package com.onelogin.saml2.settings;

import com.onelogin.saml2.model.AttributeConsumingService;
import com.onelogin.saml2.model.Contact;
import com.onelogin.saml2.model.Organization;
import com.onelogin.saml2.model.RequestedAttribute;
import com.onelogin.saml2.util.Constants;
import com.onelogin.saml2.util.Util;
import java.net.URL;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.xml.xpath.XPathExpressionException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.text.StrSubstitutor;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/onelogin/saml2/settings/Metadata.class */
public class Metadata {
    private static final Logger LOGGER = LoggerFactory.getLogger(Metadata.class);
    private static final int N_DAYS_VALID_UNTIL = 2;
    private static final int SECONDS_CACHED = 604800;
    private AttributeConsumingService attributeConsumingService;
    private final String metadataString;
    private final Calendar validUntilTime;
    private final Integer cacheDuration;

    public Metadata(Saml2Settings saml2Settings, Calendar calendar, Integer num, AttributeConsumingService attributeConsumingService) throws CertificateEncodingException {
        this.attributeConsumingService = null;
        this.validUntilTime = calendar;
        this.attributeConsumingService = attributeConsumingService;
        this.cacheDuration = num;
        String replace = generateSubstitutor(saml2Settings).replace(getMetadataTemplate());
        LOGGER.debug("metadata --> " + replace);
        this.metadataString = replace;
    }

    public Metadata(Saml2Settings saml2Settings, Calendar calendar, Integer num) throws CertificateEncodingException {
        this(saml2Settings, calendar, num, null);
    }

    public Metadata(Saml2Settings saml2Settings) throws CertificateEncodingException {
        this.attributeConsumingService = null;
        this.validUntilTime = Calendar.getInstance();
        this.validUntilTime.add(6, 2);
        this.cacheDuration = Integer.valueOf(SECONDS_CACHED);
        String replace = generateSubstitutor(saml2Settings).replace(getMetadataTemplate());
        LOGGER.debug("metadata --> " + replace);
        this.metadataString = replace;
    }

    private StrSubstitutor generateSubstitutor(Saml2Settings saml2Settings) throws CertificateEncodingException {
        HashMap hashMap = new HashMap();
        Boolean valueOf = Boolean.valueOf(saml2Settings.getWantAssertionsEncrypted() || saml2Settings.getWantNameIdEncrypted());
        hashMap.put("id", Util.generateUniqueID(saml2Settings.getUniqueIDPrefix()));
        hashMap.put("validUntilTimeStr", this.validUntilTime != null ? " validUntil=\"" + Util.formatDateTime(this.validUntilTime.getTimeInMillis()) + "\"" : "");
        hashMap.put("cacheDurationStr", this.cacheDuration != null ? " cacheDuration=\"PT" + String.valueOf(this.cacheDuration) + "S\"" : "");
        hashMap.put("spEntityId", saml2Settings.getSpEntityId());
        hashMap.put("strAuthnsign", String.valueOf(saml2Settings.getAuthnRequestsSigned()));
        hashMap.put("strWsign", String.valueOf(saml2Settings.getWantAssertionsSigned()));
        hashMap.put("spNameIDFormat", saml2Settings.getSpNameIDFormat());
        hashMap.put("spAssertionConsumerServiceBinding", saml2Settings.getSpAssertionConsumerServiceBinding());
        hashMap.put("spAssertionConsumerServiceUrl", saml2Settings.getSpAssertionConsumerServiceUrl().toString());
        hashMap.put("sls", toSLSXml(saml2Settings.getSpSingleLogoutServiceUrl(), saml2Settings.getSpSingleLogoutServiceBinding()));
        hashMap.put("strAttributeConsumingService", getAttributeConsumingServiceXml());
        hashMap.put("strKeyDescriptor", toX509KeyDescriptorsXML(saml2Settings.getSPcert(), saml2Settings.getSPcertNew(), valueOf));
        hashMap.put("strContacts", toContactsXml(saml2Settings.getContacts()));
        hashMap.put("strOrganization", toOrganizationXml(saml2Settings.getOrganization()));
        return new StrSubstitutor(hashMap);
    }

    private static StringBuilder getMetadataTemplate() {
        StringBuilder sb = new StringBuilder();
        sb.append("<?xml version=\"1.0\"?>");
        sb.append("<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"");
        sb.append("${validUntilTimeStr}");
        sb.append("${cacheDurationStr}");
        sb.append(" entityID=\"${spEntityId}\"");
        sb.append(" ID=\"${id}\">");
        sb.append("<md:SPSSODescriptor AuthnRequestsSigned=\"${strAuthnsign}\" WantAssertionsSigned=\"${strWsign}\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">");
        sb.append("${strKeyDescriptor}");
        sb.append("${sls}<md:NameIDFormat>${spNameIDFormat}</md:NameIDFormat>");
        sb.append("<md:AssertionConsumerService Binding=\"${spAssertionConsumerServiceBinding}\"");
        sb.append(" Location=\"${spAssertionConsumerServiceUrl}\"");
        sb.append(" index=\"1\"/>");
        sb.append("${strAttributeConsumingService}");
        sb.append("</md:SPSSODescriptor>${strOrganization}${strContacts}");
        sb.append("</md:EntityDescriptor>");
        return sb;
    }

    private String getAttributeConsumingServiceXml() {
        StringBuilder sb = new StringBuilder();
        if (this.attributeConsumingService != null) {
            String serviceName = this.attributeConsumingService.getServiceName();
            String serviceDescription = this.attributeConsumingService.getServiceDescription();
            List<RequestedAttribute> requestedAttributes = this.attributeConsumingService.getRequestedAttributes();
            sb.append("<md:AttributeConsumingService index=\"1\">");
            if (serviceName != null && !serviceName.isEmpty()) {
                sb.append("<md:ServiceName xml:lang=\"en\">" + serviceName + "</md:ServiceName>");
            }
            if (serviceDescription != null && !serviceDescription.isEmpty()) {
                sb.append("<md:ServiceDescription xml:lang=\"en\">" + serviceDescription + "</md:ServiceDescription>");
            }
            if (requestedAttributes != null && !requestedAttributes.isEmpty()) {
                for (RequestedAttribute requestedAttribute : requestedAttributes) {
                    String name = requestedAttribute.getName();
                    String friendlyName = requestedAttribute.getFriendlyName();
                    String nameFormat = requestedAttribute.getNameFormat();
                    Boolean isRequired = requestedAttribute.isRequired();
                    List<String> attributeValues = requestedAttribute.getAttributeValues();
                    String str = "<md:RequestedAttribute";
                    if (name != null && !name.isEmpty()) {
                        str = str + " Name=\"" + name + "\"";
                    }
                    if (nameFormat != null && !nameFormat.isEmpty()) {
                        str = str + " NameFormat=\"" + nameFormat + "\"";
                    }
                    if (friendlyName != null && !friendlyName.isEmpty()) {
                        str = str + " FriendlyName=\"" + friendlyName + "\"";
                    }
                    if (isRequired != null) {
                        str = str + " isRequired=\"" + isRequired.toString() + "\"";
                    }
                    if (attributeValues == null || attributeValues.isEmpty()) {
                        sb.append(str + " />");
                    } else {
                        String str2 = str + ">";
                        Iterator<String> it = attributeValues.iterator();
                        while (it.hasNext()) {
                            str2 = str2 + "<saml:AttributeValue xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" + it.next() + "</saml:AttributeValue>";
                        }
                        sb.append(str2 + "</md:RequestedAttribute>");
                    }
                }
            }
            sb.append("</md:AttributeConsumingService>");
        }
        return sb.toString();
    }

    private String toContactsXml(List<Contact> list) {
        StringBuilder sb = new StringBuilder();
        for (Contact contact : list) {
            sb.append("<md:ContactPerson contactType=\"" + contact.getContactType() + "\">");
            sb.append("<md:GivenName>" + contact.getGivenName() + "</md:GivenName>");
            sb.append("<md:EmailAddress>" + contact.getEmailAddress() + "</md:EmailAddress>");
            sb.append("</md:ContactPerson>");
        }
        return sb.toString();
    }

    private String toOrganizationXml(Organization organization) {
        String str = "";
        if (organization != null) {
            String orgLangAttribute = organization.getOrgLangAttribute();
            str = "<md:Organization><md:OrganizationName xml:lang=\"" + orgLangAttribute + "\">" + organization.getOrgName() + "</md:OrganizationName><md:OrganizationDisplayName xml:lang=\"" + orgLangAttribute + "\">" + organization.getOrgDisplayName() + "</md:OrganizationDisplayName><md:OrganizationURL xml:lang=\"" + orgLangAttribute + "\">" + organization.getOrgUrl() + "</md:OrganizationURL></md:Organization>";
        }
        return str;
    }

    private String toX509KeyDescriptorsXML(X509Certificate x509Certificate, Boolean bool) throws CertificateEncodingException {
        return toX509KeyDescriptorsXML(x509Certificate, null, bool);
    }

    private String toX509KeyDescriptorsXML(X509Certificate x509Certificate, X509Certificate x509Certificate2, Boolean bool) throws CertificateEncodingException {
        StringBuilder sb = new StringBuilder();
        for (X509Certificate x509Certificate3 : Arrays.asList(x509Certificate, x509Certificate2)) {
            if (x509Certificate3 != null) {
                String str = new String(new Base64(64).encode(x509Certificate3.getEncoded()));
                sb.append("<md:KeyDescriptor use=\"signing\">");
                sb.append("<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">");
                sb.append("<ds:X509Data>");
                sb.append("<ds:X509Certificate>" + str + "</ds:X509Certificate>");
                sb.append("</ds:X509Data>");
                sb.append("</ds:KeyInfo>");
                sb.append("</md:KeyDescriptor>");
                if (bool.booleanValue()) {
                    sb.append("<md:KeyDescriptor use=\"encryption\">");
                    sb.append("<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">");
                    sb.append("<ds:X509Data>");
                    sb.append("<ds:X509Certificate>" + str + "</ds:X509Certificate>");
                    sb.append("</ds:X509Data>");
                    sb.append("</ds:KeyInfo>");
                    sb.append("</md:KeyDescriptor>");
                }
            }
        }
        return sb.toString();
    }

    private String toSLSXml(URL url, String str) {
        StringBuilder sb = new StringBuilder();
        if (url != null) {
            sb.append("<md:SingleLogoutService Binding=\"" + str + "\"");
            sb.append(" Location=\"" + url.toString() + "\"/>");
        }
        return sb.toString();
    }

    public final String getMetadataString() {
        return this.metadataString;
    }

    public static String signMetadata(String str, PrivateKey privateKey, X509Certificate x509Certificate, String str2) throws XPathExpressionException, XMLSecurityException {
        return signMetadata(str, privateKey, x509Certificate, str2, Constants.SHA1);
    }

    public static String signMetadata(String str, PrivateKey privateKey, X509Certificate x509Certificate, String str2, String str3) throws XPathExpressionException, XMLSecurityException {
        String addSign = Util.addSign(Util.loadXML(str), privateKey, x509Certificate, str2, str3);
        LOGGER.debug("Signed metadata --> " + addSign);
        return addSign;
    }
}
