package com.atlassian.crowd.sso.saml.impl.opensaml.action;

import com.atlassian.crowd.sso.saml.impl.opensaml.context.AuthorizationContext;
import com.atlassian.crowd.sso.saml.impl.opensaml.util.XMLObjectBuilders;
import javax.annotation.Nonnull;
import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGenerationStrategy;
import org.joda.time.DateTime;
import org.opensaml.core.xml.schema.XSBoolean;
import org.opensaml.core.xml.schema.XSBooleanValue;
import org.opensaml.profile.action.AbstractProfileAction;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.AttributeValue;
import org.opensaml.saml.saml2.core.AuthnContext;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.profile.SAML2ActionSupport;

/* loaded from: input_file:com/atlassian/crowd/sso/saml/impl/opensaml/action/AddAssertionAction.class */
public class AddAssertionAction extends AbstractProfileAction<AuthnRequest, Response> {
    private final String issuer;

    public AddAssertionAction(String str) {
        this.issuer = str;
    }

    public void doExecute(@Nonnull ProfileRequestContext<AuthnRequest, Response> profileRequestContext) {
        Assertion addAssertionToResponse = SAML2ActionSupport.addAssertionToResponse(this, (Response) profileRequestContext.getOutboundMessageContext().getMessage(), new SecureRandomIdentifierGenerationStrategy(), this.issuer);
        addAssertionToResponse.getAuthnStatements().add(buildAuthnStatement());
        AuthorizationContext authorizationContext = (AuthorizationContext) profileRequestContext.getSubcontext(AuthorizationContext.class);
        if (authorizationContext != null) {
            addAssertionToResponse.getAttributeStatements().add(buildAttributeStatement(authorizationContext.isRememberMe()));
        }
    }

    private AuthnStatement buildAuthnStatement() {
        AuthnContext buildSAMLObjectOrThrow = XMLObjectBuilders.buildSAMLObjectOrThrow(AuthnContext.TYPE_NAME);
        AuthnStatement buildSAMLObjectOrThrow2 = XMLObjectBuilders.buildSAMLObjectOrThrow(AuthnStatement.TYPE_NAME);
        AuthnContextClassRef buildSAMLObjectOrThrow3 = XMLObjectBuilders.buildSAMLObjectOrThrow(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
        buildSAMLObjectOrThrow3.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:Password");
        buildSAMLObjectOrThrow.setAuthnContextClassRef(buildSAMLObjectOrThrow3);
        buildSAMLObjectOrThrow2.setAuthnContext(buildSAMLObjectOrThrow);
        buildSAMLObjectOrThrow2.setAuthnInstant(DateTime.now());
        return buildSAMLObjectOrThrow2;
    }

    private AttributeStatement buildAttributeStatement(boolean z) {
        AttributeStatement buildSAMLObjectOrThrow = XMLObjectBuilders.buildSAMLObjectOrThrow(AttributeStatement.TYPE_NAME);
        Attribute buildSAMLObjectOrThrow2 = XMLObjectBuilders.buildSAMLObjectOrThrow(Attribute.TYPE_NAME);
        XSBoolean buildXMLObjectOrThrow = XMLObjectBuilders.buildXMLObjectOrThrow(XSBoolean.TYPE_NAME, AttributeValue.DEFAULT_ELEMENT_NAME, XSBoolean.TYPE_NAME);
        buildXMLObjectOrThrow.setValue(new XSBooleanValue(Boolean.valueOf(z), false));
        buildSAMLObjectOrThrow2.setName("atl.crowd.properties.remember_me");
        buildSAMLObjectOrThrow2.getAttributeValues().add(buildXMLObjectOrThrow);
        buildSAMLObjectOrThrow.getAttributes().add(buildSAMLObjectOrThrow2);
        return buildSAMLObjectOrThrow;
    }
}
