package org.picketlink.identity.federation.web.servlets.saml;

import java.io.IOException;
import java.io.InputStream;
import java.security.cert.Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.api.saml.v2.metadata.KeyDescriptorMetaDataBuilder;
import org.picketlink.identity.federation.api.saml.v2.metadata.MetaDataBuilder;
import org.picketlink.identity.federation.api.util.KeyUtil;
import org.picketlink.identity.federation.core.config.IDPType;
import org.picketlink.identity.federation.core.config.KeyProviderType;
import org.picketlink.identity.federation.core.config.KeyValueType;
import org.picketlink.identity.federation.core.config.MetadataProviderType;
import org.picketlink.identity.federation.core.interfaces.IMetadataProvider;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
import org.picketlink.identity.federation.core.wstrust.auth.AbstractSTSLoginModule;
import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.RoleDescriptorType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.util.ConfigurationUtil;
import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;

/* loaded from: input_file:WEB-INF/lib/picketlink-web-1.0.3.SP1.jar:org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.class */
public class MetadataServlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    private static Logger log = Logger.getLogger(MetadataServlet.class);
    private transient EntityDescriptorType metadata;
    private TrustKeyManager keyManager;
    private boolean trace = log.isTraceEnabled();
    private String configFileLocation = GeneralConstants.CONFIG_FILE_LOCATION;
    private transient MetadataProviderType metadataProviderType = null;
    private transient IMetadataProvider<?> metadataProvider = null;
    private String signingAlias = null;
    private String encryptingAlias = null;

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        try {
            ServletContext servletContext = servletConfig.getServletContext();
            String initParameter = servletConfig.getInitParameter(AbstractSTSLoginModule.STS_CONFIG_FILE);
            if (StringUtil.isNotNull(initParameter)) {
                this.configFileLocation = initParameter;
            }
            if (this.trace) {
                log.trace("Config File Location=" + this.configFileLocation);
            }
            InputStream resourceAsStream = servletContext.getResourceAsStream(this.configFileLocation);
            if (resourceAsStream == null) {
                throw new RuntimeException(this.configFileLocation + " missing");
            }
            this.signingAlias = servletConfig.getInitParameter("signingAlias");
            this.encryptingAlias = servletConfig.getInitParameter("encryptingAlias");
            IDPType iDPConfiguration = ConfigurationUtil.getIDPConfiguration(resourceAsStream);
            this.metadataProviderType = iDPConfiguration.getMetaDataProvider();
            String className = this.metadataProviderType.getClassName();
            ClassLoader contextClassLoader = SecurityActions.getContextClassLoader();
            this.metadataProvider = (IMetadataProvider) contextClassLoader.loadClass(className).newInstance();
            List<KeyValueType> option = this.metadataProviderType.getOption();
            HashMap hashMap = new HashMap();
            if (option != null) {
                for (KeyValueType keyValueType : option) {
                    hashMap.put(keyValueType.getKey(), keyValueType.getValue());
                }
            }
            this.metadataProvider.init(hashMap);
            if (this.metadataProvider.isMultiple()) {
                throw new RuntimeException("Multiple Entities not currently supported");
            }
            String requireFileInjection = this.metadataProvider.requireFileInjection();
            if (StringUtil.isNotNull(requireFileInjection)) {
                this.metadataProvider.injectFileStream(servletContext.getResourceAsStream(requireFileInjection));
            }
            this.metadata = (EntityDescriptorType) this.metadataProvider.getMetaData();
            KeyProviderType keyProvider = iDPConfiguration.getKeyProvider();
            this.signingAlias = keyProvider.getSigningAlias();
            String className2 = keyProvider.getClassName();
            if (className2 == null) {
                throw new RuntimeException("KeyManager class name is null");
            }
            this.keyManager = (TrustKeyManager) contextClassLoader.loadClass(className2).newInstance();
            this.keyManager.setAuthProperties(CoreConfigUtil.getKeyProviderProperties(keyProvider));
            updateKeyDescriptor(this.metadata, KeyDescriptorMetaDataBuilder.createKeyDescriptor(KeyUtil.getKeyInfo(this.keyManager.getCertificate(this.signingAlias)), null, 0, true, false));
            if (this.encryptingAlias != null) {
                Certificate certificate = this.keyManager.getCertificate(this.encryptingAlias);
                KeyInfoType keyInfo = KeyUtil.getKeyInfo(certificate);
                String algorithm = certificate.getPublicKey().getAlgorithm();
                updateKeyDescriptor(this.metadata, KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo, XMLEncryptionUtil.getEncryptionURL(algorithm), XMLEncryptionUtil.getEncryptionKeySize(algorithm), false, true));
            }
        } catch (Exception e) {
            log.error("Exception in starting servlet:", e);
            throw new ServletException("Unable to start servlet");
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.setContentType(JBossSAMLConstants.METADATA_MIME.get());
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        try {
            MetaDataBuilder.getMarshaller().marshal(MetaDataBuilder.getObjectFactory().createEntityDescriptor(this.metadata), outputStream);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void updateKeyDescriptor(EntityDescriptorType entityDescriptorType, KeyDescriptorType keyDescriptorType) {
        List<RoleDescriptorType> roleDescriptorOrIDPSSODescriptorOrSPSSODescriptor = entityDescriptorType.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
        if (roleDescriptorOrIDPSSODescriptorOrSPSSODescriptor != null) {
            Iterator<RoleDescriptorType> it = roleDescriptorOrIDPSSODescriptorOrSPSSODescriptor.iterator();
            while (it.hasNext()) {
                it.next().getKeyDescriptor().add(keyDescriptorType);
            }
        }
    }
}
