package org.apereo.cas.support.saml.util;

import java.security.SecureRandom;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.stream.IntStream;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.util.CompressionUtils;
import org.apereo.cas.util.DateTimeUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.InetAddressUtils;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.AttributeValue;
import org.opensaml.saml.saml2.core.Audience;
import org.opensaml.saml.saml2.core.AudienceRestriction;
import org.opensaml.saml.saml2.core.AuthnContext;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.Statement;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.core.StatusMessage;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml.saml2.ecp.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/saml/util/AbstractSaml20ObjectBuilder.class */
public abstract class AbstractSaml20ObjectBuilder extends AbstractSamlObjectBuilder {
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractSaml20ObjectBuilder.class);
    private static final int HEX_HIGH_BITS_BITWISE_FLAG = 15;
    private static final long serialVersionUID = -4325127376598205277L;

    public AbstractSaml20ObjectBuilder(OpenSamlConfigBean openSamlConfigBean) {
        super(openSamlConfigBean);
    }

    protected NameID getNameID(String str, String str2) {
        NameID newSamlObject = newSamlObject(NameID.class);
        newSamlObject.setFormat(str);
        newSamlObject.setValue(str2);
        return newSamlObject;
    }

    public Response newEcpResponse(String str) {
        Response newSamlObject = newSamlObject(Response.class);
        newSamlObject.setSOAP11MustUnderstand(Boolean.TRUE);
        newSamlObject.setSOAP11Actor("http://schemas.xmlsoap.org/soap/actor/next");
        newSamlObject.setAssertionConsumerServiceURL(str);
        return newSamlObject;
    }

    public org.opensaml.saml.saml2.core.Response newResponse(String str, ZonedDateTime zonedDateTime, String str2, WebApplicationService webApplicationService) {
        org.opensaml.saml.saml2.core.Response newSamlObject = newSamlObject(org.opensaml.saml.saml2.core.Response.class);
        newSamlObject.setID(str);
        newSamlObject.setIssueInstant(DateTimeUtils.dateTimeOf(zonedDateTime));
        newSamlObject.setVersion(SAMLVersion.VERSION_20);
        if (StringUtils.isNotBlank(str2)) {
            LOGGER.debug("Setting provided RequestId {} as InResponseTo", str2);
            newSamlObject.setInResponseTo(str2);
        } else {
            LOGGER.debug("No recipient is provided. Skipping InResponseTo");
        }
        return newSamlObject;
    }

    public Status newStatus(String str, String str2) {
        Status newSamlObject = newSamlObject(Status.class);
        StatusCode newSamlObject2 = newSamlObject(StatusCode.class);
        newSamlObject2.setValue(str);
        newSamlObject.setStatusCode(newSamlObject2);
        if (StringUtils.isNotBlank(str2)) {
            StatusMessage newSamlObject3 = newSamlObject(StatusMessage.class);
            newSamlObject3.setMessage(str2);
            newSamlObject.setStatusMessage(newSamlObject3);
        }
        return newSamlObject;
    }

    public Assertion newAssertion(AuthnStatement authnStatement, String str, ZonedDateTime zonedDateTime, String str2) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(authnStatement);
        return newAssertion(arrayList, str, zonedDateTime, str2);
    }

    public Assertion newAssertion(List<Statement> list, String str, ZonedDateTime zonedDateTime, String str2) {
        Assertion newSamlObject = newSamlObject(Assertion.class);
        newSamlObject.setID(str2);
        newSamlObject.setIssueInstant(DateTimeUtils.dateTimeOf(zonedDateTime));
        newSamlObject.setIssuer(newIssuer(str));
        newSamlObject.getStatements().addAll(list);
        return newSamlObject;
    }

    public Issuer newIssuer(String str) {
        Issuer newSamlObject = newSamlObject(Issuer.class);
        newSamlObject.setValue(str);
        return newSamlObject;
    }

    public AttributeStatement newAttributeStatement(Map<String, Object> map, boolean z, Map<String, String> map2, String str) {
        AttributeStatement newSamlObject = newSamlObject(AttributeStatement.class);
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            if ((entry.getValue() instanceof Collection) && ((Collection) entry.getValue()).isEmpty()) {
                LOGGER.info("Skipping attribute [{}] because it does not have any values.", entry.getKey());
            } else {
                newSamlObject.getAttributes().add(newAttribute(z, entry, map2, str));
            }
        }
        return newSamlObject;
    }

    public void addAttributeValuesToSaml2Attribute(String str, Object obj, List<XMLObject> list) {
        addAttributeValuesToSamlAttribute(str, obj, list, AttributeValue.DEFAULT_ELEMENT_NAME);
    }

    protected Attribute newAttribute(boolean z, Map.Entry<String, Object> entry, Map<String, String> map, String str) {
        Attribute newSamlObject = newSamlObject(Attribute.class);
        newSamlObject.setName(entry.getKey());
        if (z) {
            newSamlObject.setFriendlyName(entry.getKey());
        }
        addAttributeValuesToSaml2Attribute(entry.getKey(), entry.getValue(), newSamlObject.getAttributeValues());
        if (map.isEmpty() || !map.containsKey(newSamlObject.getName())) {
            LOGGER.debug("Skipped name format, as no name formats are defined or none is found for attribute [{}]", newSamlObject.getName());
            configureAttributeNameFormat(newSamlObject, str);
        } else {
            String str2 = map.get(newSamlObject.getName());
            LOGGER.debug("Found name format [{}] for attribute [{}]", str2, newSamlObject.getName());
            configureAttributeNameFormat(newSamlObject, str2);
            LOGGER.debug("Attribute [{}] is assigned the name format of [{}]", newSamlObject.getName(), newSamlObject.getNameFormat());
        }
        LOGGER.debug("Attribute [{}] has [{}] value(s)", newSamlObject.getName(), Integer.valueOf(newSamlObject.getAttributeValues().size()));
        return newSamlObject;
    }

    private static void configureAttributeNameFormat(Attribute attribute, String str) {
        String lowerCase = str.trim().toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -1626174665:
                if (lowerCase.equals("unspecified")) {
                    z = 2;
                    break;
                }
                break;
            case 116076:
                if (lowerCase.equals("uri")) {
                    z = true;
                    break;
                }
                break;
            case 93508654:
                if (lowerCase.equals("basic")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:basic");
                return;
            case true:
                attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
                return;
            case true:
                attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
                return;
            default:
                attribute.setNameFormat(str);
                return;
        }
    }

    public AuthnStatement newAuthnStatement(String str, ZonedDateTime zonedDateTime, String str2) {
        LOGGER.debug("Building authentication statement with context class ref [{}] @ [{}] with index [{}]", new Object[]{str, zonedDateTime, str2});
        AuthnStatement newSamlObject = newSamlObject(AuthnStatement.class);
        AuthnContext newSamlObject2 = newSamlObject(AuthnContext.class);
        AuthnContextClassRef newSamlObject3 = newSamlObject(AuthnContextClassRef.class);
        newSamlObject3.setAuthnContextClassRef(str);
        newSamlObject2.setAuthnContextClassRef(newSamlObject3);
        newSamlObject.setAuthnContext(newSamlObject2);
        newSamlObject.setAuthnInstant(DateTimeUtils.dateTimeOf(zonedDateTime));
        newSamlObject.setSessionIndex(str2);
        return newSamlObject;
    }

    public Conditions newConditions(ZonedDateTime zonedDateTime, ZonedDateTime zonedDateTime2, String str) {
        LOGGER.debug("Building conditions for audience [{}] that enforce not-before [{}] and not-after [{}]", new Object[]{str, zonedDateTime, zonedDateTime2});
        Conditions newSamlObject = newSamlObject(Conditions.class);
        newSamlObject.setNotBefore(DateTimeUtils.dateTimeOf(zonedDateTime));
        newSamlObject.setNotOnOrAfter(DateTimeUtils.dateTimeOf(zonedDateTime2));
        AudienceRestriction newSamlObject2 = newSamlObject(AudienceRestriction.class);
        Audience newSamlObject3 = newSamlObject(Audience.class);
        newSamlObject3.setAudienceURI(str);
        newSamlObject2.getAudiences().add(newSamlObject3);
        newSamlObject.getAudienceRestrictions().add(newSamlObject2);
        return newSamlObject;
    }

    public Subject newSubject(String str, String str2, String str3, ZonedDateTime zonedDateTime, String str4) {
        LOGGER.debug("Building subject for NameID [{}]/[{}] and recipient [{}], in response to [{}]", new Object[]{str2, str, str3, str4});
        SubjectConfirmation newSamlObject = newSamlObject(SubjectConfirmation.class);
        newSamlObject.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
        SubjectConfirmationData newSamlObject2 = newSamlObject(SubjectConfirmationData.class);
        newSamlObject2.setRecipient(str3);
        newSamlObject2.setNotOnOrAfter(DateTimeUtils.dateTimeOf(zonedDateTime));
        newSamlObject2.setInResponseTo(str4);
        if (StringUtils.isNotBlank(str4)) {
            String byName = InetAddressUtils.getByName(str4);
            if (StringUtils.isNotBlank(byName)) {
                newSamlObject2.setAddress(byName);
            }
        }
        newSamlObject.setSubjectConfirmationData(newSamlObject2);
        Subject newSamlObject3 = newSamlObject(Subject.class);
        newSamlObject3.setNameID(getNameID(str, str2));
        newSamlObject3.getSubjectConfirmations().add(newSamlObject);
        LOGGER.debug("Built subject [{}]", newSamlObject3);
        return newSamlObject3;
    }

    @Override // org.apereo.cas.support.saml.util.AbstractSamlObjectBuilder
    public String generateSecureRandomId() {
        char[] cArr = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p'};
        byte[] bArr = new byte[20];
        new SecureRandom().nextBytes(bArr);
        char[] cArr2 = new char[40];
        IntStream.range(0, bArr.length).forEach(i -> {
            int i = (bArr[i] >> 4) & HEX_HIGH_BITS_BITWISE_FLAG;
            int i2 = bArr[i] & HEX_HIGH_BITS_BITWISE_FLAG;
            cArr2[i * 2] = cArr[i];
            cArr2[(i * 2) + 1] = cArr[i2];
        });
        return String.valueOf(cArr2);
    }

    public String decodeSamlAuthnRequest(String str) {
        byte[] decodeBase64;
        if (StringUtils.isEmpty(str) || (decodeBase64 = EncodingUtils.decodeBase64(str)) == null) {
            return null;
        }
        String inflate = CompressionUtils.inflate(decodeBase64);
        return !StringUtils.isEmpty(inflate) ? inflate : CompressionUtils.decodeByteArrayToString(decodeBase64);
    }
}
