package org.apereo.cas.support.saml.web.idp.profile.builders.response;

import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.audit.AuditActionResolvers;
import org.apereo.cas.audit.AuditResourceResolvers;
import org.apereo.cas.audit.AuditableActions;
import org.apereo.cas.support.saml.SamlException;
import org.apereo.cas.support.saml.SamlProtocolConstants;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.util.AbstractSaml20ObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.AuthenticatedAssertionContext;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.inspektr.audit.annotation.Audit;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.context.ScratchContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.binding.SAMLBindingSupport;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.NameIDType;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-saml-idp-web-6.5.5.jar:org/apereo/cas/support/saml/web/idp/profile/builders/response/BaseSamlProfileSamlResponseBuilder.class */
public abstract class BaseSamlProfileSamlResponseBuilder<T extends XMLObject> extends AbstractSaml20ObjectBuilder implements SamlProfileObjectBuilder {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) BaseSamlProfileSamlResponseBuilder.class);
    private static final long serialVersionUID = -1891703354216174875L;
    private final transient SamlProfileSamlResponseBuilderConfigurationContext configurationContext;

    /* JADX INFO: Access modifiers changed from: protected */
    public BaseSamlProfileSamlResponseBuilder(SamlProfileSamlResponseBuilderConfigurationContext samlProfileSamlResponseBuilderConfigurationContext) {
        super(samlProfileSamlResponseBuilderConfigurationContext.getOpenSamlConfigBean());
        this.configurationContext = samlProfileSamlResponseBuilderConfigurationContext;
    }

    @Override // org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder
    @Audit(action = AuditableActions.SAML2_RESPONSE, actionResolverName = AuditActionResolvers.SAML2_RESPONSE_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.SAML2_RESPONSE_RESOURCE_RESOLVER)
    public T build(RequestAbstractType requestAbstractType, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticatedAssertionContext authenticatedAssertionContext, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, String str, MessageContext messageContext) throws SamlException {
        return encodeFinalResponse(httpServletRequest, httpServletResponse, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, buildResponse(buildSamlAssertion(requestAbstractType, httpServletRequest, httpServletResponse, authenticatedAssertionContext, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, str, messageContext), authenticatedAssertionContext, requestAbstractType, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, httpServletRequest, httpServletResponse, str, messageContext), str, requestAbstractType, authenticatedAssertionContext, messageContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public T encodeFinalResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, T t, String str, RequestAbstractType requestAbstractType, AuthenticatedAssertionContext authenticatedAssertionContext, MessageContext messageContext) {
        if (!((Boolean) ((ScratchContext) Objects.requireNonNull((ScratchContext) messageContext.getSubcontext(ScratchContext.class, true))).getMap().getOrDefault(SamlProtocolConstants.PARAMETER_ENCODE_RESPONSE, Boolean.TRUE)).booleanValue()) {
            return t;
        }
        String relayState = SAMLBindingSupport.getRelayState(messageContext);
        LOGGER.trace("Relay state is [{}]", relayState);
        return encode(samlRegisteredService, t, httpServletResponse, httpServletRequest, samlRegisteredServiceServiceProviderMetadataFacade, relayState, str, requestAbstractType, authenticatedAssertionContext, messageContext);
    }

    protected Assertion buildSamlAssertion(RequestAbstractType requestAbstractType, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticatedAssertionContext authenticatedAssertionContext, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, String str, MessageContext messageContext) {
        return this.configurationContext.getSamlProfileSamlAssertionBuilder().build(requestAbstractType, httpServletRequest, httpServletResponse, authenticatedAssertionContext, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, str, messageContext);
    }

    protected abstract T buildResponse(Assertion assertion, AuthenticatedAssertionContext authenticatedAssertionContext, RequestAbstractType requestAbstractType, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, MessageContext messageContext) throws SamlException;

    /* JADX INFO: Access modifiers changed from: protected */
    public Issuer buildSamlResponseIssuer(String str) {
        Issuer newIssuer = newIssuer(str);
        newIssuer.setFormat(NameIDType.ENTITY);
        return newIssuer;
    }

    protected abstract T encode(SamlRegisteredService samlRegisteredService, T t, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade, String str, String str2, RequestAbstractType requestAbstractType, AuthenticatedAssertionContext authenticatedAssertionContext, MessageContext messageContext) throws SamlException;

    /* JADX INFO: Access modifiers changed from: protected */
    public SAMLObject encryptAssertion(Assertion assertion, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SamlRegisteredService samlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade) throws SamlException {
        if (!samlRegisteredService.isEncryptAssertions()) {
            LOGGER.debug("SAML registered service [{}] does not require assertions to be encrypted", samlRegisteredServiceServiceProviderMetadataFacade.getEntityId());
            return assertion;
        }
        LOGGER.debug("SAML service [{}] requires assertions to be encrypted", samlRegisteredServiceServiceProviderMetadataFacade.getEntityId());
        EncryptedAssertion encode = this.configurationContext.getSamlObjectEncrypter().encode(assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade);
        if (encode != null) {
            return encode;
        }
        LOGGER.debug("SAML registered service [{}] is unable to encrypt assertions", samlRegisteredServiceServiceProviderMetadataFacade.getEntityId());
        return assertion;
    }

    @Generated
    public SamlProfileSamlResponseBuilderConfigurationContext getConfigurationContext() {
        return this.configurationContext;
    }
}
