package se.litsec.opensaml.saml2.common.request;

import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Random;
import org.opensaml.messaging.encoder.MessageEncodingException;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
import se.litsec.opensaml.saml2.authentication.build.ExtendedAuthnRequestBuilder;
import se.litsec.opensaml.saml2.common.request.RequestGeneratorInput;
import se.litsec.opensaml.saml2.metadata.PeerMetadataResolver;

/* loaded from: input_file:se/litsec/opensaml/saml2/common/request/AbstractRequestGenerator.class */
public abstract class AbstractRequestGenerator<T extends RequestAbstractType, I extends RequestGeneratorInput> implements RequestGenerator<T, I>, InitializingBean {
    private String entityID;
    private String name;
    private X509Credential signingCredentials;
    private final Logger log = LoggerFactory.getLogger(AbstractRequestGenerator.class);
    private Random randomizer = new SecureRandom(String.valueOf(System.currentTimeMillis()).getBytes());

    public AbstractRequestGenerator(String str) {
        this.entityID = str;
        if (this.entityID == null || this.entityID.trim().isEmpty()) {
            throw new IllegalArgumentException("entityID must not be null or empty");
        }
    }

    protected EntityDescriptor getPeerMetadata(RequestGeneratorInput requestGeneratorInput, PeerMetadataResolver peerMetadataResolver) throws RequestGenerationException {
        EntityDescriptor metadata = peerMetadataResolver.getMetadata(requestGeneratorInput.getPeerEntityID());
        if (metadata == null) {
            throw new RequestGenerationException("No metadata available for " + requestGeneratorInput.getPeerEntityID());
        }
        return metadata;
    }

    protected RequestHttpObject<T> buildRequestHttpObject(T t, I i, String str, String str2) throws RequestGenerationException {
        X509Credential overrideSigningCredential = i.getOverrideSigningCredential();
        if (overrideSigningCredential == null) {
            overrideSigningCredential = getSigningCredentials();
        }
        try {
            if (ExtendedAuthnRequestBuilder.DEFAULT_REQUEST_BINDING.equals(str)) {
                return new RedirectRequestHttpObject(t, i.getRelayState(), overrideSigningCredential, str2);
            }
            if ("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST".equals(str)) {
                return new PostRequestHttpObject(t, i.getRelayState(), overrideSigningCredential, str2);
            }
            throw new RequestGenerationException("Unsupported binding: " + str);
        } catch (MessageEncodingException | SignatureException e) {
            this.log.error("Failed to encode/sign request for transport", e);
            throw new RequestGenerationException("Failed to encode/sign request for transport");
        }
    }

    protected String generateID() {
        return "_" + new BigInteger(128, this.randomizer).toString(16);
    }

    protected X509Credential getSigningCredentials() {
        return this.signingCredentials;
    }

    protected Random getRandomizer() {
        return this.randomizer;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract String getDefaultBinding();

    @Override // se.litsec.opensaml.saml2.common.request.RequestGenerator
    public String getEntityID() {
        return this.entityID;
    }

    @Override // se.litsec.opensaml.saml2.common.request.RequestGenerator
    public String getName() {
        return this.name;
    }

    public void setName(String str) {
        this.name = str;
    }

    public void setSigningCredentials(X509Credential x509Credential) {
        this.signingCredentials = x509Credential;
    }

    public void afterPropertiesSet() throws Exception {
        Assert.hasText(this.name, "Property 'name' must be assigned");
        if (this.signingCredentials == null) {
            this.log.warn("No signature credentials assigned - signing will not be possible");
        }
    }
}
