package cat.gencat.ctti.canigo.arch.security.saml.authentication.service.impl;

import cat.gencat.ctti.canigo.arch.security.saml.authentication.credentials.SAMLIdPMetadataManagerCredentials;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.credentials.SAMLKeyManagerCredentials;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.service.SAMLResponseToAssertionService;
import cat.gencat.ctti.canigo.arch.security.saml.validation.SAMLValidator;
import cat.gencat.ctti.canigo.arch.security.saml.validation.SAMLValidatorException;
import cat.gencat.ctti.canigo.arch.security.saml.validation.SAMLValidatorResult;
import cat.gencat.ctti.canigo.arch.security.saml.validation.credentials.SAMLCredentials;
import java.io.ByteArrayOutputStream;
import java.util.Base64;
import javax.annotation.PostConstruct;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.util.XMLObjectHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
import org.springframework.security.saml.key.KeyManager;
import org.springframework.security.saml.metadata.MetadataManager;

/* loaded from: input_file:cat/gencat/ctti/canigo/arch/security/saml/authentication/service/impl/SAMLResponseToAssertionValidatingService.class */
public class SAMLResponseToAssertionValidatingService implements SAMLResponseToAssertionService {
    private static final Logger logger = LoggerFactory.getLogger(SAMLResponseToAssertionValidatingService.class);
    private SAMLCredentials idpCredentials;
    private SAMLCredentials spCredentials;
    private String idpEntityId;
    private String spEntityId;
    private String spKeyName;
    private Integer extraValidityMinutes;

    @Autowired
    MetadataManager metadata;

    @Autowired
    KeyManager keyManager;

    @Bean
    public static PropertySourcesPlaceholderConfigurer propertyConfigInDev() {
        return new PropertySourcesPlaceholderConfigurer();
    }

    public String getIdpEntityId() {
        return this.idpEntityId;
    }

    public void setIdpEntityId(String str) {
        this.idpEntityId = str;
    }

    public String getSpEntityId() {
        return this.spEntityId;
    }

    public void setSpEntityId(String str) {
        this.spEntityId = str;
    }

    public String getSpKeyName() {
        return this.spKeyName;
    }

    public void setSpKeyName(String str) {
        this.spKeyName = str;
    }

    public Integer getExtraValidityMinutes() {
        return this.extraValidityMinutes;
    }

    public void setExtraValidityMinutes(Integer num) {
        this.extraValidityMinutes = num;
    }

    @PostConstruct
    public void validatorInit() throws Exception {
        doCheckProperties();
        try {
            this.idpCredentials = new SAMLIdPMetadataManagerCredentials(this.idpEntityId);
            ((SAMLIdPMetadataManagerCredentials) this.idpCredentials).init(this.metadata);
        } catch (MetadataProviderException e) {
            logger.error(e.getMessage(), e);
        }
        try {
            this.spCredentials = new SAMLKeyManagerCredentials(this.spKeyName);
            ((SAMLKeyManagerCredentials) this.spCredentials).init(this.keyManager);
        } catch (SecurityException e2) {
            logger.error(e2.getMessage(), e2);
        }
    }

    private void doCheckProperties() throws Exception {
        if (this.idpEntityId == null) {
            throw new Exception("idpEntityId undefined at ".concat(getClass().getName()));
        }
        if (this.spEntityId == null) {
            throw new Exception("spEntityId undefined at ".concat(getClass().getName()));
        }
        if (this.spKeyName == null) {
            throw new Exception("spKeyName undefined at ".concat(getClass().getName()));
        }
    }

    @Override // cat.gencat.ctti.canigo.arch.security.saml.authentication.service.SAMLResponseToAssertionService
    public String getAssertion(String str) throws Exception {
        SAMLValidator sAMLValidator = new SAMLValidator();
        Response samlResponseBase64 = sAMLValidator.getSamlResponseBase64(str);
        if (this.extraValidityMinutes != null) {
            sAMLValidator.setExtraValidityMinutes(this.extraValidityMinutes);
        }
        SAMLValidatorResult validate = sAMLValidator.validate(samlResponseBase64, this.spCredentials != null ? this.spCredentials.getEncryptionCredential() : null, this.idpCredentials.getSigningCredential(), this.spEntityId);
        logger.info(validate.toString());
        if (!validate.isOk()) {
            throw new SAMLValidatorException(validate.getErrMsg());
        }
        Assertion validatedAssertion = sAMLValidator.getValidatedAssertion();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        XMLObjectHelper.marshallToOutputStream(validatedAssertion, byteArrayOutputStream);
        String encodeToString = Base64.getEncoder().encodeToString(byteArrayOutputStream.toString().getBytes());
        logger.debug(encodeToString);
        return encodeToString;
    }
}
