package org.apereo.cas.support.saml.web.idp.profile;

import java.time.Instant;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.Objects;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.decoder.MessageDecodingException;
import org.opensaml.saml.common.binding.SAMLBindingSupport;
import org.opensaml.saml.common.messaging.context.SAMLBindingContext;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.GetMapping;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/SamlIdPInitiatedProfileHandlerController.class */
public class SamlIdPInitiatedProfileHandlerController extends AbstractSamlIdPProfileHandlerController {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlIdPInitiatedProfileHandlerController.class);

    public SamlIdPInitiatedProfileHandlerController(SamlProfileHandlerConfigurationContext samlProfileHandlerConfigurationContext) {
        super(samlProfileHandlerConfigurationContext);
    }

    @GetMapping(path = {"/idp/profile/SAML2/Unsolicited/SSO"})
    protected void handleIdPInitiatedSsoRequest(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) throws Exception {
        String parameter = httpServletRequest.getParameter("providerId");
        if (StringUtils.isBlank(parameter)) {
            LOGGER.warn("No providerId parameter given in unsolicited SSO authentication request.");
            throw new MessageDecodingException("Missing providerId");
        }
        SamlRegisteredService verifySamlRegisteredService = verifySamlRegisteredService(parameter);
        Optional<SamlRegisteredServiceServiceProviderMetadataFacade> samlMetadataFacadeFor = getSamlMetadataFacadeFor(verifySamlRegisteredService, parameter);
        if (samlMetadataFacadeFor.isEmpty()) {
            throw new UnauthorizedServiceException("screen.service.error.message", "Cannot find metadata linked to " + parameter);
        }
        String parameter2 = httpServletRequest.getParameter("shire");
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = samlMetadataFacadeFor.get();
        if (StringUtils.isBlank(parameter2)) {
            LOGGER.warn("Resolving service provider assertion consumer service URL for [{}] and binding [{}]", parameter, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
            AssertionConsumerService assertionConsumerService = samlRegisteredServiceServiceProviderMetadataFacade.getAssertionConsumerService("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
            if (assertionConsumerService == null || StringUtils.isBlank(assertionConsumerService.getLocation())) {
                throw new MessageDecodingException("Unable to resolve SP ACS URL location for binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
            }
            parameter2 = assertionConsumerService.getLocation();
        }
        if (StringUtils.isBlank(parameter2)) {
            LOGGER.warn("Unable to resolve service provider assertion consumer service URL for AuthnRequest construction for entityID: [{}]", parameter);
            throw new MessageDecodingException("Unable to resolve SP ACS URL for AuthnRequest construction");
        }
        String parameter3 = httpServletRequest.getParameter("target");
        String parameter4 = httpServletRequest.getParameter("time");
        AuthnRequest buildObject = getSamlProfileHandlerConfigurationContext().getOpenSamlConfigBean().getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setAssertionConsumerServiceURL(parameter2);
        Issuer buildObject2 = getSamlProfileHandlerConfigurationContext().getOpenSamlConfigBean().getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject2.setValue(parameter);
        buildObject.setIssuer(buildObject2);
        buildObject.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        NameIDPolicy buildObject3 = getSamlProfileHandlerConfigurationContext().getOpenSamlConfigBean().getBuilderFactory().getBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject3.setAllowCreate(Boolean.TRUE);
        buildObject.setNameIDPolicy(buildObject3);
        if (NumberUtils.isCreatable(parameter4)) {
            buildObject.setIssueInstant(Instant.ofEpochMilli(Long.parseLong(parameter4)));
        } else {
            buildObject.setIssueInstant(ZonedDateTime.now(ZoneOffset.UTC).toInstant());
        }
        buildObject.setForceAuthn(Boolean.FALSE);
        if (StringUtils.isNotBlank(parameter3)) {
            httpServletRequest.setAttribute("RelayState", parameter3);
        }
        MessageContext messageContext = new MessageContext();
        if (samlRegisteredServiceServiceProviderMetadataFacade.isAuthnRequestsSigned() || verifySamlRegisteredService.isSignUnsolicitedAuthnRequest()) {
            getSamlProfileHandlerConfigurationContext().getSamlObjectSigner().encode(buildObject, verifySamlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, httpServletResponse, httpServletRequest, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", buildObject);
        }
        messageContext.setMessage(buildObject);
        ((SAMLBindingContext) Objects.requireNonNull(messageContext.getSubcontext(SAMLBindingContext.class, true))).setHasBindingSignature(false);
        SAMLBindingSupport.setRelayState(messageContext, parameter3);
        initiateAuthenticationRequest(Pair.of(buildObject, messageContext), httpServletResponse, httpServletRequest);
    }
}
