package eu.peppol.security.callbacks;

import com.sun.xml.wss.impl.callback.SAMLCallback;
import com.sun.xml.wss.impl.dsig.WSSPolicyConsumerImpl;
import com.sun.xml.wss.saml.Advice;
import com.sun.xml.wss.saml.Assertion;
import com.sun.xml.wss.saml.Attribute;
import com.sun.xml.wss.saml.AttributeStatement;
import com.sun.xml.wss.saml.AuthnStatement;
import com.sun.xml.wss.saml.NameID;
import com.sun.xml.wss.saml.SAMLAssertionFactory;
import com.sun.xml.wss.saml.SAMLException;
import com.sun.xml.wss.saml.Subject;
import com.sun.xml.wss.saml.SubjectLocality;
import eu.peppol.security.KeystoreManager;
import eu.peppol.util.GlobalConfiguration;
import eu.peppol.util.OxalisConstant;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPPart;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.DOMException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:eu/peppol/security/callbacks/SAMLCallbackHandler.class */
public class SAMLCallbackHandler implements CallbackHandler {
    public static final Logger log = LoggerFactory.getLogger(SAMLCallbackHandler.class);
    private final String SENDER_NAME_ID_SYNTAX = "http://busdox.org/profiles/serviceMetadata/1.0/UniversalBusinessIdentifier/1.0/";
    private final String ACCESSPOINT_NAME_ID_SYNTAX = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
    private final String CONFIRMATION_METHOD = "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches";
    private final String AUTHENTICATION_CONTEXT_TYPE = "urn:oasis:names:tc:SAML:2.0:ac:classes:X509";
    private final String ATTRIBUTE_NAME = "urn:eu:busdox:attribute:assurance-level";
    private final String ATTRIBUTE_NAMESPACE = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic";

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        log.debug("Requested SAML callback handling");
        for (Callback callback : callbackArr) {
            if (!(callback instanceof SAMLCallback)) {
                throw new UnsupportedCallbackException(callback);
            }
            SAMLCallback sAMLCallback = (SAMLCallback) callback;
            try {
                if (sAMLCallback.getConfirmationMethod().equals("SV-Assertion")) {
                    sAMLCallback.setAssertionElement(createSenderVouchesSAMLAssertion(sAMLCallback));
                }
            } catch (Exception e) {
                throw new RuntimeException("Error while handling SAML callbacks", e);
            }
        }
    }

    private Element createSenderVouchesSAMLAssertion(SAMLCallback sAMLCallback) throws Exception {
        log.debug("Creating and setting the SAML Sender Vouches Assertion");
        KeystoreManager keystoreManager = KeystoreManager.getInstance();
        GlobalConfiguration.getInstance();
        String str = "SamlID" + String.valueOf(System.currentTimeMillis());
        sAMLCallback.setAssertionId(str);
        GregorianCalendar nowOffsetByHours = getNowOffsetByHours(-1);
        GregorianCalendar nowOffsetByHours2 = getNowOffsetByHours(0);
        GregorianCalendar nowOffsetByHours3 = getNowOffsetByHours(1);
        SAMLAssertionFactory newInstance = SAMLAssertionFactory.newInstance("Saml2.0");
        NameID createNameID = newInstance.createNameID(OxalisConstant.PEPPOL_SENDER_ID, (String) null, "http://busdox.org/profiles/serviceMetadata/1.0/UniversalBusinessIdentifier/1.0/");
        NameID createNameID2 = newInstance.createNameID(OxalisConstant.PEPPOL_SERVICE_NAME, (String) null, "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        Subject createSubject = newInstance.createSubject(createNameID, newInstance.createSubjectConfirmation((NameID) null, "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"));
        AuthnStatement createAuthnStatement = newInstance.createAuthnStatement(nowOffsetByHours2, (SubjectLocality) null, newInstance.createAuthnContext("urn:oasis:names:tc:SAML:2.0:ac:classes:X509", (String) null), (String) null, (GregorianCalendar) null);
        LinkedList linkedList = new LinkedList();
        linkedList.add(createAuthnStatement);
        linkedList.add(getAssuranceLevelStatement("2", newInstance));
        return sign(newInstance.createAssertion(str, createNameID2, nowOffsetByHours2, newInstance.createConditions(nowOffsetByHours, nowOffsetByHours3, (List) null, (List) null, (List) null, (List) null), (Advice) null, createSubject, linkedList), keystoreManager.getOurCertificate(), keystoreManager.getOurPrivateKey());
    }

    private GregorianCalendar getNowOffsetByHours(int i) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.setTimeInMillis(gregorianCalendar.getTimeInMillis() + (3600000 * i));
        return gregorianCalendar;
    }

    private AttributeStatement getAssuranceLevelStatement(String str, SAMLAssertionFactory sAMLAssertionFactory) throws SAMLException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        Attribute createAttribute = sAMLAssertionFactory.createAttribute("urn:eu:busdox:attribute:assurance-level", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", arrayList);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(createAttribute);
        return sAMLAssertionFactory.createAttributeStatement(arrayList2);
    }

    public final Element sign(Assertion assertion, X509Certificate x509Certificate, PrivateKey privateKey) throws SAMLException {
        try {
            return sign(assertion, WSSPolicyConsumerImpl.getInstance().getSignatureFactory().newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), "http://www.w3.org/2000/09/xmldsig#rsa-sha1", x509Certificate, privateKey);
        } catch (Exception e) {
            throw new SAMLException(e);
        }
    }

    public final Element sign(Assertion assertion, DigestMethod digestMethod, String str, X509Certificate x509Certificate, PrivateKey privateKey) throws SAMLException {
        try {
            XMLSignatureFactory signatureFactory = WSSPolicyConsumerImpl.getInstance().getSignatureFactory();
            ArrayList arrayList = new ArrayList();
            arrayList.add(signatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null));
            arrayList.add(signatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null));
            SignedInfo newSignedInfo = signatureFactory.newSignedInfo(signatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec) null), signatureFactory.newSignatureMethod(str, (SignatureMethodParameterSpec) null), Collections.singletonList(signatureFactory.newReference("#" + assertion.getID(), digestMethod, arrayList, (String) null, (String) null)));
            SOAPPart sOAPPart = MessageFactory.newInstance().createMessage().getSOAPPart();
            KeyInfoFactory keyInfoFactory = signatureFactory.getKeyInfoFactory();
            KeyInfo newKeyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(x509Certificate))));
            Element element = assertion.toElement(sOAPPart);
            DOMSignContext dOMSignContext = new DOMSignContext(privateKey, element);
            element.setIdAttribute("ID", true);
            XMLSignature newXMLSignature = signatureFactory.newXMLSignature(newSignedInfo, newKeyInfo);
            dOMSignContext.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "ds");
            newXMLSignature.sign(dOMSignContext);
            placeSignatureAfterIssuer(element);
            return element;
        } catch (Exception e) {
            throw new SAMLException(e);
        }
    }

    private void placeSignatureAfterIssuer(Element element) throws DOMException {
        NodeList childNodes = element.getChildNodes();
        ArrayList arrayList = new ArrayList();
        for (int i = 1; i < childNodes.getLength() - 1; i++) {
            arrayList.add(childNodes.item(i));
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            element.removeChild((Node) it.next());
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            element.appendChild((Node) it2.next());
        }
    }
}
