package org.apereo.cas.support.saml.web.idp.profile.builders.response;

import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import org.apereo.cas.support.saml.util.AbstractSaml20ObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.inspektr.audit.annotation.Audit;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.messaging.context.ScratchContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.binding.SAMLBindingSupport;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.Issuer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/builders/response/BaseSamlProfileSamlResponseBuilder.class */
public abstract class BaseSamlProfileSamlResponseBuilder<T extends XMLObject> extends AbstractSaml20ObjectBuilder implements SamlProfileObjectBuilder<T> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(BaseSamlProfileSamlResponseBuilder.class);
    private static final long serialVersionUID = -1891703354216174875L;
    protected final SamlProfileSamlResponseBuilderConfigurationContext configurationContext;

    /* JADX INFO: Access modifiers changed from: protected */
    public BaseSamlProfileSamlResponseBuilder(SamlProfileSamlResponseBuilderConfigurationContext samlProfileSamlResponseBuilderConfigurationContext) {
        super(samlProfileSamlResponseBuilderConfigurationContext.getOpenSamlConfigBean());
        this.configurationContext = samlProfileSamlResponseBuilderConfigurationContext;
    }

    @Override // org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder
    @Audit(action = "SAML2_RESPONSE", actionResolverName = "SAML2_RESPONSE_ACTION_RESOLVER", resourceResolverName = "SAML2_RESPONSE_RESOURCE_RESOLVER")
    /* renamed from: build */
    public T mo26build(SamlProfileBuilderContext samlProfileBuilderContext) throws Exception {
        return encodeFinalResponse(samlProfileBuilderContext, mo25buildResponse(samlProfileBuilderContext.getAuthenticatedAssertion().isPresent() ? Optional.of(buildSamlAssertion(samlProfileBuilderContext)) : Optional.empty(), samlProfileBuilderContext));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public T encodeFinalResponse(SamlProfileBuilderContext samlProfileBuilderContext, T t) throws Exception {
        if (!((Boolean) ((ScratchContext) Objects.requireNonNull(samlProfileBuilderContext.getMessageContext().getSubcontext(ScratchContext.class, true))).getMap().getOrDefault("encodeSamlResponse", Boolean.TRUE)).booleanValue()) {
            return t;
        }
        String relayState = SAMLBindingSupport.getRelayState(samlProfileBuilderContext.getMessageContext());
        LOGGER.trace("Relay state is [{}]", relayState);
        return encode(samlProfileBuilderContext, t, relayState);
    }

    protected Assertion buildSamlAssertion(SamlProfileBuilderContext samlProfileBuilderContext) throws Exception {
        return this.configurationContext.getSamlProfileSamlAssertionBuilder().mo26build(samlProfileBuilderContext);
    }

    /* renamed from: buildResponse */
    protected abstract T mo25buildResponse(Optional<Assertion> optional, SamlProfileBuilderContext samlProfileBuilderContext) throws Exception;

    /* JADX INFO: Access modifiers changed from: protected */
    public Issuer buildSamlResponseIssuer(String str) {
        Issuer newIssuer = newIssuer(str);
        newIssuer.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
        return newIssuer;
    }

    protected abstract T encode(SamlProfileBuilderContext samlProfileBuilderContext, T t, String str) throws Exception;

    /* JADX INFO: Access modifiers changed from: protected */
    public Optional<SAMLObject> encryptAssertion(Optional<Assertion> optional, SamlProfileBuilderContext samlProfileBuilderContext) {
        return optional.map(assertion -> {
            if (!encryptAssertionFor(samlProfileBuilderContext)) {
                LOGGER.debug("SAML registered service [{}] does not require assertions to be encrypted", samlProfileBuilderContext.getAdaptor().getEntityId());
                return (SAMLObject) optional.get();
            }
            LOGGER.debug("SAML service [{}] requires assertions to be encrypted", samlProfileBuilderContext.getAdaptor().getEntityId());
            EncryptedAssertion encode = this.configurationContext.getSamlObjectEncrypter().encode((Assertion) optional.get(), samlProfileBuilderContext.getRegisteredService(), samlProfileBuilderContext.getAdaptor());
            if (encode != null) {
                return encode;
            }
            LOGGER.debug("SAML registered service [{}] is unable to encrypt assertions", samlProfileBuilderContext.getAdaptor().getEntityId());
            return (SAMLObject) optional.get();
        });
    }

    protected boolean encryptAssertionFor(SamlProfileBuilderContext samlProfileBuilderContext) {
        return samlProfileBuilderContext.getRegisteredService().isEncryptAssertions();
    }

    @Generated
    public SamlProfileSamlResponseBuilderConfigurationContext getConfigurationContext() {
        return this.configurationContext;
    }
}
