package org.keycloak.adapters.saml;

import java.io.IOException;
import java.security.KeyPair;
import org.jboss.logging.Logger;
import org.keycloak.adapters.saml.SamlDeployment;
import org.keycloak.adapters.saml.SamlSessionStore;
import org.keycloak.adapters.spi.AuthChallenge;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.saml.BaseSAML2BindingBuilder;
import org.keycloak.saml.SAML2AuthnRequestBuilder;
import org.keycloak.saml.SAML2NameIDPolicyBuilder;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ProcessingException;

/* loaded from: input_file:org/keycloak/adapters/saml/AbstractInitiateLogin.class */
public abstract class AbstractInitiateLogin implements AuthChallenge {
    protected static Logger log = Logger.getLogger(AbstractInitiateLogin.class);
    protected SamlDeployment deployment;
    protected SamlSessionStore sessionStore;

    public AbstractInitiateLogin(SamlDeployment samlDeployment, SamlSessionStore samlSessionStore) {
        this.deployment = samlDeployment;
        this.sessionStore = samlSessionStore;
    }

    public int getResponseCode() {
        return 0;
    }

    public boolean challenge(HttpFacade httpFacade) {
        try {
            String entityID = this.deployment.getEntityID();
            String nameIDPolicyFormat = this.deployment.getNameIDPolicyFormat();
            if (nameIDPolicyFormat == null) {
                nameIDPolicyFormat = JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get();
            }
            SAML2AuthnRequestBuilder nameIdPolicy = new SAML2AuthnRequestBuilder().destination(this.deployment.getIDP().getSingleSignOnService().getRequestBindingUrl()).issuer(entityID).forceAuthn(this.deployment.isForceAuthentication()).isPassive(this.deployment.isIsPassive()).nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat));
            if (this.deployment.getIDP().getSingleSignOnService().getResponseBinding() != null) {
                String str = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get();
                if (this.deployment.getIDP().getSingleSignOnService().getResponseBinding() == SamlDeployment.Binding.POST) {
                    str = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get();
                }
                nameIdPolicy.protocolBinding(str);
            }
            if (this.deployment.getAssertionConsumerServiceUrl() != null) {
                nameIdPolicy.assertionConsumerUrl(this.deployment.getAssertionConsumerServiceUrl());
            }
            BaseSAML2BindingBuilder baseSAML2BindingBuilder = new BaseSAML2BindingBuilder();
            if (this.deployment.getIDP().getSingleSignOnService().signRequest()) {
                KeyPair signingKeyPair = this.deployment.getSigningKeyPair();
                if (signingKeyPair == null) {
                    throw new RuntimeException("Signing keys not configured");
                }
                if (this.deployment.getSignatureCanonicalizationMethod() != null) {
                    baseSAML2BindingBuilder.canonicalizationMethod(this.deployment.getSignatureCanonicalizationMethod());
                }
                baseSAML2BindingBuilder.signWith(signingKeyPair);
                baseSAML2BindingBuilder.signDocument();
            }
            this.sessionStore.saveRequest();
            sendAuthnRequest(httpFacade, nameIdPolicy, baseSAML2BindingBuilder);
            this.sessionStore.setCurrentAction(SamlSessionStore.CurrentAction.LOGGING_IN);
            return true;
        } catch (Exception e) {
            throw new RuntimeException("Could not create authentication request.", e);
        }
    }

    protected abstract void sendAuthnRequest(HttpFacade httpFacade, SAML2AuthnRequestBuilder sAML2AuthnRequestBuilder, BaseSAML2BindingBuilder baseSAML2BindingBuilder) throws ProcessingException, ConfigurationException, IOException;
}
