package edu.internet2.middleware.shibboleth.idp.authn;

import java.io.Serializable;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.List;
import org.opensaml.Configuration;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.AuthnContextDeclRef;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.RequestedAuthnContext;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.util.DatatypeHelper;
import org.opensaml.xml.util.XMLHelper;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/idp/authn/Saml2LoginContext.class */
public class Saml2LoginContext extends LoginContext implements Serializable {
    private static final long serialVersionUID = -7117092606828289070L;
    private String relayState;
    private String serialAuthnRequest;

    public Saml2LoginContext(String str, String str2, AuthnRequest authnRequest) throws MarshallingException {
        if (str == null || authnRequest == null) {
            throw new IllegalArgumentException("SAML 2 authentication request and relying party ID may not be null");
        }
        setRelyingParty(str);
        this.relayState = str2;
        this.serialAuthnRequest = serializeRequest(authnRequest);
        setForceAuthRequired(authnRequest.isForceAuthn().booleanValue());
        setPassiveAuthRequired(authnRequest.isPassive().booleanValue());
        getRequestedAuthenticationMethods().addAll(extractRequestedAuthenticationMethods(authnRequest));
    }

    public synchronized String getAuthenticationRequest() throws UnmarshallingException {
        return this.serialAuthnRequest;
    }

    public synchronized String getRelayState() {
        return this.relayState;
    }

    protected String serializeRequest(AuthnRequest authnRequest) throws MarshallingException {
        Element marshall = Configuration.getMarshallerFactory().getMarshaller(authnRequest).marshall(authnRequest);
        StringWriter stringWriter = new StringWriter();
        XMLHelper.writeNode(marshall, stringWriter);
        return stringWriter.toString();
    }

    protected List<String> extractRequestedAuthenticationMethods(AuthnRequest authnRequest) {
        ArrayList arrayList = new ArrayList();
        RequestedAuthnContext requestedAuthnContext = authnRequest.getRequestedAuthnContext();
        if (requestedAuthnContext == null) {
            return arrayList;
        }
        AuthnContextComparisonTypeEnumeration comparison = requestedAuthnContext.getComparison();
        if (comparison != null && comparison != AuthnContextComparisonTypeEnumeration.EXACT) {
            LoggerFactory.getLogger(Saml2LoginContext.class).error("Unsupported comparision operator ( " + comparison + ") in RequestedAuthnContext. Only exact comparisions are supported.");
            return arrayList;
        }
        List<AuthnContextClassRef> authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
        if (authnContextClassRefs != null) {
            for (AuthnContextClassRef authnContextClassRef : authnContextClassRefs) {
                if (authnContextClassRef != null && !DatatypeHelper.isEmpty(authnContextClassRef.getAuthnContextClassRef())) {
                    arrayList.add(authnContextClassRef.getAuthnContextClassRef());
                }
            }
        }
        List<AuthnContextDeclRef> authnContextDeclRefs = requestedAuthnContext.getAuthnContextDeclRefs();
        if (authnContextDeclRefs != null) {
            for (AuthnContextDeclRef authnContextDeclRef : authnContextDeclRefs) {
                if (authnContextDeclRef != null && !DatatypeHelper.isEmpty(authnContextDeclRef.getAuthnContextDeclRef())) {
                    arrayList.add(authnContextDeclRef.getAuthnContextDeclRef());
                }
            }
        }
        if (arrayList.contains("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified")) {
            arrayList.clear();
        }
        return arrayList;
    }
}
