package org.pac4j.saml.sso.impl;

import com.github.benmanes.caffeine.cache.LocalCacheFactory;
import java.util.List;
import java.util.function.Supplier;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.schema.XSAny;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.common.messaging.context.SAMLSelfEntityContext;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Extensions;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder;
import org.opensaml.saml.saml2.core.impl.NameIDPolicyBuilder;
import org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.pac4j.saml.config.SAML2Configuration;
import org.pac4j.saml.context.SAML2MessageContext;
import org.pac4j.saml.profile.api.SAML2ObjectBuilder;
import org.pac4j.saml.util.Configuration;
import org.pac4j.saml.util.SAML2Utils;

/* loaded from: input_file:BOOT-INF/lib/pac4j-saml-3.6.1.jar:org/pac4j/saml/sso/impl/SAML2AuthnRequestBuilder.class */
public class SAML2AuthnRequestBuilder implements SAML2ObjectBuilder<AuthnRequest> {
    private final boolean forceAuth;
    private final boolean passive;
    private final AuthnContextComparisonTypeEnumeration comparisonType;
    private String bindingType;
    private List<String> authnContextClassRefs;
    private String nameIdPolicyFormat;
    private boolean useNameQualifier;
    private final int attributeConsumingServiceIndex;
    private final int assertionConsumerServiceIndex;
    private final String providerName;
    private final Supplier<List<XSAny>> extensions;
    private int issueInstantSkewSeconds = 0;
    private final XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();

    public SAML2AuthnRequestBuilder(SAML2Configuration sAML2Configuration) {
        this.forceAuth = sAML2Configuration.isForceAuth();
        this.comparisonType = getComparisonTypeEnumFromString(sAML2Configuration.getComparisonType());
        this.bindingType = sAML2Configuration.getAuthnRequestBindingType();
        this.authnContextClassRefs = sAML2Configuration.getAuthnContextClassRefs();
        this.nameIdPolicyFormat = sAML2Configuration.getNameIdPolicyFormat();
        this.passive = sAML2Configuration.isPassive();
        this.attributeConsumingServiceIndex = sAML2Configuration.getAttributeConsumingServiceIndex();
        this.assertionConsumerServiceIndex = sAML2Configuration.getAssertionConsumerServiceIndex();
        this.providerName = sAML2Configuration.getProviderName();
        this.extensions = sAML2Configuration.getAuthnRequestExtensions();
        this.useNameQualifier = sAML2Configuration.isUseNameQualifier();
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.pac4j.saml.profile.api.SAML2ObjectBuilder
    public AuthnRequest build(SAML2MessageContext sAML2MessageContext) {
        return buildAuthnRequest(sAML2MessageContext, sAML2MessageContext.getSPAssertionConsumerService(this.assertionConsumerServiceIndex > 0 ? String.valueOf(this.assertionConsumerServiceIndex) : null), sAML2MessageContext.getIDPSingleSignOnService(this.bindingType));
    }

    protected final AuthnRequest buildAuthnRequest(SAML2MessageContext sAML2MessageContext, AssertionConsumerService assertionConsumerService, SingleSignOnService singleSignOnService) {
        AuthnRequest authnRequest = (AuthnRequest) ((SAMLObjectBuilder) this.builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME)).mo8933buildObject();
        if (this.comparisonType != null) {
            RequestedAuthnContext mo8933buildObject = new RequestedAuthnContextBuilder().mo8933buildObject();
            mo8933buildObject.setComparison(this.comparisonType);
            if (this.authnContextClassRefs != null && !this.authnContextClassRefs.isEmpty()) {
                List<AuthnContextClassRef> authnContextClassRefs = mo8933buildObject.getAuthnContextClassRefs();
                this.authnContextClassRefs.forEach(str -> {
                    authnContextClassRefs.add(buildAuthnContextClassRef(str));
                });
            }
            authnRequest.setRequestedAuthnContext(mo8933buildObject);
        }
        SAMLSelfEntityContext sAMLSelfEntityContext = sAML2MessageContext.getSAMLSelfEntityContext();
        authnRequest.setID(SAML2Utils.generateID());
        authnRequest.setIssuer(getIssuer(sAMLSelfEntityContext.getEntityId()));
        authnRequest.setIssueInstant(DateTime.now(DateTimeZone.UTC).plusSeconds(this.issueInstantSkewSeconds));
        authnRequest.setVersion(SAMLVersion.VERSION_20);
        authnRequest.setIsPassive(Boolean.valueOf(this.passive));
        authnRequest.setForceAuthn(Boolean.valueOf(this.forceAuth));
        authnRequest.setProviderName(this.providerName);
        if (this.nameIdPolicyFormat != null) {
            NameIDPolicy mo8933buildObject2 = new NameIDPolicyBuilder().mo8933buildObject();
            mo8933buildObject2.setAllowCreate((Boolean) true);
            mo8933buildObject2.setFormat(this.nameIdPolicyFormat);
            authnRequest.setNameIDPolicy(mo8933buildObject2);
        }
        authnRequest.setDestination(singleSignOnService.getLocation());
        if (this.assertionConsumerServiceIndex >= 0) {
            authnRequest.setAssertionConsumerServiceIndex(Integer.valueOf(this.assertionConsumerServiceIndex));
        } else {
            authnRequest.setAssertionConsumerServiceURL(assertionConsumerService.getLocation());
        }
        authnRequest.setProtocolBinding(assertionConsumerService.getBinding());
        if (this.attributeConsumingServiceIndex >= 0) {
            authnRequest.setAttributeConsumingServiceIndex(Integer.valueOf(this.attributeConsumingServiceIndex));
        }
        if (this.extensions != null) {
            Extensions extensions = (Extensions) ((SAMLObjectBuilder) this.builderFactory.getBuilder(Extensions.DEFAULT_ELEMENT_NAME)).mo8933buildObject();
            extensions.getUnknownXMLObjects().addAll(this.extensions.get());
            authnRequest.setExtensions(extensions);
        }
        return authnRequest;
    }

    protected AuthnContextClassRef buildAuthnContextClassRef(String str) {
        AuthnContextClassRef mo8933buildObject = new AuthnContextClassRefBuilder().mo8933buildObject();
        mo8933buildObject.setAuthnContextClassRef(str);
        return mo8933buildObject;
    }

    protected final Issuer getIssuer(String str) {
        Issuer issuer = (Issuer) ((SAMLObjectBuilder) this.builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME)).mo8933buildObject();
        issuer.setValue(str);
        issuer.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
        if (this.useNameQualifier) {
            issuer.setNameQualifier(str);
        }
        return issuer;
    }

    protected final AuthnContextComparisonTypeEnumeration getComparisonTypeEnumFromString(String str) {
        if ("exact".equalsIgnoreCase(str)) {
            return AuthnContextComparisonTypeEnumeration.EXACT;
        }
        if ("minimum".equalsIgnoreCase(str)) {
            return AuthnContextComparisonTypeEnumeration.MINIMUM;
        }
        if (LocalCacheFactory.MAXIMUM.equalsIgnoreCase(str)) {
            return AuthnContextComparisonTypeEnumeration.MAXIMUM;
        }
        if ("better".equalsIgnoreCase(str)) {
            return AuthnContextComparisonTypeEnumeration.BETTER;
        }
        return null;
    }

    public void setIssueInstantSkewSeconds(int i) {
        this.issueInstantSkewSeconds = i;
    }
}
