package org.pac4j.saml.sso;

import java.util.Random;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.SAMLVersion;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder;
import org.opensaml.saml2.core.impl.NameIDPolicyBuilder;
import org.opensaml.saml2.core.impl.RequestedAuthnContextBuilder;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.pac4j.saml.util.SamlUtils;

/* loaded from: input_file:WEB-INF/lib/pac4j-saml-1.6.0.jar:org/pac4j/saml/sso/Saml2AuthnRequestBuilder.class */
public class Saml2AuthnRequestBuilder {
    private boolean forceAuth;
    private AuthnContextComparisonTypeEnumeration comparisonType;
    private String bindingType;
    private String authnContextClassRef;
    private String nameIdPolicyFormat;
    private final XMLObjectBuilderFactory builderFactory;

    public Saml2AuthnRequestBuilder() {
        this.bindingType = SAMLConstants.SAML2_POST_BINDING_URI;
        this.authnContextClassRef = null;
        this.nameIdPolicyFormat = null;
        this.builderFactory = Configuration.getBuilderFactory();
    }

    public Saml2AuthnRequestBuilder(boolean z, String str, String str2, String str3, String str4) {
        this.bindingType = SAMLConstants.SAML2_POST_BINDING_URI;
        this.authnContextClassRef = null;
        this.nameIdPolicyFormat = null;
        this.builderFactory = Configuration.getBuilderFactory();
        this.forceAuth = z;
        this.comparisonType = getComparisonTypeEnumFromString(str);
        this.bindingType = str2;
        this.authnContextClassRef = str3;
        this.nameIdPolicyFormat = str4;
    }

    public AuthnRequest build(SAMLMessageContext sAMLMessageContext) {
        SPSSODescriptor sPSSODescriptor = (SPSSODescriptor) sAMLMessageContext.getLocalEntityRoleMetadata();
        return buildAuthnRequest(sAMLMessageContext, SamlUtils.getAssertionConsumerService(sPSSODescriptor, null), SamlUtils.getSingleSignOnService((IDPSSODescriptor) sAMLMessageContext.getPeerEntityRoleMetadata(), this.bindingType));
    }

    protected AuthnRequest buildAuthnRequest(SAMLMessageContext sAMLMessageContext, AssertionConsumerService assertionConsumerService, SingleSignOnService singleSignOnService) {
        AuthnRequest authnRequest = (AuthnRequest) ((SAMLObjectBuilder) this.builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME)).mo1054buildObject();
        if (this.comparisonType != null) {
            RequestedAuthnContext mo1054buildObject = new RequestedAuthnContextBuilder().mo1054buildObject();
            mo1054buildObject.setComparison(this.comparisonType);
            if (this.authnContextClassRef != null) {
                AuthnContextClassRef mo1054buildObject2 = new AuthnContextClassRefBuilder().mo1054buildObject();
                mo1054buildObject2.setAuthnContextClassRef(this.authnContextClassRef);
                mo1054buildObject.getAuthnContextClassRefs().add(mo1054buildObject2);
            }
            authnRequest.setRequestedAuthnContext(mo1054buildObject);
        }
        authnRequest.setID(generateID());
        authnRequest.setIssuer(getIssuer(sAMLMessageContext.getLocalEntityId()));
        authnRequest.setIssueInstant(new DateTime());
        authnRequest.setVersion(SAMLVersion.VERSION_20);
        authnRequest.setIsPassive((Boolean) false);
        authnRequest.setForceAuthn(Boolean.valueOf(this.forceAuth));
        authnRequest.setProviderName("pac4j-saml");
        if (this.nameIdPolicyFormat != null) {
            NameIDPolicy mo1054buildObject3 = new NameIDPolicyBuilder().mo1054buildObject();
            mo1054buildObject3.setAllowCreate((Boolean) true);
            mo1054buildObject3.setFormat(this.nameIdPolicyFormat);
            authnRequest.setNameIDPolicy(mo1054buildObject3);
        }
        authnRequest.setDestination(singleSignOnService.getLocation());
        authnRequest.setAssertionConsumerServiceURL(assertionConsumerService.getLocation());
        authnRequest.setProtocolBinding(assertionConsumerService.getBinding());
        return authnRequest;
    }

    protected Issuer getIssuer(String str) {
        Issuer issuer = (Issuer) ((SAMLObjectBuilder) this.builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME)).mo1054buildObject();
        issuer.setValue(str);
        return issuer;
    }

    protected String generateID() {
        Random random = new Random();
        return '_' + Long.toString(Math.abs(random.nextLong()), 16) + Long.toString(Math.abs(random.nextLong()), 16);
    }

    protected AuthnContextComparisonTypeEnumeration getComparisonTypeEnumFromString(String str) {
        if ("exact".equals(str)) {
            return AuthnContextComparisonTypeEnumeration.EXACT;
        }
        if ("minimum".equals(str)) {
            return AuthnContextComparisonTypeEnumeration.MINIMUM;
        }
        if ("maximum".equals(str)) {
            return AuthnContextComparisonTypeEnumeration.MAXIMUM;
        }
        if ("better".equals(str)) {
            return AuthnContextComparisonTypeEnumeration.BETTER;
        }
        return null;
    }
}
