package org.apereo.cas.support.saml.web.idp.profile.builders;

import java.security.SecureRandom;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.support.saml.SamlException;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.util.AbstractSaml20ObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectSigner;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/builders/SamlProfileSamlAssertionBuilder.class */
public class SamlProfileSamlAssertionBuilder extends AbstractSaml20ObjectBuilder implements SamlProfileObjectBuilder<Assertion> {
    private static final long serialVersionUID = -3945938960014421135L;

    @Autowired
    private CasConfigurationProperties casProperties;
    private SamlProfileSamlAuthNStatementBuilder samlProfileSamlAuthNStatementBuilder;
    private SamlProfileSamlAttributeStatementBuilder samlProfileSamlAttributeStatementBuilder;
    private SamlProfileSamlSubjectBuilder samlProfileSamlSubjectBuilder;
    private SamlProfileSamlConditionsBuilder samlProfileSamlConditionsBuilder;
    private SamlObjectSigner samlObjectSigner;

    @Override // org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder
    public Assertion build(AuthnRequest authnRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, org.jasig.cas.client.validation.Assertion assertion, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade) throws SamlException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.samlProfileSamlAuthNStatementBuilder.build(authnRequest, httpServletRequest, httpServletResponse, assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade));
        arrayList.add(this.samlProfileSamlAttributeStatementBuilder.build(authnRequest, httpServletRequest, httpServletResponse, assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade));
        Assertion newAssertion = newAssertion(arrayList, this.casProperties.getAuthn().getSamlIdp().getEntityId(), ZonedDateTime.now(ZoneOffset.UTC), "_" + String.valueOf(Math.abs(new SecureRandom().nextLong())));
        newAssertion.setSubject(this.samlProfileSamlSubjectBuilder.build(authnRequest, httpServletRequest, httpServletResponse, assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade));
        newAssertion.setConditions(this.samlProfileSamlConditionsBuilder.build(authnRequest, httpServletRequest, httpServletResponse, assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade));
        signAssertion(newAssertion, httpServletRequest, httpServletResponse, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade);
        return newAssertion;
    }

    protected void signAssertion(Assertion assertion, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade) throws SamlException {
        try {
            if (samlRegisteredService.isSignAssertions()) {
                this.logger.debug("SAML registered service [{}] requires assertions to be signed", samlRegisteredServiceServiceProviderMetadataFacade.getEntityId());
                this.samlObjectSigner.encode(assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, httpServletResponse, httpServletRequest);
            } else {
                this.logger.debug("SAML registered service [{}] does not require assertions to be signed", samlRegisteredServiceServiceProviderMetadataFacade.getEntityId());
            }
        } catch (Exception e) {
            throw new SamlException("Unable to marshall assertion for signing", e);
        }
    }

    public void setSamlProfileSamlAuthNStatementBuilder(SamlProfileSamlAuthNStatementBuilder samlProfileSamlAuthNStatementBuilder) {
        this.samlProfileSamlAuthNStatementBuilder = samlProfileSamlAuthNStatementBuilder;
    }

    public void setSamlProfileSamlAttributeStatementBuilder(SamlProfileSamlAttributeStatementBuilder samlProfileSamlAttributeStatementBuilder) {
        this.samlProfileSamlAttributeStatementBuilder = samlProfileSamlAttributeStatementBuilder;
    }

    public void setSamlProfileSamlSubjectBuilder(SamlProfileSamlSubjectBuilder samlProfileSamlSubjectBuilder) {
        this.samlProfileSamlSubjectBuilder = samlProfileSamlSubjectBuilder;
    }

    public void setSamlProfileSamlConditionsBuilder(SamlProfileSamlConditionsBuilder samlProfileSamlConditionsBuilder) {
        this.samlProfileSamlConditionsBuilder = samlProfileSamlConditionsBuilder;
    }

    public void setSamlObjectSigner(SamlObjectSigner samlObjectSigner) {
        this.samlObjectSigner = samlObjectSigner;
    }
}
