package com.adobe.granite.auth.saml.util;

import com.adobe.granite.auth.saml.model.AbstractRequest;
import com.adobe.granite.auth.saml.model.AuthnRequest;
import com.adobe.granite.auth.saml.model.Issuer;
import com.adobe.granite.auth.saml.model.Message;
import com.adobe.granite.auth.saml.model.NameIdPolicy;
import com.adobe.granite.auth.saml.model.xml.SamlXmlConstants;
import java.io.OutputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.LinkedList;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:com/adobe/granite/auth/saml/util/SamlWriter.class */
public class SamlWriter {
    private static final String DIGEST_METHOD = "http://www.w3.org/2001/04/xmlenc#sha256";
    private static final String SIGNATURE_METHOD = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    private DocumentBuilderFactory builderFactory = DocumentBuilderFactory.newInstance();

    public SamlWriter() {
        this.builderFactory.setNamespaceAware(true);
    }

    public void write(Message message, OutputStream outputStream, Key key) throws SamlWriterException {
        if (!(message instanceof AuthnRequest)) {
            throw new RuntimeException("Messages of type " + message.getClass().getName() + " are not supported yet.");
        }
        Document createRequestDocument = createRequestDocument((AuthnRequest) message, key);
        try {
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            newTransformer.setOutputProperty("indent", "no");
            try {
                newTransformer.transform(new DOMSource(createRequestDocument), new StreamResult(outputStream));
            } catch (TransformerException e) {
                throw new SamlWriterException("An error occurred writing xml to output stream", e);
            }
        } catch (TransformerConfigurationException e2) {
            throw new SamlWriterException("Unable to create a new Transformer instance", e2);
        }
    }

    protected Document createRequestDocument(AuthnRequest authnRequest, Key key) throws SamlWriterException {
        try {
            Document newDocument = this.builderFactory.newDocumentBuilder().newDocument();
            createAuthnRequestElement(authnRequest, newDocument, key);
            return newDocument;
        } catch (ParserConfigurationException e) {
            throw new RuntimeException(e);
        }
    }

    protected void createAuthnRequestElement(AuthnRequest authnRequest, Node node, Key key) throws SamlWriterException {
        Document ownerDocument = node instanceof Document ? (Document) node : node.getOwnerDocument();
        Element createElementNS = ownerDocument.createElementNS(SamlXmlConstants.SAML_PROTOCOL_NAMESPACE, "samlp:AuthnRequest");
        createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:samlp", SamlXmlConstants.SAML_PROTOCOL_NAMESPACE);
        node.appendChild(createElementNS);
        handleAbstractRequest(createElementNS, authnRequest);
        if (authnRequest.hasAssertionConsumerServiceURL()) {
            createElementNS.setAttribute(SamlXmlConstants.ASSERTION_CONSUMER_SERVICE_URL_ATTR, authnRequest.getAssertionConsumerServiceUrl());
        } else if (authnRequest.hasAssertionConsumerServiceIndex()) {
            createElementNS.setAttribute(SamlXmlConstants.ASSERTION_CONSUMER_SERVICE_INDEX_ATTR, authnRequest.getAssertionConsumerServiceIndex());
        }
        if (authnRequest.hasProtocolBinding()) {
            createElementNS.setAttribute(SamlXmlConstants.PROTOCOL_BINDING_ATTR, authnRequest.getProtocolBinding());
        }
        if (authnRequest.hasIssuer()) {
            createIssuerElement(authnRequest.getIssuer(), createElementNS);
        }
        Node node2 = null;
        if (authnRequest.hasNameIdPolicy()) {
            node2 = createNameIdPolicyElement(authnRequest.getNameIdPolicy(), createElementNS);
        }
        if (key != null) {
            DOMSignContext dOMSignContext = new DOMSignContext(key, ownerDocument.getDocumentElement(), node2);
            XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
            try {
                LinkedList linkedList = new LinkedList();
                linkedList.add(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null));
                linkedList.add(xMLSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null));
                xMLSignatureFactory.newXMLSignature(xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod(SIGNATURE_METHOD, (SignatureMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newReference("#" + authnRequest.getId(), xMLSignatureFactory.newDigestMethod(DIGEST_METHOD, (DigestMethodParameterSpec) null), linkedList, (String) null, (String) null))), (KeyInfo) null).sign(dOMSignContext);
            } catch (MarshalException e) {
                throw new SamlWriterException("MarshalException while signing authentication request.", e);
            } catch (XMLSignatureException e2) {
                throw new SamlWriterException("XMLSignature exception while signing authentication request.", e2);
            } catch (InvalidAlgorithmParameterException e3) {
                throw new SamlWriterException("Invalid parameter for signature algorithm.", e3);
            } catch (NoSuchAlgorithmException e4) {
                throw new SamlWriterException("Signature Algorithm not available.", e4);
            }
        }
    }

    protected void createIssuerElement(Issuer issuer, Node node) {
        Element createElementNS = node.getOwnerDocument().createElementNS(SamlXmlConstants.SAML_ASSERTION_NAMESPACE, "saml:Issuer");
        createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:saml", SamlXmlConstants.SAML_ASSERTION_NAMESPACE);
        node.appendChild(createElementNS);
        createElementNS.setTextContent(issuer.getValue());
    }

    protected Node createNameIdPolicyElement(NameIdPolicy nameIdPolicy, Node node) {
        Element createElementNS = node.getOwnerDocument().createElementNS(SamlXmlConstants.SAML_PROTOCOL_NAMESPACE, "samlp:NameIDPolicy");
        createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:samlp", SamlXmlConstants.SAML_PROTOCOL_NAMESPACE);
        if (nameIdPolicy.hasFormat()) {
            createElementNS.setAttribute(SamlXmlConstants.FORMAT_ATTR, nameIdPolicy.getFormat());
        }
        if (nameIdPolicy.hasAllowCreate()) {
            createElementNS.setAttribute(SamlXmlConstants.ALLOW_CREATE_ATTR, Boolean.toString(nameIdPolicy.isAllowCreate()));
        }
        if (nameIdPolicy.hasSpNameQualifier()) {
            createElementNS.setAttribute(SamlXmlConstants.SP_NAME_QUALIFIER_ATTR, nameIdPolicy.getSpNameQualifier());
        }
        node.appendChild(createElementNS);
        return createElementNS;
    }

    protected void handleAbstractRequest(Element element, AbstractRequest abstractRequest) {
        element.setAttribute("Version", abstractRequest.getVersion());
        element.setAttribute("ID", abstractRequest.getId());
        element.setAttribute(SamlXmlConstants.ISSUE_INSTANT_ATTR, SamlXmlConstants.XML_DATE_FORMATTER.print(abstractRequest.getIssueInstant().getTimeInMillis()));
        if (abstractRequest.hasConsent()) {
            element.setAttribute(SamlXmlConstants.CONSENT_ATTR, abstractRequest.getConsent());
        }
        if (abstractRequest.hasDestination()) {
            element.setAttribute("Destination", abstractRequest.getDestination());
        }
    }
}
