package se.litsec.opensaml.saml2.common.request;

import java.util.function.Predicate;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.litsec.opensaml.saml2.authentication.build.ExtendedAuthnRequestBuilder;
import se.litsec.opensaml.saml2.common.request.RequestGeneratorInput;

/* loaded from: input_file:se/litsec/opensaml/saml2/common/request/AbstractAuthnRequestGenerator.class */
public abstract class AbstractAuthnRequestGenerator<I extends RequestGeneratorInput> extends AbstractRequestGenerator<AuthnRequest, I> implements AuthnRequestGenerator<I> {
    private final Logger log;
    protected static Predicate<String> isValidBinding = str -> {
        return "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST".equals(str) || ExtendedAuthnRequestBuilder.DEFAULT_REQUEST_BINDING.equals(str);
    };
    protected static Predicate<SingleSignOnService> hasSupportedBinding = singleSignOnService -> {
        return isValidBinding.test(singleSignOnService.getBinding());
    };

    public AbstractAuthnRequestGenerator(String str) {
        super(str);
        this.log = LoggerFactory.getLogger(AbstractAuthnRequestGenerator.class);
    }

    protected SingleSignOnService getSingleSignOnService(EntityDescriptor entityDescriptor, RequestGeneratorInput requestGeneratorInput) throws RequestGenerationException {
        String preferredBinding = requestGeneratorInput.getPreferredBinding() != null ? requestGeneratorInput.getPreferredBinding() : getDefaultBinding();
        IDPSSODescriptor iDPSSODescriptor = entityDescriptor.getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
        if (iDPSSODescriptor == null) {
            throw new RequestGenerationException("Invalid IdP metadata - missing IDPSSODescriptor");
        }
        SingleSignOnService singleSignOnService = (SingleSignOnService) iDPSSODescriptor.getSingleSignOnServices().stream().filter(singleSignOnService2 -> {
            return preferredBinding.equals(singleSignOnService2.getBinding());
        }).findFirst().orElse(null);
        if (singleSignOnService == null) {
            singleSignOnService = (SingleSignOnService) iDPSSODescriptor.getSingleSignOnServices().stream().filter(hasSupportedBinding).findFirst().orElse(null);
        }
        if (singleSignOnService != null) {
            return singleSignOnService;
        }
        String format = String.format("IdP '%s' does not specify endpoints for POST or Redirect - cannot send request", entityDescriptor.getEntityID());
        this.log.error(format);
        throw new RequestGenerationException(format);
    }
}
