package org.springframework.security.saml2.provider.service.authentication;

import java.nio.charset.StandardCharsets;
import java.time.Clock;
import java.time.Instant;
import java.util.Map;
import java.util.UUID;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.core.xml.config.XMLObjectProviderRegistry;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder;
import org.opensaml.saml.saml2.core.impl.IssuerBuilder;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.saml2.core.OpenSamlInitializationService;
import org.springframework.security.saml2.core.Saml2ParameterNames;
import org.springframework.security.saml2.provider.service.authentication.OpenSamlSigningUtils;
import org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/spring-security-saml2-service-provider-5.6.0.jar:org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationRequestFactory.class */
public final class OpenSaml4AuthenticationRequestFactory implements Saml2AuthenticationRequestFactory {
    private final AuthnRequestBuilder authnRequestBuilder;
    private final IssuerBuilder issuerBuilder;
    private Clock clock = Clock.systemUTC();
    private Converter<Saml2AuthenticationRequestContext, AuthnRequest> authenticationRequestContextConverter = this::createAuthnRequest;

    public OpenSaml4AuthenticationRequestFactory() {
        XMLObjectProviderRegistry xMLObjectProviderRegistry = (XMLObjectProviderRegistry) ConfigurationService.get(XMLObjectProviderRegistry.class);
        this.authnRequestBuilder = (AuthnRequestBuilder) xMLObjectProviderRegistry.getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
        this.issuerBuilder = (IssuerBuilder) xMLObjectProviderRegistry.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
    }

    @Override // org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory
    @Deprecated
    public String createAuthenticationRequest(Saml2AuthenticationRequest saml2AuthenticationRequest) {
        RelyingPartyRegistration build = RelyingPartyRegistration.withRegistrationId("noId").assertionConsumerServiceBinding(Saml2MessageBinding.POST).assertionConsumerServiceLocation(saml2AuthenticationRequest.getAssertionConsumerServiceUrl()).entityId(saml2AuthenticationRequest.getIssuer()).remoteIdpEntityId("noIssuer").idpWebSsoUrl("noUrl").credentials(collection -> {
            collection.addAll(saml2AuthenticationRequest.getCredentials());
        }).build();
        return OpenSamlSigningUtils.serialize(OpenSamlSigningUtils.sign(this.authenticationRequestContextConverter.convert(Saml2AuthenticationRequestContext.builder().relyingPartyRegistration(build).issuer(saml2AuthenticationRequest.getIssuer()).assertionConsumerServiceUrl(saml2AuthenticationRequest.getAssertionConsumerServiceUrl()).build()), build));
    }

    @Override // org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory
    public Saml2PostAuthenticationRequest createPostAuthenticationRequest(Saml2AuthenticationRequestContext saml2AuthenticationRequestContext) {
        AuthnRequest convert = this.authenticationRequestContextConverter.convert(saml2AuthenticationRequestContext);
        RelyingPartyRegistration relyingPartyRegistration = saml2AuthenticationRequestContext.getRelyingPartyRegistration();
        if (relyingPartyRegistration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
            OpenSamlSigningUtils.sign(convert, relyingPartyRegistration);
        }
        return Saml2PostAuthenticationRequest.withAuthenticationRequestContext(saml2AuthenticationRequestContext).samlRequest(Saml2Utils.samlEncode(OpenSamlSigningUtils.serialize(convert).getBytes(StandardCharsets.UTF_8))).build();
    }

    @Override // org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory
    public Saml2RedirectAuthenticationRequest createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext saml2AuthenticationRequestContext) {
        AuthnRequest convert = this.authenticationRequestContextConverter.convert(saml2AuthenticationRequestContext);
        RelyingPartyRegistration relyingPartyRegistration = saml2AuthenticationRequestContext.getRelyingPartyRegistration();
        String serialize = OpenSamlSigningUtils.serialize(convert);
        Saml2RedirectAuthenticationRequest.Builder withAuthenticationRequestContext = Saml2RedirectAuthenticationRequest.withAuthenticationRequestContext(saml2AuthenticationRequestContext);
        String samlEncode = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(serialize));
        withAuthenticationRequestContext.samlRequest(samlEncode).relayState(saml2AuthenticationRequestContext.getRelayState());
        if (!relyingPartyRegistration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
            return withAuthenticationRequestContext.build();
        }
        OpenSamlSigningUtils.QueryParametersPartial param = OpenSamlSigningUtils.sign(relyingPartyRegistration).param(Saml2ParameterNames.SAML_REQUEST, samlEncode);
        if (StringUtils.hasText(saml2AuthenticationRequestContext.getRelayState())) {
            param.param("RelayState", saml2AuthenticationRequestContext.getRelayState());
        }
        Map<String, String> parameters = param.parameters();
        return withAuthenticationRequestContext.sigAlg(parameters.get(Saml2ParameterNames.SIG_ALG)).signature(parameters.get("Signature")).build();
    }

    private AuthnRequest createAuthnRequest(Saml2AuthenticationRequestContext saml2AuthenticationRequestContext) {
        String issuer = saml2AuthenticationRequestContext.getIssuer();
        String destination = saml2AuthenticationRequestContext.getDestination();
        String assertionConsumerServiceUrl = saml2AuthenticationRequestContext.getAssertionConsumerServiceUrl();
        String urn = saml2AuthenticationRequestContext.getRelyingPartyRegistration().getAssertionConsumerServiceBinding().getUrn();
        AuthnRequest mo14771buildObject = this.authnRequestBuilder.mo14771buildObject();
        if (mo14771buildObject.getID() == null) {
            mo14771buildObject.setID("ARQ" + UUID.randomUUID().toString().substring(1));
        }
        if (mo14771buildObject.getIssueInstant() == null) {
            mo14771buildObject.setIssueInstant(Instant.now(this.clock));
        }
        if (mo14771buildObject.isForceAuthn() == null) {
            mo14771buildObject.setForceAuthn(Boolean.FALSE);
        }
        if (mo14771buildObject.isPassive() == null) {
            mo14771buildObject.setIsPassive(Boolean.FALSE);
        }
        if (mo14771buildObject.getProtocolBinding() == null) {
            mo14771buildObject.setProtocolBinding(SAMLConstants.SAML2_POST_BINDING_URI);
        }
        mo14771buildObject.setProtocolBinding(urn);
        Issuer mo14771buildObject2 = this.issuerBuilder.mo14771buildObject();
        mo14771buildObject2.setValue(issuer);
        mo14771buildObject.setIssuer(mo14771buildObject2);
        mo14771buildObject.setDestination(destination);
        mo14771buildObject.setAssertionConsumerServiceURL(assertionConsumerServiceUrl);
        return mo14771buildObject;
    }

    public void setAuthenticationRequestContextConverter(Converter<Saml2AuthenticationRequestContext, AuthnRequest> converter) {
        Assert.notNull(converter, "authenticationRequestContextConverter cannot be null");
        this.authenticationRequestContextConverter = converter;
    }

    public void setClock(Clock clock) {
        Assert.notNull(clock, "clock cannot be null");
        this.clock = clock;
    }

    static {
        OpenSamlInitializationService.initialize();
    }
}
