package com.cloudseal.client.saml2;

import java.io.ByteArrayInputStream;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.KeyStore;
import java.security.Signature;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.TimeZone;
import java.util.zip.Deflater;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:com/cloudseal/client/saml2/SamlBuilderImpl.class */
public class SamlBuilderImpl implements SamlBuilder {
    private static Logger logger = Logger.getLogger(SamlBuilderImpl.class);
    public static final String SAML_NAMESPACE = "urn:oasis:names:tc:SAML:2.0:assertion";
    public static final String SAML_PROTOCOL_NAMESPACE = "urn:oasis:names:tc:SAML:2.0:protocol";
    public static final String TRANSIENT_NAME_ID_POLICY = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient";
    public static final String RSA_SIGNATURE_ALGORITHM = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    public static final String DSA_SIGNATURE_ALGORITHM = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
    public static final String REPLY_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
    private TransformerFactory transformerFactory;
    private String providerName = null;
    private KeyStore.PrivateKeyEntry privateKey = null;
    private String sigAlg;
    private String acsPath;

    @Override // com.cloudseal.client.saml2.SamlBuilder
    public synchronized void init(SamlConfig samlConfig) throws Exception {
        if (logger.isDebugEnabled()) {
            logger.debug("Initializing " + SamlBuilderImpl.class.getSimpleName());
        }
        this.transformerFactory = TransformerFactory.newInstance();
        this.providerName = samlConfig.getProviderName();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(samlConfig.getKeystore());
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(byteArrayInputStream, samlConfig.getKeystorePassword().toCharArray());
                this.privateKey = (KeyStore.PrivateKeyEntry) keyStore.getEntry(samlConfig.getKeyName(), new KeyStore.PasswordProtection(samlConfig.getKeyPassword().toCharArray()));
                if (this.privateKey == null) {
                    throw new MissingKeyException("Unable to find key named " + samlConfig.getKeyName() + " in keystore");
                }
                this.privateKey.getPrivateKey();
                String algorithm = this.privateKey.getPrivateKey().getAlgorithm();
                if ("RSA".equals(algorithm)) {
                    this.sigAlg = RSA_SIGNATURE_ALGORITHM;
                } else {
                    if (!"DSA".equals(algorithm)) {
                        throw new Exception("Unsupported key algorithm: " + algorithm);
                    }
                    this.sigAlg = DSA_SIGNATURE_ALGORITHM;
                }
                if (byteArrayInputStream != null) {
                    byteArrayInputStream.close();
                }
            } catch (Exception e) {
                e.printStackTrace();
                if (byteArrayInputStream != null) {
                    byteArrayInputStream.close();
                }
            }
        } catch (Throwable th) {
            if (byteArrayInputStream != null) {
                byteArrayInputStream.close();
            }
            throw th;
        }
    }

    @Override // com.cloudseal.client.saml2.SamlBuilder
    public String generateSamlAuthRequest(String str, String str2, String str3, String str4) throws Exception {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Document newDocument = newInstance.newDocumentBuilder().newDocument();
        newDocument.appendChild(buildAuthRequest(newDocument, str2, str3, str4, str, this.providerName));
        String marshallDocument = marshallDocument(newDocument);
        if (logger.isDebugEnabled()) {
            logger.debug("AuthnRequest: " + marshallDocument);
        }
        String buildRedirectUrl = buildRedirectUrl(urlEncode(base64Encode(deflate(marshallDocument))), this.sigAlg);
        return buildRedirectUrl + "&Signature=" + signRequest(buildRedirectUrl);
    }

    protected Node buildAuthRequest(Document document, String str, String str2, String str3, String str4, String str5) {
        Element createElementNS = document.createElementNS(SAML_NAMESPACE, "Issuer");
        createElementNS.setPrefix("saml");
        createElementNS.appendChild(document.createTextNode(str4));
        Element createElementNS2 = document.createElementNS(SAML_PROTOCOL_NAMESPACE, "NameIDPolicy");
        createElementNS2.setPrefix("samlp");
        createElementNS2.setAttribute("AllowCreate", "true");
        createElementNS2.setAttribute("Format", TRANSIENT_NAME_ID_POLICY);
        Element createElementNS3 = document.createElementNS(SAML_PROTOCOL_NAMESPACE, "AuthnRequest");
        createElementNS3.setPrefix("samlp");
        createElementNS3.setAttribute("ID", str3);
        createElementNS3.setAttribute("IssueInstant", generateIssueDate());
        createElementNS3.setAttribute("AssertionConsumerServiceURL", str);
        createElementNS3.setAttribute("Destination", str2);
        createElementNS3.setAttribute("IsPassive", "false");
        createElementNS3.setAttribute("ProtocolBinding", REPLY_BINDING);
        createElementNS3.setAttribute("ProviderName", str5);
        createElementNS3.setAttribute("Version", "2.0");
        createElementNS3.appendChild(createElementNS);
        createElementNS3.appendChild(createElementNS2);
        return createElementNS3;
    }

    protected String generateIssueDate() {
        TimeZone timeZone = TimeZone.getTimeZone("UTC");
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm'Z'");
        simpleDateFormat.setTimeZone(timeZone);
        return simpleDateFormat.format(new Date());
    }

    protected String marshallDocument(Document document) throws TransformerException {
        Transformer newTransformer = this.transformerFactory.newTransformer();
        newTransformer.setOutputProperty("omit-xml-declaration", "yes");
        newTransformer.setOutputProperty("indent", "yes");
        StringWriter stringWriter = new StringWriter();
        newTransformer.transform(new DOMSource(document), new StreamResult(stringWriter));
        return stringWriter.toString();
    }

    protected byte[] deflate(String str) throws UnsupportedEncodingException {
        byte[] bArr = new byte[1024];
        Deflater deflater = new Deflater(-1, true);
        deflater.setInput(str.getBytes("UTF-8"));
        deflater.finish();
        int deflate = deflater.deflate(bArr);
        byte[] bArr2 = new byte[deflate];
        for (int i = 0; i < deflate; i++) {
            bArr2[i] = bArr[i];
        }
        deflater.reset();
        return bArr2;
    }

    protected String base64Encode(byte[] bArr) {
        return Base64.encodeBase64String(bArr).replaceAll("\\s", "");
    }

    protected String urlEncode(String str) throws Exception {
        return URLEncoder.encode(str, "UTF-8");
    }

    protected String buildRedirectUrl(String str, String str2) throws Exception {
        return "SAMLRequest=" + str + "&SigAlg=" + urlEncode(str2);
    }

    protected String signRequest(String str) throws Exception {
        Signature signature;
        if (RSA_SIGNATURE_ALGORITHM.equals(this.sigAlg)) {
            signature = Signature.getInstance("SHA1withRSA");
        } else {
            if (!DSA_SIGNATURE_ALGORITHM.equals(this.sigAlg)) {
                throw new Exception("Unsupported key algorithm: " + this.sigAlg);
            }
            signature = Signature.getInstance("SHA1withDSA");
        }
        signature.initSign(this.privateKey.getPrivateKey());
        signature.update(str.getBytes("UTF-8"));
        return urlEncode(base64Encode(signature.sign()));
    }

    protected String generateSignature(Node node) throws Exception {
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        newTransformer.setOutputProperty("omit-xml-declaration", "yes");
        newTransformer.setOutputProperty("indent", "yes");
        StringWriter stringWriter = new StringWriter();
        newTransformer.transform(new DOMSource(node), new StreamResult(stringWriter));
        return urlEncode(base64Encode(stringWriter.toString().getBytes("UTF-8")));
    }
}
