package org.apereo.cas.support.saml.web.idp.profile.query;

import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import net.shibboleth.utilities.java.support.xml.ParserPool;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectSignatureValidator;
import org.apereo.cas.ticket.query.SamlAttributeQueryTicket;
import org.apereo.cas.ticket.query.SamlAttributeQueryTicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.web.support.CookieRetrievingCookieGenerator;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml2.core.AttributeQuery;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.PostMapping;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/query/Saml2AttributeQueryProfileHandlerController.class */
public class Saml2AttributeQueryProfileHandlerController extends AbstractSamlProfileHandlerController {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(Saml2AttributeQueryProfileHandlerController.class);
    private final TicketRegistry ticketRegistry;
    private final CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator;
    private final SamlAttributeQueryTicketFactory samlAttributeQueryTicketFactory;
    private final SamlProfileObjectBuilder<? extends SAMLObject> samlFaultResponseBuilder;

    public Saml2AttributeQueryProfileHandlerController(SamlIdPObjectSigner samlIdPObjectSigner, ParserPool parserPool, AuthenticationSystemSupport authenticationSystemSupport, ServicesManager servicesManager, ServiceFactory<WebApplicationService> serviceFactory, SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver, OpenSamlConfigBean openSamlConfigBean, SamlProfileObjectBuilder<? extends SAMLObject> samlProfileObjectBuilder, CasConfigurationProperties casConfigurationProperties, SamlObjectSignatureValidator samlObjectSignatureValidator, TicketRegistry ticketRegistry, SamlProfileObjectBuilder<? extends SAMLObject> samlProfileObjectBuilder2, CookieRetrievingCookieGenerator cookieRetrievingCookieGenerator, SamlAttributeQueryTicketFactory samlAttributeQueryTicketFactory, Service service) {
        super(samlIdPObjectSigner, parserPool, authenticationSystemSupport, servicesManager, serviceFactory, samlRegisteredServiceCachingMetadataResolver, openSamlConfigBean, samlProfileObjectBuilder, casConfigurationProperties, samlObjectSignatureValidator, service);
        this.ticketRegistry = ticketRegistry;
        this.ticketGrantingTicketCookieGenerator = cookieRetrievingCookieGenerator;
        this.samlAttributeQueryTicketFactory = samlAttributeQueryTicketFactory;
        this.samlFaultResponseBuilder = samlProfileObjectBuilder2;
    }

    @PostMapping(path = {"/idp/profile/SAML2/SOAP/AttributeQuery"})
    protected void handlePostRequest(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        MessageContext decodeSoapRequest = decodeSoapRequest(httpServletRequest);
        AttributeQuery attributeQuery = (AttributeQuery) decodeSoapRequest.getMessage();
        try {
            String value = attributeQuery.getIssuer().getValue();
            SamlRegisteredService verifySamlRegisteredService = verifySamlRegisteredService(value);
            Optional<SamlRegisteredServiceServiceProviderMetadataFacade> samlMetadataFacadeFor = getSamlMetadataFacadeFor(verifySamlRegisteredService, (RequestAbstractType) attributeQuery);
            if (!samlMetadataFacadeFor.isPresent()) {
                throw new UnauthorizedServiceException("screen.service.error.message", "Cannot find metadata linked to " + value);
            }
            SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = samlMetadataFacadeFor.get();
            verifyAuthenticationContextSignature(decodeSoapRequest, httpServletRequest, (RequestAbstractType) attributeQuery, samlRegisteredServiceServiceProviderMetadataFacade);
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            if (attributeQuery.getAttributes().isEmpty()) {
                Authentication authentication = this.ticketRegistry.getTicket(this.samlAttributeQueryTicketFactory.createTicketIdFor(attributeQuery.getSubject().getNameID().getValue()), SamlAttributeQueryTicket.class).getTicketGrantingTicket().getAuthentication();
                Principal principal = authentication.getPrincipal();
                Map attributes = authentication.getAttributes();
                Map attributes2 = principal.getAttributes();
                attributeQuery.getAttributes().forEach(attribute -> {
                    if (attributes.containsKey(attribute.getName())) {
                        linkedHashMap.put(attribute.getName(), attributes.get(attribute.getName()));
                    } else if (attributes2.containsKey(attribute.getName())) {
                        linkedHashMap.put(attribute.getName(), attributes2.get(attribute.getName()));
                    }
                });
            }
            this.responseBuilder.mo32build(attributeQuery, httpServletRequest, httpServletResponse, buildCasAssertion(value, verifySamlRegisteredService, linkedHashMap), verifySamlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:SOAP");
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            httpServletRequest.setAttribute("samlError", e.getMessage());
            this.samlFaultResponseBuilder.mo32build(attributeQuery, httpServletRequest, httpServletResponse, null, null, null, "urn:oasis:names:tc:SAML:2.0:bindings:SOAP");
        }
    }
}
