package net.shibboleth.idp.cas.flow.impl;

import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import net.shibboleth.idp.cas.protocol.TicketValidationRequest;
import net.shibboleth.idp.cas.protocol.TicketValidationResponse;
import net.shibboleth.idp.cas.ticket.TicketState;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy;
import org.joda.time.DateTime;
import org.opensaml.core.xml.XMLObjectBuilder;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.schema.XSString;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml1.core.Assertion;
import org.opensaml.saml.saml1.core.Attribute;
import org.opensaml.saml.saml1.core.AttributeStatement;
import org.opensaml.saml.saml1.core.AttributeValue;
import org.opensaml.saml.saml1.core.Audience;
import org.opensaml.saml.saml1.core.AudienceRestrictionCondition;
import org.opensaml.saml.saml1.core.AuthenticationStatement;
import org.opensaml.saml.saml1.core.Conditions;
import org.opensaml.saml.saml1.core.ConfirmationMethod;
import org.opensaml.saml.saml1.core.NameIdentifier;
import org.opensaml.saml.saml1.core.Response;
import org.opensaml.saml.saml1.core.Status;
import org.opensaml.saml.saml1.core.StatusCode;
import org.opensaml.saml.saml1.core.Subject;
import org.opensaml.saml.saml1.core.SubjectConfirmation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:net/shibboleth/idp/cas/flow/impl/BuildSamlValidationSuccessMessageAction.class */
public class BuildSamlValidationSuccessMessageAction extends AbstractOutgoingSamlMessageAction {
    private static final String NAMESPACE = "http://www.ja-sig.org/products/cas/";
    private final Logger log = LoggerFactory.getLogger(BuildSamlValidationSuccessMessageAction.class);
    private final XMLObjectBuilder<XSString> attrValueBuilder;

    @Nonnull
    private final IdentifierGenerationStrategy identifierGenerationStrategy;

    @Nonnull
    private final String entityID;

    public BuildSamlValidationSuccessMessageAction(IdentifierGenerationStrategy identifierGenerationStrategy, String str) {
        Constraint.isNotNull(identifierGenerationStrategy, "IdentifierGenerationStrategy cannot be null");
        this.identifierGenerationStrategy = identifierGenerationStrategy;
        this.entityID = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "EntityID cannot be null");
        this.attrValueBuilder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(XSString.TYPE_NAME);
    }

    @Override // net.shibboleth.idp.cas.flow.impl.AbstractOutgoingSamlMessageAction
    @Nonnull
    protected Response buildSamlResponse(@Nonnull RequestContext requestContext, @Nonnull ProfileRequestContext<SAMLObject, SAMLObject> profileRequestContext) {
        DateTime now = DateTime.now();
        TicketValidationRequest cASRequest = getCASRequest(profileRequestContext);
        TicketValidationResponse cASResponse = getCASResponse(profileRequestContext);
        TicketState ticketState = getCASTicket(profileRequestContext).getTicketState();
        if (ticketState == null) {
            throw new IllegalStateException("TicketState cannot be null");
        }
        this.log.debug("Building SAML response for {} in IdP session {}", cASRequest.getService(), ticketState.getSessionId());
        Response newSAMLObject = newSAMLObject(Response.class, Response.DEFAULT_ELEMENT_NAME);
        newSAMLObject.setID(cASRequest.getTicket());
        newSAMLObject.setIssueInstant(DateTime.now());
        Status newSAMLObject2 = newSAMLObject(Status.class, Status.DEFAULT_ELEMENT_NAME);
        StatusCode newSAMLObject3 = newSAMLObject(StatusCode.class, StatusCode.DEFAULT_ELEMENT_NAME);
        newSAMLObject3.setValue(StatusCode.SUCCESS);
        newSAMLObject2.setStatusCode(newSAMLObject3);
        newSAMLObject.setStatus(newSAMLObject2);
        Assertion newSAMLObject4 = newSAMLObject(Assertion.class, Assertion.DEFAULT_ELEMENT_NAME);
        newSAMLObject4.setID(this.identifierGenerationStrategy.generateIdentifier());
        newSAMLObject4.setIssueInstant(now);
        newSAMLObject4.setVersion(SAMLVersion.VERSION_11);
        newSAMLObject4.setIssuer(this.entityID);
        Conditions newSAMLObject5 = newSAMLObject(Conditions.class, Conditions.DEFAULT_ELEMENT_NAME);
        newSAMLObject5.setNotBefore(now);
        newSAMLObject5.setNotOnOrAfter(now.plusSeconds(60));
        AudienceRestrictionCondition newSAMLObject6 = newSAMLObject(AudienceRestrictionCondition.class, AudienceRestrictionCondition.DEFAULT_ELEMENT_NAME);
        Audience newSAMLObject7 = newSAMLObject(Audience.class, Audience.DEFAULT_ELEMENT_NAME);
        newSAMLObject7.setUri(cASRequest.getService());
        newSAMLObject6.getAudiences().add(newSAMLObject7);
        newSAMLObject5.getAudienceRestrictionConditions().add(newSAMLObject6);
        newSAMLObject4.setConditions(newSAMLObject5);
        newSAMLObject4.getAuthenticationStatements().add(newAuthenticationStatement(now, ticketState.getAuthenticationMethod(), ticketState.getPrincipalName()));
        AttributeStatement newSAMLObject8 = newSAMLObject(AttributeStatement.class, AttributeStatement.DEFAULT_ELEMENT_NAME);
        newSAMLObject8.setSubject(newSubject(ticketState.getPrincipalName()));
        for (String str : cASResponse.getAttributes().keySet()) {
            Attribute newSAMLObject9 = newSAMLObject(Attribute.class, Attribute.DEFAULT_ELEMENT_NAME);
            newSAMLObject9.setAttributeName(str);
            newSAMLObject9.setAttributeNamespace(NAMESPACE);
            Iterator it = ((List) cASResponse.getAttributes().get(str)).iterator();
            while (it.hasNext()) {
                newSAMLObject9.getAttributeValues().add(newAttributeValue((String) it.next()));
            }
            newSAMLObject8.getAttributes().add(newSAMLObject9);
        }
        newSAMLObject4.getAttributeStatements().add(newSAMLObject8);
        newSAMLObject.getAssertions().add(newSAMLObject4);
        return newSAMLObject;
    }

    @Nonnull
    private Subject newSubject(String str) {
        SubjectConfirmation newSAMLObject = newSAMLObject(SubjectConfirmation.class, SubjectConfirmation.DEFAULT_ELEMENT_NAME);
        ConfirmationMethod newSAMLObject2 = newSAMLObject(ConfirmationMethod.class, ConfirmationMethod.DEFAULT_ELEMENT_NAME);
        newSAMLObject2.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:artifact");
        newSAMLObject.getConfirmationMethods().add(newSAMLObject2);
        NameIdentifier newSAMLObject3 = newSAMLObject(NameIdentifier.class, NameIdentifier.DEFAULT_ELEMENT_NAME);
        newSAMLObject3.setValue(str);
        Subject newSAMLObject4 = newSAMLObject(Subject.class, Subject.DEFAULT_ELEMENT_NAME);
        newSAMLObject4.setNameIdentifier(newSAMLObject3);
        newSAMLObject4.setSubjectConfirmation(newSAMLObject);
        return newSAMLObject4;
    }

    private AuthenticationStatement newAuthenticationStatement(DateTime dateTime, String str, String str2) {
        AuthenticationStatement newSAMLObject = newSAMLObject(AuthenticationStatement.class, AuthenticationStatement.DEFAULT_ELEMENT_NAME);
        newSAMLObject.setAuthenticationInstant(dateTime);
        newSAMLObject.setAuthenticationMethod(str);
        newSAMLObject.setSubject(newSubject(str2));
        return newSAMLObject;
    }

    private XSString newAttributeValue(String str) {
        XSString buildObject = this.attrValueBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
        buildObject.setValue(str);
        return buildObject;
    }
}
