true), "/SLO-WEB/*");
        String servletUrl3 = getServletUrl(SAML_SLO_SOAP_SERVLET_PATH);
        servletContextHandler.addServlet(createServletHolder(getSLOSyncServlet(servletUrl3), true), "/SLO-SOAP/*");
        SessionManagement sessionManagement = (SessionManagement) this.applicationContext.getBean(SessionManagement.class);
        LoginToHttpSessionBinder loginToHttpSessionBinder = (LoginToHttpSessionBinder) this.applicationContext.getBean(LoginToHttpSessionBinder.class);
        UnityServerConfiguration unityServerConfiguration = (UnityServerConfiguration) this.applicationContext.getBean(UnityServerConfiguration.class);
        servletContextHandler.addFilter(new FilterHolder(new HiddenResourcesFilter(Collections.unmodifiableList(Arrays.asList("/authentication", SAML_CONSENT_DECIDER_SERVLET_PATH, SAML_UI_SERVLET_PATH)))), "/*", EnumSet.of(DispatcherType.REQUEST));
        this.authnFilter = new AuthenticationFilter(Collections.unmodifiableList(Arrays.asList(SAML_ENTRY_SERVLET_PATH)), "/authentication", this.description.getRealm(), sessionManagement, loginToHttpSessionBinder);
        servletContextHandler.addFilter(new FilterHolder(this.authnFilter), "/*", EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD));
        this.contextSetupFilter = new InvocationContextSetupFilter(unityServerConfiguration, this.description.getRealm(), (String) null);
        servletContextHandler.addFilter(new FilterHolder(this.contextSetupFilter), "/*", EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD));
        EndpointRegistrationConfiguration registrationConfiguration = getRegistrationConfiguration();
        UnityVaadinServlet unityVaadinServlet = new UnityVaadinServlet(this.applicationContext, AuthenticationUI.class.getSimpleName(), this.description, this.authenticators, registrationConfiguration, this.properties);
        unityVaadinServlet.setCancelHandler(new SamlAuthnCancelHandler(this.freemarkerHandler));
        ServletHolder createVaadinServletHolder = createVaadinServletHolder(unityVaadinServlet, true);
        servletContextHandler.addServlet(createVaadinServletHolder, "/authentication/*");
        servletContextHandler.addServlet(createVaadinServletHolder, "/VAADIN/*");
        servletContextHandler.addServlet(createVaadinServletHolder(new UnityVaadinServlet(this.applicationContext, this.uiBeanName, this.description, this.authenticators, registrationConfiguration, this.properties), false), this.uiServletPath + "/*");
        if (this.samlProperties.getBooleanValue(SamlProperties.PUBLISH_METADATA).booleanValue()) {
            servletContextHandler.addServlet(createServletHolder(getMetadataServlet(servletUrl, servletUrl2, servletUrl3), true), "/metadata/*");
        }
        return servletContextHandler;
    }

    protected Servlet getSamlParseServlet(String str, String str2) {
        return new SamlParseServlet(this.myMetadataManager, str, str2, new ErrorHandler(this.freemarkerHandler));
    }

    protected Servlet getMetadataServlet(String str, String str2, String str3) {
        EndpointType newInstance = EndpointType.Factory.newInstance();
        newInstance.setLocation(str);
        newInstance.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        EndpointType newInstance2 = EndpointType.Factory.newInstance();
        newInstance2.setLocation(str);
        newInstance2.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        EndpointType[] endpointTypeArr = {newInstance, newInstance2};
        EndpointType newInstance3 = EndpointType.Factory.newInstance();
        newInstance3.setLocation(str2);
        newInstance3.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        newInstance3.setResponseLocation(this.sloReplyInstaller.getServletURL());
        EndpointType newInstance4 = EndpointType.Factory.newInstance();
        newInstance4.setLocation(str2);
        newInstance4.setResponseLocation(this.sloReplyInstaller.getServletURL());
        newInstance4.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        EndpointType newInstance5 = EndpointType.Factory.newInstance();
        newInstance5.setLocation(str3);
        newInstance5.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:SOAP");
        return new MetadataServlet(MetadataProviderFactory.newIdpInstance(this.samlProperties, this.executorsService, endpointTypeArr, null, new EndpointType[]{newInstance3, newInstance4, newInstance5}));
    }

    protected Servlet getSLOAsyncServlet(String str) {
        return new SLOSAMLServlet(createLogoutProcessor(str));
    }

    protected Servlet getSLOSyncServlet(String str) {
        SAMLSingleLogoutImpl sAMLSingleLogoutImpl = new SAMLSingleLogoutImpl(createLogoutProcessor(str + "/SingleLogoutService"));
        CXFNonSpringServlet cXFNonSpringServlet = new CXFNonSpringServlet();
        Bus createBus = BusFactory.newInstance().createBus();
        cXFNonSpringServlet.setBus(createBus);
        CXFUtils.deployWebservice(createBus, SAMLLogoutInterface.class, sAMLSingleLogoutImpl).getOutInterceptors().add(new XmlBeansNsHackOutHandler());
        return cXFNonSpringServlet;
    }

    private SAMLLogoutProcessor createLogoutProcessor(String str) {
        IdpSamlTrustProvider idpSamlTrustProvider = new IdpSamlTrustProvider(this.myMetadataManager);
        SamlIdpProperties samlIdpProperties = (SamlIdpProperties) this.myMetadataManager.getVirtualConfiguration();
        return this.logoutProcessorFactory.getInstance(samlIdpProperties.getIdTypeMapper(), str, samlIdpProperties.getLongValue(SamlIdpProperties.SAML_REQUEST_VALIDITY).longValue() * 1000, samlIdpProperties.getValue(SamlIdpProperties.ISSUER_URI), samlIdpProperties.getSamlIssuerCredential(), idpSamlTrustProvider, getEndpointDescription().getRealm().getName());
    }
}
