package org.apereo.cas.support.saml.web.view;

import java.time.ZonedDateTime;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.ProtocolAttributeEncoder;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.authentication.SamlAuthenticationMetaDataPopulator;
import org.apereo.cas.support.saml.util.Saml10ObjectBuilder;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.DateTimeUtils;
import org.apereo.cas.web.support.ArgumentExtractor;
import org.opensaml.saml.saml1.core.Assertion;
import org.opensaml.saml.saml1.core.AuthenticationStatement;
import org.opensaml.saml.saml1.core.Response;
import org.opensaml.saml.saml1.core.StatusCode;
import org.opensaml.saml.saml1.core.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/saml/web/view/Saml10SuccessResponseView.class */
public class Saml10SuccessResponseView extends AbstractSaml10ResponseView {
    private static final Logger LOGGER = LoggerFactory.getLogger(Saml10SuccessResponseView.class);
    private final String issuer;
    private final String rememberMeAttributeName;
    private final String defaultAttributeNamespace;

    public Saml10SuccessResponseView(ProtocolAttributeEncoder protocolAttributeEncoder, ServicesManager servicesManager, String str, Saml10ObjectBuilder saml10ObjectBuilder, ArgumentExtractor argumentExtractor, String str2, int i, String str3, String str4) {
        super(true, protocolAttributeEncoder, servicesManager, str, saml10ObjectBuilder, argumentExtractor, str2, i);
        this.issuer = str3;
        this.rememberMeAttributeName = "longTermAuthenticationRequestTokenUsed";
        this.defaultAttributeNamespace = str4;
    }

    @Override // org.apereo.cas.support.saml.web.view.AbstractSaml10ResponseView
    protected void prepareResponse(Response response, Map<String, Object> map) {
        ZonedDateTime zonedDateTimeOf = DateTimeUtils.zonedDateTimeOf(response.getIssueInstant());
        Service service = getAssertionFrom(map).getService();
        LOGGER.debug("Preparing SAML response for service [{}]", service);
        Authentication primaryAuthenticationFrom = getPrimaryAuthenticationFrom(map);
        Set collection = CollectionUtils.toCollection(primaryAuthenticationFrom.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD));
        LOGGER.debug("Authentication methods found are [{}]", collection);
        Principal principal = getPrincipal(map);
        AuthenticationStatement newAuthenticationStatement = this.samlObjectBuilder.newAuthenticationStatement(primaryAuthenticationFrom.getAuthenticationDate(), collection, principal.getId());
        LOGGER.debug("Built authentication statement for [{}] dated at [{}]", principal, primaryAuthenticationFrom.getAuthenticationDate());
        Assertion newAssertion = this.samlObjectBuilder.newAssertion(newAuthenticationStatement, this.issuer, zonedDateTimeOf, this.samlObjectBuilder.generateSecureRandomId());
        LOGGER.debug("Built assertion for issuer [{}] dated at [{}]", this.issuer, zonedDateTimeOf);
        newAssertion.setConditions(this.samlObjectBuilder.newConditions(zonedDateTimeOf, service.getId(), this.skewAllowance));
        LOGGER.debug("Built assertion conditions for issuer [{}] and service [{}] ", this.issuer, service.getId());
        Subject newSubject = this.samlObjectBuilder.newSubject(principal.getId());
        LOGGER.debug("Built subject for principal [{}]", principal);
        Map<String, Object> prepareSamlAttributes = prepareSamlAttributes(map, service);
        LOGGER.debug("Authentication statement shall include these attributes [{}]", prepareSamlAttributes);
        if (!prepareSamlAttributes.isEmpty()) {
            newAssertion.getAttributeStatements().add(this.samlObjectBuilder.newAttributeStatement(newSubject, prepareSamlAttributes, this.defaultAttributeNamespace));
        }
        response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null));
        LOGGER.debug("Set response status code to [{}]", response.getStatus());
        response.getAssertions().add(newAssertion);
    }

    private Map<String, Object> prepareSamlAttributes(Map<String, Object> map, Service service) {
        HashMap hashMap = new HashMap(getAuthenticationAttributesAsMultiValuedAttributes(map));
        if (isRememberMeAuthentication(map)) {
            hashMap.remove("org.apereo.cas.authentication.principal.REMEMBER_ME");
            hashMap.put(this.rememberMeAttributeName, Boolean.TRUE.toString());
        }
        LOGGER.debug("Retrieved authentication attributes [{}] from the model", hashMap);
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(service);
        HashMap hashMap2 = new HashMap();
        hashMap2.putAll(getPrincipalAttributesAsMultiValuedAttributes(map));
        hashMap2.putAll(hashMap);
        decideIfCredentialPasswordShouldBeReleasedAsAttribute(hashMap2, map, findServiceBy);
        decideIfProxyGrantingTicketShouldBeReleasedAsAttribute(hashMap2, map, findServiceBy);
        LOGGER.debug("Beginning to encode attributes [{}] for service [{}]", hashMap2, findServiceBy.getServiceId());
        Map<String, Object> encodeAttributes = this.protocolAttributeEncoder.encodeAttributes(hashMap2, findServiceBy);
        LOGGER.debug("Final collection of attributes are [{}]", encodeAttributes);
        return encodeAttributes;
    }
}
