package org.apereo.cas.support.saml.web.idp.profile.builders.response;

import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlException;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.BaseSamlObjectSigner;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectEncrypter;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlResponseArtifactEncoder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlResponsePostEncoder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlResponsePostSimpleSignEncoder;
import org.apereo.cas.ticket.artifact.SamlArtifactTicketFactory;
import org.apereo.cas.ticket.query.SamlAttributeQueryTicketFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.web.support.CookieRetrievingCookieGenerator;
import org.apereo.cas.web.support.CookieUtils;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.common.binding.artifact.SAMLArtifactMap;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ui.velocity.VelocityEngineFactory;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/builders/response/SamlProfileSaml2ResponseBuilder.class */
public class SamlProfileSaml2ResponseBuilder extends BaseSamlProfileSamlResponseBuilder<Response> {
    private static final long serialVersionUID = 1488837627964481272L;
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlProfileSaml2ResponseBuilder.class);
    private final TicketRegistry ticketRegistry;
    private final SamlArtifactTicketFactory samlArtifactTicketFactory;
    private final CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator;
    private final SAMLArtifactMap samlArtifactMap;
    private final SamlAttributeQueryTicketFactory samlAttributeQueryTicketFactory;

    public SamlProfileSaml2ResponseBuilder(OpenSamlConfigBean openSamlConfigBean, BaseSamlObjectSigner baseSamlObjectSigner, VelocityEngineFactory velocityEngineFactory, SamlProfileObjectBuilder<Assertion> samlProfileObjectBuilder, SamlObjectEncrypter samlObjectEncrypter, TicketRegistry ticketRegistry, SamlArtifactTicketFactory samlArtifactTicketFactory, CookieRetrievingCookieGenerator cookieRetrievingCookieGenerator, SAMLArtifactMap sAMLArtifactMap, SamlAttributeQueryTicketFactory samlAttributeQueryTicketFactory) {
        super(openSamlConfigBean, baseSamlObjectSigner, velocityEngineFactory, samlProfileObjectBuilder, samlObjectEncrypter);
        this.ticketRegistry = ticketRegistry;
        this.samlArtifactTicketFactory = samlArtifactTicketFactory;
        this.ticketGrantingTicketCookieGenerator = cookieRetrievingCookieGenerator;
        this.samlArtifactMap = sAMLArtifactMap;
        this.samlAttributeQueryTicketFactory = samlAttributeQueryTicketFactory;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.support.saml.web.idp.profile.builders.response.BaseSamlProfileSamlResponseBuilder
    /* renamed from: buildResponse, reason: avoid collision after fix types in other method and merged with bridge method [inline-methods] */
    public Response mo25buildResponse(Assertion assertion, Object obj, RequestAbstractType requestAbstractType, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws SamlException {
        XMLObject newResponse = newResponse('_' + String.valueOf(Math.abs(RandomUtils.getInstanceNative().nextLong())), ZonedDateTime.now(ZoneOffset.UTC), requestAbstractType.getID(), null);
        newResponse.setVersion(SAMLVersion.VERSION_20);
        newResponse.setIssuer(buildEntityIssuer());
        if (this.casProperties.getAuthn().getSamlIdp().isAttributeQueryProfileEnabled()) {
            storeAttributeQueryTicketInRegistry(assertion, httpServletRequest, samlRegisteredServiceServiceProviderMetadataFacade);
        }
        SAMLObject encryptAssertion = encryptAssertion(assertion, httpServletRequest, httpServletResponse, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade);
        if (encryptAssertion instanceof EncryptedAssertion) {
            LOGGER.debug("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
            newResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(encryptAssertion));
        } else {
            LOGGER.debug("Built assertion is not encrypted, so the response will add it to the assertions collection");
            newResponse.getAssertions().add(Assertion.class.cast(encryptAssertion));
        }
        newResponse.setStatus(newStatus("urn:oasis:names:tc:SAML:2.0:status:Success", null));
        SamlUtils.logSamlObject(this.configBean, newResponse);
        if (samlRegisteredService.isSignResponses()) {
            LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", samlRegisteredServiceServiceProviderMetadataFacade.getEntityId());
            newResponse = (Response) this.samlObjectSigner.encode(newResponse, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, httpServletResponse, httpServletRequest, str);
            SamlUtils.logSamlObject(this.configBean, newResponse);
        }
        return newResponse;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.support.saml.web.idp.profile.builders.response.BaseSamlProfileSamlResponseBuilder
    public Response encode(SamlRegisteredService samlRegisteredService, Response response, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, String str, String str2, RequestAbstractType requestAbstractType, Object obj) throws SamlException {
        LOGGER.debug("Constructing encoder based on binding [{}] for [{}]", str2, samlRegisteredServiceServiceProviderMetadataFacade.getEntityId());
        return str2.equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact") ? new SamlResponseArtifactEncoder(this.velocityEngineFactory, samlRegisteredServiceServiceProviderMetadataFacade, httpServletRequest, httpServletResponse, requestAbstractType, this.ticketRegistry, this.samlArtifactTicketFactory, this.ticketGrantingTicketCookieGenerator, this.samlArtifactMap).encode(response, str) : str2.equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign") ? new SamlResponsePostSimpleSignEncoder(this.velocityEngineFactory, samlRegisteredServiceServiceProviderMetadataFacade, httpServletResponse, httpServletRequest).encode(response, str) : new SamlResponsePostEncoder(this.velocityEngineFactory, samlRegisteredServiceServiceProviderMetadataFacade, httpServletResponse, httpServletRequest).encode(response, str);
    }

    private void storeAttributeQueryTicketInRegistry(Assertion assertion, HttpServletRequest httpServletRequest, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade) {
        this.ticketRegistry.addTicket(this.samlAttributeQueryTicketFactory.create(assertion.getSubject().getNameID().getValue(), assertion, samlRegisteredServiceServiceProviderMetadataFacade.getEntityId(), CookieUtils.getTicketGrantingTicketFromRequest(this.ticketGrantingTicketCookieGenerator, this.ticketRegistry, httpServletRequest)));
    }
}
