package org.wso2.carbon.identity.sso.saml.builders;

import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.utils.Base64;
import org.joda.time.DateTime;
import org.opensaml.saml.saml2.core.Assertion;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.sso.saml.SAMLSSOConstants;
import org.wso2.carbon.identity.sso.saml.builders.assertion.ExtendedDefaultAssertionBuilder;
import org.wso2.carbon.identity.sso.saml.dao.impl.SAML2ArtifactInfoDAOImpl;
import org.wso2.carbon.identity.sso.saml.dto.SAML2ArtifactInfo;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOAuthnReqDTO;
import org.wso2.carbon.identity.sso.saml.exception.ArtifactBindingException;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/builders/SAMLArtifactBuilder.class */
public class SAMLArtifactBuilder {
    private static final Log log = LogFactory.getLog(SAMLArtifactBuilder.class);

    public String buildSAML2Artifact(SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO, String str) throws IdentityException, ArtifactBindingException {
        if (log.isDebugEnabled()) {
            log.debug("Building SAML2 Artifact for SP: " + sAMLSSOAuthnReqDTO.getIssuer() + ", subject: " + sAMLSSOAuthnReqDTO.getSubject() + ", tenant: " + sAMLSSOAuthnReqDTO.getTenantDomain());
        }
        DateTime dateTime = new DateTime();
        DateTime dateTime2 = new DateTime(dateTime.getMillis() + (SAMLSSOUtil.getSAML2ArtifactValidityPeriod() * 60 * 1000));
        byte[] bArr = {0, 0};
        try {
            byte[] digest = MessageDigest.getInstance("SHA-1").digest(SAMLSSOUtil.getIssuer().getValue().getBytes());
            String format = String.format("%040x", new BigInteger(1, digest));
            byte[] bArr2 = new byte[20];
            new SecureRandom().nextBytes(bArr2);
            String format2 = String.format("%040x", new BigInteger(1, bArr2));
            byte[] bArr3 = new byte[44];
            System.arraycopy(SAMLSSOConstants.SAML2_ARTIFACT_TYPE_CODE, 0, bArr3, 0, 2);
            System.arraycopy(bArr, 0, bArr3, 2, 2);
            System.arraycopy(digest, 0, bArr3, 4, 20);
            System.arraycopy(bArr2, 0, bArr3, 24, 20);
            String str2 = null;
            if (sAMLSSOAuthnReqDTO.isAssertionQueryRequestProfileEnabled()) {
                str2 = persistAssertion(sAMLSSOAuthnReqDTO, dateTime, str).getID();
            }
            persistSAML2ArtifactInfo(format, format2, sAMLSSOAuthnReqDTO, str, dateTime, dateTime2, str2);
            return Base64.encode(bArr3);
        } catch (NoSuchAlgorithmException e) {
            throw new ArtifactBindingException("Couldn't get Message digest instance with algorithm SHA-1.", e);
        }
    }

    private void persistSAML2ArtifactInfo(String str, String str2, SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO, String str3, DateTime dateTime, DateTime dateTime2, String str4) throws ArtifactBindingException {
        if (log.isDebugEnabled()) {
            log.debug("Persisting SAML2 Artifact for SP: " + sAMLSSOAuthnReqDTO.getIssuer() + ", subject: " + sAMLSSOAuthnReqDTO.getSubject() + ", tenant: " + sAMLSSOAuthnReqDTO.getTenantDomain());
        }
        SAML2ArtifactInfo sAML2ArtifactInfo = new SAML2ArtifactInfo();
        sAML2ArtifactInfo.setSourceId(str);
        sAML2ArtifactInfo.setMessageHandler(str2);
        sAML2ArtifactInfo.setAuthnReqDTO(sAMLSSOAuthnReqDTO);
        sAML2ArtifactInfo.setSessionID(str3);
        sAML2ArtifactInfo.setInitTimestamp(dateTime);
        sAML2ArtifactInfo.setExpTimestamp(dateTime2);
        sAML2ArtifactInfo.setAssertionID(str4);
        new SAML2ArtifactInfoDAOImpl().storeArtifactInfo(sAML2ArtifactInfo);
    }

    private Assertion persistAssertion(SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO, DateTime dateTime, String str) throws IdentityException {
        return new ExtendedDefaultAssertionBuilder().buildAssertion(sAMLSSOAuthnReqDTO, new DateTime(dateTime.getMillis() + (SAMLSSOUtil.getSAMLResponseValidityPeriod() * 60 * 1000)), str);
    }
}
