package org.pac4j.saml.sso.impl;

import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.List;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.common.messaging.context.SAMLSelfEntityContext;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Extensions;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder;
import org.opensaml.saml.saml2.core.impl.NameIDPolicyBuilder;
import org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.pac4j.saml.config.SAML2Configuration;
import org.pac4j.saml.context.SAML2MessageContext;
import org.pac4j.saml.profile.api.SAML2ObjectBuilder;
import org.pac4j.saml.util.Configuration;
import org.pac4j.saml.util.SAML2Utils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pac4j/saml/sso/impl/SAML2AuthnRequestBuilder.class */
public class SAML2AuthnRequestBuilder implements SAML2ObjectBuilder<AuthnRequest> {
    private final SAML2Configuration configuration;
    protected final Logger protocolMessageLog = LoggerFactory.getLogger("PROTOCOL_MESSAGE");
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private int issueInstantSkewSeconds = 0;
    private final XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();

    public SAML2AuthnRequestBuilder(SAML2Configuration sAML2Configuration) {
        this.configuration = sAML2Configuration;
    }

    @Override // org.pac4j.saml.profile.api.SAML2ObjectBuilder
    public AuthnRequest build(SAML2MessageContext sAML2MessageContext) {
        AuthnRequest buildAuthnRequest = buildAuthnRequest(sAML2MessageContext, sAML2MessageContext.getSPAssertionConsumerService(this.configuration.getAssertionConsumerServiceIndex() > 0 ? String.valueOf(this.configuration.getAssertionConsumerServiceIndex()) : null), sAML2MessageContext.getIDPSingleSignOnService(this.configuration.getAuthnRequestBindingType()));
        logProtocolMessage(buildAuthnRequest);
        return buildAuthnRequest;
    }

    protected void logProtocolMessage(XMLObject xMLObject) {
        if (this.protocolMessageLog.isDebugEnabled()) {
            try {
                this.protocolMessageLog.debug(SerializeSupport.nodeToString(XMLObjectSupport.marshall(xMLObject)));
            } catch (MarshallingException e) {
                this.logger.error(e.getMessage(), e);
            }
        }
    }

    protected final AuthnRequest buildAuthnRequest(SAML2MessageContext sAML2MessageContext, AssertionConsumerService assertionConsumerService, SingleSignOnService singleSignOnService) {
        AuthnRequest buildObject = this.builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME).buildObject();
        AuthnContextComparisonTypeEnumeration comparisonTypeEnumFromString = getComparisonTypeEnumFromString(this.configuration.getComparisonType());
        if (comparisonTypeEnumFromString != null) {
            RequestedAuthnContext buildObject2 = new RequestedAuthnContextBuilder().buildObject();
            buildObject2.setComparison(comparisonTypeEnumFromString);
            if (this.configuration.getAuthnContextClassRefs() != null && !this.configuration.getAuthnContextClassRefs().isEmpty()) {
                List authnContextClassRefs = buildObject2.getAuthnContextClassRefs();
                this.configuration.getAuthnContextClassRefs().forEach(str -> {
                    authnContextClassRefs.add(buildAuthnContextClassRef(str));
                });
            }
            buildObject.setRequestedAuthnContext(buildObject2);
        }
        SAMLSelfEntityContext sAMLSelfEntityContext = sAML2MessageContext.getSAMLSelfEntityContext();
        buildObject.setID(SAML2Utils.generateID());
        buildObject.setIssuer(getIssuer(sAMLSelfEntityContext.getEntityId()));
        buildObject.setIssueInstant(ZonedDateTime.now(ZoneOffset.UTC).plusSeconds(this.issueInstantSkewSeconds).toInstant());
        buildObject.setVersion(SAMLVersion.VERSION_20);
        buildObject.setIsPassive(Boolean.valueOf(this.configuration.isPassive()));
        buildObject.setForceAuthn(Boolean.valueOf(this.configuration.isForceAuth()));
        if (StringUtils.isNotBlank(this.configuration.getProviderName())) {
            buildObject.setProviderName(this.configuration.getProviderName());
        }
        if (this.configuration.getNameIdPolicyFormat() != null) {
            NameIDPolicy buildObject3 = new NameIDPolicyBuilder().buildObject();
            if (this.configuration.isNameIdPolicyAllowCreate() != null) {
                buildObject3.setAllowCreate(this.configuration.isNameIdPolicyAllowCreate());
            }
            buildObject3.setFormat(this.configuration.getNameIdPolicyFormat());
            buildObject.setNameIDPolicy(buildObject3);
        }
        buildObject.setDestination(singleSignOnService.getLocation());
        if (this.configuration.getAssertionConsumerServiceIndex() >= 0) {
            buildObject.setAssertionConsumerServiceIndex(Integer.valueOf(this.configuration.getAssertionConsumerServiceIndex()));
        } else {
            buildObject.setAssertionConsumerServiceURL(assertionConsumerService.getLocation());
        }
        buildObject.setProtocolBinding(assertionConsumerService.getBinding());
        if (this.configuration.getAttributeConsumingServiceIndex() >= 0) {
            buildObject.setAttributeConsumingServiceIndex(Integer.valueOf(this.configuration.getAttributeConsumingServiceIndex()));
        }
        Extensions buildObject4 = this.builderFactory.getBuilder(Extensions.DEFAULT_ELEMENT_NAME).buildObject();
        if (!this.configuration.getRequestedServiceProviderAttributes().isEmpty()) {
            SAMLObjectBuilder builder = this.builderFactory.getBuilder(RequestedAttribute.DEFAULT_ELEMENT_NAME);
            this.configuration.getRequestedServiceProviderAttributes().forEach(sAML2ServiceProviderRequestedAttribute -> {
                RequestedAttribute buildObject5 = builder.buildObject(RequestedAttribute.DEFAULT_ELEMENT_NAME);
                buildObject5.setIsRequired(Boolean.valueOf(sAML2ServiceProviderRequestedAttribute.isRequired()));
                buildObject5.setName(sAML2ServiceProviderRequestedAttribute.getName());
                buildObject5.setFriendlyName(sAML2ServiceProviderRequestedAttribute.getFriendlyName());
                buildObject5.setNameFormat(sAML2ServiceProviderRequestedAttribute.getNameFormat());
                buildObject4.getUnknownXMLObjects().add(buildObject5);
            });
        }
        if (this.configuration.getAuthnRequestExtensions() != null) {
            buildObject4.getUnknownXMLObjects().addAll(this.configuration.getAuthnRequestExtensions().get());
        }
        if (!buildObject4.getUnknownXMLObjects().isEmpty()) {
            buildObject.setExtensions(buildObject4);
        }
        return buildObject;
    }

    protected AuthnContextClassRef buildAuthnContextClassRef(String str) {
        AuthnContextClassRef buildObject = new AuthnContextClassRefBuilder().buildObject();
        buildObject.setURI(str);
        return buildObject;
    }

    protected final Issuer getIssuer(String str) {
        Issuer buildObject = this.builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setValue(str);
        String issuerFormat = this.configuration.getIssuerFormat();
        if (issuerFormat != null) {
            buildObject.setFormat(issuerFormat);
        }
        if (this.configuration.isUseNameQualifier()) {
            buildObject.setNameQualifier(str);
        }
        return buildObject;
    }

    protected AuthnContextComparisonTypeEnumeration getComparisonTypeEnumFromString(String str) {
        if ("exact".equalsIgnoreCase(str)) {
            return AuthnContextComparisonTypeEnumeration.EXACT;
        }
        if ("minimum".equalsIgnoreCase(str)) {
            return AuthnContextComparisonTypeEnumeration.MINIMUM;
        }
        if ("maximum".equalsIgnoreCase(str)) {
            return AuthnContextComparisonTypeEnumeration.MAXIMUM;
        }
        if ("better".equalsIgnoreCase(str)) {
            return AuthnContextComparisonTypeEnumeration.BETTER;
        }
        return null;
    }

    public void setIssueInstantSkewSeconds(int i) {
        this.issueInstantSkewSeconds = i;
    }
}
