package org.keycloak.adapters.saml;

import java.io.IOException;
import java.security.KeyPair;
import org.jboss.logging.Logger;
import org.keycloak.adapters.saml.SamlDeployment;
import org.keycloak.adapters.saml.SamlSessionStore;
import org.keycloak.adapters.spi.AuthChallenge;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.saml.BaseSAML2BindingBuilder;
import org.keycloak.saml.SAML2AuthnRequestBuilder;
import org.keycloak.saml.SAML2NameIDPolicyBuilder;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ProcessingException;

/* loaded from: input_file:WEB-INF/lib/keycloak-saml-adapter-core-15.0.2.jar:org/keycloak/adapters/saml/AbstractInitiateLogin.class */
public abstract class AbstractInitiateLogin implements AuthChallenge {
    protected static Logger log = Logger.getLogger((Class<?>) AbstractInitiateLogin.class);
    protected SamlDeployment deployment;
    protected SamlSessionStore sessionStore;

    public AbstractInitiateLogin(SamlDeployment samlDeployment, SamlSessionStore samlSessionStore) {
        this.deployment = samlDeployment;
        this.sessionStore = samlSessionStore;
    }

    @Override // org.keycloak.adapters.spi.AuthChallenge
    public int getResponseCode() {
        return 0;
    }

    @Override // org.keycloak.adapters.spi.AuthChallenge
    public boolean challenge(HttpFacade httpFacade) {
        try {
            SAML2AuthnRequestBuilder buildSaml2AuthnRequestBuilder = buildSaml2AuthnRequestBuilder(this.deployment);
            BaseSAML2BindingBuilder createSaml2Binding = createSaml2Binding(this.deployment);
            this.sessionStore.saveRequest();
            sendAuthnRequest(httpFacade, buildSaml2AuthnRequestBuilder, createSaml2Binding);
            this.sessionStore.setCurrentAction(SamlSessionStore.CurrentAction.LOGGING_IN);
            return true;
        } catch (Exception e) {
            throw new RuntimeException("Could not create authentication request.", e);
        }
    }

    public static BaseSAML2BindingBuilder createSaml2Binding(SamlDeployment samlDeployment) {
        BaseSAML2BindingBuilder baseSAML2BindingBuilder = new BaseSAML2BindingBuilder();
        if (samlDeployment.getIDP().getSingleSignOnService().signRequest()) {
            baseSAML2BindingBuilder.signatureAlgorithm(samlDeployment.getSignatureAlgorithm());
            KeyPair signingKeyPair = samlDeployment.getSigningKeyPair();
            if (signingKeyPair == null) {
                throw new RuntimeException("Signing keys not configured");
            }
            if (samlDeployment.getSignatureCanonicalizationMethod() != null) {
                baseSAML2BindingBuilder.canonicalizationMethod(samlDeployment.getSignatureCanonicalizationMethod());
            }
            baseSAML2BindingBuilder.signWith(null, signingKeyPair);
            baseSAML2BindingBuilder.signDocument();
        }
        return baseSAML2BindingBuilder;
    }

    public static SAML2AuthnRequestBuilder buildSaml2AuthnRequestBuilder(SamlDeployment samlDeployment) {
        String entityID = samlDeployment.getEntityID();
        String nameIDPolicyFormat = samlDeployment.getNameIDPolicyFormat();
        if (nameIDPolicyFormat == null) {
            nameIDPolicyFormat = JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get();
        }
        SamlDeployment.IDP.SingleSignOnService singleSignOnService = samlDeployment.getIDP().getSingleSignOnService();
        SAML2AuthnRequestBuilder nameIdPolicy = new SAML2AuthnRequestBuilder().destination(singleSignOnService.getRequestBindingUrl()).issuer(entityID).forceAuthn(samlDeployment.isForceAuthentication()).isPassive(samlDeployment.isIsPassive()).nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat).setAllowCreate(Boolean.TRUE));
        if (singleSignOnService.getResponseBinding() != null) {
            String str = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get();
            if (singleSignOnService.getResponseBinding() == SamlDeployment.Binding.POST) {
                str = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get();
            }
            nameIdPolicy.protocolBinding(str);
        }
        if (singleSignOnService.getAssertionConsumerServiceUrl() != null) {
            nameIdPolicy.assertionConsumerUrl(singleSignOnService.getAssertionConsumerServiceUrl());
        }
        return nameIdPolicy;
    }

    protected abstract void sendAuthnRequest(HttpFacade httpFacade, SAML2AuthnRequestBuilder sAML2AuthnRequestBuilder, BaseSAML2BindingBuilder baseSAML2BindingBuilder) throws ProcessingException, ConfigurationException, IOException;
}
