package de.governikus.panstar.sdk.saml.request;

import de.bund.bsi.eid240.AuthnRequestExtension;
import de.governikus.panstar.sdk.saml.configuration.SamlConfiguration;
import de.governikus.panstar.sdk.saml.exception.SamlRequestException;
import de.governikus.panstar.sdk.utils.RequestData;
import de.governikus.panstar.sdk.utils.exception.InvalidInputException;
import de.governikus.panstar.sdk.utils.saml.SAMLUtils;
import de.governikus.panstar.sdk.utils.xml.XmlUtils;
import java.nio.charset.StandardCharsets;
import java.time.Instant;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.schema.XSAny;
import org.opensaml.core.xml.schema.impl.XSAnyBuilder;
import org.opensaml.core.xml.schema.impl.XSAnyUnmarshaller;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Extensions;
import org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder;
import org.opensaml.saml.saml2.core.impl.AuthnRequestMarshaller;
import org.opensaml.saml.saml2.core.impl.ExtensionsBuilder;
import org.opensaml.saml.saml2.core.impl.IssuerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:de/governikus/panstar/sdk/saml/request/AuthnRequestGenerator.class */
class AuthnRequestGenerator {
    private static final AuthnRequestMarshaller ARM = new AuthnRequestMarshaller();
    private static final Logger LOG = LoggerFactory.getLogger(AuthnRequestGenerator.class);
    private final SamlConfiguration samlConfiguration;
    private final SamlRequestCreationInterceptor interceptor;
    private final AuthnRequestExtensionGenerator authnRequestExtensionGenerator = new AuthnRequestExtensionGenerator();

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthnRequestGenerator(SamlConfiguration samlConfiguration, SamlRequestCreationInterceptor samlRequestCreationInterceptor) throws SamlRequestException {
        this.samlConfiguration = samlConfiguration;
        this.interceptor = samlRequestCreationInterceptor;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthnRequest generateAuthnRequest(RequestData requestData, String str) throws InvalidInputException, SamlRequestException {
        if (requestData == null) {
            throw new InvalidInputException("Request data may not be null.");
        }
        requestData.matchLoa();
        AuthnRequest buildObject = new AuthnRequestBuilder().buildObject();
        if (StringUtils.isBlank(str)) {
            buildObject.setID("_" + UUID.randomUUID());
        } else {
            if (Character.isDigit(str.charAt(0))) {
                throw new InvalidInputException("AuthnRequest IDs may not start with a number. Please change your AuthnRequest ID");
            }
            buildObject.setID(str);
        }
        buildObject.setIssuer(new IssuerBuilder().buildObject());
        buildObject.getIssuer().setValue(this.samlConfiguration.getSamlServiceProviderConfiguration().getSamlEntityId());
        buildObject.setIssueInstant(Instant.now());
        buildObject.setProviderName(this.samlConfiguration.getSamlServiceProviderConfiguration().getSamlEntityId());
        buildObject.setDestination(this.samlConfiguration.getSamlEidServerConfiguration().getSamlRequestReceiverUrl());
        if (this.samlConfiguration.getSamlServiceProviderConfiguration().getSamlResponseReceiverUrl().isPresent()) {
            buildObject.setAssertionConsumerServiceURL(this.samlConfiguration.getSamlServiceProviderConfiguration().getSamlResponseReceiverUrl().get().toString());
        }
        Extensions buildObject2 = new ExtensionsBuilder().buildObject();
        AuthnRequestExtension createAuthnRequestExtension = AuthnRequestExtensionGenerator.createAuthnRequestExtension(requestData);
        XSAny buildObject3 = new XSAnyBuilder().buildObject(AuthnRequestExtensionGenerator.BSI_EXTENSION_QNAME.getNamespaceURI(), "Encrypted" + AuthnRequestExtensionGenerator.BSI_EXTENSION_QNAME.getLocalPart(), AuthnRequestExtensionGenerator.BSI_EXTENSION_QNAME.getPrefix());
        if (this.interceptor.isDoNotEncryptExtensions()) {
            try {
                buildObject3.getUnknownXMLObjects().add(new XSAnyUnmarshaller().unmarshall(this.authnRequestExtensionGenerator.createDocumentFromAuthnRequestExtension(createAuthnRequestExtension).getDocumentElement()));
            } catch (UnmarshallingException e) {
                throw new SamlRequestException("Could not unmarshall xml object.", e);
            }
        } else {
            buildObject3.getUnknownXMLObjects().add(this.authnRequestExtensionGenerator.encryptAuthnRequestExtension(createAuthnRequestExtension, this.samlConfiguration.getSamlKeyMaterial()));
        }
        buildObject2.getUnknownXMLObjects().add(buildObject3);
        buildObject.setExtensions(buildObject2);
        return buildObject;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Element marshallAuthnRequest(AuthnRequest authnRequest) throws SamlRequestException {
        try {
            return ARM.marshall(authnRequest);
        } catch (Exception e) {
            throw new SamlRequestException("Unable to marshall saml request", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String deflateAuthnRequest(Element element) throws SamlRequestException {
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Request: {}", XmlUtils.transformElement(element));
            }
            return SAMLUtils.deflate(XmlUtils.transformElement(element).getBytes(StandardCharsets.UTF_8));
        } catch (Exception e) {
            throw new SamlRequestException("Unable to transform saml request", e);
        }
    }
}
