package org.apereo.cas.support.saml.authentication;

import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.ProtocolAttributeEncoder;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.util.Saml10ObjectBuilder;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.DateTimeUtils;
import org.opensaml.saml.saml1.core.Assertion;
import org.opensaml.saml.saml1.core.AuthenticationStatement;
import org.opensaml.saml.saml1.core.Response;
import org.opensaml.saml.saml1.core.StatusCode;
import org.opensaml.saml.saml1.core.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/saml/authentication/SamlResponseBuilder.class */
public class SamlResponseBuilder {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlResponseBuilder.class);
    private final Saml10ObjectBuilder samlObjectBuilder;
    private final String issuer;
    private final String defaultAttributeNamespace;
    private final int issueLength;
    private final int skewAllowance;
    private final ProtocolAttributeEncoder protocolAttributeEncoder;
    private final ServicesManager servicesManager;

    public Response createResponse(String str, WebApplicationService webApplicationService) {
        return this.samlObjectBuilder.newResponse(this.samlObjectBuilder.generateSecureRandomId(), ZonedDateTime.now(ZoneOffset.UTC).minusSeconds(this.skewAllowance), str, webApplicationService);
    }

    public void setStatusRequestDenied(Response response, String str) {
        response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.REQUEST_DENIED, str));
    }

    public void prepareSuccessfulResponse(Response response, Service service, Authentication authentication, Principal principal, Map<String, Object> map, Map<String, Object> map2) {
        ZonedDateTime zonedDateTimeOf = DateTimeUtils.zonedDateTimeOf(response.getIssueInstant());
        LOGGER.debug("Preparing SAML response for service [{}]", service);
        Set collection = CollectionUtils.toCollection(authentication.getAttributes().get("samlAuthenticationStatementAuthMethod"));
        LOGGER.debug("Authentication methods found are [{}]", collection);
        AuthenticationStatement newAuthenticationStatement = this.samlObjectBuilder.newAuthenticationStatement(authentication.getAuthenticationDate(), collection, principal.getId());
        LOGGER.debug("Built authentication statement for [{}] dated at [{}]", principal, authentication.getAuthenticationDate());
        Assertion newAssertion = this.samlObjectBuilder.newAssertion(newAuthenticationStatement, this.issuer, zonedDateTimeOf, this.samlObjectBuilder.generateSecureRandomId());
        LOGGER.debug("Built assertion for issuer [{}] dated at [{}]", this.issuer, zonedDateTimeOf);
        newAssertion.setConditions(this.samlObjectBuilder.newConditions(zonedDateTimeOf, service.getId(), this.issueLength));
        LOGGER.debug("Built assertion conditions for issuer [{}] and service [{}] ", this.issuer, service.getId());
        Subject newSubject = this.samlObjectBuilder.newSubject(principal.getId());
        LOGGER.debug("Built subject for principal [{}]", principal);
        Map<String, Object> prepareSamlAttributes = prepareSamlAttributes(service, map, map2);
        LOGGER.debug("Authentication statement shall include these attributes [{}]", prepareSamlAttributes);
        if (!prepareSamlAttributes.isEmpty()) {
            newAssertion.getAttributeStatements().add(this.samlObjectBuilder.newAttributeStatement(newSubject, prepareSamlAttributes, this.defaultAttributeNamespace));
        }
        response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, (String) null));
        LOGGER.debug("Set response status code to [{}]", response.getStatus());
        response.getAssertions().add(newAssertion);
    }

    private Map<String, Object> prepareSamlAttributes(Service service, Map<String, Object> map, Map<String, Object> map2) {
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(service);
        LOGGER.debug("Retrieved authentication attributes [{}] from the model", map);
        HashMap hashMap = new HashMap();
        hashMap.putAll(map2);
        hashMap.putAll(map);
        LOGGER.debug("Beginning to encode attributes [{}] for service [{}]", hashMap, findServiceBy.getServiceId());
        Map<String, Object> encodeAttributes = this.protocolAttributeEncoder.encodeAttributes(hashMap, findServiceBy);
        LOGGER.debug("Final collection of attributes are [{}]", encodeAttributes);
        return encodeAttributes;
    }

    public void encodeSamlResponse(Response response, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        this.samlObjectBuilder.encodeSamlResponse(httpServletResponse, httpServletRequest, response);
    }

    @Generated
    public SamlResponseBuilder(Saml10ObjectBuilder saml10ObjectBuilder, String str, String str2, int i, int i2, ProtocolAttributeEncoder protocolAttributeEncoder, ServicesManager servicesManager) {
        this.samlObjectBuilder = saml10ObjectBuilder;
        this.issuer = str;
        this.defaultAttributeNamespace = str2;
        this.issueLength = i;
        this.skewAllowance = i2;
        this.protocolAttributeEncoder = protocolAttributeEncoder;
        this.servicesManager = servicesManager;
    }
}
