package org.apereo.cas.support.saml.web.idp.profile;

import java.security.SecureRandom;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apereo.cas.support.saml.SamlIdPConstants;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.jasig.cas.client.util.CommonUtils;
import org.joda.time.DateTime;
import org.joda.time.chrono.ISOChronology;
import org.opensaml.messaging.decoder.MessageDecodingException;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/IdPInitiatedProfileHandlerController.class */
public class IdPInitiatedProfileHandlerController extends AbstractSamlProfileHandlerController {
    @RequestMapping(path = {SamlIdPConstants.ENDPOINT_SAML2_IDP_INIT_PROFILE_SSO}, method = {RequestMethod.GET})
    protected void handleIdPInitiatedSsoRequest(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) throws Exception {
        String safeGetParameter = CommonUtils.safeGetParameter(httpServletRequest, "providerId");
        if (StringUtils.isBlank(safeGetParameter)) {
            this.logger.warn("No providerId parameter given in unsolicited SSO authentication request.");
            throw new MessageDecodingException("No providerId parameter given in unsolicited SSO authentication request.");
        }
        SamlRegisteredServiceServiceProviderMetadataFacade samlMetadataFacadeFor = getSamlMetadataFacadeFor(verifySamlRegisteredService(safeGetParameter), safeGetParameter);
        String safeGetParameter2 = CommonUtils.safeGetParameter(httpServletRequest, "shire");
        if (StringUtils.isBlank(safeGetParameter2)) {
            safeGetParameter2 = samlMetadataFacadeFor.getAssertionConsumerService().getLocation();
        }
        if (StringUtils.isBlank(safeGetParameter2)) {
            this.logger.warn("Unable to resolve SP ACS URL for AuthnRequest construction for entityID: {}", safeGetParameter);
            throw new MessageDecodingException("Unable to resolve SP ACS URL for AuthnRequest construction");
        }
        String safeGetParameter3 = CommonUtils.safeGetParameter(httpServletRequest, "target");
        String safeGetParameter4 = CommonUtils.safeGetParameter(httpServletRequest, "time");
        AuthnRequest authnRequest = (AuthnRequest) this.configBean.getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME).buildObject();
        authnRequest.setAssertionConsumerServiceURL(safeGetParameter2);
        Issuer buildObject = this.configBean.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setValue(safeGetParameter);
        authnRequest.setIssuer(buildObject);
        authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        NameIDPolicy buildObject2 = this.configBean.getBuilderFactory().getBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject2.setAllowCreate(true);
        authnRequest.setNameIDPolicy(buildObject2);
        String str = "_" + String.valueOf(Math.abs(new SecureRandom().nextLong()));
        if (NumberUtils.isNumber(safeGetParameter4)) {
            authnRequest.setID(str + safeGetParameter4);
            authnRequest.setIssueInstant(new DateTime(TimeUnit.SECONDS.convert(Long.parseLong(safeGetParameter4), TimeUnit.MILLISECONDS), ISOChronology.getInstanceUTC()));
        } else {
            authnRequest.setID(str);
            authnRequest.setIssueInstant(new DateTime(DateTime.now(), ISOChronology.getInstanceUTC()));
        }
        authnRequest.setForceAuthn(false);
        if (StringUtils.isNotBlank(safeGetParameter3)) {
            httpServletRequest.setAttribute("RelayState", safeGetParameter3);
        }
        initiateAuthenticationRequest(authnRequest, httpServletResponse, httpServletRequest);
    }
}
