package org.jasig.cas.web.view;

import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import javax.validation.constraints.Min;
import javax.validation.constraints.NotNull;
import org.jasig.cas.authentication.Authentication;
import org.jasig.cas.authentication.SamlAuthenticationMetaDataPopulator;
import org.jasig.cas.authentication.principal.RememberMeCredentials;
import org.jasig.cas.authentication.principal.Service;
import org.joda.time.DateTime;
import org.opensaml.saml1.core.Assertion;
import org.opensaml.saml1.core.Attribute;
import org.opensaml.saml1.core.AttributeStatement;
import org.opensaml.saml1.core.AttributeValue;
import org.opensaml.saml1.core.Audience;
import org.opensaml.saml1.core.AudienceRestrictionCondition;
import org.opensaml.saml1.core.AuthenticationStatement;
import org.opensaml.saml1.core.Conditions;
import org.opensaml.saml1.core.ConfirmationMethod;
import org.opensaml.saml1.core.NameIdentifier;
import org.opensaml.saml1.core.Response;
import org.opensaml.saml1.core.StatusCode;
import org.opensaml.saml1.core.Subject;
import org.opensaml.saml1.core.SubjectConfirmation;
import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.impl.XSStringBuilder;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-3.5.2.1.jar:org/jasig/cas/web/view/Saml10SuccessResponseView.class */
public final class Saml10SuccessResponseView extends AbstractSaml10ResponseView {
    private static final String NAMESPACE = "http://www.ja-sig.org/products/cas/";
    private static final String REMEMBER_ME_ATTRIBUTE_NAME = "longTermAuthenticationRequestTokenUsed";
    private static final String REMEMBER_ME_ATTRIBUTE_VALUE = "true";
    private static final String CONFIRMATION_METHOD = "urn:oasis:names:tc:SAML:1.0:cm:artifact";

    @NotNull
    private String issuer;
    private final XSStringBuilder attrValueBuilder = new XSStringBuilder();

    @Min(1000)
    private long issueLength = 30000;

    @NotNull
    private String rememberMeAttributeName = REMEMBER_ME_ATTRIBUTE_NAME;

    @Override // org.jasig.cas.web.view.AbstractSaml10ResponseView
    protected void prepareResponse(Response response, Map<String, Object> map) {
        Authentication authentication = getAssertionFrom(map).getChainedAuthentications().get(0);
        DateTime issueInstant = response.getIssueInstant();
        Service service = getAssertionFrom(map).getService();
        boolean z = authentication.getAttributes().get(RememberMeCredentials.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME) == Boolean.TRUE && !getAssertionFrom(map).isFromNewLogin();
        Assertion assertion = (Assertion) newSamlObject(Assertion.class);
        assertion.setID(generateId());
        assertion.setIssueInstant(issueInstant);
        assertion.setIssuer(this.issuer);
        assertion.setConditions(newConditions(issueInstant, service.getId()));
        assertion.getAuthenticationStatements().add(newAuthenticationStatement(authentication));
        Map<String, Object> attributes = authentication.getPrincipal().getAttributes();
        if (!attributes.isEmpty() || z) {
            assertion.getAttributeStatements().add(newAttributeStatement(newSubject(authentication.getPrincipal().getId()), attributes, z));
        }
        response.setStatus(newStatus(StatusCode.SUCCESS, null));
        response.getAssertions().add(assertion);
    }

    private Conditions newConditions(DateTime dateTime, String str) {
        Conditions conditions = (Conditions) newSamlObject(Conditions.class);
        conditions.setNotBefore(dateTime);
        conditions.setNotOnOrAfter(dateTime.plus(this.issueLength));
        AudienceRestrictionCondition audienceRestrictionCondition = (AudienceRestrictionCondition) newSamlObject(AudienceRestrictionCondition.class);
        Audience audience = (Audience) newSamlObject(Audience.class);
        audience.setUri(str);
        audienceRestrictionCondition.getAudiences().add(audience);
        conditions.getAudienceRestrictionConditions().add(audienceRestrictionCondition);
        return conditions;
    }

    private Subject newSubject(String str) {
        SubjectConfirmation subjectConfirmation = (SubjectConfirmation) newSamlObject(SubjectConfirmation.class);
        ConfirmationMethod confirmationMethod = (ConfirmationMethod) newSamlObject(ConfirmationMethod.class);
        confirmationMethod.setConfirmationMethod(CONFIRMATION_METHOD);
        subjectConfirmation.getConfirmationMethods().add(confirmationMethod);
        NameIdentifier nameIdentifier = (NameIdentifier) newSamlObject(NameIdentifier.class);
        nameIdentifier.setNameIdentifier(str);
        Subject subject = (Subject) newSamlObject(Subject.class);
        subject.setNameIdentifier(nameIdentifier);
        subject.setSubjectConfirmation(subjectConfirmation);
        return subject;
    }

    private AuthenticationStatement newAuthenticationStatement(Authentication authentication) {
        String str = (String) authentication.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD);
        AuthenticationStatement authenticationStatement = (AuthenticationStatement) newSamlObject(AuthenticationStatement.class);
        authenticationStatement.setAuthenticationInstant(new DateTime(authentication.getAuthenticatedDate()));
        authenticationStatement.setAuthenticationMethod(str != null ? str : SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_UNSPECIFIED);
        authenticationStatement.setSubject(newSubject(authentication.getPrincipal().getId()));
        return authenticationStatement;
    }

    private AttributeStatement newAttributeStatement(Subject subject, Map<String, Object> map, boolean z) {
        AttributeStatement attributeStatement = (AttributeStatement) newSamlObject(AttributeStatement.class);
        attributeStatement.setSubject(subject);
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            if ((entry.getValue() instanceof Collection) && ((Collection) entry.getValue()).isEmpty()) {
                this.log.info("Skipping attribute {} because it does not have any values.", entry.getKey());
            } else {
                Attribute attribute = (Attribute) newSamlObject(Attribute.class);
                attribute.setAttributeName(entry.getKey());
                attribute.setAttributeNamespace(NAMESPACE);
                if (entry.getValue() instanceof Collection) {
                    Iterator it = ((Collection) entry.getValue()).iterator();
                    while (it.hasNext()) {
                        attribute.getAttributeValues().add(newAttributeValue(it.next()));
                    }
                } else {
                    attribute.getAttributeValues().add(newAttributeValue(entry.getValue()));
                }
                attributeStatement.getAttributes().add(attribute);
            }
        }
        if (z) {
            Attribute attribute2 = (Attribute) newSamlObject(Attribute.class);
            attribute2.setAttributeName(this.rememberMeAttributeName);
            attribute2.setAttributeNamespace(NAMESPACE);
            attribute2.getAttributeValues().add(newAttributeValue("true"));
            attributeStatement.getAttributes().add(attribute2);
        }
        return attributeStatement;
    }

    private XSString newAttributeValue(Object obj) {
        XSString buildObject = this.attrValueBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
        if (obj instanceof String) {
            buildObject.setValue((String) obj);
        } else {
            buildObject.setValue(obj.toString());
        }
        return buildObject;
    }

    public void setIssueLength(long j) {
        this.issueLength = j;
    }

    public void setIssuer(String str) {
        this.issuer = str;
    }

    public void setRememberMeAttributeName(String str) {
        this.rememberMeAttributeName = str;
    }
}
