package org.keycloak.saml;

import java.net.URI;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.keycloak.dom.saml.v2.assertion.AssertionType;
import org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType;
import org.keycloak.dom.saml.v2.assertion.AuthnStatementType;
import org.keycloak.dom.saml.v2.assertion.ConditionsType;
import org.keycloak.dom.saml.v2.assertion.NameIDType;
import org.keycloak.dom.saml.v2.assertion.OneTimeUseType;
import org.keycloak.dom.saml.v2.protocol.ExtensionsType;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.saml.SamlProtocolExtensionsAwareBuilder;
import org.keycloak.saml.common.PicketLinkLogger;
import org.keycloak.saml.common.PicketLinkLoggerFactory;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.common.util.DocumentUtil;
import org.keycloak.saml.common.util.StringUtil;
import org.keycloak.saml.processing.api.saml.v2.response.SAML2Response;
import org.keycloak.saml.processing.core.saml.v2.common.IDGenerator;
import org.keycloak.saml.processing.core.saml.v2.holders.IDPInfoHolder;
import org.keycloak.saml.processing.core.saml.v2.holders.IssuerInfoHolder;
import org.keycloak.saml.processing.core.saml.v2.holders.SPInfoHolder;
import org.keycloak.saml.processing.core.saml.v2.util.StatementUtil;
import org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil;
import org.w3c.dom.Document;

/* loaded from: input_file:WEB-INF/lib/keycloak-saml-core-12.0.2.jar:org/keycloak/saml/SAML2LoginResponseBuilder.class */
public class SAML2LoginResponseBuilder implements SamlProtocolExtensionsAwareBuilder<SAML2LoginResponseBuilder> {
    protected static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
    protected String destination;
    protected NameIDType issuer;
    protected int subjectExpiration;
    protected int assertionExpiration;
    protected int sessionExpiration;
    protected String nameId;
    protected String nameIdFormat;
    protected boolean multiValuedRoles;
    protected boolean disableAuthnStatement;
    protected String requestID;
    protected String authMethod;
    protected String requestIssuer;
    protected String sessionIndex;
    protected final List<SamlProtocolExtensionsAwareBuilder.NodeGenerator> extensions = new LinkedList();
    protected boolean includeOneTimeUseCondition;

    public SAML2LoginResponseBuilder sessionIndex(String str) {
        this.sessionIndex = str;
        return this;
    }

    public SAML2LoginResponseBuilder destination(String str) {
        this.destination = str;
        return this;
    }

    public SAML2LoginResponseBuilder issuer(NameIDType nameIDType) {
        this.issuer = nameIDType;
        return this;
    }

    public SAML2LoginResponseBuilder issuer(String str) {
        return issuer(SAML2NameIDBuilder.value(str).build());
    }

    public SAML2LoginResponseBuilder subjectExpiration(int i) {
        this.subjectExpiration = i;
        return this;
    }

    public SAML2LoginResponseBuilder sessionExpiration(int i) {
        this.sessionExpiration = i;
        return this;
    }

    public SAML2LoginResponseBuilder assertionExpiration(int i) {
        this.assertionExpiration = i;
        return this;
    }

    public SAML2LoginResponseBuilder requestID(String str) {
        this.requestID = str;
        return this;
    }

    public SAML2LoginResponseBuilder requestIssuer(String str) {
        this.requestIssuer = str;
        return this;
    }

    public SAML2LoginResponseBuilder authMethod(String str) {
        this.authMethod = str;
        return this;
    }

    public SAML2LoginResponseBuilder nameIdentifier(String str, String str2) {
        this.nameIdFormat = str;
        this.nameId = str2;
        return this;
    }

    public SAML2LoginResponseBuilder multiValuedRoles(boolean z) {
        this.multiValuedRoles = z;
        return this;
    }

    public SAML2LoginResponseBuilder disableAuthnStatement(boolean z) {
        this.disableAuthnStatement = z;
        return this;
    }

    public SAML2LoginResponseBuilder includeOneTimeUseCondition(boolean z) {
        this.includeOneTimeUseCondition = z;
        return this;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.keycloak.saml.SamlProtocolExtensionsAwareBuilder
    public SAML2LoginResponseBuilder addExtension(SamlProtocolExtensionsAwareBuilder.NodeGenerator nodeGenerator) {
        this.extensions.add(nodeGenerator);
        return this;
    }

    public Document buildDocument(ResponseType responseType) throws ConfigurationException, ProcessingException {
        try {
            Document convert = new SAML2Response().convert(responseType);
            if (logger.isTraceEnabled()) {
                logger.trace("SAML Response Document: " + DocumentUtil.asString(convert));
            }
            return convert;
        } catch (Exception e) {
            throw logger.samlAssertionMarshallError(e);
        }
    }

    public ResponseType buildModel() throws ConfigurationException, ProcessingException {
        SAML2Response sAML2Response = new SAML2Response();
        String create = IDGenerator.create("ID_");
        IssuerInfoHolder issuerInfoHolder = new IssuerInfoHolder(this.issuer);
        issuerInfoHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
        IDPInfoHolder iDPInfoHolder = new IDPInfoHolder();
        iDPInfoHolder.setNameIDFormatValue(this.nameId);
        iDPInfoHolder.setNameIDFormat(this.nameIdFormat);
        SPInfoHolder sPInfoHolder = new SPInfoHolder();
        sPInfoHolder.setResponseDestinationURI(this.destination);
        sPInfoHolder.setRequestID(this.requestID);
        sPInfoHolder.setIssuer(this.requestIssuer);
        ResponseType createResponseType = sAML2Response.createResponseType(create, sPInfoHolder, iDPInfoHolder, issuerInfoHolder);
        AssertionType assertion = createResponseType.getAssertions().get(0).getAssertion();
        AudienceRestrictionType audienceRestrictionType = new AudienceRestrictionType();
        audienceRestrictionType.addAudience(URI.create(this.requestIssuer));
        assertion.getConditions().addCondition(audienceRestrictionType);
        if (this.assertionExpiration > 0) {
            ConditionsType conditions = assertion.getConditions();
            conditions.setNotOnOrAfter(XMLTimeUtil.add(conditions.getNotBefore(), this.assertionExpiration * 1000));
        }
        if (this.subjectExpiration > 0) {
            assertion.getSubject().getConfirmation().get(0).getSubjectConfirmationData().setNotOnOrAfter(XMLTimeUtil.add(assertion.getConditions().getNotBefore(), this.subjectExpiration * 1000));
        }
        if (!this.disableAuthnStatement) {
            String str = JBossSAMLURIConstants.AC_UNSPECIFIED.get();
            if (StringUtil.isNotNull(this.authMethod)) {
                str = this.authMethod;
            }
            AuthnStatementType createAuthnStatement = StatementUtil.createAuthnStatement(XMLTimeUtil.getIssueInstant(), str);
            if (this.sessionExpiration > 0) {
                createAuthnStatement.setSessionNotOnOrAfter(XMLTimeUtil.add(createAuthnStatement.getAuthnInstant(), this.sessionExpiration * 1000));
            }
            if (this.sessionIndex != null) {
                createAuthnStatement.setSessionIndex(this.sessionIndex);
            } else {
                createAuthnStatement.setSessionIndex(assertion.getID());
            }
            assertion.addStatement(createAuthnStatement);
        }
        if (this.includeOneTimeUseCondition) {
            assertion.getConditions().addCondition(new OneTimeUseType());
        }
        if (!this.extensions.isEmpty()) {
            ExtensionsType extensionsType = new ExtensionsType();
            Iterator<SamlProtocolExtensionsAwareBuilder.NodeGenerator> it = this.extensions.iterator();
            while (it.hasNext()) {
                extensionsType.addExtension(it.next());
            }
            createResponseType.setExtensions(extensionsType);
        }
        return createResponseType;
    }
}
