package com.alfaariss.oa.authentication.remote.saml2.profile;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.UserEvent;
import com.alfaariss.oa.api.attribute.IAttributes;
import com.alfaariss.oa.api.attribute.ISessionAttributes;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.idmapper.IIDMapper;
import com.alfaariss.oa.api.session.ISession;
import com.alfaariss.oa.authentication.remote.saml2.SAML2AuthNConstants;
import com.alfaariss.oa.authentication.remote.saml2.beans.SAMLRemoteUser;
import com.alfaariss.oa.engine.core.Engine;
import com.alfaariss.oa.engine.core.attribute.UserAttributes;
import com.alfaariss.oa.engine.core.crypto.CryptoManager;
import com.alfaariss.oa.engine.core.idp.storage.IIDPStorage;
import com.alfaariss.oa.engine.core.requestor.factory.IRequestorPoolFactory;
import com.alfaariss.oa.engine.user.provisioning.translator.standard.StandardProfile;
import com.alfaariss.oa.util.saml2.SAML2ConditionsWindow;
import com.alfaariss.oa.util.saml2.crypto.SAML2CryptoUtils;
import com.alfaariss.oa.util.saml2.idp.SAML2IDP;
import com.alfaariss.oa.util.saml2.proxy.ProxyAttributes;
import com.alfaariss.oa.util.saml2.proxy.SAML2IDPEntry;
import java.security.NoSuchAlgorithmException;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.asimba.authentication.remote.provisioning.saml2.AssertionUserStorage;
import org.asimba.util.saml2.assertion.SAML2TimestampWindow;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.impl.SAMLObjectContentReference;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.Audience;
import org.opensaml.saml2.core.AudienceRestriction;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Conditions;
import org.opensaml.saml2.core.GetComplete;
import org.opensaml.saml2.core.IDPEntry;
import org.opensaml.saml2.core.IDPList;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.ProxyRestriction;
import org.opensaml.saml2.core.RequesterID;
import org.opensaml.saml2.core.Scoping;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml2.core.impl.NameIDBuilder;
import org.opensaml.saml2.core.impl.RequesterIDBuilder;
import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.NameIDFormat;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.schema.XSAny;
import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.security.SecurityConfiguration;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.util.XMLHelper;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/authentication/remote/saml2/profile/AbstractAuthNMethodSAML2Profile.class */
public abstract class AbstractAuthNMethodSAML2Profile implements IAuthNMethodSAML2Profile {
    protected String _sMethodID;
    protected String _sLinkedIDPProfile;
    protected boolean _signingEnabled;
    protected IIDPStorage _organizationStorage;
    protected SAML2ConditionsWindow _conditionsWindow;
    protected SAML2TimestampWindow _oAuthnInstantWindow;
    protected String _sMyOrganizationID;
    protected IRequestorPoolFactory _requestorPoolFactory;
    protected boolean _bCompatible;
    protected StandardProfile _oRemoteSAMLUserProvisioningProfile;
    static final /* synthetic */ boolean $assertionsDisabled;
    private Log _logger = LogFactory.getLog(AbstractAuthNMethodSAML2Profile.class);
    protected IConfigurationManager _oConfigManager = null;
    protected CryptoManager _crypto = null;
    protected EntityDescriptor _entityDescriptor = null;
    protected XMLObjectBuilderFactory _builderFactory = Configuration.getBuilderFactory();
    protected IIDMapper _idMapper = null;

    @Override // com.alfaariss.oa.authentication.remote.saml2.profile.IAuthNMethodSAML2Profile
    public void init(IConfigurationManager iConfigurationManager, Element element, EntityDescriptor entityDescriptor, IIDMapper iIDMapper, IIDPStorage iIDPStorage, String str, String str2, SAML2ConditionsWindow sAML2ConditionsWindow, SAML2TimestampWindow sAML2TimestampWindow, StandardProfile standardProfile) throws OAException {
        this._oConfigManager = iConfigurationManager;
        Engine engine = Engine.getInstance();
        this._crypto = engine.getCryptoManager();
        this._entityDescriptor = entityDescriptor;
        this._idMapper = iIDMapper;
        this._organizationStorage = iIDPStorage;
        this._sMethodID = str;
        this._sLinkedIDPProfile = str2;
        this._conditionsWindow = sAML2ConditionsWindow;
        this._oAuthnInstantWindow = sAML2TimestampWindow;
        this._sMyOrganizationID = engine.getServer().getOrganization().getID();
        this._requestorPoolFactory = engine.getRequestorPoolFactory();
        this._oRemoteSAMLUserProvisioningProfile = standardProfile;
        try {
            this._signingEnabled = false;
            SAML2CryptoUtils.retrieveMySigningCredentials(this._crypto, this._entityDescriptor.getEntityID());
            SAML2CryptoUtils.getXMLSignatureURI(this._crypto);
            SAML2CryptoUtils.getXMLDigestMethodURI(this._crypto.getMessageDigest());
            this._signingEnabled = true;
            this._logger.info("Signing enabled");
        } catch (OAException e) {
            this._logger.info("Signing disabled");
        }
    }

    @Override // com.alfaariss.oa.authentication.remote.saml2.profile.IAuthNMethodSAML2Profile
    public void destroy() {
    }

    protected boolean checkConfirmations(List<SubjectConfirmation> list) {
        if (list == null) {
            return true;
        }
        Iterator<SubjectConfirmation> it = list.iterator();
        while (it.hasNext()) {
            SubjectConfirmationData subjectConfirmationData = it.next().getSubjectConfirmationData();
            if (subjectConfirmationData != null) {
                if (!(((subjectConfirmationData.getNotBefore() == null || subjectConfirmationData.getNotBefore().isBeforeNow()) && (subjectConfirmationData.getNotOnOrAfter() == null || subjectConfirmationData.getNotOnOrAfter().isAfterNow())) && (subjectConfirmationData.getNotOnOrAfter() == null || !subjectConfirmationData.getNotOnOrAfter().isEqualNow()))) {
                    return false;
                }
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SAMLRemoteUser createUserFromAssertion(Assertion assertion, String str, String str2) throws OAException {
        String uid;
        Subject subject = assertion.getSubject();
        NameID nameID = subject.getNameID();
        if (nameID == null) {
            this._logger.warn("No NameID in Subject when trying to establish User from Assertion");
            return null;
        }
        if (nameID == null || (uid = getUID(nameID)) == null) {
            return null;
        }
        String format = nameID.getFormat();
        if (format == null) {
            format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
        }
        String nameQualifier = nameID.getNameQualifier();
        String sPNameQualifier = nameID.getSPNameQualifier();
        String str3 = nameQualifier;
        if (str3 == null) {
            str3 = (sPNameQualifier == null || this._entityDescriptor.getEntityID().equals(sPNameQualifier)) ? str2 : sPNameQualifier;
        }
        if (checkConfirmations(subject.getSubjectConfirmations())) {
            return this._oRemoteSAMLUserProvisioningProfile == null ? new SAMLRemoteUser(str3, uid, str, format, nameQualifier, sPNameQualifier, str2) : new SAMLRemoteUser(this._oRemoteSAMLUserProvisioningProfile.getUser(new AssertionUserStorage(assertion), str3, uid), str, format, nameQualifier, sPNameQualifier, str2);
        }
        this._logger.debug("Subject Confirmation data time stamp(s) incorrect");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkAuthNStatement(AuthnStatement authnStatement) {
        if (this._oAuthnInstantWindow.canAccept(authnStatement.getAuthnInstant())) {
            return true;
        }
        this._logger.debug("AuthN statement check failed: issue instant not in acceptable window.");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserEvent getStatus(Status status, SAML2IDP saml2idp) {
        StatusCode statusCode = status == null ? null : status.getStatusCode();
        String value = statusCode == null ? null : statusCode.getValue();
        if ("urn:oasis:names:tc:SAML:2.0:status:Success".equals(value)) {
            return UserEvent.AUTHN_METHOD_SUCCESSFUL;
        }
        StringBuffer stringBuffer = new StringBuffer("Status code isn't '");
        stringBuffer.append("urn:oasis:names:tc:SAML:2.0:status:Success");
        stringBuffer.append("' but is: ");
        stringBuffer.append(value);
        this._logger.debug(stringBuffer.toString());
        return UserEvent.AUTHN_METHOD_FAILED;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean doConditions(Conditions conditions) {
        if (!this._conditionsWindow.canAccept(conditions.getNotBefore(), conditions.getNotOnOrAfter())) {
            return false;
        }
        boolean z = false;
        List audienceRestrictions = conditions.getAudienceRestrictions();
        if (audienceRestrictions == null || audienceRestrictions.size() == 0) {
            z = true;
        } else {
            Iterator it = audienceRestrictions.iterator();
            while (it.hasNext()) {
                List audiences = ((AudienceRestriction) it.next()).getAudiences();
                if (audiences != null) {
                    Iterator it2 = audiences.iterator();
                    while (true) {
                        if (!it2.hasNext()) {
                            break;
                        }
                        String audienceURI = ((Audience) it2.next()).getAudienceURI();
                        if (!audienceURI.endsWith("/")) {
                            audienceURI = audienceURI + "/";
                        }
                        if (audienceURI.startsWith(this._entityDescriptor.getEntityID())) {
                            z = true;
                            break;
                        }
                    }
                }
                if (z) {
                    break;
                }
            }
        }
        if (!z) {
            this._logger.debug("Message error: Audience restriction prohibited use of assertion");
        }
        return z;
    }

    protected void setProxyRestrictions(ProxyRestriction proxyRestriction) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public IAttributes getAttributeMap(List<AttributeStatement> list) {
        if (list == null || list.isEmpty()) {
            return null;
        }
        UserAttributes userAttributes = new UserAttributes();
        Iterator<AttributeStatement> it = list.iterator();
        while (it.hasNext()) {
            for (Attribute attribute : it.next().getAttributes()) {
                XMLObject xMLObject = (XMLObject) attribute.getAttributeValues().get(0);
                String str = null;
                if (xMLObject instanceof XSString) {
                    str = ((XSString) attribute.getAttributeValues().get(0)).getValue();
                } else if (xMLObject instanceof XSAny) {
                    str = ((XSAny) attribute.getAttributeValues().get(0)).getTextContent();
                } else {
                    this._logger.debug("Unrecognized type of attribute (skipped): " + xMLObject.getClass().getName());
                }
                if (userAttributes.contains(attribute.getName())) {
                    this._logger.debug("Duplicate name for attribute (skipped): " + attribute.getName());
                } else if (str == null) {
                    this._logger.debug("No content for the value of " + attribute.getName() + " (" + str + "), ignoring.");
                } else {
                    this._logger.debug("Adding attribute to map: " + attribute.getName());
                    if (this._bCompatible) {
                        String nameFormat = attribute.getNameFormat();
                        if (nameFormat != null && nameFormat.equals("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified")) {
                            nameFormat = null;
                        }
                        userAttributes.put(attribute.getName(), nameFormat, str);
                    } else {
                        userAttributes.put(attribute.getName(), str);
                    }
                }
            }
        }
        return userAttributes;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public IAttributes mapAttributes(IAttributes iAttributes, IAttributes iAttributes2, Hashtable<String, String> hashtable) {
        Enumeration names = iAttributes.getNames();
        while (names.hasMoreElements()) {
            String str = (String) names.nextElement();
            Object obj = iAttributes.get(str);
            String str2 = hashtable.get(str);
            if (str2 != null) {
                str = str2;
            }
            if (this._bCompatible) {
                String format = iAttributes.getFormat(str);
                if (format != null && format.equals("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified")) {
                    format = null;
                }
                iAttributes2.put(str, format, obj);
            } else {
                iAttributes2.put(str, obj);
            }
        }
        return iAttributes2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void signSAMLObject(SignableSAMLObject signableSAMLObject) throws OAException {
        try {
            Signature buildObject = Configuration.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME).buildObject(Signature.DEFAULT_ELEMENT_NAME);
            buildObject.setSignatureAlgorithm(SAML2CryptoUtils.getXMLSignatureURI(this._crypto));
            X509Credential retrieveMySigningCredentials = SAML2CryptoUtils.retrieveMySigningCredentials(this._crypto, this._entityDescriptor.getEntityID());
            buildObject.setSigningCredential(retrieveMySigningCredentials);
            SecurityHelper.prepareSignatureParams(buildObject, retrieveMySigningCredentials, (SecurityConfiguration) null, (String) null);
            signableSAMLObject.setSignature(buildObject);
            ((SAMLObjectContentReference) buildObject.getContentReferences().get(0)).setDigestAlgorithm(SAML2CryptoUtils.getXMLDigestMethodURI(this._crypto.getMessageDigest()));
            Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(signableSAMLObject);
            if (marshaller == null) {
                this._logger.error("No marshaller registered for " + signableSAMLObject.getElementQName() + ", unable to marshall assertion");
                throw new OAException(1);
            }
            if (signableSAMLObject.getDOM() == null) {
                marshaller.marshall(signableSAMLObject);
            }
            Signer.signObject(buildObject);
        } catch (MarshallingException e) {
            this._logger.warn("Marshalling error while signing object", e);
            throw new OAException(1);
        } catch (Exception e2) {
            this._logger.error("Could not sign object", e2);
            throw new OAException(1);
        } catch (OAException e3) {
            throw e3;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SAMLMessageContext<SignableSAMLObject, SignableSAMLObject, SAMLObject> createEncodingContext(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpServletRequestAdapter httpServletRequestAdapter = new HttpServletRequestAdapter(httpServletRequest);
        HttpServletResponseAdapter httpServletResponseAdapter = new HttpServletResponseAdapter(httpServletResponse, httpServletRequest.isSecure());
        BasicSAMLMessageContext basicSAMLMessageContext = new BasicSAMLMessageContext();
        basicSAMLMessageContext.setInboundMessageTransport(httpServletRequestAdapter);
        basicSAMLMessageContext.setOutboundMessageTransport(httpServletResponseAdapter);
        return basicSAMLMessageContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Endpoint buildMetadataEndpoint(QName qName, String str, String str2, String str3) {
        Endpoint buildObject = Configuration.getBuilderFactory().getBuilder(qName).buildObject(qName);
        buildObject.setLocation(str2);
        buildObject.setBinding(str);
        if (str3 != null) {
            buildObject.setResponseLocation(str3);
        }
        return buildObject;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Issuer buildIssuer() {
        Issuer buildObject = Configuration.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setValue(this._entityDescriptor.getEntityID());
        return buildObject;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public NameIDPolicy buildNameIDPolicy(ISession iSession, IDPSSODescriptor iDPSSODescriptor, Boolean bool, String str) {
        List nameIDFormats;
        NameIDPolicy nameIDPolicy = null;
        String str2 = null;
        if (str != null) {
            str2 = str;
        } else if (iDPSSODescriptor != null && (nameIDFormats = iDPSSODescriptor.getNameIDFormats()) != null && !nameIDFormats.isEmpty()) {
            str2 = ((NameIDFormat) nameIDFormats.get(0)).getFormat();
            this._logger.debug("Using first NameIDFormat from IdP metadata: " + str2);
        }
        if (str2 != null) {
            nameIDPolicy = Configuration.getBuilderFactory().getBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME).buildObject();
            nameIDPolicy.setFormat(str2);
            Boolean bool2 = (Boolean) iSession.getAttributes().get(ProxyAttributes.class, "AllowCreate");
            if (bool2 != null) {
                nameIDPolicy.setAllowCreate(bool2);
            } else if (bool != null) {
                nameIDPolicy.setAllowCreate(bool);
            }
        }
        return nameIDPolicy;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public NameID buildNameID(String str, String str2, String str3) {
        NameIDBuilder builder = Configuration.getBuilderFactory().getBuilder(NameID.DEFAULT_ELEMENT_NAME);
        if (this._idMapper != null) {
            try {
                String map = this._idMapper.map(str);
                if (map != null) {
                    str = map;
                }
            } catch (OAException e) {
                this._logger.debug("Could not map OA UID to ext. ID");
                return null;
            }
        }
        NameID buildObject = builder.buildObject();
        buildObject.setValue(str);
        if (str2 != null) {
            buildObject.setFormat(str2);
        }
        if (str3 != null) {
            buildObject.setNameQualifier(str3);
        }
        return buildObject;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject buildSubject(String str, String str2, String str3, boolean z) {
        Subject buildObject = Configuration.getBuilderFactory().getBuilder(Subject.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setNameID(buildNameID(str, str2, str3));
        if (z) {
            this._logger.debug("Skipping '" + SubjectConfirmation.DEFAULT_ELEMENT_NAME.getLocalPart() + "' in " + Subject.DEFAULT_ELEMENT_NAME.getLocalPart());
        } else {
            SubjectConfirmation buildObject2 = Configuration.getBuilderFactory().getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject2.setSubjectConfirmationData(Configuration.getBuilderFactory().getBuilder(SubjectConfirmationData.DEFAULT_ELEMENT_NAME).buildObject());
            buildObject2.setMethod("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
            buildObject.getSubjectConfirmations().add(buildObject2);
        }
        return buildObject;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Scoping buildScoping(ISessionAttributes iSessionAttributes, String str) {
        Scoping buildObject = Configuration.getBuilderFactory().getBuilder(Scoping.DEFAULT_ELEMENT_NAME).buildObject();
        Integer num = (Integer) iSessionAttributes.get(ProxyAttributes.class, "ProxyCount");
        if (num != null) {
            buildObject.setProxyCount(Integer.valueOf(num.intValue() - 1));
        }
        List<SAML2IDPEntry> list = (List) iSessionAttributes.get(ProxyAttributes.class, "IDPList");
        String str2 = (String) iSessionAttributes.get(ProxyAttributes.class, "IDPList_GetComplete");
        if (list != null || str2 != null) {
            buildObject.setIDPList(buildIDPList(list, str2));
        }
        RequesterIDBuilder builder = Configuration.getBuilderFactory().getBuilder(RequesterID.DEFAULT_ELEMENT_NAME);
        List<String> list2 = (List) iSessionAttributes.get(ProxyAttributes.class, "RequestorIDs");
        if (list2 != null) {
            for (String str3 : list2) {
                RequesterID buildObject2 = builder.buildObject();
                buildObject2.setRequesterID(str3);
                buildObject.getRequesterIDs().add(buildObject2);
            }
        }
        RequesterID buildObject3 = builder.buildObject();
        buildObject3.setRequesterID(str);
        buildObject.getRequesterIDs().add(buildObject3);
        return buildObject;
    }

    protected IDPList buildIDPList(List<SAML2IDPEntry> list, String str) {
        IDPList buildObject = Configuration.getBuilderFactory().getBuilder(IDPList.DEFAULT_ELEMENT_NAME).buildObject();
        if (list != null) {
            Iterator<SAML2IDPEntry> it = list.iterator();
            while (it.hasNext()) {
                buildObject.getIDPEntrys().add(buildIDPEntry(it.next()));
            }
        }
        if (str != null) {
            GetComplete buildObject2 = Configuration.getBuilderFactory().getBuilder(GetComplete.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject2.setGetComplete(str);
            buildObject.setGetComplete(buildObject2);
        }
        return buildObject;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void logXML(XMLObject xMLObject) {
        Marshaller marshaller;
        if (!$assertionsDisabled && !this._logger.isDebugEnabled()) {
            throw new AssertionError("Logger debug state not checked");
        }
        Element dom = xMLObject.getDOM();
        if (dom == null && (marshaller = Configuration.getMarshallerFactory().getMarshaller(xMLObject)) != null) {
            try {
                dom = marshaller.marshall(xMLObject);
            } catch (MarshallingException e) {
                this._logger.debug("Could not prettyPrint XML object", e);
            }
        }
        if (dom != null) {
            this._logger.debug(XMLHelper.prettyPrintXML(dom));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public IDPSSODescriptor getIdPDescriptor(SAML2IDP saml2idp) {
        IDPSSODescriptor iDPSSODescriptor = null;
        try {
            MetadataProvider metadataProvider = saml2idp.getMetadataProvider();
            if (metadataProvider != null) {
                iDPSSODescriptor = (IDPSSODescriptor) metadataProvider.getRole(saml2idp.getID(), IDPSSODescriptor.DEFAULT_ELEMENT_NAME, "urn:oasis:names:tc:SAML:2.0:protocol");
            }
        } catch (Exception e) {
            this._logger.debug("Could not retrieve metadata for requestor " + saml2idp.getID(), e);
        }
        if (iDPSSODescriptor == null) {
            this._logger.debug("Could not retrieve metadata (IDP Role) for IdP with ID: " + saml2idp.getID());
        }
        return iDPSSODescriptor;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String generateRequestID(String str, ISessionAttributes iSessionAttributes) throws MessageEncodingException {
        try {
            String generateIdentifier = new SecureRandomIdentifierGenerator().generateIdentifier(16);
            if (iSessionAttributes != null) {
                iSessionAttributes.put(SAML2AuthNConstants.class, SAML2AuthNConstants.AUTHNREQUEST_ID_PREFIX, generateIdentifier);
            }
            return generateIdentifier + str;
        } catch (NoSuchAlgorithmException e) {
            this._logger.error("Could not generate ID for logout request");
            throw new MessageEncodingException("Could not generate ID for logout request", e);
        }
    }

    private IDPEntry buildIDPEntry(SAML2IDPEntry sAML2IDPEntry) {
        IDPEntry buildObject = Configuration.getBuilderFactory().getBuilder(IDPEntry.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setLoc(sAML2IDPEntry.getLoc());
        buildObject.setName(sAML2IDPEntry.getName());
        buildObject.setProviderID(sAML2IDPEntry.getProviderID());
        return buildObject;
    }

    private String getUID(NameID nameID) {
        if (nameID == null) {
            this._logger.debug("Message error: Subject NameID not found");
            return null;
        }
        String value = nameID.getValue();
        if (value == null) {
            value = nameID.getSPProvidedID();
        }
        if (this._idMapper != null) {
            try {
                String remap = this._idMapper.remap(value);
                if (remap != null) {
                    value = remap;
                }
            } catch (OAException e) {
                this._logger.debug("Could not remap ext. ID to OA UID");
                return null;
            }
        }
        return value;
    }

    static {
        $assertionsDisabled = !AbstractAuthNMethodSAML2Profile.class.desiredAssertionStatus();
    }
}
