package org.apereo.cas.support.saml.web.idp.profile.query;

import java.util.LinkedHashMap;
import java.util.Objects;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController;
import org.apereo.cas.support.saml.web.idp.profile.SamlProfileHandlerConfigurationContext;
import org.apereo.cas.ticket.InvalidTicketException;
import org.apereo.cas.ticket.query.SamlAttributeQueryTicket;
import org.apereo.cas.util.LoggingUtils;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.saml2.core.AttributeQuery;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.PostMapping;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/query/SamlIdPSaml2AttributeQueryProfileHandlerController.class */
public class SamlIdPSaml2AttributeQueryProfileHandlerController extends AbstractSamlIdPProfileHandlerController {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlIdPSaml2AttributeQueryProfileHandlerController.class);

    public SamlIdPSaml2AttributeQueryProfileHandlerController(SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext) {
        super(samlProfileHandlerConfigurationContext);
    }

    @PostMapping(path = {"/idp/profile/SAML2/SOAP/AttributeQuery"})
    protected void handlePostRequest(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        MessageContext decodeSoapRequest = decodeSoapRequest(httpServletRequest);
        RequestAbstractType requestAbstractType = (AttributeQuery) decodeSoapRequest.getMessage();
        SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext = getSamlProfileHandlerConfigurationContext();
        try {
            String value = ((AttributeQuery) Objects.requireNonNull(requestAbstractType)).getIssuer().getValue();
            SamlRegisteredService verifySamlRegisteredService = verifySamlRegisteredService(value);
            Optional<SamlRegisteredServiceServiceProviderMetadataFacade> samlMetadataFacadeFor = getSamlMetadataFacadeFor(verifySamlRegisteredService, requestAbstractType);
            if (samlMetadataFacadeFor.isEmpty()) {
                throw new UnauthorizedServiceException("screen.service.error.message", "Cannot find metadata linked to " + value);
            }
            SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = samlMetadataFacadeFor.get();
            verifyAuthenticationContextSignature(decodeSoapRequest, httpServletRequest, requestAbstractType, samlRegisteredServiceServiceProviderMetadataFacade);
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            LinkedHashMap linkedHashMap2 = new LinkedHashMap();
            if (!requestAbstractType.getAttributes().isEmpty()) {
                String createTicketIdFor = samlProfileHandlerConfigurationContext.getSamlAttributeQueryTicketFactory().createTicketIdFor(requestAbstractType.getSubject().getNameID().getValue());
                LOGGER.debug("Created ticket id for attribute query [{}]", createTicketIdFor);
                SamlAttributeQueryTicket ticket = samlProfileHandlerConfigurationContext.getTicketRegistry().getTicket(createTicketIdFor, SamlAttributeQueryTicket.class);
                if (ticket == null) {
                    throw new InvalidTicketException(createTicketIdFor);
                }
                Authentication authentication = ticket.getTicketGrantingTicket().getAuthentication();
                Principal principal = authentication.getPrincipal();
                linkedHashMap.putAll(authentication.getAttributes());
                linkedHashMap.putAll(principal.getAttributes());
            }
            requestAbstractType.getAttributes().forEach(attribute -> {
                if (linkedHashMap.containsKey(attribute.getName())) {
                    linkedHashMap2.put(attribute.getName(), linkedHashMap.get(attribute.getName()));
                }
            });
            LOGGER.trace("Final attributes for attribute query are [{}]", linkedHashMap2);
            samlProfileHandlerConfigurationContext.getResponseBuilder().mo22build(requestAbstractType, httpServletRequest, httpServletResponse, buildCasAssertion(value, verifySamlRegisteredService, linkedHashMap2), verifySamlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", decodeSoapRequest);
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            httpServletRequest.setAttribute("samlError", "Unable to build SOAP response: " + StringUtils.defaultString(e.getMessage()));
            samlProfileHandlerConfigurationContext.getSamlFaultResponseBuilder().mo22build(requestAbstractType, httpServletRequest, httpServletResponse, null, null, null, "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", decodeSoapRequest);
        }
    }
}
