package at.gv.egiz.eaaf.modules.pvp2.sp.impl;

import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestExtensionBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGenerationStrategy;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.opensaml.messaging.encoder.MessageEncodingException;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Extensions;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml.saml2.core.RequesterID;
import org.opensaml.saml.saml2.core.Scoping;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.class */
public class PvpAuthnRequestBuilder {
    private static final Logger log = LoggerFactory.getLogger(PvpAuthnRequestBuilder.class);

    @Autowired(required = true)
    ApplicationContext springContext;

    public void buildAuthnRequest(IRequest iRequest, IPvpAuthnRequestBuilderConfiguruation iPvpAuthnRequestBuilderConfiguruation, HttpServletResponse httpServletResponse) throws NoSuchAlgorithmException, MessageEncodingException, Pvp2Exception, SecurityException {
        IEncoder iEncoder;
        EntityDescriptor idpEntityDescriptor = iPvpAuthnRequestBuilderConfiguruation.getIdpEntityDescriptor();
        AuthnRequest authnRequest = (AuthnRequest) Saml2Utils.createSamlObject(AuthnRequest.class);
        SingleSignOnService singleSignOnService = null;
        for (SingleSignOnService singleSignOnService2 : idpEntityDescriptor.getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol").getSingleSignOnServices()) {
            if (singleSignOnService2.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
                singleSignOnService = singleSignOnService2;
            } else if (singleSignOnService2.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect") && singleSignOnService == null) {
                singleSignOnService = singleSignOnService2;
            }
        }
        if (singleSignOnService == null) {
            log.warn("Building AuthnRequest FAILED: > Requested IDP " + idpEntityDescriptor.getEntityID() + " does not support POST or Redirect Binding.");
            throw new AuthnRequestBuildException("sp.pvp2.00", new Object[]{iPvpAuthnRequestBuilderConfiguruation.getSpNameForLogging(), idpEntityDescriptor.getEntityID()});
        }
        authnRequest.setDestination(singleSignOnService.getLocation());
        String requestID = iPvpAuthnRequestBuilderConfiguruation.getRequestID();
        if (StringUtils.isNotEmpty(requestID)) {
            authnRequest.setID(requestID);
        } else {
            authnRequest.setID(new SecureRandomIdentifierGenerationStrategy().generateIdentifier());
        }
        authnRequest.setIssueInstant(new DateTime());
        if (iPvpAuthnRequestBuilderConfiguruation.isPassivRequest() == null) {
            authnRequest.setIsPassive(false);
        } else {
            authnRequest.setIsPassive(iPvpAuthnRequestBuilderConfiguruation.isPassivRequest());
        }
        Issuer issuer = (Issuer) Saml2Utils.createSamlObject(Issuer.class);
        issuer.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
        issuer.setValue(iPvpAuthnRequestBuilderConfiguruation.getSpEntityID());
        authnRequest.setIssuer(issuer);
        if (iPvpAuthnRequestBuilderConfiguruation.getAssertionConsumerServiceId() != null) {
            authnRequest.setAssertionConsumerServiceIndex(iPvpAuthnRequestBuilderConfiguruation.getAssertionConsumerServiceId());
        }
        if (iPvpAuthnRequestBuilderConfiguruation.getNameIdPolicyFormat() != null) {
            NameIDPolicy nameIDPolicy = (NameIDPolicy) Saml2Utils.createSamlObject(NameIDPolicy.class);
            nameIDPolicy.setAllowCreate(Boolean.valueOf(iPvpAuthnRequestBuilderConfiguruation.getNameIdPolicyAllowCreation()));
            nameIDPolicy.setFormat(iPvpAuthnRequestBuilderConfiguruation.getNameIdPolicyFormat());
            authnRequest.setNameIDPolicy(nameIDPolicy);
        }
        if (iPvpAuthnRequestBuilderConfiguruation.getAuthnContextClassRef() != null) {
            RequestedAuthnContext requestedAuthnContext = (RequestedAuthnContext) Saml2Utils.createSamlObject(RequestedAuthnContext.class);
            AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) Saml2Utils.createSamlObject(AuthnContextClassRef.class);
            authnContextClassRef.setAuthnContextClassRef(iPvpAuthnRequestBuilderConfiguruation.getAuthnContextClassRef());
            if (iPvpAuthnRequestBuilderConfiguruation.getAuthnContextComparison() == null) {
                requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
            } else {
                requestedAuthnContext.setComparison(iPvpAuthnRequestBuilderConfiguruation.getAuthnContextComparison());
            }
            requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
            authnRequest.setRequestedAuthnContext(requestedAuthnContext);
        }
        if (StringUtils.isNotEmpty(iPvpAuthnRequestBuilderConfiguruation.getSubjectNameID())) {
            Subject subject = (Subject) Saml2Utils.createSamlObject(Subject.class);
            NameID nameID = (NameID) Saml2Utils.createSamlObject(NameID.class);
            nameID.setValue(iPvpAuthnRequestBuilderConfiguruation.getSubjectNameID());
            if (StringUtils.isNotEmpty(iPvpAuthnRequestBuilderConfiguruation.getSubjectNameIdQualifier())) {
                nameID.setNameQualifier(iPvpAuthnRequestBuilderConfiguruation.getSubjectNameIdQualifier());
            }
            if (StringUtils.isNotEmpty(iPvpAuthnRequestBuilderConfiguruation.getSubjectNameIdFormat())) {
                nameID.setFormat(iPvpAuthnRequestBuilderConfiguruation.getSubjectNameIdFormat());
            } else {
                nameID.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
            }
            subject.setNameID(nameID);
            if (iPvpAuthnRequestBuilderConfiguruation.getSubjectConformationDate() != null) {
                SubjectConfirmation subjectConfirmation = (SubjectConfirmation) Saml2Utils.createSamlObject(SubjectConfirmation.class);
                SubjectConfirmationData subjectConfirmationData = (SubjectConfirmationData) Saml2Utils.createSamlObject(SubjectConfirmationData.class);
                subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
                subject.getSubjectConfirmations().add(subjectConfirmation);
                if (iPvpAuthnRequestBuilderConfiguruation.getSubjectConformationMethode() != null) {
                    subjectConfirmation.setMethod(iPvpAuthnRequestBuilderConfiguruation.getSubjectConformationMethode());
                }
                subjectConfirmationData.setDOM(iPvpAuthnRequestBuilderConfiguruation.getSubjectConformationDate());
            }
            authnRequest.setSubject(subject);
        }
        if (StringUtils.isNotEmpty(iPvpAuthnRequestBuilderConfiguruation.getProviderName())) {
            authnRequest.setProviderName(iPvpAuthnRequestBuilderConfiguruation.getProviderName());
        }
        if (StringUtils.isNotEmpty(iPvpAuthnRequestBuilderConfiguruation.getScopeRequesterId())) {
            Scoping scoping = (Scoping) Saml2Utils.createSamlObject(Scoping.class);
            RequesterID requesterID = (RequesterID) Saml2Utils.createSamlObject(RequesterID.class);
            requesterID.setRequesterID(iPvpAuthnRequestBuilderConfiguruation.getScopeRequesterId());
            scoping.getRequesterIDs().add(requesterID);
            authnRequest.setScoping(scoping);
        }
        if (iPvpAuthnRequestBuilderConfiguruation.getRequestedAttributes() != null) {
            List<EaafRequestedAttribute> requestedAttributes = iPvpAuthnRequestBuilderConfiguruation.getRequestedAttributes();
            Extensions buildObject = new EaafRequestExtensionBuilder().buildObject();
            EaafRequestedAttributes eaafRequestedAttributes = (EaafRequestedAttributes) Saml2Utils.createSamlObject(EaafRequestedAttributes.class);
            eaafRequestedAttributes.getAttributes().addAll(requestedAttributes);
            buildObject.getUnknownXMLObjects().add(eaafRequestedAttributes);
            authnRequest.setExtensions(buildObject);
        }
        if (singleSignOnService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
            iEncoder = (IEncoder) this.springContext.getBean("PvpRedirectBinding", RedirectBinding.class);
        } else {
            if (!singleSignOnService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
                log.warn("Binding: {} is not supported", singleSignOnService.getBinding());
                throw new AuthnRequestBuildException("sp.pvp2.00", new Object[]{iPvpAuthnRequestBuilderConfiguruation.getSpNameForLogging(), idpEntityDescriptor.getEntityID()});
            }
            iEncoder = (IEncoder) this.springContext.getBean("PvpPostBinding", PostBinding.class);
        }
        iEncoder.encodeRequest((HttpServletRequest) null, httpServletResponse, authnRequest, singleSignOnService.getLocation(), iRequest.getPendingRequestId(), iPvpAuthnRequestBuilderConfiguruation.getAuthnRequestSigningCredential(), iRequest);
    }
}
