package org.apereo.cas.support.saml.authentication.principal;

import java.security.PrivateKey;
import java.security.PublicKey;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.HashMap;
import java.util.stream.Stream;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.principal.AbstractWebApplicationServiceResponseBuilder;
import org.apereo.cas.authentication.principal.Response;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.util.GoogleSaml20ObjectBuilder;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.util.crypto.PrivateKeyFactoryBean;
import org.apereo.cas.util.crypto.PublicKeyFactoryBean;
import org.apereo.cas.web.UrlValidator;
import org.opensaml.saml.saml2.core.Assertion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.FileSystemResource;

@Deprecated(since = "6.2.0")
/* loaded from: input_file:org/apereo/cas/support/saml/authentication/principal/GoogleAccountsServiceResponseBuilder.class */
public class GoogleAccountsServiceResponseBuilder extends AbstractWebApplicationServiceResponseBuilder {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(GoogleAccountsServiceResponseBuilder.class);
    private static final long serialVersionUID = -4584732364007702423L;
    private final String publicKeyLocation;
    private final String privateKeyLocation;
    private final String keyAlgorithm;
    private PrivateKey privateKey;
    private PublicKey publicKey;
    private GoogleSaml20ObjectBuilder samlObjectBuilder;
    private String skewAllowance;
    private String casServerPrefix;

    public GoogleAccountsServiceResponseBuilder(String str, String str2, String str3, ServicesManager servicesManager, GoogleSaml20ObjectBuilder googleSaml20ObjectBuilder, String str4, String str5, UrlValidator urlValidator) {
        super(servicesManager, urlValidator);
        this.privateKeyLocation = str;
        this.publicKeyLocation = str2;
        this.keyAlgorithm = str3;
        this.skewAllowance = str4;
        this.samlObjectBuilder = googleSaml20ObjectBuilder;
        this.casServerPrefix = str5;
        createGoogleAppsPrivateKey();
        createGoogleAppsPublicKey();
    }

    public Response build(WebApplicationService webApplicationService, String str, Authentication authentication) {
        GoogleAccountsService googleAccountsService = (GoogleAccountsService) webApplicationService;
        HashMap hashMap = new HashMap();
        hashMap.put("SAMLResponse", GoogleSaml20ObjectBuilder.signSamlResponse(constructSamlResponse(googleAccountsService, authentication), this.privateKey, this.publicKey));
        hashMap.put("RelayState", googleAccountsService.getRelayState());
        return buildPost(googleAccountsService, hashMap);
    }

    public boolean supports(WebApplicationService webApplicationService) {
        return webApplicationService instanceof GoogleAccountsService;
    }

    protected String constructSamlResponse(GoogleAccountsService googleAccountsService, Authentication authentication) {
        ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
        ZonedDateTime parse = ZonedDateTime.parse("2003-04-17T00:46:02Z");
        RegisteredService findServiceBy = this.servicesManager.findServiceBy(googleAccountsService);
        if (findServiceBy == null || !findServiceBy.getAccessStrategy().isServiceAccessAllowed()) {
            throw new UnauthorizedServiceException("screen.service.error.message");
        }
        String resolveUsername = findServiceBy.getUsernameAttributeProvider().resolveUsername(authentication.getPrincipal(), googleAccountsService, findServiceBy);
        org.opensaml.saml.saml2.core.Response newResponse = this.samlObjectBuilder.newResponse(this.samlObjectBuilder.generateSecureRandomId(), now, null, googleAccountsService);
        newResponse.setStatus(this.samlObjectBuilder.newStatus("urn:oasis:names:tc:SAML:2.0:status:Success", null));
        Assertion newAssertion = this.samlObjectBuilder.newAssertion(this.samlObjectBuilder.newAuthnStatement("urn:oasis:names:tc:SAML:2.0:ac:classes:Password", now, "_" + String.valueOf(RandomUtils.nextLong())), this.casServerPrefix, parse, this.samlObjectBuilder.generateSecureRandomId());
        long seconds = Beans.newDuration(this.skewAllowance).toSeconds();
        newAssertion.setConditions(this.samlObjectBuilder.newConditions(parse, now.plusSeconds(seconds), new String[]{googleAccountsService.getId()}));
        newAssertion.setSubject(this.samlObjectBuilder.newSubject("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", resolveUsername, googleAccountsService.getId(), now.plusSeconds(seconds), googleAccountsService.getRequestId(), null));
        newResponse.getAssertions().add(newAssertion);
        String stringWriter = SamlUtils.transformSamlObject(this.samlObjectBuilder.getOpenSamlConfigBean(), newResponse, true).toString();
        LOGGER.debug("Generated Google SAML response: [{}]", stringWriter);
        return stringWriter;
    }

    protected void createGoogleAppsPrivateKey() throws Exception {
        if (!isValidConfiguration()) {
            LOGGER.debug("Google Apps private key bean will not be created, because it's not configured");
            return;
        }
        PrivateKeyFactoryBean privateKeyFactoryBean = new PrivateKeyFactoryBean();
        if (this.privateKeyLocation.startsWith("classpath:")) {
            privateKeyFactoryBean.setLocation(new ClassPathResource(StringUtils.removeStart(this.privateKeyLocation, "classpath:")));
        } else if (this.privateKeyLocation.startsWith("file:")) {
            privateKeyFactoryBean.setLocation(new FileSystemResource(StringUtils.removeStart(this.privateKeyLocation, "file:")));
        } else {
            privateKeyFactoryBean.setLocation(new FileSystemResource(this.privateKeyLocation));
        }
        privateKeyFactoryBean.setAlgorithm(this.keyAlgorithm);
        LOGGER.debug("Loading Google Apps private key from [{}] with key algorithm [{}]", privateKeyFactoryBean.getLocation(), privateKeyFactoryBean.getAlgorithm());
        privateKeyFactoryBean.afterPropertiesSet();
        LOGGER.debug("Creating Google Apps private key instance via [{}]", this.privateKeyLocation);
        this.privateKey = (PrivateKey) privateKeyFactoryBean.getObject();
    }

    protected void createGoogleAppsPublicKey() throws Exception {
        if (!isValidConfiguration()) {
            LOGGER.debug("Google Apps public key bean will not be created, because it's not configured");
            return;
        }
        PublicKeyFactoryBean publicKeyFactoryBean = new PublicKeyFactoryBean(this.publicKeyLocation.startsWith("classpath:") ? new ClassPathResource(StringUtils.removeStart(this.publicKeyLocation, "classpath:")) : this.publicKeyLocation.startsWith("file:") ? new FileSystemResource(StringUtils.removeStart(this.publicKeyLocation, "file:")) : new FileSystemResource(this.publicKeyLocation), this.keyAlgorithm);
        LOGGER.debug("Loading Google Apps public key from [{}] with key algorithm [{}]", publicKeyFactoryBean.getResource(), publicKeyFactoryBean.getAlgorithm());
        publicKeyFactoryBean.afterPropertiesSet();
        LOGGER.debug("Creating Google Apps public key instance via [{}]", this.publicKeyLocation);
        this.publicKey = (PublicKey) publicKeyFactoryBean.getObject();
    }

    private boolean isValidConfiguration() {
        return Stream.of((Object[]) new String[]{this.privateKeyLocation, this.publicKeyLocation, this.keyAlgorithm}).anyMatch((v0) -> {
            return StringUtils.isNotBlank(v0);
        });
    }

    @Generated
    public String getPublicKeyLocation() {
        return this.publicKeyLocation;
    }

    @Generated
    public String getPrivateKeyLocation() {
        return this.privateKeyLocation;
    }

    @Generated
    public String getKeyAlgorithm() {
        return this.keyAlgorithm;
    }

    @Generated
    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    @Generated
    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    @Generated
    public GoogleSaml20ObjectBuilder getSamlObjectBuilder() {
        return this.samlObjectBuilder;
    }

    @Generated
    public String getSkewAllowance() {
        return this.skewAllowance;
    }

    @Generated
    public String getCasServerPrefix() {
        return this.casServerPrefix;
    }

    @Generated
    public void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    @Generated
    public void setPublicKey(PublicKey publicKey) {
        this.publicKey = publicKey;
    }

    @Generated
    public void setSamlObjectBuilder(GoogleSaml20ObjectBuilder googleSaml20ObjectBuilder) {
        this.samlObjectBuilder = googleSaml20ObjectBuilder;
    }

    @Generated
    public void setSkewAllowance(String str) {
        this.skewAllowance = str;
    }

    @Generated
    public void setCasServerPrefix(String str) {
        this.casServerPrefix = str;
    }

    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof GoogleAccountsServiceResponseBuilder)) {
            return false;
        }
        GoogleAccountsServiceResponseBuilder googleAccountsServiceResponseBuilder = (GoogleAccountsServiceResponseBuilder) obj;
        if (!googleAccountsServiceResponseBuilder.canEqual(this) || !super/*java.lang.Object*/.equals(obj)) {
            return false;
        }
        String str = this.publicKeyLocation;
        String str2 = googleAccountsServiceResponseBuilder.publicKeyLocation;
        if (str == null) {
            if (str2 != null) {
                return false;
            }
        } else if (!str.equals(str2)) {
            return false;
        }
        String str3 = this.privateKeyLocation;
        String str4 = googleAccountsServiceResponseBuilder.privateKeyLocation;
        if (str3 == null) {
            if (str4 != null) {
                return false;
            }
        } else if (!str3.equals(str4)) {
            return false;
        }
        String str5 = this.keyAlgorithm;
        String str6 = googleAccountsServiceResponseBuilder.keyAlgorithm;
        if (str5 == null) {
            if (str6 != null) {
                return false;
            }
        } else if (!str5.equals(str6)) {
            return false;
        }
        GoogleSaml20ObjectBuilder googleSaml20ObjectBuilder = this.samlObjectBuilder;
        GoogleSaml20ObjectBuilder googleSaml20ObjectBuilder2 = googleAccountsServiceResponseBuilder.samlObjectBuilder;
        if (googleSaml20ObjectBuilder == null) {
            if (googleSaml20ObjectBuilder2 != null) {
                return false;
            }
        } else if (!googleSaml20ObjectBuilder.equals(googleSaml20ObjectBuilder2)) {
            return false;
        }
        String str7 = this.skewAllowance;
        String str8 = googleAccountsServiceResponseBuilder.skewAllowance;
        return str7 == null ? str8 == null : str7.equals(str8);
    }

    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof GoogleAccountsServiceResponseBuilder;
    }

    @Generated
    public int hashCode() {
        int hashCode = super/*java.lang.Object*/.hashCode();
        String str = this.publicKeyLocation;
        int hashCode2 = (hashCode * 59) + (str == null ? 43 : str.hashCode());
        String str2 = this.privateKeyLocation;
        int hashCode3 = (hashCode2 * 59) + (str2 == null ? 43 : str2.hashCode());
        String str3 = this.keyAlgorithm;
        int hashCode4 = (hashCode3 * 59) + (str3 == null ? 43 : str3.hashCode());
        GoogleSaml20ObjectBuilder googleSaml20ObjectBuilder = this.samlObjectBuilder;
        int hashCode5 = (hashCode4 * 59) + (googleSaml20ObjectBuilder == null ? 43 : googleSaml20ObjectBuilder.hashCode());
        String str4 = this.skewAllowance;
        return (hashCode5 * 59) + (str4 == null ? 43 : str4.hashCode());
    }
}
