package org.wso2.carbon.identity.sso.saml.builders;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.joda.time.DateTime;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.StatusResponseType;
import org.opensaml.security.x509.X509Credential;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.sso.saml.SAMLSSOConstants;
import org.wso2.carbon.identity.sso.saml.dao.impl.SAML2ArtifactInfoDAOImpl;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOAuthnReqDTO;
import org.wso2.carbon.identity.sso.saml.exception.ArtifactBindingException;
import org.wso2.carbon.identity.sso.saml.extension.SAMLExtensionProcessor;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/builders/DefaultResponseBuilder.class */
public class DefaultResponseBuilder implements ResponseBuilder {
    private static final Log log = LogFactory.getLog(DefaultResponseBuilder.class);

    @Override // org.wso2.carbon.identity.sso.saml.builders.ResponseBuilder
    public Response buildResponse(SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO, String str) throws IdentityException {
        return buildResponse(sAMLSSOAuthnReqDTO, str, new DateTime(), null);
    }

    @Override // org.wso2.carbon.identity.sso.saml.builders.ResponseBuilder
    public Response buildResponse(SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO, String str, DateTime dateTime, String str2) throws IdentityException {
        Assertion buildSAMLAssertion;
        if (log.isDebugEnabled()) {
            log.debug("Building SAML Response for the consumer '" + sAMLSSOAuthnReqDTO.getAssertionConsumerURL() + "'");
        }
        if (!sAMLSSOAuthnReqDTO.isAssertionQueryRequestProfileEnabled() || str2 == null) {
            buildSAMLAssertion = SAMLSSOUtil.buildSAMLAssertion(sAMLSSOAuthnReqDTO, new DateTime(dateTime.getMillis() + (SAMLSSOUtil.getSAMLResponseValidityPeriod() * 60 * 1000)), str);
        } else {
            try {
                buildSAMLAssertion = new SAML2ArtifactInfoDAOImpl().getSAMLAssertion(str2);
            } catch (ArtifactBindingException e) {
                throw new IdentityException("Error while retrieving SAML assertion from the database. AssertionId : " + str2, e);
            }
        }
        StatusResponseType buildObject = new org.opensaml.saml.saml2.core.impl.ResponseBuilder().buildObject();
        buildObject.setIssuer(SAMLSSOUtil.getIssuer());
        buildObject.setID(SAMLSSOUtil.createID());
        if (!sAMLSSOAuthnReqDTO.isIdPInitSSOEnabled()) {
            buildObject.setInResponseTo(sAMLSSOAuthnReqDTO.getId());
        }
        buildObject.setDestination(sAMLSSOAuthnReqDTO.getAssertionConsumerURL());
        buildObject.setStatus(SAMLSSOUtil.buildResponseStatus(SAMLSSOConstants.StatusCodes.SUCCESS_CODE, null));
        buildObject.setVersion(SAMLVersion.VERSION_20);
        buildObject.setIssueInstant(dateTime);
        for (SAMLExtensionProcessor sAMLExtensionProcessor : SAMLSSOUtil.getExtensionProcessors()) {
            if (sAMLExtensionProcessor.canHandle(buildObject, buildSAMLAssertion, sAMLSSOAuthnReqDTO)) {
                sAMLExtensionProcessor.processSAMLExtensions(buildObject, buildSAMLAssertion, sAMLSSOAuthnReqDTO);
            }
        }
        if (sAMLSSOAuthnReqDTO.isDoEnableEncryptedAssertion()) {
            String tenantDomain = sAMLSSOAuthnReqDTO.getTenantDomain();
            String certAlias = sAMLSSOAuthnReqDTO.getCertAlias();
            String assertionEncryptionAlgorithmUri = sAMLSSOAuthnReqDTO.getAssertionEncryptionAlgorithmUri();
            String keyEncryptionAlgorithmUri = sAMLSSOAuthnReqDTO.getKeyEncryptionAlgorithmUri();
            if (certAlias != null) {
                buildObject.getEncryptedAssertions().add(SAMLSSOUtil.setEncryptedAssertion(buildSAMLAssertion, assertionEncryptionAlgorithmUri, keyEncryptionAlgorithmUri, certAlias, tenantDomain));
            } else {
                log.warn("Certificate alias is not found. Assertion is not encrypted and not included in response");
            }
        } else {
            buildObject.getAssertions().add(buildSAMLAssertion);
        }
        if (sAMLSSOAuthnReqDTO.isDoSignResponse()) {
            SAMLSSOUtil.setSignature((Response) buildObject, sAMLSSOAuthnReqDTO.getSigningAlgorithmUri(), sAMLSSOAuthnReqDTO.getDigestAlgorithmUri(), (X509Credential) new SignKeyDataHolder(sAMLSSOAuthnReqDTO.getUser().getAuthenticatedSubjectIdentifier()));
        }
        return buildObject;
    }

    public Response buildResponse(SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO, Assertion assertion) throws IdentityException {
        if (log.isDebugEnabled()) {
            log.debug("Building SAML Response for the consumer '" + sAMLSSOAuthnReqDTO.getAssertionConsumerURL() + "'");
        }
        Response buildObject = new org.opensaml.saml.saml2.core.impl.ResponseBuilder().buildObject();
        buildObject.setIssuer(SAMLSSOUtil.getIssuer());
        buildObject.setID(SAMLSSOUtil.createID());
        buildObject.setInResponseTo(sAMLSSOAuthnReqDTO.getId());
        buildObject.setDestination(sAMLSSOAuthnReqDTO.getAssertionConsumerURL());
        buildObject.setStatus(SAMLSSOUtil.buildResponseStatus(SAMLSSOConstants.StatusCodes.SUCCESS_CODE, null));
        buildObject.setVersion(SAMLVersion.VERSION_20);
        buildObject.setIssueInstant(new DateTime());
        buildObject.getAssertions().add(assertion);
        if (sAMLSSOAuthnReqDTO.isDoSignResponse()) {
            SAMLSSOUtil.setSignature(buildObject, sAMLSSOAuthnReqDTO.getSigningAlgorithmUri(), sAMLSSOAuthnReqDTO.getDigestAlgorithmUri(), new SignKeyDataHolder(sAMLSSOAuthnReqDTO.getUser().getAuthenticatedSubjectIdentifier()));
        }
        return buildObject;
    }

    static {
        SAMLSSOUtil.doBootstrap();
    }
}
