package org.wso2.carbon.identity.tools.saml.validator.processors;

import java.util.Iterator;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLVersion;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.AttributeValue;
import org.opensaml.saml2.core.Audience;
import org.opensaml.saml2.core.AudienceRestriction;
import org.opensaml.saml2.core.AuthnContext;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Conditions;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.StatusMessage;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml2.core.impl.AssertionBuilder;
import org.opensaml.saml2.core.impl.AttributeBuilder;
import org.opensaml.saml2.core.impl.AttributeStatementBuilder;
import org.opensaml.saml2.core.impl.AudienceBuilder;
import org.opensaml.saml2.core.impl.AudienceRestrictionBuilder;
import org.opensaml.saml2.core.impl.AuthnContextBuilder;
import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder;
import org.opensaml.saml2.core.impl.AuthnStatementBuilder;
import org.opensaml.saml2.core.impl.ConditionsBuilder;
import org.opensaml.saml2.core.impl.NameIDBuilder;
import org.opensaml.saml2.core.impl.ResponseBuilder;
import org.opensaml.saml2.core.impl.StatusBuilder;
import org.opensaml.saml2.core.impl.StatusCodeBuilder;
import org.opensaml.saml2.core.impl.StatusMessageBuilder;
import org.opensaml.saml2.core.impl.SubjectBuilder;
import org.opensaml.saml2.core.impl.SubjectConfirmationBuilder;
import org.opensaml.saml2.core.impl.SubjectConfirmationDataBuilder;
import org.opensaml.xml.schema.XSString;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO;
import org.wso2.carbon.identity.sso.saml.builders.SignKeyDataHolder;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
import org.wso2.carbon.identity.tools.saml.validator.util.SAMLValidatorUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/tools/saml/validator/processors/SAMLResponseBuilder.class */
public class SAMLResponseBuilder {
    private static Log log = LogFactory.getLog(SAMLResponseBuilder.class);

    public Response buildSAMLResponse(SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO, String str) throws IdentityException {
        if (log.isDebugEnabled()) {
            log.debug("Building SAML Response for the consumer '" + sAMLSSOServiceProviderDO.getAssertionConsumerUrl() + "'");
        }
        Response buildObject = new ResponseBuilder().buildObject();
        buildObject.setIssuer(SAMLSSOUtil.getIssuer());
        buildObject.setID(SAMLSSOUtil.createID());
        buildObject.setDestination(sAMLSSOServiceProviderDO.getAssertionConsumerUrl());
        buildObject.setStatus(buildStatus("urn:oasis:names:tc:SAML:2.0:status:Success", null));
        buildObject.setVersion(SAMLVersion.VERSION_20);
        DateTime dateTime = new DateTime();
        DateTime dateTime2 = new DateTime(dateTime.getMillis() + (SAMLSSOUtil.getSAMLResponseValidityPeriod() * 60 * 1000));
        buildObject.setIssueInstant(dateTime);
        Assertion buildSAMLAssertion = buildSAMLAssertion(sAMLSSOServiceProviderDO, dateTime2, str);
        if (sAMLSSOServiceProviderDO.isDoEnableEncryptedAssertion()) {
            String tenantDomain = MultitenantUtils.getTenantDomain(str);
            String certAlias = sAMLSSOServiceProviderDO.getCertAlias();
            if (certAlias != null) {
                buildObject.getEncryptedAssertions().add(SAMLSSOUtil.setEncryptedAssertion(buildSAMLAssertion, "http://www.w3.org/2001/04/xmlenc#aes256-cbc", certAlias, tenantDomain));
            }
        } else {
            buildObject.getAssertions().add(buildSAMLAssertion);
        }
        if (sAMLSSOServiceProviderDO.isDoSignResponse()) {
            SAMLSSOUtil.setSignature(buildObject, "http://www.w3.org/2000/09/xmldsig#rsa-sha1", new SignKeyDataHolder(str));
        }
        return buildObject;
    }

    private Assertion buildSAMLAssertion(SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO, DateTime dateTime, String str) throws IdentityException {
        DateTime dateTime2 = new DateTime();
        Assertion buildObject = new AssertionBuilder().buildObject();
        buildObject.setID(SAMLSSOUtil.createID());
        buildObject.setVersion(SAMLVersion.VERSION_20);
        buildObject.setIssuer(SAMLSSOUtil.getIssuer());
        buildObject.setIssueInstant(dateTime2);
        Subject buildObject2 = new SubjectBuilder().buildObject();
        NameID buildObject3 = new NameIDBuilder().buildObject();
        String str2 = null;
        if (sAMLSSOServiceProviderDO.getNameIdClaimUri() != null) {
            str2 = SAMLValidatorUtil.getUserClaimValues(str, new String[]{sAMLSSOServiceProviderDO.getNameIdClaimUri()}, null).get(sAMLSSOServiceProviderDO.getNameIdClaimUri());
            buildObject3.setValue(str2);
        }
        if (str2 == null) {
            buildObject3.setValue(str);
        }
        if (sAMLSSOServiceProviderDO.getNameIDFormat() != null) {
            buildObject3.setFormat(sAMLSSOServiceProviderDO.getNameIDFormat());
        } else {
            buildObject3.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        }
        buildObject2.setNameID(buildObject3);
        SubjectConfirmation buildObject4 = new SubjectConfirmationBuilder().buildObject();
        buildObject4.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
        SubjectConfirmationData buildObject5 = new SubjectConfirmationDataBuilder().buildObject();
        buildObject5.setRecipient(sAMLSSOServiceProviderDO.getAssertionConsumerUrl());
        buildObject5.setNotOnOrAfter(dateTime);
        buildObject4.setSubjectConfirmationData(buildObject5);
        buildObject2.getSubjectConfirmations().add(buildObject4);
        buildObject.setSubject(buildObject2);
        AuthnStatement buildObject6 = new AuthnStatementBuilder().buildObject();
        buildObject6.setAuthnInstant(new DateTime());
        AuthnContext buildObject7 = new AuthnContextBuilder().buildObject();
        AuthnContextClassRef buildObject8 = new AuthnContextClassRefBuilder().buildObject();
        buildObject8.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:Password");
        buildObject7.setAuthnContextClassRef(buildObject8);
        buildObject6.setAuthnContext(buildObject7);
        buildObject.getAuthnStatements().add(buildObject6);
        Map<String, String> attributes = getAttributes(sAMLSSOServiceProviderDO, str);
        if (attributes != null) {
            buildObject.getAttributeStatements().add(buildAttributeStatement(attributes));
        }
        AudienceRestriction buildObject9 = new AudienceRestrictionBuilder().buildObject();
        Audience buildObject10 = new AudienceBuilder().buildObject();
        buildObject10.setAudienceURI(sAMLSSOServiceProviderDO.getIssuer());
        buildObject9.getAudiences().add(buildObject10);
        if (sAMLSSOServiceProviderDO.getRequestedAudiences() != null) {
            for (String str3 : sAMLSSOServiceProviderDO.getRequestedAudiences()) {
                Audience buildObject11 = new AudienceBuilder().buildObject();
                buildObject11.setAudienceURI(str3);
                buildObject9.getAudiences().add(buildObject11);
            }
        }
        Conditions buildObject12 = new ConditionsBuilder().buildObject();
        buildObject12.setNotBefore(dateTime2);
        buildObject12.setNotOnOrAfter(dateTime);
        buildObject12.getAudienceRestrictions().add(buildObject9);
        buildObject.setConditions(buildObject12);
        if (sAMLSSOServiceProviderDO.isDoSignAssertions()) {
            SAMLSSOUtil.setSignature(buildObject, "http://www.w3.org/2000/09/xmldsig#rsa-sha1", new SignKeyDataHolder(str));
        }
        return buildObject;
    }

    private Map<String, String> getAttributes(SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO, String str) throws IdentityException {
        String[] requestedClaims = sAMLSSOServiceProviderDO.getRequestedClaims();
        if (requestedClaims == null) {
            return null;
        }
        return SAMLValidatorUtil.getUserClaimValues(str, requestedClaims, null);
    }

    private Status buildStatus(String str, String str2) {
        Status buildObject = new StatusBuilder().buildObject();
        StatusCode buildObject2 = new StatusCodeBuilder().buildObject();
        buildObject2.setValue(str);
        buildObject.setStatusCode(buildObject2);
        if (str2 != null) {
            StatusMessage buildObject3 = new StatusMessageBuilder().buildObject();
            buildObject3.setMessage(str2);
            buildObject.setStatusMessage(buildObject3);
        }
        return buildObject;
    }

    private AttributeStatement buildAttributeStatement(Map<String, String> map) {
        AttributeStatement attributeStatement = null;
        if (map != null) {
            attributeStatement = new AttributeStatementBuilder().buildObject();
            Iterator<String> it = map.keySet().iterator();
            for (int i = 0; i < map.size(); i++) {
                Attribute buildObject = new AttributeBuilder().buildObject();
                String next = it.next();
                buildObject.setName(next);
                XSString buildObject2 = Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
                buildObject2.setValue(map.get(next));
                buildObject.getAttributeValues().add(buildObject2);
                attributeStatement.getAttributes().add(buildObject);
            }
        }
        return attributeStatement;
    }
}
