package pl.edu.icm.yadda.aas.client.authn;

import org.opensaml.lite.saml2.core.Assertion;
import org.opensaml.lite.xacml.XACMLConstants;
import org.opensaml.lite.xacml.ctx.impl.ActionTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.AttributeTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.AttributeValueTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.EnvironmentTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.RequestTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.ResourceTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.SubjectTypeImpl;
import org.opensaml.lite.xacml.profile.saml.impl.XACMLAuthzDecisionQueryTypeImpl;
import pl.edu.icm.yadda.aas.handler.HeaderFieldBasedSecurityRequestHandler;
import pl.edu.icm.yadda.aas.handler.ISecurityRequestHandler;
import pl.edu.icm.yadda.service2.aas.AuthenticateRequest;
import pl.edu.icm.yadda.service2.user.token.SecurityToken;
import pl.edu.icm.yadda.service2.user.token.SudoToken;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-1.12.6.jar:pl/edu/icm/yadda/aas/client/authn/SudoAuthnRequestBuilder.class */
public class SudoAuthnRequestBuilder implements IAuthenticationRequestBuilder {
    public static final String AUTHN_TYPE_USER = "user";
    protected ISecurityRequestHandler securityRequestHandler = new HeaderFieldBasedSecurityRequestHandler();

    @Override // pl.edu.icm.yadda.aas.client.authn.IAuthenticationRequestBuilder
    public boolean isApplicable(SecurityToken securityToken) {
        return securityToken instanceof SudoToken;
    }

    @Override // pl.edu.icm.yadda.aas.client.authn.IAuthenticationRequestBuilder
    public AuthenticateRequest buildAuthenticationRequest(SecurityToken securityToken) {
        SudoToken sudoToken = (SudoToken) securityToken;
        return buildSudoAuthnRequest(sudoToken.getLogin(), sudoToken.getIpAddress(), sudoToken.getSudoerAssertion());
    }

    protected AuthenticateRequest buildSudoAuthnRequest(String str, String str2, Assertion assertion) {
        XACMLAuthzDecisionQueryTypeImpl xACMLAuthzDecisionQueryTypeImpl = new XACMLAuthzDecisionQueryTypeImpl();
        AuthenticateRequest authenticateRequest = new AuthenticateRequest(xACMLAuthzDecisionQueryTypeImpl);
        if (assertion != null) {
            this.securityRequestHandler.attach(authenticateRequest, assertion);
        }
        RequestTypeImpl requestTypeImpl = new RequestTypeImpl();
        xACMLAuthzDecisionQueryTypeImpl.setRequest(requestTypeImpl);
        SubjectTypeImpl subjectTypeImpl = new SubjectTypeImpl();
        subjectTypeImpl.setSubjectCategory("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject");
        AttributeTypeImpl attributeTypeImpl = new AttributeTypeImpl();
        attributeTypeImpl.setAttributeID(XACMLConstants.SUBJECT_ID);
        attributeTypeImpl.setDataType(XACMLConstants.DATATYPE_STRING);
        AttributeValueTypeImpl attributeValueTypeImpl = new AttributeValueTypeImpl();
        attributeValueTypeImpl.setValue("user");
        attributeTypeImpl.getAttributeValues().add(attributeValueTypeImpl);
        subjectTypeImpl.getAttributes().add(attributeTypeImpl);
        SubjectTypeImpl subjectTypeImpl2 = new SubjectTypeImpl();
        subjectTypeImpl2.setSubjectCategory(XACMLConstants.SUBJECT_PARAM_CATEGORY);
        AttributeTypeImpl attributeTypeImpl2 = new AttributeTypeImpl();
        attributeTypeImpl2.setAttributeID(XACMLConstants.SUBJECT_PARAM_ID);
        attributeTypeImpl2.setDataType(XACMLConstants.DATATYPE_STRING);
        AttributeValueTypeImpl attributeValueTypeImpl2 = new AttributeValueTypeImpl();
        attributeValueTypeImpl2.setValue(str);
        attributeTypeImpl2.getAttributeValues().add(attributeValueTypeImpl2);
        subjectTypeImpl2.getAttributes().add(attributeTypeImpl2);
        requestTypeImpl.getSubjects().add(subjectTypeImpl);
        requestTypeImpl.getSubjects().add(subjectTypeImpl2);
        if (str2 != null) {
            SubjectTypeImpl subjectTypeImpl3 = new SubjectTypeImpl();
            subjectTypeImpl3.setSubjectCategory("urn:oasis:names:tc:xacml:1.0:subject-category:auxiliary");
            AttributeTypeImpl attributeTypeImpl3 = new AttributeTypeImpl();
            attributeTypeImpl3.setAttributeID("urn:oasis:names:tc:xacml:1.0:subject:ip-address");
            attributeTypeImpl3.setDataType(XACMLConstants.DATATYPE_STRING);
            AttributeValueTypeImpl attributeValueTypeImpl3 = new AttributeValueTypeImpl();
            attributeValueTypeImpl3.setValue(str2);
            attributeTypeImpl3.getAttributeValues().add(attributeValueTypeImpl3);
            subjectTypeImpl3.getAttributes().add(attributeTypeImpl3);
            requestTypeImpl.getSubjects().add(subjectTypeImpl3);
        }
        requestTypeImpl.getResources().add(new ResourceTypeImpl());
        ActionTypeImpl actionTypeImpl = new ActionTypeImpl();
        AttributeTypeImpl attributeTypeImpl4 = new AttributeTypeImpl();
        attributeTypeImpl4.setAttributeID(XACMLConstants.ACTION_ID);
        attributeTypeImpl4.setDataType(XACMLConstants.DATATYPE_STRING);
        AttributeValueTypeImpl attributeValueTypeImpl4 = new AttributeValueTypeImpl();
        attributeValueTypeImpl4.setValue("authenticate");
        attributeTypeImpl4.getAttributeValues().add(attributeValueTypeImpl4);
        actionTypeImpl.getAttributes().add(attributeTypeImpl4);
        requestTypeImpl.setAction(actionTypeImpl);
        requestTypeImpl.setEnvironment(new EnvironmentTypeImpl());
        return authenticateRequest;
    }

    public void setSecurityRequestHandler(ISecurityRequestHandler iSecurityRequestHandler) {
        this.securityRequestHandler = iSecurityRequestHandler;
    }
}
