package pl.edu.icm.unity.saml.metadata;

import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import org.apache.xmlbeans.XmlException;
import org.apache.xmlbeans.XmlOptions;
import pl.edu.icm.unity.saml.idp.SamlIdpProperties;
import xmlbeans.org.oasis.saml2.metadata.AnyURIListType;
import xmlbeans.org.oasis.saml2.metadata.AttributeAuthorityDescriptorType;
import xmlbeans.org.oasis.saml2.metadata.EndpointType;
import xmlbeans.org.oasis.saml2.metadata.EntityDescriptorDocument;
import xmlbeans.org.oasis.saml2.metadata.EntityDescriptorType;
import xmlbeans.org.oasis.saml2.metadata.IDPSSODescriptorType;
import xmlbeans.org.oasis.saml2.metadata.RoleDescriptorType;
import xmlbeans.org.w3.x2000.x09.xmldsig.KeyInfoType;

/* loaded from: input_file:pl/edu/icm/unity/saml/metadata/IdpMetadataGenerator.class */
public class IdpMetadataGenerator implements MetadataProvider {
    private Date generationDate;
    private SamlIdpProperties samlConfig;
    private EntityDescriptorDocument document;
    private EndpointType[] ssoEndpoints;
    private EndpointType[] attributeQueryEndpoints;
    private EndpointType[] sloEndpoints;

    public IdpMetadataGenerator(SamlIdpProperties samlIdpProperties, EndpointType[] endpointTypeArr, EndpointType[] endpointTypeArr2, EndpointType[] endpointTypeArr3) {
        this.samlConfig = samlIdpProperties;
        this.ssoEndpoints = endpointTypeArr;
        this.attributeQueryEndpoints = endpointTypeArr2;
        this.sloEndpoints = endpointTypeArr3;
        generateMetadata();
    }

    @Override // pl.edu.icm.unity.saml.metadata.MetadataProvider
    public EntityDescriptorDocument getMetadata() {
        try {
            return EntityDescriptorDocument.Factory.parse(this.document.xmlText());
        } catch (XmlException e) {
            throw new RuntimeException("Can't re-parse metadata?", e);
        }
    }

    private void generateMetadata() {
        this.generationDate = new Date();
        this.document = EntityDescriptorDocument.Factory.newInstance(new XmlOptions().setSavePrettyPrint());
        EntityDescriptorType addNewEntityDescriptor = this.document.addNewEntityDescriptor();
        addNewEntityDescriptor.setEntityID(this.samlConfig.getValue(SamlIdpProperties.ISSUER_URI));
        if (this.ssoEndpoints != null && this.ssoEndpoints.length > 0) {
            addIdpSSODescriptor(addNewEntityDescriptor);
        }
        if (this.attributeQueryEndpoints != null && this.attributeQueryEndpoints.length > 0) {
            addIdpAttributeAuthorityDescriptor(addNewEntityDescriptor);
        }
        try {
            this.document = EntityDescriptorDocument.Factory.parse(this.document.xmlText(new XmlOptions().setSavePrettyPrint()));
        } catch (XmlException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private void addIdpSSODescriptor(EntityDescriptorType entityDescriptorType) {
        IDPSSODescriptorType addNewIDPSSODescriptor = entityDescriptorType.addNewIDPSSODescriptor();
        fillIdpGenericDescriptor(addNewIDPSSODescriptor);
        Iterator<String> it = this.samlConfig.getIdTypeMapper().getSupportedIdentityTypes().iterator();
        while (it.hasNext()) {
            addNewIDPSSODescriptor.addNameIDFormat(it.next());
        }
        SamlIdpProperties.RequestAcceptancePolicy requestAcceptancePolicy = (SamlIdpProperties.RequestAcceptancePolicy) this.samlConfig.getEnumValue(SamlIdpProperties.SP_ACCEPT_POLICY, SamlIdpProperties.RequestAcceptancePolicy.class);
        addNewIDPSSODescriptor.setWantAuthnRequestsSigned(requestAcceptancePolicy == SamlIdpProperties.RequestAcceptancePolicy.strict || requestAcceptancePolicy == SamlIdpProperties.RequestAcceptancePolicy.validSigner);
        addNewIDPSSODescriptor.setSingleSignOnServiceArray(this.ssoEndpoints);
        if (this.sloEndpoints == null || this.sloEndpoints.length <= 0) {
            return;
        }
        addNewIDPSSODescriptor.setSingleLogoutServiceArray(this.sloEndpoints);
    }

    private void addIdpAttributeAuthorityDescriptor(EntityDescriptorType entityDescriptorType) {
        AttributeAuthorityDescriptorType addNewAttributeAuthorityDescriptor = entityDescriptorType.addNewAttributeAuthorityDescriptor();
        fillIdpGenericDescriptor(addNewAttributeAuthorityDescriptor);
        addNewAttributeAuthorityDescriptor.setAttributeServiceArray(this.attributeQueryEndpoints);
    }

    private void fillIdpGenericDescriptor(RoleDescriptorType roleDescriptorType) {
        AnyURIListType newInstance = AnyURIListType.Factory.newInstance();
        newInstance.setStringValue("urn:oasis:names:tc:SAML:2.0:protocol");
        roleDescriptorType.setProtocolSupportEnumeration(newInstance.getListValue());
        KeyInfoType addNewKeyInfo = roleDescriptorType.addNewKeyDescriptor().addNewKeyInfo();
        X509Certificate certificate = this.samlConfig.getSamlIssuerCredential().getCertificate();
        try {
            addNewKeyInfo.addNewX509Data().addNewX509Certificate().setByteArrayValue(certificate.getEncoded());
        } catch (CertificateEncodingException e) {
            throw new RuntimeException("Can not encode IdP certificate to binary representation for insertion in SAML metadata", e);
        }
    }

    @Override // pl.edu.icm.unity.saml.metadata.MetadataProvider
    public Date getLastmodification() {
        return this.generationDate;
    }
}
