package com.supwisdom.institute.cas.site.saml.web.idp.profile.builders.nameid;

import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.shibboleth.idp.attribute.IdPAttribute;
import net.shibboleth.idp.attribute.StringAttributeValue;
import net.shibboleth.idp.saml.attribute.encoding.impl.SAML2StringNameIDEncoder;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.principal.PersistentIdGenerator;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlException;
import org.apereo.cas.support.saml.SamlIdPUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.util.AbstractSaml20ObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.cas.util.CollectionUtils;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.validation.Assertion;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.saml2.core.AttributeQuery;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/supwisdom/institute/cas/site/saml/web/idp/profile/builders/nameid/SamlProfileSamlNameIdBuilder.class */
public class SamlProfileSamlNameIdBuilder extends AbstractSaml20ObjectBuilder implements SamlProfileObjectBuilder<NameID> {
    private static final Logger log = LoggerFactory.getLogger(SamlProfileSamlNameIdBuilder.class);
    private static final long serialVersionUID = -6231886395225437320L;
    private final PersistentIdGenerator persistentIdGenerator;

    public SamlProfileSamlNameIdBuilder(OpenSamlConfigBean openSamlConfigBean, PersistentIdGenerator persistentIdGenerator) {
        super(openSamlConfigBean);
        this.persistentIdGenerator = persistentIdGenerator;
    }

    /* renamed from: build, reason: merged with bridge method [inline-methods] */
    public NameID m204build(RequestAbstractType requestAbstractType, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, String str, MessageContext messageContext) throws SamlException {
        return buildNameId(requestAbstractType, obj, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, messageContext);
    }

    private NameID buildNameId(RequestAbstractType requestAbstractType, Object obj, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, MessageContext messageContext) throws SamlException {
        List<String> supportedNameIdFormats = getSupportedNameIdFormats(samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade);
        validateRequiredNameIdFormatIfAny(requestAbstractType, samlRegisteredServiceServiceProviderMetadataFacade, supportedNameIdFormats, getRequiredNameIdFormatIfAny(requestAbstractType));
        return finalizeNameId(determineNameId(requestAbstractType, obj, supportedNameIdFormats, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade), requestAbstractType, obj, supportedNameIdFormats, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade);
    }

    protected NameID finalizeNameId(NameID nameID, RequestAbstractType requestAbstractType, Object obj, List<String> list, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade) {
        if (StringUtils.isNotBlank(samlRegisteredService.getNameIdQualifier())) {
            nameID.setNameQualifier(samlRegisteredService.getNameIdQualifier());
        } else {
            nameID.setNameQualifier(SamlIdPUtils.getIssuerFromSamlRequest(requestAbstractType));
        }
        if (StringUtils.isNotBlank(samlRegisteredService.getServiceProviderNameIdQualifier())) {
            nameID.setSPNameQualifier(samlRegisteredService.getServiceProviderNameIdQualifier());
        } else {
            nameID.setSPNameQualifier(samlRegisteredServiceServiceProviderMetadataFacade.getEntityId());
        }
        return nameID;
    }

    protected void validateRequiredNameIdFormatIfAny(RequestAbstractType requestAbstractType, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, List<String> list, String str) {
        if (!StringUtils.isNotBlank(str) || list.contains(str)) {
            return;
        }
        log.warn("Required NameID format [{}] in the AuthN request issued by [{}] is not supported based on the metadata for [{}]. The requested NameID format may not be honored. You should consult the metadata for this service and ensure the requested NameID format is present in the collection of supported metadata formats in the metadata, which are the following: [{}]", new Object[]{str, SamlIdPUtils.getIssuerFromSamlRequest(requestAbstractType), samlRegisteredServiceServiceProviderMetadataFacade.getEntityId(), samlRegisteredServiceServiceProviderMetadataFacade.getSupportedNameIdFormats()});
    }

    protected String getRequiredNameIdFormatIfAny(RequestAbstractType requestAbstractType) {
        String str = null;
        if (getNameIDPolicy(requestAbstractType) != null) {
            str = getNameIDPolicy(requestAbstractType).getFormat();
            log.debug("AuthN request indicates [{}] is the required NameID format", str);
            if ("urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted".equals(str)) {
                log.warn("Encrypted NameID formats are not supported");
                str = null;
            }
        }
        return str;
    }

    private NameIDPolicy getNameIDPolicy(RequestAbstractType requestAbstractType) {
        if (requestAbstractType instanceof AuthnRequest) {
            return ((AuthnRequest) AuthnRequest.class.cast(requestAbstractType)).getNameIDPolicy();
        }
        return null;
    }

    protected static List<String> getSupportedNameIdFormats(SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade) {
        List<String> supportedNameIdFormats = samlRegisteredServiceServiceProviderMetadataFacade.getSupportedNameIdFormats();
        log.debug("Metadata for [{}] declares the following NameIDs [{}]", samlRegisteredServiceServiceProviderMetadataFacade.getEntityId(), supportedNameIdFormats);
        if (supportedNameIdFormats.isEmpty()) {
            supportedNameIdFormats.add("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
            log.debug("No supported nameId formats could be determined from metadata. Added default [{}]", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
        }
        if (StringUtils.isNotBlank(samlRegisteredService.getRequiredNameIdFormat())) {
            String parseAndBuildRequiredNameIdFormat = parseAndBuildRequiredNameIdFormat(samlRegisteredService);
            supportedNameIdFormats.add(0, parseAndBuildRequiredNameIdFormat);
            log.debug("Added required nameId format [{}] based on saml service configuration for [{}]", parseAndBuildRequiredNameIdFormat, samlRegisteredService.getServiceId());
        }
        return supportedNameIdFormats;
    }

    protected NameID determineNameId(RequestAbstractType requestAbstractType, Object obj, List<String> list, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade) {
        for (String str : list) {
            log.debug("Evaluating NameID format [{}]", str);
            NameID encodeNameIdBasedOnNameFormat = encodeNameIdBasedOnNameFormat(requestAbstractType, obj, str, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade);
            if (encodeNameIdBasedOnNameFormat != null) {
                log.debug("Determined NameID based on format [{}] to be [{}]", str, encodeNameIdBasedOnNameFormat.getValue());
                return encodeNameIdBasedOnNameFormat;
            }
        }
        log.warn("No NameID could be determined based on the supported formats [{}]", list);
        return null;
    }

    protected NameID encodeNameIdBasedOnNameFormat(RequestAbstractType requestAbstractType, Object obj, String str, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade) {
        try {
            if (requestAbstractType instanceof AttributeQuery) {
                NameID nameID = ((AttributeQuery) AttributeQuery.class.cast(requestAbstractType)).getSubject().getNameID();
                nameID.detach();
                log.debug("Choosing NameID format [{}] with value [{}] for attribute query", nameID.getFormat(), nameID.getValue());
                return nameID;
            }
            IdPAttribute prepareNameIdAttribute = prepareNameIdAttribute(obj, str, samlRegisteredServiceServiceProviderMetadataFacade, samlRegisteredService);
            SAML2StringNameIDEncoder prepareNameIdEncoder = prepareNameIdEncoder(requestAbstractType, str, prepareNameIdAttribute, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade);
            log.debug("Encoding NameID based on [{}]", str);
            NameID encode = prepareNameIdEncoder.encode(prepareNameIdAttribute);
            log.debug("Final NameID encoded with format [{}] has value [{}]", encode.getFormat(), encode.getValue());
            return encode;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            return null;
        }
    }

    protected IdPAttribute prepareNameIdAttribute(Object obj, String str, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, SamlRegisteredService samlRegisteredService) {
        String str2;
        Assertion assertion = (Assertion) Assertion.class.cast(obj);
        IdPAttribute idPAttribute = new IdPAttribute(AttributePrincipal.class.getName());
        String name = assertion.getPrincipal().getName();
        log.debug("Preparing NameID attribute for principal [{}]", name);
        String entityId = samlRegisteredServiceServiceProviderMetadataFacade.getEntityId();
        if (str == null || !str.trim().equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:nameid-format:transient")) {
            str2 = name;
        } else if (samlRegisteredService.isSkipGeneratingTransientNameId()) {
            log.debug("Generation of transient NameID value is skipped for [{}] and [{}] will be used instead", entityId, name);
            str2 = name;
        } else {
            log.debug("Generating transient NameID value for principal [{}] and entity id [{}]", name, entityId);
            str2 = this.persistentIdGenerator.generate(name, entityId);
        }
        StringAttributeValue stringAttributeValue = new StringAttributeValue(str2);
        log.debug("NameID attribute value is set to [{}]", stringAttributeValue);
        idPAttribute.setValues(CollectionUtils.wrap(stringAttributeValue));
        return idPAttribute;
    }

    protected SAML2StringNameIDEncoder prepareNameIdEncoder(RequestAbstractType requestAbstractType, String str, IdPAttribute idPAttribute, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade) {
        SAML2StringNameIDEncoder sAML2StringNameIDEncoder = new SAML2StringNameIDEncoder();
        sAML2StringNameIDEncoder.setNameFormat(str);
        if (getNameIDPolicy(requestAbstractType) != null) {
            String sPNameQualifier = getNameIDPolicy(requestAbstractType).getSPNameQualifier();
            log.debug("NameID qualifier is set to [{}]", sPNameQualifier);
            sAML2StringNameIDEncoder.setNameQualifier(sPNameQualifier);
        }
        return sAML2StringNameIDEncoder;
    }

    private static String parseAndBuildRequiredNameIdFormat(SamlRegisteredService samlRegisteredService) {
        String trim = samlRegisteredService.getRequiredNameIdFormat().trim();
        log.debug("Required NameID format assigned to service [{}] is [{}]", samlRegisteredService.getName(), trim);
        return StringUtils.containsIgnoreCase("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", trim) ? "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" : StringUtils.containsIgnoreCase("urn:oasis:names:tc:SAML:2.0:nameid-format:transient", trim) ? "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" : StringUtils.containsIgnoreCase("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", trim) ? "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" : StringUtils.containsIgnoreCase("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", trim) ? "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" : StringUtils.containsIgnoreCase("urn:oasis:names:tc:SAML:2.0:nameid-format:entity", trim) ? "urn:oasis:names:tc:SAML:2.0:nameid-format:entity" : StringUtils.containsIgnoreCase("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", trim) ? "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" : StringUtils.containsIgnoreCase("urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", trim) ? "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName" : StringUtils.containsIgnoreCase("urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", trim) ? "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos" : StringUtils.containsIgnoreCase("urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted", trim) ? "urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted" : trim;
    }
}
