package org.picketlink.identity.federation.web.servlets.saml;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.StringWriter;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.picketlink.common.ErrorCodes;
import org.picketlink.common.PicketLinkLogger;
import org.picketlink.common.PicketLinkLoggerFactory;
import org.picketlink.common.constants.GeneralConstants;
import org.picketlink.common.constants.JBossSAMLConstants;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.common.util.StaxUtil;
import org.picketlink.common.util.StringUtil;
import org.picketlink.config.federation.KeyProviderType;
import org.picketlink.config.federation.KeyValueType;
import org.picketlink.config.federation.MetadataProviderType;
import org.picketlink.config.federation.PicketLinkType;
import org.picketlink.config.federation.ProviderType;
import org.picketlink.identity.federation.api.saml.v2.metadata.KeyDescriptorMetaDataBuilder;
import org.picketlink.identity.federation.api.util.KeyUtil;
import org.picketlink.identity.federation.core.interfaces.IMetadataProvider;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.saml.md.providers.MetadataProviderUtils;
import org.picketlink.identity.federation.core.saml.md.providers.SPMetadataProvider;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLMetadataWriter;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.core.wstrust.auth.AbstractSTSLoginModule;
import org.picketlink.identity.federation.saml.v2.metadata.AttributeAuthorityDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.AuthnAuthorityDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.PDPDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.RoleDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.SPSSODescriptorType;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/picketlink-federation-2.7.0.CR1.jar:org/picketlink/identity/federation/web/servlets/saml/MetadataServletSP.class */
public class MetadataServletSP extends HttpServlet {
    private static final long serialVersionUID = 1;
    private static final PicketLinkLogger log = PicketLinkLoggerFactory.getLogger();
    private transient EntitiesDescriptorType entitiesDescriptor;
    private transient EntityDescriptorType entityDescriptor;
    private TrustKeyManager keyManager;
    private final boolean trace = log.isTraceEnabled();
    private String configFileLocation = GeneralConstants.CONFIG_FILE_LOCATION;
    private transient MetadataProviderType metadataProviderType = null;
    private transient IMetadataProvider<?> metadataProvider = null;
    private String signingAlias = null;
    private String encryptingAlias = null;

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        ServletContext servletContext = servletConfig.getServletContext();
        String initParameter = servletConfig.getInitParameter(AbstractSTSLoginModule.STS_CONFIG_FILE);
        if (StringUtil.isNotNull(initParameter)) {
            this.configFileLocation = initParameter;
        }
        if (this.trace) {
            log.trace("Config File Location=" + this.configFileLocation);
        }
        InputStream resourceAsStream = servletContext.getResourceAsStream(this.configFileLocation);
        if (resourceAsStream == null) {
            throw new ServletException(ErrorCodes.RESOURCE_NOT_FOUND + this.configFileLocation + " missing");
        }
        this.signingAlias = servletConfig.getInitParameter("signingAlias");
        this.encryptingAlias = servletConfig.getInitParameter("encryptingAlias");
        PicketLinkType picketLinkConf = MetadataProviderUtils.getPicketLinkConf(resourceAsStream);
        ProviderType providerType = MetadataProviderUtils.getProviderType(picketLinkConf);
        this.metadataProviderType = providerType.getMetaDataProvider();
        try {
            this.metadataProvider = (IMetadataProvider) SecurityActions.loadClass(getClass(), this.metadataProviderType.getClassName()).newInstance();
            List<KeyValueType> option = this.metadataProviderType.getOption();
            HashMap hashMap = new HashMap();
            if (option != null) {
                for (KeyValueType keyValueType : option) {
                    hashMap.put(keyValueType.getKey(), keyValueType.getValue());
                }
            }
            String requireFileInjection = this.metadataProvider.requireFileInjection();
            if (StringUtil.isNotNull(requireFileInjection)) {
                this.metadataProvider.injectFileStream(servletContext.getResourceAsStream(requireFileInjection));
            } else if (this.metadataProvider instanceof SPMetadataProvider) {
                ((SPMetadataProvider) this.metadataProvider).setPicketLinkConf(picketLinkConf);
            }
            this.metadataProvider.init(hashMap);
            Object metaData = this.metadataProvider.getMetaData();
            if (metaData instanceof EntitiesDescriptorType) {
                this.entitiesDescriptor = (EntitiesDescriptorType) metaData;
            } else {
                if (!(metaData instanceof EntityDescriptorType)) {
                    throw new ServletException("PL00074: Parsing Error:Invalid metadata type");
                }
                this.entityDescriptor = (EntityDescriptorType) metaData;
            }
            KeyProviderType keyProvider = providerType.getKeyProvider();
            this.signingAlias = keyProvider.getSigningAlias();
            String className = keyProvider.getClassName();
            if (className == null) {
                throw new ServletException("PL00092: Null Value:KeyManager class name");
            }
            try {
                this.keyManager = (TrustKeyManager) SecurityActions.loadClass(getClass(), className).newInstance();
                this.keyManager.setAuthProperties(CoreConfigUtil.getKeyProviderProperties(keyProvider));
                KeyDescriptorType createKeyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(KeyUtil.getKeyInfo(this.keyManager.getCertificate(this.signingAlias)), null, 0, true, false);
                if (this.entitiesDescriptor != null) {
                    updateKeyDescriptors(this.entitiesDescriptor, createKeyDescriptor);
                } else {
                    updateKeyDescriptor(this.entityDescriptor, createKeyDescriptor);
                }
                if (this.encryptingAlias == null) {
                    this.encryptingAlias = this.signingAlias;
                }
                KeyDescriptorType createKeyDescriptor2 = KeyDescriptorMetaDataBuilder.createKeyDescriptor(KeyUtil.getKeyInfo(this.keyManager.getCertificate(this.encryptingAlias)), null, 0, false, true);
                if (this.entitiesDescriptor != null) {
                    updateKeyDescriptors(this.entitiesDescriptor, createKeyDescriptor2);
                } else {
                    updateKeyDescriptor(this.entityDescriptor, createKeyDescriptor2);
                    signAndAddAttribs(this.entityDescriptor);
                }
            } catch (Exception e) {
                throw new ServletException(e);
            }
        } catch (IllegalAccessException e2) {
            throw new ServletException(e2);
        } catch (InstantiationException e3) {
            throw new ServletException(e3);
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.setContentType(JBossSAMLConstants.METADATA_MIME.get());
        try {
            SAMLMetadataWriter sAMLMetadataWriter = new SAMLMetadataWriter(StaxUtil.getXMLStreamWriter((OutputStream) httpServletResponse.getOutputStream()));
            if (this.entitiesDescriptor != null) {
                sAMLMetadataWriter.writeEntitiesDescriptor(this.entitiesDescriptor);
            } else {
                sAMLMetadataWriter.writeEntityDescriptor(this.entityDescriptor);
            }
        } catch (ProcessingException e) {
            throw new ServletException(e);
        }
    }

    private void signAndAddAttribs(EntityDescriptorType entityDescriptorType) throws ServletException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new SAMLMetadataWriter(StaxUtil.getXMLStreamWriter(byteArrayOutputStream)).writeEntityDescriptor(entityDescriptorType);
            Document parse = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
            KeyPair keyPair = new KeyPair(null, this.keyManager.getSigningKey());
            Element documentElement = parse.getDocumentElement();
            XMLSignatureUtil.sign(documentElement, documentElement.getFirstChild(), keyPair, "http://www.w3.org/2000/09/xmldsig#sha1", "http://www.w3.org/2000/09/xmldsig#rsa-sha1", "", (X509Certificate) this.keyManager.getCertificate(this.signingAlias));
            entityDescriptorType.setSignature(extractSignatureFromDoc(documentElement));
        } catch (Exception e) {
            throw new ServletException(e);
        }
    }

    private Element extractSignatureFromDoc(Element element) {
        return (Element) element.getFirstChild();
    }

    private String getStringFromDocument(Element element) throws TransformerException {
        DOMSource dOMSource = new DOMSource(element);
        StringWriter stringWriter = new StringWriter();
        TransformerFactory.newInstance().newTransformer().transform(dOMSource, new StreamResult(stringWriter));
        return stringWriter.toString();
    }

    private void updateKeyDescriptors(EntitiesDescriptorType entitiesDescriptorType, KeyDescriptorType keyDescriptorType) {
        Iterator<Object> it = entitiesDescriptorType.getEntityDescriptor().iterator();
        while (it.hasNext()) {
            updateKeyDescriptor((EntityDescriptorType) it.next(), keyDescriptorType);
        }
    }

    private void updateKeyDescriptor(EntityDescriptorType entityDescriptorType, KeyDescriptorType keyDescriptorType) {
        List<EntityDescriptorType.EDTDescriptorChoiceType> descriptors = entityDescriptorType.getChoiceType().get(0).getDescriptors();
        if (descriptors != null) {
            for (EntityDescriptorType.EDTDescriptorChoiceType eDTDescriptorChoiceType : descriptors) {
                AttributeAuthorityDescriptorType attribDescriptor = eDTDescriptorChoiceType.getAttribDescriptor();
                if (attribDescriptor != null) {
                    attribDescriptor.addKeyDescriptor(keyDescriptorType);
                }
                AuthnAuthorityDescriptorType authnDescriptor = eDTDescriptorChoiceType.getAuthnDescriptor();
                if (authnDescriptor != null) {
                    authnDescriptor.addKeyDescriptor(keyDescriptorType);
                }
                IDPSSODescriptorType idpDescriptor = eDTDescriptorChoiceType.getIdpDescriptor();
                if (idpDescriptor != null) {
                    idpDescriptor.addKeyDescriptor(keyDescriptorType);
                }
                PDPDescriptorType pdpDescriptor = eDTDescriptorChoiceType.getPdpDescriptor();
                if (pdpDescriptor != null) {
                    pdpDescriptor.addKeyDescriptor(keyDescriptorType);
                }
                RoleDescriptorType roleDescriptor = eDTDescriptorChoiceType.getRoleDescriptor();
                if (roleDescriptor != null) {
                    roleDescriptor.addKeyDescriptor(keyDescriptorType);
                }
                SPSSODescriptorType spDescriptor = eDTDescriptorChoiceType.getSpDescriptor();
                if (spDescriptor != null) {
                    spDescriptor.addKeyDescriptor(keyDescriptorType);
                }
            }
        }
    }
}
