package com.onelogin.saml2.authn;

import com.onelogin.saml2.model.Organization;
import com.onelogin.saml2.settings.Saml2Settings;
import com.onelogin.saml2.util.Constants;
import com.onelogin.saml2.util.Util;
import java.io.IOException;
import java.net.URL;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.text.StrSubstitutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/onelogin/saml2/authn/AuthnRequest.class */
public class AuthnRequest {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AuthnRequest.class);
    private final String authnRequestString;
    private final String id;
    private final Saml2Settings settings;
    private final boolean forceAuthn;
    private final boolean isPassive;
    private final boolean setNameIdPolicy;
    private final String nameIdValueReq;
    private final Calendar issueInstant;

    public AuthnRequest(Saml2Settings saml2Settings) {
        this(saml2Settings, false, false, true);
    }

    public AuthnRequest(Saml2Settings saml2Settings, boolean z, boolean z2, boolean z3, String str) {
        this.id = Util.generateUniqueID(saml2Settings.getUniqueIDPrefix());
        this.issueInstant = Calendar.getInstance();
        this.isPassive = z2;
        this.settings = saml2Settings;
        this.forceAuthn = z;
        this.setNameIdPolicy = z3;
        this.nameIdValueReq = str;
        this.authnRequestString = generateSubstitutor(saml2Settings).replace((CharSequence) getAuthnRequestTemplate());
        LOGGER.debug("AuthNRequest --> " + this.authnRequestString);
    }

    public AuthnRequest(Saml2Settings saml2Settings, boolean z, boolean z2, boolean z3) {
        this(saml2Settings, z, z2, z3, null);
    }

    public String getEncodedAuthnRequest(Boolean bool) throws IOException {
        if (bool == null) {
            bool = Boolean.valueOf(this.settings.isCompressRequestEnabled());
        }
        return bool.booleanValue() ? Util.deflatedBase64encoded(getAuthnRequestXml()) : Util.base64encoder(getAuthnRequestXml());
    }

    public String getEncodedAuthnRequest() throws IOException {
        return getEncodedAuthnRequest(null);
    }

    public String getAuthnRequestXml() {
        return this.authnRequestString;
    }

    private StrSubstitutor generateSubstitutor(Saml2Settings saml2Settings) {
        HashMap hashMap = new HashMap();
        String str = this.forceAuthn ? " ForceAuthn=\"true\"" : "";
        String str2 = this.isPassive ? " IsPassive=\"true\"" : "";
        hashMap.put("forceAuthnStr", str);
        hashMap.put("isPassiveStr", str2);
        URL idpSingleSignOnServiceUrl = saml2Settings.getIdpSingleSignOnServiceUrl();
        hashMap.put("destinationStr", idpSingleSignOnServiceUrl != null ? " Destination=\"" + idpSingleSignOnServiceUrl.toString() + "\"" : "");
        String str3 = "";
        if (this.nameIdValueReq != null && !this.nameIdValueReq.isEmpty()) {
            str3 = (("<saml:Subject><saml:NameID Format=\"" + saml2Settings.getSpNameIDFormat() + "\">" + this.nameIdValueReq + "</saml:NameID>") + "<saml:SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"></saml:SubjectConfirmation>") + "</saml:Subject>";
        }
        hashMap.put("subjectStr", str3);
        String str4 = "";
        if (this.setNameIdPolicy) {
            String spNameIDFormat = saml2Settings.getSpNameIDFormat();
            if (saml2Settings.getWantNameIdEncrypted()) {
                spNameIDFormat = Constants.NAMEID_ENCRYPTED;
            }
            str4 = "<samlp:NameIDPolicy Format=\"" + spNameIDFormat + "\" AllowCreate=\"true\" />";
        }
        hashMap.put("nameIDPolicyStr", str4);
        String str5 = "";
        Organization organization = saml2Settings.getOrganization();
        if (organization != null) {
            String orgDisplayName = organization.getOrgDisplayName();
            if (!orgDisplayName.isEmpty()) {
                str5 = " ProviderName=\"" + orgDisplayName + "\"";
            }
        }
        hashMap.put("providerStr", str5);
        hashMap.put("issueInstant", Util.formatDateTime(this.issueInstant.getTimeInMillis()));
        hashMap.put("id", String.valueOf(this.id));
        hashMap.put("assertionConsumerServiceURL", String.valueOf(saml2Settings.getSpAssertionConsumerServiceUrl()));
        hashMap.put("spEntityid", saml2Settings.getSpEntityId());
        String str6 = "";
        List<String> requestedAuthnContext = saml2Settings.getRequestedAuthnContext();
        if (requestedAuthnContext != null && !requestedAuthnContext.isEmpty()) {
            String str7 = "<samlp:RequestedAuthnContext Comparison=\"" + saml2Settings.getRequestedAuthnContextComparison() + "\">";
            Iterator<String> it = requestedAuthnContext.iterator();
            while (it.hasNext()) {
                str7 = str7 + "<saml:AuthnContextClassRef>" + it.next() + "</saml:AuthnContextClassRef>";
            }
            str6 = str7 + "</samlp:RequestedAuthnContext>";
        }
        hashMap.put("requestedAuthnContextStr", str6);
        return new StrSubstitutor(hashMap);
    }

    private static StringBuilder getAuthnRequestTemplate() {
        StringBuilder sb = new StringBuilder();
        sb.append("<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"${id}\" Version=\"2.0\" IssueInstant=\"${issueInstant}\"${providerStr}${forceAuthnStr}${isPassiveStr}${destinationStr} ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" AssertionConsumerServiceURL=\"${assertionConsumerServiceURL}\">");
        sb.append("<saml:Issuer>${spEntityid}</saml:Issuer>");
        sb.append("${subjectStr}${nameIDPolicyStr}${requestedAuthnContextStr}</samlp:AuthnRequest>");
        return sb;
    }

    public String getId() {
        return this.id;
    }
}
