package org.apereo.cas.support.saml.web.idp.profile.builders.authn;

import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.support.saml.SamlException;
import org.apereo.cas.support.saml.SamlIdPUtils;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.util.AbstractSaml20ObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.AuthenticatedAssertionContext;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.cas.util.DateTimeUtils;
import org.apereo.cas.util.RandomUtils;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.jasig.cas.client.util.CommonUtils;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.core.SubjectLocality;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-saml-idp-web-6.5.4.jar:org/apereo/cas/support/saml/web/idp/profile/builders/authn/SamlProfileSamlAuthNStatementBuilder.class */
public class SamlProfileSamlAuthNStatementBuilder extends AbstractSaml20ObjectBuilder implements SamlProfileObjectBuilder<AuthnStatement> {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SamlProfileSamlAuthNStatementBuilder.class);
    private static final long serialVersionUID = 8761566449790497226L;
    private final transient AuthnContextClassRefBuilder authnContextClassRefBuilder;
    private final CasConfigurationProperties casProperties;

    public SamlProfileSamlAuthNStatementBuilder(OpenSamlConfigBean openSamlConfigBean, AuthnContextClassRefBuilder authnContextClassRefBuilder, CasConfigurationProperties casConfigurationProperties) {
        super(openSamlConfigBean);
        this.authnContextClassRefBuilder = authnContextClassRefBuilder;
        this.casProperties = casConfigurationProperties;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder
    public AuthnStatement build(RequestAbstractType requestAbstractType, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticatedAssertionContext authenticatedAssertionContext, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, String str, MessageContext messageContext) throws SamlException {
        return buildAuthnStatement(authenticatedAssertionContext, requestAbstractType, samlRegisteredServiceServiceProviderMetadataFacade, samlRegisteredService, str, httpServletRequest);
    }

    protected SubjectLocality buildSubjectLocality(AuthenticatedAssertionContext authenticatedAssertionContext, RequestAbstractType requestAbstractType, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, String str, SamlRegisteredService samlRegisteredService) throws SamlException {
        SubjectLocality subjectLocality = (SubjectLocality) SamlUtils.newSamlObject(SubjectLocality.class);
        String issuerFromSamlObject = SamlIdPUtils.getIssuerFromSamlObject(requestAbstractType);
        String defaultString = StringUtils.defaultString(samlRegisteredService.getSubjectLocality(), (String) Optional.ofNullable(ClientInfoHolder.getClientInfo()).map((v0) -> {
            return v0.getClientIpAddress();
        }).orElse(""));
        LOGGER.debug("Built SAML2 subject locality address [{}] for [{}]", defaultString, issuerFromSamlObject);
        subjectLocality.setAddress(defaultString);
        return subjectLocality;
    }

    private AuthnStatement buildAuthnStatement(AuthenticatedAssertionContext authenticatedAssertionContext, RequestAbstractType requestAbstractType, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, SamlRegisteredService samlRegisteredService, String str, HttpServletRequest httpServletRequest) throws SamlException {
        String build = this.authnContextClassRefBuilder.build(authenticatedAssertionContext, requestAbstractType, samlRegisteredServiceServiceProviderMetadataFacade, samlRegisteredService);
        String safeGetParameter = httpServletRequest != null ? CommonUtils.safeGetParameter(httpServletRequest, "ticket") : "";
        if (StringUtils.isBlank(safeGetParameter)) {
            LOGGER.info("Unable to locate service ticket as the session index; Generating random identifier instead...");
            safeGetParameter = "_" + String.valueOf(RandomUtils.nextLong());
        }
        AuthnStatement newAuthnStatement = newAuthnStatement(build, DateTimeUtils.zonedDateTimeOf(authenticatedAssertionContext.getAuthenticationDate()), safeGetParameter);
        if (authenticatedAssertionContext.getValidUntilDate() != null) {
            newAuthnStatement.setSessionNotOnOrAfter(DateTimeUtils.zonedDateTimeOf(authenticatedAssertionContext.getValidUntilDate()).plusSeconds(samlRegisteredService.getSkewAllowance() > 0 ? samlRegisteredService.getSkewAllowance() : Beans.newDuration(this.casProperties.getAuthn().getSamlIdp().getResponse().getSkewAllowance()).toSeconds()).toInstant());
        }
        SubjectLocality buildSubjectLocality = buildSubjectLocality(authenticatedAssertionContext, requestAbstractType, samlRegisteredServiceServiceProviderMetadataFacade, str, samlRegisteredService);
        if (buildSubjectLocality != null) {
            newAuthnStatement.setSubjectLocality(buildSubjectLocality);
        }
        return newAuthnStatement;
    }
}
