package net.shibboleth.idp.cas.flow.impl;

import java.time.Instant;
import java.util.Iterator;
import javax.annotation.Nonnull;
import net.shibboleth.idp.cas.attribute.Attribute;
import net.shibboleth.idp.cas.protocol.ProtocolError;
import net.shibboleth.idp.cas.protocol.TicketValidationRequest;
import net.shibboleth.idp.cas.protocol.TicketValidationResponse;
import net.shibboleth.idp.cas.ticket.TicketState;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy;
import org.opensaml.core.xml.XMLObjectBuilder;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.schema.XSString;
import org.opensaml.profile.action.EventException;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml1.core.Assertion;
import org.opensaml.saml.saml1.core.AttributeStatement;
import org.opensaml.saml.saml1.core.AttributeValue;
import org.opensaml.saml.saml1.core.Audience;
import org.opensaml.saml.saml1.core.AudienceRestrictionCondition;
import org.opensaml.saml.saml1.core.AuthenticationStatement;
import org.opensaml.saml.saml1.core.Conditions;
import org.opensaml.saml.saml1.core.ConfirmationMethod;
import org.opensaml.saml.saml1.core.NameIdentifier;
import org.opensaml.saml.saml1.core.Response;
import org.opensaml.saml.saml1.core.Status;
import org.opensaml.saml.saml1.core.StatusCode;
import org.opensaml.saml.saml1.core.Subject;
import org.opensaml.saml.saml1.core.SubjectConfirmation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/idp-cas-impl-4.1.2.jar:net/shibboleth/idp/cas/flow/impl/BuildSamlValidationSuccessMessageAction.class */
public class BuildSamlValidationSuccessMessageAction extends AbstractOutgoingSamlMessageAction {
    private static final String NAMESPACE = "http://www.ja-sig.org/products/cas/";
    private final Logger log = LoggerFactory.getLogger((Class<?>) BuildSamlValidationSuccessMessageAction.class);
    private final XMLObjectBuilder<XSString> attrValueBuilder;

    @Nonnull
    private final IdentifierGenerationStrategy identifierGenerationStrategy;

    @Nonnull
    private final String entityID;

    public BuildSamlValidationSuccessMessageAction(@Nonnull IdentifierGenerationStrategy identifierGenerationStrategy, @NotEmpty @Nonnull String str) {
        Constraint.isNotNull(identifierGenerationStrategy, "IdentifierGenerationStrategy cannot be null");
        this.identifierGenerationStrategy = identifierGenerationStrategy;
        this.entityID = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "EntityID cannot be null");
        this.attrValueBuilder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(XSString.TYPE_NAME);
    }

    @Override // net.shibboleth.idp.cas.flow.impl.AbstractOutgoingSamlMessageAction
    @Nonnull
    protected Response buildSamlResponse(@Nonnull ProfileRequestContext profileRequestContext) throws EventException {
        Instant now = Instant.now();
        TicketValidationRequest cASRequest = getCASRequest(profileRequestContext);
        TicketValidationResponse cASResponse = getCASResponse(profileRequestContext);
        TicketState ticketState = getCASTicket(profileRequestContext).getTicketState();
        if (ticketState == null) {
            throw new EventException(ProtocolError.IllegalState.name());
        }
        this.log.debug("Building SAML response for {} in IdP session {}", cASRequest.getService(), ticketState.getSessionId());
        Response response = (Response) newSAMLObject(Response.class, Response.DEFAULT_ELEMENT_NAME);
        response.setID(cASRequest.getTicket());
        response.setIssueInstant(now);
        Status status = (Status) newSAMLObject(Status.class, Status.DEFAULT_ELEMENT_NAME);
        StatusCode statusCode = (StatusCode) newSAMLObject(StatusCode.class, StatusCode.DEFAULT_ELEMENT_NAME);
        statusCode.setValue(StatusCode.SUCCESS);
        status.setStatusCode(statusCode);
        response.setStatus(status);
        Assertion assertion = (Assertion) newSAMLObject(Assertion.class, Assertion.DEFAULT_ELEMENT_NAME);
        assertion.setID(this.identifierGenerationStrategy.generateIdentifier());
        assertion.setIssueInstant(now);
        assertion.setVersion(SAMLVersion.VERSION_11);
        assertion.setIssuer(this.entityID);
        Conditions conditions = (Conditions) newSAMLObject(Conditions.class, Conditions.DEFAULT_ELEMENT_NAME);
        conditions.setNotBefore(now);
        conditions.setNotOnOrAfter(now.plusSeconds(60L));
        AudienceRestrictionCondition audienceRestrictionCondition = (AudienceRestrictionCondition) newSAMLObject(AudienceRestrictionCondition.class, AudienceRestrictionCondition.DEFAULT_ELEMENT_NAME);
        Audience audience = (Audience) newSAMLObject(Audience.class, Audience.DEFAULT_ELEMENT_NAME);
        audience.setURI(cASRequest.getService());
        audienceRestrictionCondition.getAudiences().add(audience);
        conditions.getAudienceRestrictionConditions().add(audienceRestrictionCondition);
        assertion.setConditions(conditions);
        assertion.getAuthenticationStatements().add(newAuthenticationStatement(now, ticketState.getAuthenticationMethod(), ticketState.getPrincipalName()));
        AttributeStatement attributeStatement = (AttributeStatement) newSAMLObject(AttributeStatement.class, AttributeStatement.DEFAULT_ELEMENT_NAME);
        attributeStatement.setSubject(newSubject(ticketState.getPrincipalName()));
        for (Attribute attribute : cASResponse.getAttributes()) {
            org.opensaml.saml.saml1.core.Attribute attribute2 = (org.opensaml.saml.saml1.core.Attribute) newSAMLObject(org.opensaml.saml.saml1.core.Attribute.class, org.opensaml.saml.saml1.core.Attribute.DEFAULT_ELEMENT_NAME);
            attribute2.setAttributeName(attribute.getName());
            attribute2.setAttributeNamespace(NAMESPACE);
            Iterator<String> it = attribute.getValues().iterator();
            while (it.hasNext()) {
                attribute2.getAttributeValues().add(newAttributeValue(it.next()));
            }
            attributeStatement.getAttributes().add(attribute2);
        }
        assertion.getAttributeStatements().add(attributeStatement);
        response.getAssertions().add(assertion);
        return response;
    }

    @Nonnull
    private Subject newSubject(String str) {
        SubjectConfirmation subjectConfirmation = (SubjectConfirmation) newSAMLObject(SubjectConfirmation.class, SubjectConfirmation.DEFAULT_ELEMENT_NAME);
        ConfirmationMethod confirmationMethod = (ConfirmationMethod) newSAMLObject(ConfirmationMethod.class, ConfirmationMethod.DEFAULT_ELEMENT_NAME);
        confirmationMethod.setURI(ConfirmationMethod.METHOD_ARTIFACT);
        subjectConfirmation.getConfirmationMethods().add(confirmationMethod);
        NameIdentifier nameIdentifier = (NameIdentifier) newSAMLObject(NameIdentifier.class, NameIdentifier.DEFAULT_ELEMENT_NAME);
        nameIdentifier.setValue(str);
        Subject subject = (Subject) newSAMLObject(Subject.class, Subject.DEFAULT_ELEMENT_NAME);
        subject.setNameIdentifier(nameIdentifier);
        subject.setSubjectConfirmation(subjectConfirmation);
        return subject;
    }

    private AuthenticationStatement newAuthenticationStatement(Instant instant, String str, String str2) {
        AuthenticationStatement authenticationStatement = (AuthenticationStatement) newSAMLObject(AuthenticationStatement.class, AuthenticationStatement.DEFAULT_ELEMENT_NAME);
        authenticationStatement.setAuthenticationInstant(instant);
        authenticationStatement.setAuthenticationMethod(str);
        authenticationStatement.setSubject(newSubject(str2));
        return authenticationStatement;
    }

    private XSString newAttributeValue(String str) {
        XSString buildObject = this.attrValueBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
        buildObject.setValue(str);
        return buildObject;
    }
}
