package org.wso2.carbon.identity.sso.saml.cloud.builders.assertion;

import java.util.Iterator;
import java.util.Map;
import java.util.StringTokenizer;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLVersion;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.AttributeValue;
import org.opensaml.saml2.core.Audience;
import org.opensaml.saml2.core.AudienceRestriction;
import org.opensaml.saml2.core.AuthnContext;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Conditions;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml2.core.impl.AssertionBuilder;
import org.opensaml.saml2.core.impl.AttributeBuilder;
import org.opensaml.saml2.core.impl.AttributeStatementBuilder;
import org.opensaml.saml2.core.impl.AudienceBuilder;
import org.opensaml.saml2.core.impl.AudienceRestrictionBuilder;
import org.opensaml.saml2.core.impl.AuthnContextBuilder;
import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder;
import org.opensaml.saml2.core.impl.AuthnStatementBuilder;
import org.opensaml.saml2.core.impl.ConditionsBuilder;
import org.opensaml.saml2.core.impl.NameIDBuilder;
import org.opensaml.saml2.core.impl.SubjectBuilder;
import org.opensaml.saml2.core.impl.SubjectConfirmationBuilder;
import org.opensaml.saml2.core.impl.SubjectConfirmationDataBuilder;
import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.impl.XSStringBuilder;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO;
import org.wso2.carbon.identity.sso.saml.cloud.SAMLSSOConstants;
import org.wso2.carbon.identity.sso.saml.cloud.builders.SignKeyDataHolder;
import org.wso2.carbon.identity.sso.saml.cloud.context.SAMLMessageContext;
import org.wso2.carbon.identity.sso.saml.cloud.util.SAMLSSOUtil;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/cloud/builders/assertion/DefaultSAMLAssertionBuilder.class */
public class DefaultSAMLAssertionBuilder implements SAMLAssertionBuilder {
    private static Log log = LogFactory.getLog(DefaultSAMLAssertionBuilder.class);
    private String userAttributeSeparator = ",,,";

    @Override // org.wso2.carbon.identity.sso.saml.cloud.builders.assertion.SAMLAssertionBuilder
    public void init() throws IdentityException {
    }

    @Override // org.wso2.carbon.identity.sso.saml.cloud.builders.assertion.SAMLAssertionBuilder
    public Assertion buildAssertion(SAMLMessageContext sAMLMessageContext, DateTime dateTime, String str) throws IdentityException {
        AttributeStatement buildAttributeStatement;
        try {
            AuthenticationResult authenticationResult = sAMLMessageContext.getAuthenticationResult();
            DateTime dateTime2 = new DateTime();
            Assertion buildObject = new AssertionBuilder().buildObject();
            SAMLSSOServiceProviderDO samlssoServiceProviderDO = sAMLMessageContext.getSamlssoServiceProviderDO();
            buildObject.setID(SAMLSSOUtil.createID());
            buildObject.setVersion(SAMLVersion.VERSION_20);
            buildObject.setIssuer(SAMLSSOUtil.getIssuer());
            buildObject.setIssueInstant(dateTime2);
            Subject buildObject2 = new SubjectBuilder().buildObject();
            NameID buildObject3 = new NameIDBuilder().buildObject();
            buildObject3.setValue(authenticationResult.getSubject().getAuthenticatedSubjectIdentifier());
            if (samlssoServiceProviderDO.getNameIDFormat() != null) {
                buildObject3.setFormat(samlssoServiceProviderDO.getNameIDFormat());
            } else {
                buildObject3.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
            }
            buildObject2.setNameID(buildObject3);
            SubjectConfirmation buildObject4 = new SubjectConfirmationBuilder().buildObject();
            buildObject4.setMethod(SAMLSSOConstants.SUBJECT_CONFIRM_BEARER);
            SubjectConfirmationData buildObject5 = new SubjectConfirmationDataBuilder().buildObject();
            buildObject5.setRecipient(sAMLMessageContext.getAssertionConsumerURL());
            buildObject5.setNotOnOrAfter(dateTime);
            if (!sAMLMessageContext.isIdpInitSSO()) {
                buildObject5.setInResponseTo(sAMLMessageContext.getId());
            }
            buildObject4.setSubjectConfirmationData(buildObject5);
            buildObject2.getSubjectConfirmations().add(buildObject4);
            if (samlssoServiceProviderDO.getRequestedRecipients() != null && samlssoServiceProviderDO.getRequestedRecipients().length > 0) {
                for (String str2 : samlssoServiceProviderDO.getRequestedRecipients()) {
                    SubjectConfirmation buildObject6 = new SubjectConfirmationBuilder().buildObject();
                    buildObject6.setMethod(SAMLSSOConstants.SUBJECT_CONFIRM_BEARER);
                    SubjectConfirmationData buildObject7 = new SubjectConfirmationDataBuilder().buildObject();
                    buildObject7.setRecipient(str2);
                    buildObject7.setNotOnOrAfter(dateTime);
                    if (!sAMLMessageContext.isIdpInitSSO()) {
                        buildObject7.setInResponseTo(sAMLMessageContext.getId());
                    }
                    buildObject6.setSubjectConfirmationData(buildObject7);
                    buildObject2.getSubjectConfirmations().add(buildObject6);
                }
            }
            buildObject.setSubject(buildObject2);
            AuthnStatement buildObject8 = new AuthnStatementBuilder().buildObject();
            buildObject8.setAuthnInstant(new DateTime());
            AuthnContext buildObject9 = new AuthnContextBuilder().buildObject();
            AuthnContextClassRef buildObject10 = new AuthnContextClassRefBuilder().buildObject();
            buildObject10.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:Password");
            buildObject9.setAuthnContextClassRef(buildObject10);
            buildObject8.setAuthnContext(buildObject9);
            if (samlssoServiceProviderDO.isDoSingleLogout()) {
                buildObject8.setSessionIndex(str);
            }
            buildObject.getAuthnStatements().add(buildObject8);
            Map<String, String> attributes = SAMLSSOUtil.getAttributes(sAMLMessageContext);
            if (attributes != null && !attributes.isEmpty() && (buildAttributeStatement = buildAttributeStatement(attributes)) != null) {
                buildObject.getAttributeStatements().add(buildAttributeStatement);
            }
            AudienceRestriction buildObject11 = new AudienceRestrictionBuilder().buildObject();
            Audience buildObject12 = new AudienceBuilder().buildObject();
            buildObject12.setAudienceURI(sAMLMessageContext.getIssuerWithDomain());
            buildObject11.getAudiences().add(buildObject12);
            if (samlssoServiceProviderDO.getRequestedAudiences() != null) {
                for (String str3 : samlssoServiceProviderDO.getRequestedAudiences()) {
                    Audience buildObject13 = new AudienceBuilder().buildObject();
                    buildObject13.setAudienceURI(str3);
                    buildObject11.getAudiences().add(buildObject13);
                }
            }
            Conditions buildObject14 = new ConditionsBuilder().buildObject();
            buildObject14.setNotBefore(dateTime2);
            buildObject14.setNotOnOrAfter(dateTime);
            buildObject14.getAudienceRestrictions().add(buildObject11);
            buildObject.setConditions(buildObject14);
            if (samlssoServiceProviderDO.isDoSignAssertions()) {
                SAMLSSOUtil.setSignature(buildObject, samlssoServiceProviderDO.getSigningAlgorithmUri(), samlssoServiceProviderDO.getDigestAlgorithmUri(), new SignKeyDataHolder(sAMLMessageContext.getAuthenticationResult().getSubject().getAuthenticatedSubjectIdentifier()));
            }
            return buildObject;
        } catch (Exception e) {
            log.error("Error when reading claim values for generating SAML Response", e);
            throw IdentityException.error("Error when reading claim values for generating SAML Response", e);
        }
    }

    private AttributeStatement buildAttributeStatement(Map<String, String> map) {
        String str = map.get("MultiAttributeSeparator");
        if (StringUtils.isNotBlank(str)) {
            this.userAttributeSeparator = str;
        }
        map.remove("MultiAttributeSeparator");
        AttributeStatement buildObject = new AttributeStatementBuilder().buildObject();
        Iterator<Map.Entry<String, String>> it = map.entrySet().iterator();
        boolean z = false;
        for (int i = 0; i < map.size(); i++) {
            Map.Entry<String, String> next = it.next();
            String key = next.getKey();
            String value = next.getValue();
            if (key != null && !key.trim().isEmpty() && value != null && !value.trim().isEmpty()) {
                z = true;
                Attribute buildObject2 = new AttributeBuilder().buildObject();
                buildObject2.setName(key);
                buildObject2.setNameFormat(SAMLSSOConstants.NAME_FORMAT_BASIC);
                XSStringBuilder builder = Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
                if (this.userAttributeSeparator == null || !value.contains(this.userAttributeSeparator)) {
                    XSString buildObject3 = builder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
                    buildObject3.setValue(value);
                    buildObject2.getAttributeValues().add(buildObject3);
                } else {
                    StringTokenizer stringTokenizer = new StringTokenizer(value, this.userAttributeSeparator);
                    while (stringTokenizer.hasMoreElements()) {
                        String obj = stringTokenizer.nextElement().toString();
                        if (obj != null && obj.trim().length() > 0) {
                            XSString buildObject4 = builder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
                            buildObject4.setValue(obj);
                            buildObject2.getAttributeValues().add(buildObject4);
                        }
                    }
                }
                buildObject.getAttributes().add(buildObject2);
            }
        }
        if (z) {
            return buildObject;
        }
        return null;
    }
}
