package pl.edu.icm.unity.saml;

import eu.emi.security.authn.x509.X509Credential;
import eu.unicore.samly2.elements.NameID;
import eu.unicore.samly2.proto.AuthnRequest;
import pl.edu.icm.unity.base.exceptions.InternalException;
import xmlbeans.org.oasis.saml2.protocol.AuthnRequestDocument;
import xmlbeans.org.oasis.saml2.protocol.NameIDPolicyType;

/* loaded from: input_file:pl/edu/icm/unity/saml/SAMLHelper.class */
public class SAMLHelper {
    public static AuthnRequestDocument createSAMLRequest(String str, boolean z, String str2, String str3, String str4, boolean z2, X509Credential x509Credential) throws InternalException {
        AuthnRequest authnRequest = new AuthnRequest(new NameID(str2, "urn:oasis:names:tc:SAML:2.0:nameid-format:entity").getXBean());
        if (str4 != null) {
            authnRequest.setFormat(str4);
        }
        if (z2) {
            NameIDPolicyType nameIDPolicy = authnRequest.getXMLBean().getNameIDPolicy();
            if (nameIDPolicy == null) {
                nameIDPolicy = authnRequest.getXMLBean().addNewNameIDPolicy();
            }
            nameIDPolicy.setAllowCreate(true);
        }
        if (str3 != null) {
            authnRequest.getXMLBean().setDestination(str3);
        }
        authnRequest.getXMLBean().setAssertionConsumerServiceURL(str);
        if (z) {
            try {
                authnRequest.sign(x509Credential.getKey(), x509Credential.getCertificateChain());
            } catch (Exception e) {
                throw new InternalException("Can't sign request", e);
            }
        }
        return authnRequest.getXMLBeanDoc();
    }
}
