package org.picketlink.identity.seam.federation.configuration;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType;
import org.picketlink.identity.seam.federation.config.jaxb.SamlConfigType;
import org.picketlink.identity.seam.federation.config.jaxb.SamlIdentityProviderType;

/* loaded from: input_file:org/picketlink/identity/seam/federation/configuration/SamlConfiguration.class */
public class SamlConfiguration {
    private static final String SAML_ENTITIES_FILE = "/saml-entities.xml";
    private String entityId;
    private SamlIdentityProvider defaultIdentityProvider;
    private boolean authnRequestsSigned;
    private boolean wantAssertionsSigned;
    private PrivateKey privateKey;
    private X509Certificate certificate;
    private Map<String, IDPSSODescriptorType> idpMetaInfo = new HashMap();
    private List<SamlIdentityProvider> identityProviders = new LinkedList();

    public SamlConfiguration(SamlConfigType samlConfigType) {
        this.authnRequestsSigned = false;
        this.wantAssertionsSigned = false;
        readSamlMetaInformation();
        this.entityId = samlConfigType.getServiceProviderEntityId();
        this.authnRequestsSigned = samlConfigType.isAuthnRequestsSigned();
        this.wantAssertionsSigned = samlConfigType.isWantAssertionsSigned();
        for (SamlIdentityProviderType samlIdentityProviderType : samlConfigType.getSamlIdentityProvider()) {
            IDPSSODescriptorType iDPSSODescriptorType = this.idpMetaInfo.get(samlIdentityProviderType.getEntityId());
            if (iDPSSODescriptorType == null) {
                throw new RuntimeException("Saml identity provider with entity id \"" + samlIdentityProviderType.getEntityId() + "\" not found in metadata.");
            }
            SamlIdentityProvider samlIdentityProvider = new SamlIdentityProvider(samlIdentityProviderType.getEntityId(), iDPSSODescriptorType);
            this.identityProviders.add(samlIdentityProvider);
            samlIdentityProvider.setWantSingleLogoutMessagesSigned(samlIdentityProviderType.isWantSingleLogoutMessagesSigned());
            samlIdentityProvider.setSingleLogoutMessagesSigned(samlIdentityProviderType.isSingleLogoutMessagesSigned());
        }
        boolean z = false;
        for (SamlIdentityProvider samlIdentityProvider2 : this.identityProviders) {
            if ((samlIdentityProvider2 instanceof SamlIdentityProvider) && samlIdentityProvider2.isWantAuthnRequestsSigned()) {
                z = true;
            }
            if (samlIdentityProvider2.getEntityId().equals(samlConfigType.getDefaultIdentityProvider())) {
                this.defaultIdentityProvider = samlIdentityProvider2;
            }
        }
        if (z && !samlConfigType.isAuthnRequestsSigned()) {
            throw new RuntimeException("Configuration error: at least one identity provider wants the authentication requests signed, but the service provider doesn't sign authentication requests.");
        }
        String keyStoreUrl = samlConfigType.getKeyStoreUrl();
        String keyStorePass = samlConfigType.getKeyStorePass();
        String signingKeyAlias = samlConfigType.getSigningKeyAlias();
        String signingKeyPass = samlConfigType.getSigningKeyPass();
        getSigningKeyPair(keyStoreUrl, keyStorePass, signingKeyAlias, signingKeyPass == null ? keyStorePass : signingKeyPass);
    }

    private void readSamlMetaInformation() {
        try {
            readEntitiesDescriptor((EntitiesDescriptorType) ((JAXBElement) JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.metadata").createUnmarshaller().unmarshal(getClass().getResource(SAML_ENTITIES_FILE))).getValue());
        } catch (JAXBException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private void readEntitiesDescriptor(EntitiesDescriptorType entitiesDescriptorType) {
        for (Object obj : entitiesDescriptorType.getEntityDescriptorOrEntitiesDescriptor()) {
            if (obj instanceof EntityDescriptorType) {
                EntityDescriptorType entityDescriptorType = (EntityDescriptorType) obj;
                String entityID = entityDescriptorType.getEntityID();
                for (IDPSSODescriptorType iDPSSODescriptorType : entityDescriptorType.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor()) {
                    if (iDPSSODescriptorType instanceof IDPSSODescriptorType) {
                        this.idpMetaInfo.put(entityID, iDPSSODescriptorType);
                    }
                }
            } else {
                readEntitiesDescriptor((EntitiesDescriptorType) obj);
            }
        }
    }

    private void getSigningKeyPair(String str, String str2, String str3, String str4) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(str.startsWith("classpath:") ? getClass().getClassLoader().getResourceAsStream(str.substring("classpath:".length())) : new URL(str).openStream(), str2 != null ? str2.toCharArray() : null);
            this.certificate = (X509Certificate) keyStore.getCertificate(str3);
            this.privateKey = (PrivateKey) keyStore.getKey(str3, str4 != null ? str4.toCharArray() : null);
        } catch (MalformedURLException e) {
            throw new RuntimeException(e);
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        } catch (KeyStoreException e3) {
            throw new RuntimeException(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new RuntimeException(e4);
        } catch (UnrecoverableKeyException e5) {
            throw new RuntimeException(e5);
        } catch (CertificateException e6) {
            throw new RuntimeException(e6);
        }
    }

    public String getEntityId() {
        return this.entityId;
    }

    public SamlIdentityProvider getDefaultIdentityProvider() {
        return this.defaultIdentityProvider;
    }

    public List<SamlIdentityProvider> getIdentityProviders() {
        return this.identityProviders;
    }

    public boolean isAuthnRequestsSigned() {
        return this.authnRequestsSigned;
    }

    public boolean isWantAssertionsSigned() {
        return this.wantAssertionsSigned;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public X509Certificate getCertificate() {
        return this.certificate;
    }

    public SamlIdentityProvider getSamlIdentityProviderByEntityId(String str) {
        for (SamlIdentityProvider samlIdentityProvider : this.identityProviders) {
            if ((samlIdentityProvider instanceof SamlIdentityProvider) && samlIdentityProvider.getEntityId().equals(str)) {
                return samlIdentityProvider;
            }
        }
        return null;
    }
}
