package org.pac4j.saml.sso.impl;

import org.apache.commons.lang.RandomStringUtils;
import org.joda.time.DateTime;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.common.messaging.context.SAMLSelfEntityContext;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder;
import org.opensaml.saml.saml2.core.impl.NameIDPolicyBuilder;
import org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.pac4j.saml.client.SAML2ClientConfiguration;
import org.pac4j.saml.context.SAML2MessageContext;
import org.pac4j.saml.sso.SAML2ObjectBuilder;
import org.pac4j.saml.util.Configuration;

/* loaded from: input_file:BOOT-INF/lib/pac4j-saml-2.2.0.jar:org/pac4j/saml/sso/impl/SAML2AuthnRequestBuilder.class */
public class SAML2AuthnRequestBuilder implements SAML2ObjectBuilder<AuthnRequest> {
    private final boolean forceAuth;
    private final boolean passive;
    private final AuthnContextComparisonTypeEnumeration comparisonType;
    private String bindingType;
    private String authnContextClassRef;
    private String nameIdPolicyFormat;
    private final int attributeConsumingServiceIndex;
    private final int assertionConsumerServiceIndex;
    private int issueInstantSkewSeconds = 0;
    private final XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();

    public SAML2AuthnRequestBuilder(SAML2ClientConfiguration sAML2ClientConfiguration) {
        this.bindingType = SAMLConstants.SAML2_POST_BINDING_URI;
        this.authnContextClassRef = null;
        this.nameIdPolicyFormat = null;
        this.forceAuth = sAML2ClientConfiguration.isForceAuth();
        this.comparisonType = getComparisonTypeEnumFromString(sAML2ClientConfiguration.getComparisonType());
        this.bindingType = sAML2ClientConfiguration.getDestinationBindingType();
        this.authnContextClassRef = sAML2ClientConfiguration.getAuthnContextClassRef();
        this.nameIdPolicyFormat = sAML2ClientConfiguration.getNameIdPolicyFormat();
        this.passive = sAML2ClientConfiguration.isPassive();
        this.attributeConsumingServiceIndex = sAML2ClientConfiguration.getAttributeConsumingServiceIndex();
        this.assertionConsumerServiceIndex = sAML2ClientConfiguration.getAssertionConsumerServiceIndex();
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.pac4j.saml.sso.SAML2ObjectBuilder
    public AuthnRequest build(SAML2MessageContext sAML2MessageContext) {
        return buildAuthnRequest(sAML2MessageContext, sAML2MessageContext.getSPAssertionConsumerService(this.assertionConsumerServiceIndex > 0 ? String.valueOf(this.assertionConsumerServiceIndex) : null), sAML2MessageContext.getIDPSingleSignOnService(this.bindingType));
    }

    protected final AuthnRequest buildAuthnRequest(SAML2MessageContext sAML2MessageContext, AssertionConsumerService assertionConsumerService, SingleSignOnService singleSignOnService) {
        AuthnRequest authnRequest = (AuthnRequest) ((SAMLObjectBuilder) this.builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME)).mo7922buildObject();
        if (this.comparisonType != null) {
            RequestedAuthnContext mo7922buildObject = new RequestedAuthnContextBuilder().mo7922buildObject();
            mo7922buildObject.setComparison(this.comparisonType);
            if (this.authnContextClassRef != null) {
                AuthnContextClassRef mo7922buildObject2 = new AuthnContextClassRefBuilder().mo7922buildObject();
                mo7922buildObject2.setAuthnContextClassRef(this.authnContextClassRef);
                mo7922buildObject.getAuthnContextClassRefs().add(mo7922buildObject2);
            }
            authnRequest.setRequestedAuthnContext(mo7922buildObject);
        }
        SAMLSelfEntityContext sAMLSelfEntityContext = sAML2MessageContext.getSAMLSelfEntityContext();
        authnRequest.setID(generateID());
        authnRequest.setIssuer(getIssuer(sAMLSelfEntityContext.getEntityId()));
        authnRequest.setIssueInstant(DateTime.now().plusSeconds(this.issueInstantSkewSeconds));
        authnRequest.setVersion(SAMLVersion.VERSION_20);
        authnRequest.setIsPassive(Boolean.valueOf(this.passive));
        authnRequest.setForceAuthn(Boolean.valueOf(this.forceAuth));
        authnRequest.setProviderName("pac4j-saml");
        if (this.nameIdPolicyFormat != null) {
            NameIDPolicy mo7922buildObject3 = new NameIDPolicyBuilder().mo7922buildObject();
            mo7922buildObject3.setAllowCreate((Boolean) true);
            mo7922buildObject3.setFormat(this.nameIdPolicyFormat);
            authnRequest.setNameIDPolicy(mo7922buildObject3);
        }
        authnRequest.setDestination(singleSignOnService.getLocation());
        if (this.assertionConsumerServiceIndex >= 0) {
            authnRequest.setAssertionConsumerServiceIndex(Integer.valueOf(this.assertionConsumerServiceIndex));
        } else {
            authnRequest.setAssertionConsumerServiceURL(assertionConsumerService.getLocation());
        }
        authnRequest.setProtocolBinding(assertionConsumerService.getBinding());
        if (this.attributeConsumingServiceIndex >= 0) {
            authnRequest.setAttributeConsumingServiceIndex(Integer.valueOf(this.attributeConsumingServiceIndex));
        }
        return authnRequest;
    }

    protected final Issuer getIssuer(String str) {
        Issuer issuer = (Issuer) ((SAMLObjectBuilder) this.builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME)).mo7922buildObject();
        issuer.setValue(str);
        return issuer;
    }

    protected final String generateID() {
        return "_".concat(RandomStringUtils.randomAlphanumeric(39)).toLowerCase();
    }

    protected final AuthnContextComparisonTypeEnumeration getComparisonTypeEnumFromString(String str) {
        if ("exact".equalsIgnoreCase(str)) {
            return AuthnContextComparisonTypeEnumeration.EXACT;
        }
        if ("minimum".equalsIgnoreCase(str)) {
            return AuthnContextComparisonTypeEnumeration.MINIMUM;
        }
        if ("maximum".equalsIgnoreCase(str)) {
            return AuthnContextComparisonTypeEnumeration.MAXIMUM;
        }
        if ("better".equalsIgnoreCase(str)) {
            return AuthnContextComparisonTypeEnumeration.BETTER;
        }
        return null;
    }

    public void setIssueInstantSkewSeconds(int i) {
        this.issueInstantSkewSeconds = i;
    }
}
