package org.apereo.cas.support.saml.web.idp.profile.builders;

import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.jasig.cas.client.validation.Assertion;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/builders/DefaultAuthnContextClassRefBuilder.class */
public class DefaultAuthnContextClassRefBuilder implements AuthnContextClassRefBuilder {
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultAuthnContextClassRefBuilder.class);

    @Override // org.apereo.cas.support.saml.web.idp.profile.builders.AuthnContextClassRefBuilder
    public String build(Assertion assertion, AuthnRequest authnRequest, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, SamlRegisteredService samlRegisteredService) {
        RequestedAuthnContext requestedAuthnContext = authnRequest.getRequestedAuthnContext();
        if (requestedAuthnContext == null) {
            LOGGER.debug("No specific authN context is requested. Returning [{}]", "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
            return "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified";
        }
        List authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
        if (authnContextClassRefs == null || authnContextClassRefs.isEmpty()) {
            LOGGER.debug("Requested authN context class ref is unspecified. Returning [{}]", "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
            return "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified";
        }
        LOGGER.debug("AuthN Context comparison is requested to use [{}]", requestedAuthnContext.getComparison());
        authnContextClassRefs.forEach(authnContextClassRef -> {
            LOGGER.debug("Requested AuthN Context [{}]", authnContextClassRef.getAuthnContextClassRef());
        });
        if (StringUtils.isNotBlank(samlRegisteredService.getRequiredAuthenticationContextClass())) {
            LOGGER.debug("Using [{}] as indicated by SAML registered service [{}]", samlRegisteredService.getRequiredAuthenticationContextClass(), samlRegisteredService.getName());
            return samlRegisteredService.getRequiredAuthenticationContextClass();
        }
        LOGGER.debug("Returning default AuthN Context [{}]", "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
        return "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport";
    }
}
