package de.governikus.panstar.sdk.saml.request;

import de.governikus.panstar.sdk.saml.configuration.SamlConfiguration;
import de.governikus.panstar.sdk.saml.configuration.SamlConfigurationHelper;
import de.governikus.panstar.sdk.saml.exception.SamlRequestException;
import de.governikus.panstar.sdk.utils.RequestData;
import de.governikus.panstar.sdk.utils.exception.InvalidInputException;
import de.governikus.panstar.sdk.utils.saml.SAMLUtils;
import de.governikus.panstar.sdk.utils.xml.XmlUtils;
import java.nio.charset.StandardCharsets;
import java.time.Instant;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.config.InitializationService;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Extensions;
import org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder;
import org.opensaml.saml.saml2.core.impl.AuthnRequestMarshaller;
import org.opensaml.saml.saml2.core.impl.ExtensionsBuilder;
import org.opensaml.saml.saml2.core.impl.IssuerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:de/governikus/panstar/sdk/saml/request/SamlRequestGenerator.class */
public class SamlRequestGenerator {
    private static final Logger LOG = LoggerFactory.getLogger(SamlRequestGenerator.class);
    private final SamlConfiguration samlConfiguration;

    public SamlRequestGenerator(SamlConfiguration samlConfiguration) throws InitializationException, InvalidInputException {
        this.samlConfiguration = samlConfiguration;
        SamlConfigurationHelper.checkSamlConfiguration(this.samlConfiguration);
        InitializationService.initialize();
    }

    public String createSamlRequestUrl(RequestData requestData) throws InvalidInputException, SamlRequestException {
        return createSamlRequestUrl(requestData, null, null);
    }

    public String createSamlRequestUrl(RequestData requestData, String str) throws InvalidInputException, SamlRequestException {
        return createSamlRequestUrl(requestData, str, null);
    }

    public String createSamlRequestUrl(RequestData requestData, String str, String str2) throws InvalidInputException, SamlRequestException {
        if (requestData == null) {
            throw new InvalidInputException("Request data may nor be null.");
        }
        AuthnRequest buildObject = new AuthnRequestBuilder().buildObject();
        if (StringUtils.isBlank(str2)) {
            buildObject.setID("_" + UUID.randomUUID());
        } else {
            if (Character.isDigit(str2.charAt(0))) {
                throw new InvalidInputException("XML-IDs may not start with a number. Please change your AuthnRequest ID");
            }
            buildObject.setID(str2);
        }
        buildObject.setIssuer(new IssuerBuilder().buildObject());
        buildObject.getIssuer().setValue(this.samlConfiguration.getSamlServiceProviderConfiguration().getSamlEntityId());
        buildObject.setIssueInstant(Instant.now());
        buildObject.setProviderName(this.samlConfiguration.getSamlServiceProviderConfiguration().getSamlEntityId());
        buildObject.setDestination(this.samlConfiguration.getSamlEidServerConfiguration().getSamlRequestReceiverUrl());
        if (this.samlConfiguration.getSamlServiceProviderConfiguration().getSamlResponseReceiverUrl().isPresent()) {
            buildObject.setAssertionConsumerServiceURL(this.samlConfiguration.getSamlServiceProviderConfiguration().getSamlResponseReceiverUrl().get().toString());
        }
        buildObject.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        Extensions buildObject2 = new ExtensionsBuilder().buildObject();
        buildObject2.getUnknownXMLObjects().add(AuthnRequestExtensionGenerator.encryptAuthnRequestExtension(AuthnRequestExtensionGenerator.createAuthnRequestExtension(requestData), this.samlConfiguration.getSamlKeyMaterial()));
        buildObject.setExtensions(buildObject2);
        try {
            Element marshall = new AuthnRequestMarshaller().marshall(buildObject);
            try {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Request: {}", XmlUtils.transformElement(marshall));
                }
                try {
                    return SAMLUtils.signQueryParameter(this.samlConfiguration.getSamlEidServerConfiguration().getSamlRequestReceiverUrl(), true, SAMLUtils.deflate(XmlUtils.transformElement(marshall).getBytes(StandardCharsets.UTF_8)), str, this.samlConfiguration.getSamlKeyMaterial().getSamlRequestSigningPrivateKey(), "SHA-256");
                } catch (Exception e) {
                    throw new SamlRequestException("Could not generate saml request url.", e);
                }
            } catch (Exception e2) {
                throw new SamlRequestException("Unable to transform saml request", e2);
            }
        } catch (Exception e3) {
            throw new SamlRequestException("Unable to marshall saml request", e3);
        }
    }
}
