package org.pac4j.saml.metadata;

import java.util.Collection;
import java.util.LinkedList;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.apache.commons.lang.RandomStringUtils;
import org.joda.time.DateTime;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.io.MarshallerFactory;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.ext.saml2alg.DigestMethod;
import org.opensaml.saml.ext.saml2mdreqinit.RequestInitiator;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.metadata.resolver.impl.DOMMetadataResolver;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.Extensions;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.NameIDFormat;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.security.credential.UsageType;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.pac4j.saml.crypto.CredentialProvider;
import org.pac4j.saml.util.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pac4j-saml-2.0.0-RC2.jar:org/pac4j/saml/metadata/SAML2MetadataGenerator.class */
public class SAML2MetadataGenerator implements SAMLMetadataGenerator {
    protected static final Logger logger = LoggerFactory.getLogger((Class<?>) SAML2MetadataGenerator.class);
    protected CredentialProvider credentialProvider;
    protected String entityId;
    protected String assertionConsumerServiceUrl;
    protected String singleLogoutServiceUrl;
    protected final XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
    protected final MarshallerFactory marshallerFactory = Configuration.getMarshallerFactory();
    protected boolean authnRequestSigned = false;
    protected boolean wantAssertionSigned = true;
    protected int defaultACSIndex = 0;
    protected String requestInitiatorLocation = null;

    @Override // org.pac4j.saml.metadata.SAMLMetadataGenerator
    public final MetadataResolver buildMetadataResolver() throws Exception {
        EntityDescriptor buildEntityDescriptor = buildEntityDescriptor();
        DOMMetadataResolver dOMMetadataResolver = new DOMMetadataResolver(this.marshallerFactory.getMarshaller(buildEntityDescriptor).marshall(buildEntityDescriptor));
        dOMMetadataResolver.setRequireValidMetadata(true);
        dOMMetadataResolver.setFailFastInitialization(true);
        dOMMetadataResolver.setId(dOMMetadataResolver.getClass().getCanonicalName());
        dOMMetadataResolver.initialize();
        return dOMMetadataResolver;
    }

    @Override // org.pac4j.saml.metadata.SAMLMetadataGenerator
    public final String getMetadata() throws Exception {
        EntityDescriptor buildEntityDescriptor = buildEntityDescriptor();
        return SerializeSupport.nodeToString(this.marshallerFactory.getMarshaller(buildEntityDescriptor).marshall(buildEntityDescriptor));
    }

    @Override // org.pac4j.saml.metadata.SAMLMetadataGenerator
    public final EntityDescriptor buildEntityDescriptor() {
        EntityDescriptor buildObject = this.builderFactory.getBuilder(EntityDescriptor.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setEntityID(this.entityId);
        buildObject.setValidUntil(DateTime.now().plusYears(20));
        buildObject.setID(generateEntityDescriptorId());
        buildObject.setExtensions(generateMetadataExtensions());
        buildObject.getRoleDescriptors().add(buildSPSSODescriptor());
        return buildObject;
    }

    protected final Extensions generateMetadataExtensions() {
        Extensions buildObject = this.builderFactory.getBuilder(Extensions.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.getNamespaceManager().registerAttributeName(DigestMethod.TYPE_NAME);
        SAMLObjectBuilder builder = this.builderFactory.getBuilder(DigestMethod.DEFAULT_ELEMENT_NAME);
        DigestMethod buildObject2 = builder.buildObject();
        buildObject2.setAlgorithm("http://www.w3.org/2001/04/xmlenc#sha512");
        buildObject.getUnknownXMLObjects().add(buildObject2);
        DigestMethod buildObject3 = builder.buildObject();
        buildObject3.setAlgorithm("http://www.w3.org/2001/04/xmldsig-more#sha384");
        buildObject.getUnknownXMLObjects().add(buildObject3);
        DigestMethod buildObject4 = builder.buildObject();
        buildObject4.setAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");
        buildObject.getUnknownXMLObjects().add(buildObject4);
        DigestMethod buildObject5 = builder.buildObject();
        buildObject5.setAlgorithm("http://www.w3.org/2001/04/xmldsig-more#sha224");
        buildObject.getUnknownXMLObjects().add(buildObject5);
        DigestMethod buildObject6 = builder.buildObject();
        buildObject6.setAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1");
        buildObject.getUnknownXMLObjects().add(buildObject6);
        DigestMethod buildObject7 = builder.buildObject();
        buildObject7.setAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512");
        buildObject.getUnknownXMLObjects().add(buildObject7);
        DigestMethod buildObject8 = builder.buildObject();
        buildObject8.setAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384");
        buildObject.getUnknownXMLObjects().add(buildObject8);
        DigestMethod buildObject9 = builder.buildObject();
        buildObject9.setAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        buildObject.getUnknownXMLObjects().add(buildObject9);
        DigestMethod buildObject10 = builder.buildObject();
        buildObject10.setAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
        buildObject.getUnknownXMLObjects().add(buildObject10);
        DigestMethod buildObject11 = builder.buildObject();
        buildObject11.setAlgorithm("http://www.w3.org/2000/09/xmldsig#dsa-sha1");
        buildObject.getUnknownXMLObjects().add(buildObject11);
        return buildObject;
    }

    protected final String generateEntityDescriptorId() {
        try {
            return "_".concat(RandomStringUtils.randomAlphanumeric(39)).toLowerCase();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected final SPSSODescriptor buildSPSSODescriptor() {
        SPSSODescriptor buildObject = this.builderFactory.getBuilder(SPSSODescriptor.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setAuthnRequestsSigned(Boolean.valueOf(this.authnRequestSigned));
        buildObject.setWantAssertionsSigned(Boolean.valueOf(this.wantAssertionSigned));
        buildObject.addSupportedProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
        buildObject.addSupportedProtocol("urn:oasis:names:tc:SAML:1.0:protocol");
        buildObject.addSupportedProtocol("urn:oasis:names:tc:SAML:1.1:protocol");
        Extensions buildObject2 = this.builderFactory.getBuilder(Extensions.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject2.getNamespaceManager().registerAttributeName(RequestInitiator.DEFAULT_ELEMENT_NAME);
        RequestInitiator buildObject3 = this.builderFactory.getBuilder(RequestInitiator.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject3.setLocation(this.requestInitiatorLocation);
        buildObject3.setBinding(RequestInitiator.DEFAULT_ELEMENT_NAME.getNamespaceURI());
        buildObject2.getUnknownXMLObjects().add(buildObject3);
        buildObject.setExtensions(buildObject2);
        buildObject.getNameIDFormats().addAll(buildNameIDFormat());
        buildObject.getAssertionConsumerServices().add(getAssertionConsumerService("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", 0, this.defaultACSIndex == 0 + 1));
        if (this.credentialProvider != null) {
            buildObject.getKeyDescriptors().add(getKeyDescriptor(UsageType.SIGNING, this.credentialProvider.getKeyInfo()));
            buildObject.getKeyDescriptors().add(getKeyDescriptor(UsageType.ENCRYPTION, this.credentialProvider.getKeyInfo()));
        }
        return buildObject;
    }

    protected final Collection<NameIDFormat> buildNameIDFormat() {
        SAMLObjectBuilder builder = this.builderFactory.getBuilder(NameIDFormat.DEFAULT_ELEMENT_NAME);
        LinkedList linkedList = new LinkedList();
        NameIDFormat buildObject = builder.buildObject();
        buildObject.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
        linkedList.add(buildObject);
        NameIDFormat buildObject2 = builder.buildObject();
        buildObject2.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        linkedList.add(buildObject2);
        NameIDFormat buildObject3 = builder.buildObject();
        buildObject3.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        linkedList.add(buildObject3);
        NameIDFormat buildObject4 = builder.buildObject();
        buildObject4.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        linkedList.add(buildObject4);
        return linkedList;
    }

    protected final AssertionConsumerService getAssertionConsumerService(String str, int i, boolean z) {
        AssertionConsumerService buildObject = this.builderFactory.getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setLocation(this.assertionConsumerServiceUrl);
        buildObject.setBinding(str);
        if (z) {
            buildObject.setIsDefault(true);
        }
        buildObject.setIndex(Integer.valueOf(i));
        return buildObject;
    }

    protected SingleLogoutService getSingleLogoutService(String str) {
        SingleLogoutService buildObject = this.builderFactory.getBuilder(SingleLogoutService.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setLocation(this.singleLogoutServiceUrl);
        buildObject.setBinding(str);
        return buildObject;
    }

    protected final KeyDescriptor getKeyDescriptor(UsageType usageType, KeyInfo keyInfo) {
        KeyDescriptor buildObject = Configuration.getBuilderFactory().getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setUse(usageType);
        buildObject.setKeyInfo(keyInfo);
        return buildObject;
    }

    public CredentialProvider getCredentialProvider() {
        return this.credentialProvider;
    }

    public final void setCredentialProvider(CredentialProvider credentialProvider) {
        this.credentialProvider = credentialProvider;
    }

    public String getEntityId() {
        return this.entityId;
    }

    public final void setEntityId(String str) {
        this.entityId = str;
    }

    public boolean isAuthnRequestSigned() {
        return this.authnRequestSigned;
    }

    public final void setAuthnRequestSigned(boolean z) {
        this.authnRequestSigned = z;
    }

    public boolean isWantAssertionSigned() {
        return this.wantAssertionSigned;
    }

    public void setWantAssertionSigned(boolean z) {
        this.wantAssertionSigned = z;
    }

    public int getDefaultACSIndex() {
        return this.defaultACSIndex;
    }

    public void setDefaultACSIndex(int i) {
        this.defaultACSIndex = i;
    }

    public final void setAssertionConsumerServiceUrl(String str) {
        this.assertionConsumerServiceUrl = str;
    }

    public final void setSingleLogoutServiceUrl(String str) {
        this.singleLogoutServiceUrl = str;
    }

    public final void setRequestInitiatorLocation(String str) {
        this.requestInitiatorLocation = str;
    }
}
