package pl.edu.icm.yadda.aas.client.authn.req;

import java.util.Map;
import org.opensaml.lite.saml2.core.AuthnRequest;
import org.opensaml.lite.saml2.core.impl.AuthnRequestImpl;
import org.opensaml.lite.security.Credential;
import org.opensaml.lite.signature.ISigner;
import org.opensaml.lite.signature.exc.SignatureException;
import org.opensaml.lite.signature.impl.SignatureImpl;
import org.opensaml.lite.xacml.XACMLConstants;
import org.opensaml.lite.xacml.XACMLRequestBuilder;
import org.opensaml.lite.xacml.ctx.SubjectType;
import org.opensaml.lite.xacml.ctx.impl.ActionTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.AttributeTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.AttributeValueTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.EnvironmentTypeImpl;
import org.opensaml.lite.xacml.ctx.impl.SubjectTypeImpl;
import org.springframework.beans.factory.annotation.Required;
import pl.edu.icm.yadda.aas.client.authn.ServiceAuthenticatorException;
import pl.edu.icm.yadda.aas.handler.HeaderFieldBasedSecurityRequestHandler;
import pl.edu.icm.yadda.aas.handler.ISecurityRequestHandler;
import pl.edu.icm.yadda.aas.keystore.IInternalKeyStore;
import pl.edu.icm.yadda.aas.timesync.IDateTimeProvider;
import pl.edu.icm.yadda.service2.aas.AuthenticateRequest;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-4.1.4-SNAPSHOT.jar:pl/edu/icm/yadda/aas/client/authn/req/SignedAuthnRequestBasedBuilder.class */
public class SignedAuthnRequestBasedBuilder implements IAuthnRequestBuilder {
    private static final String AUTHN_MODULE_VERSION = "0.0.3";
    private IInternalKeyStore<Credential> keyStore;
    private ISigner signer;
    private IDateTimeProvider dateTimeProvider;
    private ISecurityRequestHandler securityRequestHandler = new HeaderFieldBasedSecurityRequestHandler();

    @Override // pl.edu.icm.yadda.aas.client.authn.req.IAuthnRequestBuilder
    public AuthenticateRequest buildAuthnRequest(Map<String, Object> map) throws ServiceAuthenticatorException {
        SubjectTypeImpl subjectTypeImpl = new SubjectTypeImpl();
        subjectTypeImpl.setSubjectCategory("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject");
        AttributeTypeImpl attributeTypeImpl = new AttributeTypeImpl();
        attributeTypeImpl.setAttributeID(XACMLConstants.SUBJECT_ID);
        attributeTypeImpl.setDataType(XACMLConstants.DATATYPE_STRING);
        AttributeValueTypeImpl attributeValueTypeImpl = new AttributeValueTypeImpl();
        attributeValueTypeImpl.setValue("service");
        attributeTypeImpl.getAttributeValues().add(attributeValueTypeImpl);
        subjectTypeImpl.getAttributes().add(attributeTypeImpl);
        ActionTypeImpl actionTypeImpl = new ActionTypeImpl();
        AttributeTypeImpl attributeTypeImpl2 = new AttributeTypeImpl();
        attributeTypeImpl2.setAttributeID(XACMLConstants.ACTION_ID);
        attributeTypeImpl2.setDataType(XACMLConstants.DATATYPE_STRING);
        AttributeValueTypeImpl attributeValueTypeImpl2 = new AttributeValueTypeImpl();
        attributeValueTypeImpl2.setValue("authenticate");
        attributeTypeImpl2.getAttributeValues().add(attributeValueTypeImpl2);
        actionTypeImpl.getAttributes().add(attributeTypeImpl2);
        EnvironmentTypeImpl environmentTypeImpl = new EnvironmentTypeImpl();
        AttributeTypeImpl attributeTypeImpl3 = new AttributeTypeImpl();
        attributeTypeImpl3.setAttributeID("urn:oasis:names:tc:xacml:1.0:environment:policy:version");
        attributeTypeImpl3.setDataType(XACMLConstants.DATATYPE_STRING);
        AttributeValueTypeImpl attributeValueTypeImpl3 = new AttributeValueTypeImpl();
        attributeValueTypeImpl3.setValue(AUTHN_MODULE_VERSION);
        attributeTypeImpl3.getAttributeValues().add(attributeValueTypeImpl3);
        environmentTypeImpl.getAttributes().add(attributeTypeImpl3);
        return attachSignedAuthnRequest(new AuthenticateRequest(XACMLRequestBuilder.buildXACMLAuthzDecisionQueryType(new SubjectType[]{subjectTypeImpl}, null, actionTypeImpl, environmentTypeImpl)));
    }

    public AuthenticateRequest attachSignedAuthnRequest(AuthenticateRequest authenticateRequest) throws ServiceAuthenticatorException {
        try {
            AuthnRequest createAuthnRequest = createAuthnRequest();
            SignatureImpl signatureImpl = new SignatureImpl();
            signatureImpl.register(createAuthnRequest);
            this.signer.createSignature(this.keyStore.getInternalSigningCredential(), signatureImpl);
            this.securityRequestHandler.attach(authenticateRequest, createAuthnRequest);
            return authenticateRequest;
        } catch (SignatureException e) {
            throw new ServiceAuthenticatorException("Problem occured when creating signed assertion", e);
        }
    }

    protected AuthnRequest createAuthnRequest() {
        AuthnRequestImpl authnRequestImpl = new AuthnRequestImpl();
        authnRequestImpl.setIssueInstant(this.dateTimeProvider.getCurrentDateTime());
        return authnRequestImpl;
    }

    @Override // pl.edu.icm.yadda.aas.client.authn.req.IAuthnRequestBuilder
    public String identify() {
        return "service-authn-0.0.3";
    }

    @Required
    public void setKeyStore(IInternalKeyStore<Credential> iInternalKeyStore) {
        this.keyStore = iInternalKeyStore;
    }

    @Required
    public void setSigner(ISigner iSigner) {
        this.signer = iSigner;
    }

    @Required
    public void setDateTimeProvider(IDateTimeProvider iDateTimeProvider) {
        this.dateTimeProvider = iDateTimeProvider;
    }

    public void setSecurityRequestHandler(ISecurityRequestHandler iSecurityRequestHandler) {
        this.securityRequestHandler = iSecurityRequestHandler;
    }
}
