package org.apache.cxf.fediz.core.metadata;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamWriter;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.cxf.fediz.core.FederationConstants;
import org.apache.cxf.fediz.core.config.Claim;
import org.apache.cxf.fediz.core.config.FederationContext;
import org.apache.cxf.fediz.core.config.FederationProtocol;
import org.apache.cxf.fediz.core.config.KeyManager;
import org.apache.cxf.fediz.core.config.Protocol;
import org.apache.cxf.fediz.core.exception.ProcessingException;
import org.apache.cxf.fediz.core.util.DOMUtils;
import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.util.UUIDGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:org/apache/cxf/fediz/core/metadata/MetadataWriter.class */
public class MetadataWriter {
    private static final Logger LOG = LoggerFactory.getLogger(MetadataWriter.class);

    public Document getMetaData(FederationContext federationContext) throws ProcessingException {
        List<Claim> claimTypesRequested;
        String realm;
        try {
            XMLOutputFactory newInstance = XMLOutputFactory.newInstance();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(4096);
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(byteArrayOutputStream);
            XMLStreamWriter createXMLStreamWriter = newInstance.createXMLStreamWriter(outputStreamWriter);
            Protocol protocol = federationContext.getProtocol();
            createXMLStreamWriter.writeStartDocument();
            String str = "_" + UUIDGenerator.getUUID();
            createXMLStreamWriter.writeStartElement("", "EntityDescriptor", FederationConstants.SAML2_METADATA_NS);
            createXMLStreamWriter.writeAttribute("ID", str);
            String str2 = "_someID";
            String str3 = null;
            if (protocol instanceof FederationProtocol) {
                str3 = ((FederationProtocol) protocol).getApplicationServiceURL();
                List<String> audienceUris = federationContext.getAudienceUris();
                if (audienceUris != null && audienceUris.size() > 0 && !"".equals(audienceUris.get(0))) {
                    str2 = audienceUris.get(0);
                }
            }
            if (str3 == null) {
                str3 = str2;
            }
            createXMLStreamWriter.writeAttribute("entityID", str3);
            createXMLStreamWriter.writeNamespace("fed", FederationConstants.WS_FEDERATION_NS);
            createXMLStreamWriter.writeNamespace("wsa", FederationConstants.WS_ADDRESSING_NS);
            createXMLStreamWriter.writeNamespace("auth", FederationConstants.WS_FEDERATION_NS);
            createXMLStreamWriter.writeNamespace("xsi", FederationConstants.SCHEMA_INSTANCE_NS);
            createXMLStreamWriter.writeStartElement("fed", "RoleDescriptor", FederationConstants.WS_FEDERATION_NS);
            createXMLStreamWriter.writeAttribute(FederationConstants.SCHEMA_INSTANCE_NS, "type", "fed:ApplicationServiceType");
            createXMLStreamWriter.writeAttribute("protocolSupportEnumeration", FederationConstants.WS_FEDERATION_NS);
            createXMLStreamWriter.writeStartElement("fed", "ApplicationServiceEndpoint", FederationConstants.WS_FEDERATION_NS);
            createXMLStreamWriter.writeStartElement("wsa", "EndpointReference", FederationConstants.WS_ADDRESSING_NS);
            createXMLStreamWriter.writeStartElement("wsa", "Address", FederationConstants.WS_ADDRESSING_NS);
            createXMLStreamWriter.writeCharacters(str3);
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeStartElement("fed", "TargetScope", FederationConstants.WS_FEDERATION_NS);
            createXMLStreamWriter.writeStartElement("wsa", "EndpointReference", FederationConstants.WS_ADDRESSING_NS);
            createXMLStreamWriter.writeStartElement("wsa", "Address", FederationConstants.WS_ADDRESSING_NS);
            if ((protocol instanceof FederationProtocol) && (realm = ((FederationProtocol) protocol).getRealm()) != null && !"".equals(realm)) {
                createXMLStreamWriter.writeCharacters(realm);
            }
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            if ((protocol instanceof FederationProtocol) && (claimTypesRequested = ((FederationProtocol) protocol).getClaimTypesRequested()) != null && claimTypesRequested.size() > 0) {
                createXMLStreamWriter.writeStartElement("fed", "ClaimTypesRequested", FederationConstants.WS_FEDERATION_NS);
                for (Claim claim : claimTypesRequested) {
                    createXMLStreamWriter.writeStartElement("auth", "ClaimType", FederationConstants.WS_FEDERATION_NS);
                    createXMLStreamWriter.writeAttribute("Uri", claim.getType());
                    if (claim.isOptional()) {
                        createXMLStreamWriter.writeAttribute("Optional", "true");
                    } else {
                        createXMLStreamWriter.writeAttribute("Optional", "false");
                    }
                    createXMLStreamWriter.writeEndElement();
                }
                createXMLStreamWriter.writeEndElement();
            }
            createXMLStreamWriter.writeStartElement("fed", "PassiveRequestorEndpoint", FederationConstants.WS_FEDERATION_NS);
            createXMLStreamWriter.writeStartElement("wsa", "EndpointReference", FederationConstants.WS_ADDRESSING_NS);
            createXMLStreamWriter.writeStartElement("wsa", "Address", FederationConstants.WS_ADDRESSING_NS);
            if (protocol instanceof FederationProtocol) {
                Object issuer = ((FederationProtocol) protocol).getIssuer();
                if ((issuer instanceof String) && !"".equals(issuer)) {
                    createXMLStreamWriter.writeCharacters((String) issuer);
                }
            }
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndElement();
            createXMLStreamWriter.writeEndDocument();
            outputStreamWriter.flush();
            byteArrayOutputStream.flush();
            if (LOG.isDebugEnabled()) {
                String str4 = new String(byteArrayOutputStream.toByteArray());
                LOG.debug("***************** unsigned ****************");
                LOG.debug(str4);
                LOG.debug("***************** unsigned ****************");
            }
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
            try {
                r16 = federationContext.getSigningKey().getCrypto() != null;
            } catch (Exception e) {
                LOG.info("No signingKey element found in config: " + e.getMessage());
            }
            if (r16) {
                ByteArrayOutputStream signMetaInfo = signMetaInfo(federationContext, byteArrayInputStream, str);
                if (signMetaInfo == null) {
                    throw new ProcessingException("Failed to sign the metadata document: result=null");
                }
                byteArrayInputStream = new ByteArrayInputStream(signMetaInfo.toByteArray());
            }
            return DOMUtils.readXml(byteArrayInputStream);
        } catch (ProcessingException e2) {
            throw e2;
        } catch (Exception e3) {
            LOG.error("Error creating service metadata information ", e3);
            throw new ProcessingException("Error creating service metadata information: " + e3.getMessage());
        }
    }

    private ByteArrayOutputStream signMetaInfo(FederationContext federationContext, InputStream inputStream, String str) throws Exception {
        KeyManager signingKey = federationContext.getSigningKey();
        String keyAlias = signingKey.getKeyAlias();
        String keyPassword = signingKey.getKeyPassword();
        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
        SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newReference("#" + str, xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null)), (String) null, (String) null)));
        if (keyAlias == null || "".equals(keyAlias)) {
            keyAlias = signingKey.getCrypto().getDefaultX509Identifier();
        }
        PrivateKey privateKey = signingKey.getCrypto().getPrivateKey(keyAlias, keyPassword);
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias(keyAlias);
        X509Certificate[] x509Certificates = signingKey.getCrypto().getX509Certificates(cryptoType);
        if (x509Certificates == null || x509Certificates.length == 0) {
            throw new ProcessingException("No issuer certs were found to sign the metadata using issuer name: " + keyAlias);
        }
        X509Certificate x509Certificate = x509Certificates[0];
        KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate.getSubjectX500Principal().getName());
        arrayList.add(x509Certificate);
        KeyInfo newKeyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(arrayList)));
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Document parse = newInstance.newDocumentBuilder().parse(inputStream);
        DOMSignContext dOMSignContext = new DOMSignContext(privateKey, parse.getDocumentElement());
        dOMSignContext.setIdAttributeNS(parse.getDocumentElement(), (String) null, "ID");
        dOMSignContext.setNextSibling(parse.getDocumentElement().getFirstChild());
        xMLSignatureFactory.newXMLSignature(newSignedInfo, newKeyInfo).sign(dOMSignContext);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(8192);
        TransformerFactory.newInstance().newTransformer().transform(new DOMSource(parse), new StreamResult(byteArrayOutputStream));
        byteArrayOutputStream.flush();
        return byteArrayOutputStream;
    }
}
