package org.apereo.cas.support.saml.web.idp.profile.builders;

import java.security.SecureRandom;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apereo.cas.support.saml.SamlException;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.util.AbstractSaml20ObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectSigner;
import org.apereo.inspektr.aspect.TraceLogAspect;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.stereotype.Component;

@RefreshScope
@Component("samlProfileSamlAssertionBuilder")
/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/builders/SamlProfileSamlAssertionBuilder.class */
public class SamlProfileSamlAssertionBuilder extends AbstractSaml20ObjectBuilder implements SamlProfileObjectBuilder<Assertion> {
    private static final long serialVersionUID = -3945938960014421135L;

    @Value("${cas.samlidp.entityid:}")
    private String entityId;

    @Autowired
    @Qualifier("samlProfileSamlAuthNStatementBuilder")
    private SamlProfileSamlAuthNStatementBuilder samlProfileSamlAuthNStatementBuilder;

    @Autowired
    @Qualifier("samlProfileSamlAttributeStatementBuilder")
    private SamlProfileSamlAttributeStatementBuilder samlProfileSamlAttributeStatementBuilder;

    @Autowired
    @Qualifier("samlProfileSamlSubjectBuilder")
    private SamlProfileSamlSubjectBuilder samlProfileSamlSubjectBuilder;

    @Autowired
    @Qualifier("samlProfileSamlConditionsBuilder")
    private SamlProfileSamlConditionsBuilder samlProfileSamlConditionsBuilder;

    @Autowired
    @Qualifier("samlObjectSigner")
    private SamlObjectSigner samlObjectSigner;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;

    /* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/builders/SamlProfileSamlAssertionBuilder$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return SamlProfileSamlAssertionBuilder.build_aroundBody0((SamlProfileSamlAssertionBuilder) objArr2[0], (AuthnRequest) objArr2[1], (HttpServletRequest) objArr2[2], (HttpServletResponse) objArr2[3], (org.jasig.cas.client.validation.Assertion) objArr2[4], (SamlRegisteredService) objArr2[5], (SamlRegisteredServiceServiceProviderMetadataFacade) objArr2[6], (JoinPoint) objArr2[7]);
        }
    }

    @Override // org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder
    public Assertion build(AuthnRequest authnRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, org.jasig.cas.client.validation.Assertion assertion, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade) throws SamlException {
        return (Assertion) TraceLogAspect.aspectOf().traceMethod(new AjcClosure1(new Object[]{this, authnRequest, httpServletRequest, httpServletResponse, assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, Factory.makeJP(ajc$tjp_0, this, this, new Object[]{authnRequest, httpServletRequest, httpServletResponse, assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade})}).linkClosureAndJoinPoint(69648));
    }

    protected void signAssertion(Assertion assertion, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade) throws SamlException {
        try {
            if (!samlRegisteredService.isSignAssertions()) {
                this.logger.debug("SAML registered service [{}] does not require assertions to be signed", samlRegisteredServiceServiceProviderMetadataFacade.getEntityId());
            } else {
                this.logger.debug("SAML registered service [{}] requires assertions to be signed", samlRegisteredServiceServiceProviderMetadataFacade.getEntityId());
                this.samlObjectSigner.encode(assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, httpServletResponse, httpServletRequest);
            }
        } catch (Exception e) {
            throw new SamlException("Unable to marshall assertion for signing", e);
        }
    }

    static {
        ajc$preClinit();
    }

    static final Assertion build_aroundBody0(SamlProfileSamlAssertionBuilder samlProfileSamlAssertionBuilder, AuthnRequest authnRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, org.jasig.cas.client.validation.Assertion assertion, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, JoinPoint joinPoint) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(samlProfileSamlAssertionBuilder.samlProfileSamlAuthNStatementBuilder.build(authnRequest, httpServletRequest, httpServletResponse, assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade));
        arrayList.add(samlProfileSamlAssertionBuilder.samlProfileSamlAttributeStatementBuilder.build(authnRequest, httpServletRequest, httpServletResponse, assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade));
        Assertion newAssertion = samlProfileSamlAssertionBuilder.newAssertion(arrayList, samlProfileSamlAssertionBuilder.entityId, ZonedDateTime.now(ZoneOffset.UTC), String.valueOf(Math.abs(new SecureRandom().nextLong())));
        newAssertion.setSubject(samlProfileSamlAssertionBuilder.samlProfileSamlSubjectBuilder.build(authnRequest, httpServletRequest, httpServletResponse, assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade));
        newAssertion.setConditions(samlProfileSamlAssertionBuilder.samlProfileSamlConditionsBuilder.build(authnRequest, httpServletRequest, httpServletResponse, assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade));
        samlProfileSamlAssertionBuilder.signAssertion(newAssertion, httpServletRequest, httpServletResponse, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade);
        return newAssertion;
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("SamlProfileSamlAssertionBuilder.java", SamlProfileSamlAssertionBuilder.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "build", "org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileSamlAssertionBuilder", "org.opensaml.saml.saml2.core.AuthnRequest:javax.servlet.http.HttpServletRequest:javax.servlet.http.HttpServletResponse:org.jasig.cas.client.validation.Assertion:org.apereo.cas.support.saml.services.SamlRegisteredService:org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade", "authnRequest:request:response:casAssertion:service:adaptor", "org.apereo.cas.support.saml.SamlException", "org.opensaml.saml.saml2.core.Assertion"), 62);
    }
}
