package org.wso2.carbon.identity.provider.saml;

import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasData;
import org.apache.xml.security.utils.Base64;
import org.joda.time.DateTime;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.AttributeValue;
import org.opensaml.saml2.core.Audience;
import org.opensaml.saml2.core.AudienceRestriction;
import org.opensaml.saml2.core.Conditions;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilder;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.schema.XSBase64Binary;
import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.signature.X509Certificate;
import org.opensaml.xml.signature.X509Data;
import org.w3c.dom.Element;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.identity.provider.GenericIdentityProviderData;
import org.wso2.carbon.identity.provider.IdentityProviderException;
import org.wso2.carbon.identity.provider.RequestedClaimData;

/* loaded from: input_file:org/wso2/carbon/identity/provider/saml/SAML2TokenBuilder.class */
public class SAML2TokenBuilder implements SAMLTokenBuilder {
    public static final String CONF_KEY = "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
    private static final Log log = LogFactory.getLog(SAML2TokenBuilder.class);
    protected Assertion assertion = null;
    protected AttributeStatement attributeStmt = null;
    protected List<Signature> signatureList = new ArrayList();
    protected Element signedAssertion = null;
    protected String appilesTo = null;

    protected static XMLObject buildXMLObject(QName qName) throws IdentityProviderException {
        XMLObjectBuilder builder = Configuration.getBuilderFactory().getBuilder(qName);
        if (builder == null) {
            throw new IdentityProviderException("Unable to retrieve builder for object QName " + qName);
        }
        return builder.buildObject(qName.getNamespaceURI(), qName.getLocalPart(), qName.getPrefix());
    }

    @Override // org.wso2.carbon.identity.provider.saml.SAMLTokenBuilder
    public void createStatement(GenericIdentityProviderData genericIdentityProviderData, RahasData rahasData) throws IdentityProviderException {
        if (log.isDebugEnabled()) {
            log.debug("Begin SAML statement creation.");
        }
        this.attributeStmt = buildXMLObject(AttributeStatement.DEFAULT_ELEMENT_NAME);
        Map<String, RequestedClaimData> requestedClaims = genericIdentityProviderData.getRequestedClaims();
        if (rahasData.getAppliesToAddress() != null) {
            this.appilesTo = rahasData.getAppliesToAddress();
        }
        for (RequestedClaimData requestedClaimData : requestedClaims.values()) {
            String uri = requestedClaimData.getUri();
            int lastIndexOf = uri.lastIndexOf("/");
            String substring = uri.substring(lastIndexOf + 1, uri.length());
            String substring2 = uri.substring(0, lastIndexOf);
            Attribute buildXMLObject = buildXMLObject(Attribute.DEFAULT_ELEMENT_NAME);
            buildXMLObject.setName(substring);
            buildXMLObject.setNameFormat(substring2);
            XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
            if (requestedClaimData.getUri().equals("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier")) {
                XSBase64Binary buildObject = builderFactory.getBuilder(XSBase64Binary.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSBase64Binary.TYPE_NAME);
                buildObject.setValue(requestedClaimData.getValue());
                buildXMLObject.getAttributeValues().add(buildObject);
            } else {
                XSString buildObject2 = builderFactory.getBuilder(XSString.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
                buildObject2.setValue(requestedClaimData.getValue());
                buildXMLObject.getAttributeValues().add(buildObject2);
            }
            this.attributeStmt.getAttributes().add(buildXMLObject);
        }
    }

    @Override // org.wso2.carbon.identity.provider.saml.SAMLTokenBuilder
    public void createSAMLAssertion(DateTime dateTime, DateTime dateTime2, String str) throws IdentityProviderException {
        this.assertion = buildXMLObject(Assertion.DEFAULT_ELEMENT_NAME);
        Conditions buildXMLObject = buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setNotBefore(dateTime2);
        buildXMLObject.setNotOnOrAfter(dateTime);
        String str2 = "http://" + ServerConfiguration.getInstance().getFirstProperty("HostName");
        Issuer buildXMLObject2 = buildXMLObject(Issuer.DEFAULT_ELEMENT_NAME);
        buildXMLObject2.setValue(str2);
        this.assertion.setIssuer(buildXMLObject2);
        this.assertion.setIssueInstant(new DateTime());
        if (this.appilesTo != null) {
            Audience buildXMLObject3 = buildXMLObject(Audience.DEFAULT_ELEMENT_NAME);
            buildXMLObject3.setAudienceURI(this.appilesTo);
            AudienceRestriction buildXMLObject4 = buildXMLObject(AudienceRestriction.DEFAULT_ELEMENT_NAME);
            buildXMLObject4.getAudiences().add(buildXMLObject3);
            buildXMLObject.getAudienceRestrictions().add(buildXMLObject4);
        }
        this.assertion.setConditions(buildXMLObject);
        this.assertion.getAttributeStatements().add(this.attributeStmt);
        this.assertion.setID(str);
        Subject buildXMLObject5 = buildXMLObject(Subject.DEFAULT_ELEMENT_NAME);
        SubjectConfirmation buildXMLObject6 = buildXMLObject(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
        SubjectConfirmationData buildXMLObject7 = buildXMLObject(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
        buildXMLObject7.setAddress(CONF_KEY);
        buildXMLObject6.setSubjectConfirmationData(buildXMLObject7);
        buildXMLObject5.getSubjectConfirmations().add(buildXMLObject6);
        this.assertion.setSubject(buildXMLObject5);
    }

    @Override // org.wso2.carbon.identity.provider.saml.SAMLTokenBuilder
    public void setSignature(String str, X509Credential x509Credential) throws IdentityProviderException {
        Signature buildXMLObject = buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setSigningCredential(x509Credential);
        buildXMLObject.setSignatureAlgorithm(str);
        buildXMLObject.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        try {
            KeyInfo buildXMLObject2 = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
            X509Data buildXMLObject3 = buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
            X509Certificate buildXMLObject4 = buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
            buildXMLObject4.setValue(Base64.encode(x509Credential.getEntityCertificate().getEncoded()));
            buildXMLObject3.getX509Certificates().add(buildXMLObject4);
            buildXMLObject2.getX509Datas().add(buildXMLObject3);
            buildXMLObject.setKeyInfo(buildXMLObject2);
            this.assertion.setSignature(buildXMLObject);
            this.signatureList.add(buildXMLObject);
        } catch (CertificateEncodingException e) {
            log.error("Failed to get encoded certificate", e);
            throw new IdentityProviderException("Error while getting encoded certificate");
        }
    }

    @Override // org.wso2.carbon.identity.provider.saml.SAMLTokenBuilder
    public void marshellAndSign() throws IdentityProviderException {
        try {
            this.signedAssertion = Configuration.getMarshallerFactory().getMarshaller(this.assertion).marshall(this.assertion);
            Signer.signObjects(this.signatureList);
        } catch (Exception e) {
            log.debug(e);
            throw new IdentityProviderException("errorMarshellingOrSigning", e);
        } catch (MarshallingException e2) {
            log.debug(e2);
            throw new IdentityProviderException("errorMarshellingOrSigning", e2);
        }
    }

    @Override // org.wso2.carbon.identity.provider.saml.SAMLTokenBuilder
    public Element getSAMLasDOM() throws IdentityProviderException {
        return this.signedAssertion;
    }
}
