package org.jasig.cas.support.saml.authentication.principal;

import java.io.StringWriter;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import org.jasig.cas.authentication.principal.AbstractWebApplicationService;
import org.jasig.cas.authentication.principal.DefaultResponse;
import org.jasig.cas.authentication.principal.Response;
import org.jasig.cas.services.ServicesManager;
import org.jasig.cas.support.saml.SamlProtocolConstants;
import org.jasig.cas.support.saml.util.AbstractSaml20ObjectBuilder;
import org.jasig.cas.support.saml.util.GoogleSaml20ObjectBuilder;
import org.jasig.cas.util.ApplicationContextProvider;
import org.jdom.Document;
import org.jdom.Element;
import org.joda.time.DateTime;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.saml2.core.Assertion;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/jasig/cas/support/saml/authentication/principal/GoogleAccountsService.class */
public class GoogleAccountsService extends AbstractWebApplicationService {
    private static final long serialVersionUID = 6678711809842282833L;
    private static final GoogleSaml20ObjectBuilder BUILDER = new GoogleSaml20ObjectBuilder();
    private final String relayState;
    private final PublicKey publicKey;
    private final PrivateKey privateKey;
    private final String requestId;
    private int skewAllowance;

    protected GoogleAccountsService(String str, String str2, String str3, PrivateKey privateKey, PublicKey publicKey) {
        this(str, str, null, str2, str3, privateKey, publicKey);
    }

    protected GoogleAccountsService(String str, String str2, String str3, String str4, String str5, PrivateKey privateKey, PublicKey publicKey) {
        super(str, str2, str3);
        this.relayState = str4;
        this.privateKey = privateKey;
        this.publicKey = publicKey;
        this.requestId = str5;
    }

    public static GoogleAccountsService createServiceFrom(HttpServletRequest httpServletRequest, PrivateKey privateKey, PublicKey publicKey) {
        Document constructDocumentFromXml;
        String parameter = httpServletRequest.getParameter(SamlProtocolConstants.PARAMETER_SAML_RELAY_STATE);
        String decodeSamlAuthnRequest = BUILDER.decodeSamlAuthnRequest(httpServletRequest.getParameter(SamlProtocolConstants.PARAMETER_SAML_REQUEST));
        if (!StringUtils.hasText(decodeSamlAuthnRequest) || (constructDocumentFromXml = AbstractSaml20ObjectBuilder.constructDocumentFromXml(decodeSamlAuthnRequest)) == null) {
            return null;
        }
        Element rootElement = constructDocumentFromXml.getRootElement();
        return new GoogleAccountsService(rootElement.getAttributeValue("AssertionConsumerServiceURL"), parameter, rootElement.getAttributeValue("ID"), privateKey, publicKey);
    }

    public Response getResponse(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(SamlProtocolConstants.PARAMETER_SAML_RESPONSE, BUILDER.signSamlResponse(constructSamlResponse(), this.privateKey, this.publicKey));
        hashMap.put(SamlProtocolConstants.PARAMETER_SAML_RELAY_STATE, this.relayState);
        return DefaultResponse.getPostResponse(getOriginalUrl(), hashMap);
    }

    public boolean isLoggedOutAlready() {
        return true;
    }

    private String constructSamlResponse() {
        DateTime dateTime = new DateTime();
        DateTime parse = DateTime.parse("2003-04-17T00:46:02Z");
        String resolveUsername = ((ServicesManager) ApplicationContextProvider.getApplicationContext().getBean("servicesManager", ServicesManager.class)).findServiceBy(this).getUsernameAttributeProvider().resolveUsername(getPrincipal(), this);
        XMLObject newResponse = BUILDER.newResponse(BUILDER.generateSecureRandomId(), dateTime, getId(), this);
        newResponse.setStatus(BUILDER.newStatus("urn:oasis:names:tc:SAML:2.0:status:Success", null));
        Assertion newAssertion = BUILDER.newAssertion(BUILDER.newAuthnStatement("urn:oasis:names:tc:SAML:2.0:ac:classes:Password", dateTime), "https://www.opensaml.org/IDP", parse, BUILDER.generateSecureRandomId());
        newAssertion.setConditions(BUILDER.newConditions(parse, dateTime.plusSeconds(this.skewAllowance), getId()));
        newAssertion.setSubject(BUILDER.newSubject("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", resolveUsername, getId(), dateTime.plusSeconds(this.skewAllowance), this.requestId));
        newResponse.getAssertions().add(newAssertion);
        StringWriter stringWriter = new StringWriter();
        BUILDER.marshalSamlXmlObject(newResponse, stringWriter);
        String stringWriter2 = stringWriter.toString();
        this.logger.debug("Generated Google SAML response: {}", stringWriter2);
        return stringWriter2;
    }

    public void setSkewAllowance(int i) {
        this.skewAllowance = i;
    }

    public int getSkewAllowance() {
        return this.skewAllowance;
    }
}
