package org.elasticsearch.xpack.security.authc.saml;

import java.time.Clock;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.Strings;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/saml/SamlAuthnRequestBuilder.class */
class SamlAuthnRequestBuilder extends SamlMessageBuilder {
    private final String spBinding;
    private final String idpBinding;
    private Boolean forceAuthn;
    private NameIDPolicySettings nameIdSettings;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/elasticsearch/xpack/security/authc/saml/SamlAuthnRequestBuilder$NameIDPolicySettings.class */
    public static class NameIDPolicySettings {
        private final String format;
        private final boolean allowCreate;
        private final String spNameQualifier;

        /* JADX INFO: Access modifiers changed from: package-private */
        public NameIDPolicySettings(String str, boolean z, String str2) {
            this.format = str;
            this.allowCreate = z;
            this.spNameQualifier = str2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SamlAuthnRequestBuilder(SpConfiguration spConfiguration, String str, EntityDescriptor entityDescriptor, String str2, Clock clock) {
        super(entityDescriptor, spConfiguration, clock);
        this.spBinding = str;
        this.idpBinding = str2;
        this.nameIdSettings = new NameIDPolicySettings(null, false, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SamlAuthnRequestBuilder forceAuthn(Boolean bool) {
        this.forceAuthn = bool;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SamlAuthnRequestBuilder nameIDPolicy(NameIDPolicySettings nameIDPolicySettings) {
        this.nameIdSettings = nameIDPolicySettings;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthnRequest build() {
        String idpLocation = getIdpLocation();
        AuthnRequest buildObject = SamlUtils.buildObject(AuthnRequest.class, AuthnRequest.DEFAULT_ELEMENT_NAME);
        buildObject.setID(buildId());
        buildObject.setIssueInstant(now());
        buildObject.setDestination(idpLocation);
        buildObject.setProtocolBinding(this.spBinding);
        buildObject.setAssertionConsumerServiceURL(this.serviceProvider.getAscUrl());
        buildObject.setIssuer(buildIssuer());
        if (this.nameIdSettings != null) {
            buildObject.setNameIDPolicy(buildNameIDPolicy());
        }
        if (!this.serviceProvider.getReqAuthnCtxClassRef().isEmpty()) {
            buildObject.setRequestedAuthnContext(buildRequestedAuthnContext());
        }
        buildObject.setForceAuthn(this.forceAuthn);
        return buildObject;
    }

    private RequestedAuthnContext buildRequestedAuthnContext() {
        RequestedAuthnContext buildObject = SamlUtils.buildObject(RequestedAuthnContext.class, RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
        for (String str : this.serviceProvider.getReqAuthnCtxClassRef()) {
            AuthnContextClassRef buildObject2 = SamlUtils.buildObject(AuthnContextClassRef.class, AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
            buildObject2.setAuthnContextClassRef(str);
            buildObject.getAuthnContextClassRefs().add(buildObject2);
        }
        buildObject.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
        return buildObject;
    }

    private NameIDPolicy buildNameIDPolicy() {
        NameIDPolicy buildObject = SamlUtils.buildObject(NameIDPolicy.class, NameIDPolicy.DEFAULT_ELEMENT_NAME);
        buildObject.setFormat(Strings.isNullOrEmpty(this.nameIdSettings.format) ? null : this.nameIdSettings.format);
        buildObject.setAllowCreate(Boolean.valueOf(this.nameIdSettings.allowCreate));
        buildObject.setSPNameQualifier(Strings.isNullOrEmpty(this.nameIdSettings.spNameQualifier) ? null : this.nameIdSettings.spNameQualifier);
        return buildObject;
    }

    private String getIdpLocation() {
        String identityProviderEndpoint = getIdentityProviderEndpoint(this.idpBinding, (v0) -> {
            return v0.getSingleSignOnServices();
        });
        if (identityProviderEndpoint == null) {
            throw new ElasticsearchException("Cannot find [{}]/[{}] in descriptor [{}]", new Object[]{IDPSSODescriptor.DEFAULT_ELEMENT_NAME, this.idpBinding, this.identityProvider.getID()});
        }
        return identityProviderEndpoint;
    }
}
