package cat.gencat.ctti.canigo.arch.security.saml.authentication.controller;

import cat.gencat.ctti.canigo.arch.security.provider.saml.SAMLUser;
import cat.gencat.ctti.canigo.arch.security.rest.authentication.dto.JwtAuthenticationResponseDto;
import cat.gencat.ctti.canigo.arch.security.rest.authentication.service.AuthenticationService;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.constants.SAMLConstants;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.dto.SAMLAuthenticationRequestDto;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.exception.SAMLNotConfiguredException;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.jwt.SAMLJwtTokenHandler;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.service.impl.SAMLAuthenticationService;
import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:cat/gencat/ctti/canigo/arch/security/saml/authentication/controller/SAMLAuthController.class */
public class SAMLAuthController {
    private static final Logger logger = LoggerFactory.getLogger(SAMLAuthController.class);
    private static final String NO_PASSWORDS_IN_SAML_AUTHENTICATION = "";

    @Autowired(required = false)
    @Qualifier("samlAuthenticationService")
    private AuthenticationService samlAuthenticationService;

    @Autowired(required = false)
    private SAMLJwtTokenHandler jwtTokenHandler;

    @PostMapping(value = {SAMLConstants.PATH_AUTH_SAML_TOKEN}, produces = {"application/json"})
    public JwtAuthenticationResponseDto getAuthToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @RequestBody(required = false) SAMLAuthenticationRequestDto sAMLAuthenticationRequestDto) {
        checkAllProperties();
        String str = null;
        if (sAMLAuthenticationRequestDto != null) {
            str = sAMLAuthenticationRequestDto.getB64Assertion();
        }
        if (logger.isDebugEnabled()) {
            logger.debug("b64Assertion : ".concat(str));
        }
        if (str != null) {
            httpServletRequest.setAttribute("credentialsInBody", true);
            httpServletRequest.setAttribute(SAMLAuthenticationService.SAML_ASSERTION_REQUEST_ATTR, str);
        }
        Authentication authenticate = this.samlAuthenticationService.authenticate(httpServletRequest, httpServletResponse);
        Object details = authenticate.getDetails();
        String generateToken = this.jwtTokenHandler.generateToken(details instanceof SAMLUser ? (User) details : getDefaultUser(authenticate));
        setHeaderInResponse(httpServletResponse, generateToken);
        return new JwtAuthenticationResponseDto(generateToken);
    }

    private User getDefaultUser(Authentication authentication) {
        User user;
        String str = (String) authentication.getPrincipal();
        Collection authorities = authentication.getAuthorities();
        Object details = authentication.getDetails();
        if (details instanceof UserDetails) {
            user = new User(str, NO_PASSWORDS_IN_SAML_AUTHENTICATION, ((UserDetails) details).isEnabled(), ((UserDetails) details).isAccountNonExpired(), ((UserDetails) details).isCredentialsNonExpired(), ((UserDetails) details).isAccountNonLocked(), authorities);
        } else {
            user = new User(str, NO_PASSWORDS_IN_SAML_AUTHENTICATION, authorities);
        }
        return user;
    }

    public void setHeaderInResponse(HttpServletResponse httpServletResponse, String str) {
        String tokenResponseHeaderName = this.samlAuthenticationService instanceof SAMLAuthenticationService ? ((SAMLAuthenticationService) this.samlAuthenticationService).getTokenResponseHeaderName() : null;
        if (tokenResponseHeaderName != null) {
            httpServletResponse.setHeader(tokenResponseHeaderName, str);
        }
    }

    private void checkAllProperties() {
        if (this.samlAuthenticationService == null) {
            throw new SAMLNotConfiguredException("samlAuthenticationService is null. Please, be sure it is defined!");
        }
        if (this.jwtTokenHandler == null) {
            throw new SAMLNotConfiguredException("samlJwtTokenHandler is null. Please, be sure it is defined!");
        }
    }
}
