package com.ghc.wsSecurity;

import com.ghc.identity.gui.IdentityStoreResourcePanelEvent;
import com.ghc.utils.StringUtils;
import com.ghc.wsSecurity.action.saml.Action;
import com.ghc.wsSecurity.action.saml.Advice;
import com.ghc.wsSecurity.action.saml.Assertion;
import com.ghc.wsSecurity.action.saml.Attribute;
import com.ghc.wsSecurity.action.saml.AttributeStatement;
import com.ghc.wsSecurity.action.saml.AudienceRestrictionCondition;
import com.ghc.wsSecurity.action.saml.AuthenticationStatement;
import com.ghc.wsSecurity.action.saml.AuthorityBinding;
import com.ghc.wsSecurity.action.saml.AuthorizationDecisionStatement;
import com.ghc.wsSecurity.action.saml.Condition;
import com.ghc.wsSecurity.action.saml.DoNotCacheCondition;
import com.ghc.wsSecurity.action.saml.NameIdentifier;
import com.ghc.wsSecurity.action.saml.SAMLUtils;
import com.ghc.wsSecurity.action.saml.Statement;
import com.ghc.wsSecurity.action.saml.SubjectStatement;
import java.io.FileNotFoundException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.jdom2.Document;
import org.jdom2.Element;
import org.jdom2.JDOMException;
import org.jdom2.Namespace;
import org.jdom2.input.DOMBuilder;
import org.jdom2.output.DOMOutputter;
import org.opensaml.SAMLAction;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAttribute;
import org.opensaml.SAMLAttributeStatement;
import org.opensaml.SAMLAudienceRestrictionCondition;
import org.opensaml.SAMLAuthenticationStatement;
import org.opensaml.SAMLAuthorityBinding;
import org.opensaml.SAMLAuthorizationDecisionStatement;
import org.opensaml.SAMLCondition;
import org.opensaml.SAMLDoNotCacheCondition;
import org.opensaml.SAMLException;
import org.opensaml.SAMLNameIdentifier;
import org.opensaml.SAMLSignedObject;
import org.opensaml.SAMLStatement;
import org.opensaml.SAMLSubject;

/* loaded from: input_file:com/ghc/wsSecurity/SAMLGenerator.class */
public class SAMLGenerator {
    private final Map<String, SecurityInfo> infoMap;
    private final KeystoreURLTransformer urlTranformer;
    private static volatile /* synthetic */ int[] $SWITCH_TABLE$com$ghc$wsSecurity$action$saml$AuthorizationDecisionStatement$Decision;
    private static volatile /* synthetic */ int[] $SWITCH_TABLE$com$ghc$wsSecurity$action$saml$Advice$Type;

    private SAMLGenerator(SecurityInfo[] securityInfoArr, KeystoreURLTransformer keystoreURLTransformer) {
        this.infoMap = SAMLUtils.buildSecurityInfoMap(securityInfoArr);
        this.urlTranformer = keystoreURLTransformer;
    }

    public static SAMLGenerator getInstance(SecurityInfo[] securityInfoArr, KeystoreURLTransformer keystoreURLTransformer) {
        return new SAMLGenerator(securityInfoArr, keystoreURLTransformer);
    }

    public SAMLAssertion generateAssertion(Assertion assertion) throws org.bouncycastle.crypto.CryptoException, FileNotFoundException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, SAMLException, WSSecurityException {
        SAMLAssertion sAMLAssertion = new SAMLAssertion();
        sAMLAssertion.setIssueInstant(new Date());
        sAMLAssertion.setIssuer(assertion.getIssuer());
        sAMLAssertion.setMinorVersion(assertion.getMinorVersion());
        if (assertion.getValidityPeriod() != null) {
            if (assertion.getValidityPeriod().isUseRelativeValues()) {
                if (assertion.getValidityPeriod().getNumSecondsBefore() > -1) {
                    Calendar calendar = Calendar.getInstance();
                    calendar.add(13, (-1) * assertion.getValidityPeriod().getNumSecondsBefore());
                    sAMLAssertion.setNotBefore(calendar.getTime());
                }
                if (assertion.getValidityPeriod().getNumSecondsAfter() > -1) {
                    Calendar calendar2 = Calendar.getInstance();
                    calendar2.add(13, assertion.getValidityPeriod().getNumSecondsAfter());
                    sAMLAssertion.setNotOnOrAfter(calendar2.getTime());
                }
            } else {
                sAMLAssertion.setNotBefore(assertion.getValidityPeriod().getNotBefore());
                sAMLAssertion.setNotOnOrAfter(assertion.getValidityPeriod().getNotOnOrAfter());
            }
        }
        if (assertion.getAdvice() != null) {
            Iterator<Advice> it = assertion.getAdvice().iterator();
            while (it.hasNext()) {
                sAMLAssertion.addAdvice(generateAdvice(it.next()));
            }
        }
        if (assertion.getConditions() != null) {
            Iterator<Condition> it2 = assertion.getConditions().iterator();
            while (it2.hasNext()) {
                sAMLAssertion.addCondition(generateCondition(it2.next()));
            }
        }
        if (assertion.getStatements() != null) {
            Iterator<Statement> it3 = assertion.getStatements().iterator();
            while (it3.hasNext()) {
                sAMLAssertion.addStatement(generateStatement(it3.next()));
            }
        }
        if (assertion.getKeystoreName() != null) {
            String keystoreName = assertion.getKeystoreName();
            if (!StringUtils.isBlankOrNull(keystoreName)) {
                keystoreName = this.urlTranformer.transformURL(keystoreName);
            }
            SecurityInfo securityInfo = this.infoMap.get(keystoreName);
            if (securityInfo == null) {
                throw new RuntimeException("Referenced Keystore Name: " + assertion.getKeystoreName() + " does not exist");
            }
            signSAMLObject(sAMLAssertion, securityInfo, SecurityUtils.findSignatureAlgorithm(assertion.getSignatureAlgorithm(), true), assertion.getKeystoreAlias(), assertion.getKeystoreAliasPassword(), assertion.isIncludePublicKey());
        }
        return sAMLAssertion;
    }

    public SAMLStatement generateStatement(Statement statement) throws org.bouncycastle.crypto.CryptoException, FileNotFoundException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, SAMLException, WSSecurityException {
        if (statement instanceof AttributeStatement) {
            return generateAttributeStatement((AttributeStatement) statement);
        }
        if (statement instanceof AuthenticationStatement) {
            return generateAuthenticationStatement((AuthenticationStatement) statement);
        }
        if (statement instanceof AuthorizationDecisionStatement) {
            return generateAuthorizationDecisionStatement((AuthorizationDecisionStatement) statement);
        }
        return null;
    }

    public SAMLAuthenticationStatement generateAuthenticationStatement(AuthenticationStatement authenticationStatement) throws SAMLException, WSSecurityException {
        SAMLAuthenticationStatement sAMLAuthenticationStatement = new SAMLAuthenticationStatement();
        sAMLAuthenticationStatement.setSubject(generateSubject(authenticationStatement));
        sAMLAuthenticationStatement.setAuthInstant(new Date());
        if (authenticationStatement.getAuthenticationMethod() != null) {
            sAMLAuthenticationStatement.setAuthMethod(authenticationStatement.getAuthenticationMethod().getValue());
        }
        if (authenticationStatement.getAuthorityBindings() != null) {
            Iterator<AuthorityBinding> it = authenticationStatement.getAuthorityBindings().iterator();
            while (it.hasNext()) {
                sAMLAuthenticationStatement.addBinding(generateAuthorityBinding(it.next()));
            }
        }
        sAMLAuthenticationStatement.setSubjectIP(authenticationStatement.getIpAddress());
        sAMLAuthenticationStatement.setSubjectDNS(authenticationStatement.getDnsAddress());
        return sAMLAuthenticationStatement;
    }

    public SAMLAuthorityBinding generateAuthorityBinding(AuthorityBinding authorityBinding) {
        SAMLAuthorityBinding sAMLAuthorityBinding = new SAMLAuthorityBinding();
        sAMLAuthorityBinding.setLocation(authorityBinding.getLocation());
        sAMLAuthorityBinding.setBinding(authorityBinding.getProtocol());
        sAMLAuthorityBinding.setAuthorityKind(authorityBinding.getKind());
        return sAMLAuthorityBinding;
    }

    public SAMLAuthorizationDecisionStatement generateAuthorizationDecisionStatement(AuthorizationDecisionStatement authorizationDecisionStatement) throws org.bouncycastle.crypto.CryptoException, FileNotFoundException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, SAMLException, WSSecurityException {
        SAMLAuthorizationDecisionStatement sAMLAuthorizationDecisionStatement = new SAMLAuthorizationDecisionStatement();
        sAMLAuthorizationDecisionStatement.setSubject(generateSubject(authorizationDecisionStatement));
        if (authorizationDecisionStatement.getDecision() != null) {
            sAMLAuthorizationDecisionStatement.setDecision(generateDecision(authorizationDecisionStatement.getDecision()));
        }
        sAMLAuthorizationDecisionStatement.setResource(authorizationDecisionStatement.getResourceURI());
        if (authorizationDecisionStatement.getActions() != null) {
            Iterator<Action> it = authorizationDecisionStatement.getActions().iterator();
            while (it.hasNext()) {
                sAMLAuthorizationDecisionStatement.addAction(generateAction(it.next()));
            }
        }
        if (authorizationDecisionStatement.getEvidence() != null) {
            for (Object obj : authorizationDecisionStatement.getEvidence()) {
                if (obj instanceof Assertion) {
                    sAMLAuthorizationDecisionStatement.addEvidence(generateAssertion((Assertion) obj));
                } else {
                    sAMLAuthorizationDecisionStatement.addEvidence(obj);
                }
            }
        }
        return sAMLAuthorizationDecisionStatement;
    }

    public String generateDecision(AuthorizationDecisionStatement.Decision decision) {
        switch ($SWITCH_TABLE$com$ghc$wsSecurity$action$saml$AuthorizationDecisionStatement$Decision()[decision.ordinal()]) {
            case 1:
                return "Deny";
            case IdentityStoreResourcePanelEvent.CONTENTS_CHANGED /* 2 */:
                return "Indeterminate";
            case 3:
                return "Permit";
            default:
                throw new IllegalArgumentException("Decision cannot be null.");
        }
    }

    public SAMLAction generateAction(Action action) {
        SAMLAction sAMLAction = new SAMLAction();
        sAMLAction.setData(action.getData());
        if (action.getNamespace() != null) {
            sAMLAction.setNamespace(action.getNamespace().getValue());
        }
        return sAMLAction;
    }

    public SAMLAttributeStatement generateAttributeStatement(AttributeStatement attributeStatement) throws SAMLException, WSSecurityException {
        SAMLAttributeStatement sAMLAttributeStatement = new SAMLAttributeStatement();
        sAMLAttributeStatement.setSubject(generateSubject(attributeStatement));
        if (attributeStatement.getAttributes() != null) {
            Iterator<Attribute> it = attributeStatement.getAttributes().iterator();
            while (it.hasNext()) {
                sAMLAttributeStatement.addAttribute(generateAttribute(it.next()));
            }
        }
        return sAMLAttributeStatement;
    }

    public SAMLAttribute generateAttribute(Attribute attribute) throws SAMLException {
        SAMLAttribute sAMLAttribute = new SAMLAttribute();
        sAMLAttribute.setLifetime(attribute.getLifetime());
        sAMLAttribute.setName(attribute.getName());
        sAMLAttribute.setNamespace(attribute.getNamespace());
        sAMLAttribute.setType(attribute.getType());
        sAMLAttribute.setValues(attribute.getValues());
        return sAMLAttribute;
    }

    public SAMLSubject generateSubject(SubjectStatement subjectStatement) throws SAMLException, WSSecurityException {
        SAMLSubject sAMLSubject = new SAMLSubject();
        if (subjectStatement.getConfirmationData() != null) {
            Element addContent = new Element("SubjectConfirmationData").setNamespace(Namespace.getNamespace("urn:oasis:names:tc:SAML:1.0:assertion")).addContent(new DOMBuilder().build(subjectStatement.getConfirmationData()).detach());
            Document document = new Document();
            document.setRootElement(addContent.detach());
            try {
                sAMLSubject.setConfirmationData(new DOMOutputter().output(document).getDocumentElement());
            } catch (JDOMException e) {
                throw new SAMLException("Failed to attach confirmation data: " + e.getMessage());
            }
        }
        sAMLSubject.setNameIdentifier(generateNameIdentifier(subjectStatement.getNameIdentifier()));
        if (subjectStatement.getConfirmationMethods() != null) {
            Iterator<SubjectStatement.ConfirmationMethod> it = subjectStatement.getConfirmationMethods().iterator();
            while (it.hasNext()) {
                sAMLSubject.addConfirmationMethod(it.next().getValue());
            }
        }
        if (subjectStatement.getKeystoreName() != null) {
            try {
                org.w3c.dom.Document newDocument = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
                String keystoreName = subjectStatement.getKeystoreName();
                if (!StringUtils.isBlankOrNull(keystoreName)) {
                    keystoreName = this.urlTranformer.transformURL(keystoreName);
                }
                SecurityInfo securityInfo = this.infoMap.get(keystoreName);
                KeyInfo keyInfo = new KeyInfo(newDocument);
                try {
                    X509Certificate[] certificatesFromBytes = KeyStoreUtil.getMerlin(securityInfo).getCertificatesFromBytes(subjectStatement.getKeystoreAlias().getBytes());
                    X509Data x509Data = new X509Data(newDocument);
                    x509Data.addCertificate(certificatesFromBytes[0]);
                    keyInfo.add(x509Data);
                    sAMLSubject.setKeyInfo(keyInfo.getElement());
                } catch (XMLSecurityException e2) {
                    throw new SAMLException("Failure while obtaining public key information for subject: " + subjectStatement.getNameIdentifier().getName(), e2);
                }
            } catch (Exception e3) {
                throw new SAMLException("Unable to create document to store the Key Information ", e3);
            }
        }
        return sAMLSubject;
    }

    public SAMLNameIdentifier generateNameIdentifier(NameIdentifier nameIdentifier) {
        SAMLNameIdentifier sAMLNameIdentifier = new SAMLNameIdentifier();
        if (nameIdentifier != null) {
            if (nameIdentifier.getFormat() != null) {
                sAMLNameIdentifier.setFormat(nameIdentifier.getFormat().getValue());
            }
            sAMLNameIdentifier.setName(nameIdentifier.getName());
            sAMLNameIdentifier.setNameQualifier(nameIdentifier.getQualifier());
        }
        return sAMLNameIdentifier;
    }

    public SAMLCondition generateCondition(Condition condition) throws SAMLException {
        if (condition instanceof DoNotCacheCondition) {
            return new SAMLDoNotCacheCondition();
        }
        if (condition instanceof AudienceRestrictionCondition) {
            return new SAMLAudienceRestrictionCondition(((AudienceRestrictionCondition) condition).getNames());
        }
        return null;
    }

    public Object generateAdvice(Advice advice) throws org.bouncycastle.crypto.CryptoException, FileNotFoundException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, SAMLException, WSSecurityException {
        switch ($SWITCH_TABLE$com$ghc$wsSecurity$action$saml$Advice$Type()[advice.getType().ordinal()]) {
            case 1:
                return advice.getValue();
            case IdentityStoreResourcePanelEvent.CONTENTS_CHANGED /* 2 */:
                return generateAssertion(advice.getAssertion());
            case 3:
                return advice.getElement();
            default:
                return null;
        }
    }

    private void signSAMLObject(SAMLSignedObject sAMLSignedObject, SecurityInfo securityInfo, String str, String str2, String str3, boolean z) throws WSSecurityException, FileNotFoundException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, SAMLException {
        String X_decrypt = X_decrypt(str3);
        KeyStore loadKeyStore = KeyStoreUtil.loadKeyStore(securityInfo.getKeyStoreFile(), securityInfo.getKeyStorePassword().toCharArray(), securityInfo.getKeyStoreType());
        List list = null;
        if (z) {
            list = Arrays.asList(loadKeyStore.getCertificateChain(str2));
        }
        sAMLSignedObject.sign(str, loadKeyStore.getKey(str2, X_decrypt.toCharArray()), list);
    }

    private String X_decrypt(String str) {
        if (str != null && CryptUtils.isEncrypted(str)) {
            try {
                return CryptUtils.decrypt(str);
            } catch (Throwable th) {
                Logger.getLogger(Assertion.class.getName()).log(Level.FINE, "Failed to decrypt keystore alias password.", th);
            }
        }
        return str;
    }

    static /* synthetic */ int[] $SWITCH_TABLE$com$ghc$wsSecurity$action$saml$AuthorizationDecisionStatement$Decision() {
        int[] iArr = $SWITCH_TABLE$com$ghc$wsSecurity$action$saml$AuthorizationDecisionStatement$Decision;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[AuthorizationDecisionStatement.Decision.valuesCustom().length];
        try {
            iArr2[AuthorizationDecisionStatement.Decision.DENY.ordinal()] = 1;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[AuthorizationDecisionStatement.Decision.INDETERMINATE.ordinal()] = 2;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[AuthorizationDecisionStatement.Decision.PERMIT.ordinal()] = 3;
        } catch (NoSuchFieldError unused3) {
        }
        $SWITCH_TABLE$com$ghc$wsSecurity$action$saml$AuthorizationDecisionStatement$Decision = iArr2;
        return iArr2;
    }

    static /* synthetic */ int[] $SWITCH_TABLE$com$ghc$wsSecurity$action$saml$Advice$Type() {
        int[] iArr = $SWITCH_TABLE$com$ghc$wsSecurity$action$saml$Advice$Type;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[Advice.Type.valuesCustom().length];
        try {
            iArr2[Advice.Type.ASSERTION.ordinal()] = 2;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[Advice.Type.ELEMENT.ordinal()] = 3;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[Advice.Type.VALUE.ordinal()] = 1;
        } catch (NoSuchFieldError unused3) {
        }
        $SWITCH_TABLE$com$ghc$wsSecurity$action$saml$Advice$Type = iArr2;
        return iArr2;
    }
}
