package at.gv.egiz.eaaf.modules.pvp2.sp.impl;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes;
import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestExtensionBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.saml2.common.Extensions;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml2.core.RequesterID;
import org.opensaml.saml2.core.Scoping;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;

@Service("pvpAuthnRequestBuilder")
/* loaded from: input_file:at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.class */
public class PVPAuthnRequestBuilder {
    private static final Logger log = LoggerFactory.getLogger(PVPAuthnRequestBuilder.class);

    @Autowired(required = true)
    ApplicationContext springContext;

    public void buildAuthnRequest(IRequest iRequest, IPVPAuthnRequestBuilderConfiguruation iPVPAuthnRequestBuilderConfiguruation, HttpServletResponse httpServletResponse) throws NoSuchAlgorithmException, MessageEncodingException, PVP2Exception, SecurityException {
        EntityDescriptor iDPEntityDescriptor = iPVPAuthnRequestBuilderConfiguruation.getIDPEntityDescriptor();
        AuthnRequest authnRequest = (AuthnRequest) SAML2Utils.createSAMLObject(AuthnRequest.class);
        SingleSignOnService singleSignOnService = null;
        for (SingleSignOnService singleSignOnService2 : iDPEntityDescriptor.getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol").getSingleSignOnServices()) {
            if (singleSignOnService2.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
                singleSignOnService = singleSignOnService2;
            } else if (singleSignOnService2.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect") && singleSignOnService == null) {
                singleSignOnService = singleSignOnService2;
            }
        }
        if (singleSignOnService == null) {
            log.warn("Building AuthnRequest FAILED: > Requested IDP " + iDPEntityDescriptor.getEntityID() + " does not support POST or Redirect Binding.");
            throw new AuthnRequestBuildException("sp.pvp2.00", new Object[]{iPVPAuthnRequestBuilderConfiguruation.getSPNameForLogging(), iDPEntityDescriptor.getEntityID()});
        }
        authnRequest.setDestination(singleSignOnService.getLocation());
        String requestID = iPVPAuthnRequestBuilderConfiguruation.getRequestID();
        if (StringUtils.isNotEmpty(requestID)) {
            authnRequest.setID(requestID);
        } else {
            authnRequest.setID(new SecureRandomIdentifierGenerator().generateIdentifier());
        }
        authnRequest.setIssueInstant(new DateTime());
        if (iPVPAuthnRequestBuilderConfiguruation.isPassivRequest() == null) {
            authnRequest.setIsPassive(false);
        } else {
            authnRequest.setIsPassive(iPVPAuthnRequestBuilderConfiguruation.isPassivRequest());
        }
        Issuer issuer = (Issuer) SAML2Utils.createSAMLObject(Issuer.class);
        issuer.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
        issuer.setValue(iPVPAuthnRequestBuilderConfiguruation.getSPEntityID());
        authnRequest.setIssuer(issuer);
        if (iPVPAuthnRequestBuilderConfiguruation.getAssertionConsumerServiceId() != null) {
            authnRequest.setAssertionConsumerServiceIndex(iPVPAuthnRequestBuilderConfiguruation.getAssertionConsumerServiceId());
        }
        if (iPVPAuthnRequestBuilderConfiguruation.getNameIDPolicyFormat() != null) {
            NameIDPolicy nameIDPolicy = (NameIDPolicy) SAML2Utils.createSAMLObject(NameIDPolicy.class);
            nameIDPolicy.setAllowCreate(Boolean.valueOf(iPVPAuthnRequestBuilderConfiguruation.getNameIDPolicyAllowCreation()));
            nameIDPolicy.setFormat(iPVPAuthnRequestBuilderConfiguruation.getNameIDPolicyFormat());
            authnRequest.setNameIDPolicy(nameIDPolicy);
        }
        if (iPVPAuthnRequestBuilderConfiguruation.getAuthnContextClassRef() != null) {
            RequestedAuthnContext requestedAuthnContext = (RequestedAuthnContext) SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
            AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
            authnContextClassRef.setAuthnContextClassRef(iPVPAuthnRequestBuilderConfiguruation.getAuthnContextClassRef());
            if (iPVPAuthnRequestBuilderConfiguruation.getAuthnContextComparison() == null) {
                requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
            } else {
                requestedAuthnContext.setComparison(iPVPAuthnRequestBuilderConfiguruation.getAuthnContextComparison());
            }
            requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
            authnRequest.setRequestedAuthnContext(requestedAuthnContext);
        }
        if (StringUtils.isNotEmpty(iPVPAuthnRequestBuilderConfiguruation.getSubjectNameID())) {
            Subject subject = (Subject) SAML2Utils.createSAMLObject(Subject.class);
            NameID nameID = (NameID) SAML2Utils.createSAMLObject(NameID.class);
            nameID.setValue(iPVPAuthnRequestBuilderConfiguruation.getSubjectNameID());
            if (StringUtils.isNotEmpty(iPVPAuthnRequestBuilderConfiguruation.getSubjectNameIDQualifier())) {
                nameID.setNameQualifier(iPVPAuthnRequestBuilderConfiguruation.getSubjectNameIDQualifier());
            }
            if (StringUtils.isNotEmpty(iPVPAuthnRequestBuilderConfiguruation.getSubjectNameIDFormat())) {
                nameID.setFormat(iPVPAuthnRequestBuilderConfiguruation.getSubjectNameIDFormat());
            } else {
                nameID.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
            }
            subject.setNameID(nameID);
            if (iPVPAuthnRequestBuilderConfiguruation.getSubjectConformationDate() != null) {
                SubjectConfirmation subjectConfirmation = (SubjectConfirmation) SAML2Utils.createSAMLObject(SubjectConfirmation.class);
                SubjectConfirmationData subjectConfirmationData = (SubjectConfirmationData) SAML2Utils.createSAMLObject(SubjectConfirmationData.class);
                subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
                subject.getSubjectConfirmations().add(subjectConfirmation);
                if (iPVPAuthnRequestBuilderConfiguruation.getSubjectConformationMethode() != null) {
                    subjectConfirmation.setMethod(iPVPAuthnRequestBuilderConfiguruation.getSubjectConformationMethode());
                }
                subjectConfirmationData.setDOM(iPVPAuthnRequestBuilderConfiguruation.getSubjectConformationDate());
            }
            authnRequest.setSubject(subject);
        }
        if (StringUtils.isNotEmpty(iPVPAuthnRequestBuilderConfiguruation.getProviderName())) {
            authnRequest.setProviderName(iPVPAuthnRequestBuilderConfiguruation.getProviderName());
        }
        if (StringUtils.isNotEmpty(iPVPAuthnRequestBuilderConfiguruation.getScopeRequesterId())) {
            Scoping scoping = (Scoping) SAML2Utils.createSAMLObject(Scoping.class);
            RequesterID requesterID = (RequesterID) SAML2Utils.createSAMLObject(RequesterID.class);
            requesterID.setRequesterID(iPVPAuthnRequestBuilderConfiguruation.getScopeRequesterId());
            scoping.getRequesterIDs().add(requesterID);
            authnRequest.setScoping(scoping);
        }
        if (iPVPAuthnRequestBuilderConfiguruation.getRequestedAttributes() != null) {
            List<EAAFRequestedAttribute> requestedAttributes = iPVPAuthnRequestBuilderConfiguruation.getRequestedAttributes();
            Extensions buildObject = new EAAFRequestExtensionBuilder().buildObject();
            EAAFRequestedAttributes eAAFRequestedAttributes = (EAAFRequestedAttributes) SAML2Utils.createSAMLObject(EAAFRequestedAttributes.class);
            eAAFRequestedAttributes.getAttributes().addAll(requestedAttributes);
            buildObject.getUnknownXMLObjects().add(eAAFRequestedAttributes);
            authnRequest.setExtensions(buildObject);
        }
        IEncoder iEncoder = null;
        if (singleSignOnService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
            iEncoder = (IEncoder) this.springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
        } else if (singleSignOnService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
            iEncoder = (IEncoder) this.springContext.getBean("PVPPOSTBinding", PostBinding.class);
        }
        iEncoder.encodeRequest((HttpServletRequest) null, httpServletResponse, authnRequest, singleSignOnService.getLocation(), iRequest.getPendingRequestId(), iPVPAuthnRequestBuilderConfiguruation.getAuthnRequestSigningCredential(), iRequest);
    }
}
