package com.liferay.saml.opensaml.integration.internal.metadata;

import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.util.PortalUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.saml.opensaml.integration.internal.util.OpenSamlUtil;
import com.liferay.saml.runtime.exception.CredentialException;
import com.liferay.saml.runtime.exception.EntityIdException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.ext.saml2alg.DigestMethod;
import org.opensaml.saml.ext.saml2alg.SigningMethod;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.EncryptionMethod;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.Extensions;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.UsageType;
import org.opensaml.xmlsec.EncryptionConfiguration;
import org.opensaml.xmlsec.SignatureSigningConfiguration;
import org.opensaml.xmlsec.algorithm.AlgorithmDescriptor;
import org.opensaml.xmlsec.algorithm.AlgorithmRegistry;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.opensaml.xmlsec.algorithm.KeyLengthSpecifiedAlgorithm;
import org.opensaml.xmlsec.encryption.KeySize;
import org.opensaml.xmlsec.encryption.impl.KeySizeBuilder;

/* loaded from: input_file:com/liferay/saml/opensaml/integration/internal/metadata/MetadataGeneratorUtil.class */
public class MetadataGeneratorUtil {
    public static EntityDescriptor buildIdpEntityDescriptor(String str, String str2, boolean z, boolean z2, Credential credential, Credential credential2) throws Exception {
        if (Validator.isNull(str2)) {
            throw new EntityIdException("Entity ID is required");
        }
        if (credential == null) {
            throw new CredentialException("Credential is required");
        }
        EntityDescriptor buildEntityDescriptor = OpenSamlUtil.buildEntityDescriptor();
        buildEntityDescriptor.setEntityID(str2);
        List<RoleDescriptor> roleDescriptors = buildEntityDescriptor.getRoleDescriptors();
        IDPSSODescriptor buildIdpSsoDescriptor = buildIdpSsoDescriptor(str, str2, z, credential, credential2);
        Extensions extensions = (Extensions) XMLObjectSupport.buildXMLObject(Extensions.DEFAULT_ELEMENT_NAME);
        extensions.getUnknownXMLObjects().addAll(_getExtensionXmlObjects(credential));
        buildIdpSsoDescriptor.setExtensions(extensions);
        roleDescriptors.add(buildIdpSsoDescriptor);
        if (z2) {
            OpenSamlUtil.signObject(buildEntityDescriptor, credential, null);
        }
        return buildEntityDescriptor;
    }

    public static IDPSSODescriptor buildIdpSsoDescriptor(String str, String str2, boolean z, Credential credential, Credential credential2) throws Exception {
        IDPSSODescriptor buildIdpSsoDescriptor = OpenSamlUtil.buildIdpSsoDescriptor();
        buildIdpSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
        buildIdpSsoDescriptor.setWantAuthnRequestsSigned(Boolean.valueOf(z));
        List<KeyDescriptor> keyDescriptors = buildIdpSsoDescriptor.getKeyDescriptors();
        keyDescriptors.add(OpenSamlUtil.buildKeyDescriptor(UsageType.SIGNING, OpenSamlUtil.buildKeyInfo(credential)));
        if (credential2 != null) {
            keyDescriptors.add(getEncryptionKeyDescriptor(credential2));
        }
        List<SingleSignOnService> singleSignOnServices = buildIdpSsoDescriptor.getSingleSignOnServices();
        String pathMain = PortalUtil.getPathMain();
        singleSignOnServices.add(OpenSamlUtil.buildSingleSignOnService(SAMLConstants.SAML2_REDIRECT_BINDING_URI, StringBundler.concat(new String[]{str, pathMain, "/portal/saml/sso"})));
        singleSignOnServices.add(OpenSamlUtil.buildSingleSignOnService(SAMLConstants.SAML2_POST_BINDING_URI, StringBundler.concat(new String[]{str, pathMain, "/portal/saml/sso"})));
        List<SingleLogoutService> singleLogoutServices = buildIdpSsoDescriptor.getSingleLogoutServices();
        singleLogoutServices.add(OpenSamlUtil.buildSingleLogoutService(SAMLConstants.SAML2_POST_BINDING_URI, StringBundler.concat(new String[]{str, pathMain, "/portal/saml/slo"})));
        singleLogoutServices.add(OpenSamlUtil.buildSingleLogoutService(SAMLConstants.SAML2_REDIRECT_BINDING_URI, StringBundler.concat(new String[]{str, pathMain, "/portal/saml/slo"})));
        return buildIdpSsoDescriptor;
    }

    public static EntityDescriptor buildSpEntityDescriptor(String str, String str2, boolean z, boolean z2, boolean z3, Credential credential, Credential credential2) throws Exception {
        EntityDescriptor buildEntityDescriptor = OpenSamlUtil.buildEntityDescriptor();
        buildEntityDescriptor.setEntityID(str2);
        List<RoleDescriptor> roleDescriptors = buildEntityDescriptor.getRoleDescriptors();
        SPSSODescriptor buildSpSsoDescriptor = buildSpSsoDescriptor(str, str2, z, z3, credential, credential2);
        Extensions extensions = (Extensions) XMLObjectSupport.buildXMLObject(Extensions.DEFAULT_ELEMENT_NAME);
        extensions.getUnknownXMLObjects().addAll(_getExtensionXmlObjects(credential));
        buildSpSsoDescriptor.setExtensions(extensions);
        roleDescriptors.add(buildSpSsoDescriptor);
        if (z2) {
            OpenSamlUtil.signObject(buildEntityDescriptor, credential, null);
        }
        return buildEntityDescriptor;
    }

    public static SPSSODescriptor buildSpSsoDescriptor(String str, String str2, boolean z, boolean z2, Credential credential, Credential credential2) throws Exception {
        SPSSODescriptor buildSpSsoDescriptor = OpenSamlUtil.buildSpSsoDescriptor();
        buildSpSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
        buildSpSsoDescriptor.setAuthnRequestsSigned(Boolean.valueOf(z));
        buildSpSsoDescriptor.setWantAssertionsSigned(Boolean.valueOf(z2));
        List<AssertionConsumerService> assertionConsumerServices = buildSpSsoDescriptor.getAssertionConsumerServices();
        String pathMain = PortalUtil.getPathMain();
        assertionConsumerServices.add(OpenSamlUtil.buildAssertionConsumerService(SAMLConstants.SAML2_POST_BINDING_URI, 1, true, StringBundler.concat(new String[]{str, pathMain, "/portal/saml/acs"})));
        List<KeyDescriptor> keyDescriptors = buildSpSsoDescriptor.getKeyDescriptors();
        keyDescriptors.add(OpenSamlUtil.buildKeyDescriptor(UsageType.SIGNING, OpenSamlUtil.buildKeyInfo(credential)));
        if (credential2 != null) {
            keyDescriptors.add(getEncryptionKeyDescriptor(credential2));
        }
        List<SingleLogoutService> singleLogoutServices = buildSpSsoDescriptor.getSingleLogoutServices();
        singleLogoutServices.add(OpenSamlUtil.buildSingleLogoutService(SAMLConstants.SAML2_POST_BINDING_URI, StringBundler.concat(new String[]{str, pathMain, "/portal/saml/slo"})));
        singleLogoutServices.add(OpenSamlUtil.buildSingleLogoutService(SAMLConstants.SAML2_REDIRECT_BINDING_URI, StringBundler.concat(new String[]{str, pathMain, "/portal/saml/slo"})));
        singleLogoutServices.add(OpenSamlUtil.buildSingleLogoutService(SAMLConstants.SAML2_SOAP11_BINDING_URI, StringBundler.concat(new String[]{str, pathMain, "/portal/saml/slo_soap"})));
        return buildSpSsoDescriptor;
    }

    public static KeyDescriptor getEncryptionKeyDescriptor(Credential credential) throws SecurityException {
        KeyDescriptor buildKeyDescriptor = OpenSamlUtil.buildKeyDescriptor(UsageType.ENCRYPTION, OpenSamlUtil.buildKeyInfo(credential));
        List<EncryptionMethod> encryptionMethods = buildKeyDescriptor.getEncryptionMethods();
        ArrayList<String> arrayList = new ArrayList();
        EncryptionConfiguration encryptionConfiguration = (EncryptionConfiguration) ConfigurationService.get(EncryptionConfiguration.class);
        arrayList.addAll(encryptionConfiguration.getDataEncryptionAlgorithms());
        arrayList.addAll(encryptionConfiguration.getKeyTransportEncryptionAlgorithms());
        for (String str : arrayList) {
            AlgorithmRegistry globalAlgorithmRegistry = AlgorithmSupport.getGlobalAlgorithmRegistry();
            Collection<String> blacklistedAlgorithms = encryptionConfiguration.getBlacklistedAlgorithms();
            if (globalAlgorithmRegistry.isRuntimeSupported(str) && !blacklistedAlgorithms.contains(str)) {
                AlgorithmDescriptor algorithmDescriptor = globalAlgorithmRegistry.get(str);
                if (!AlgorithmSupport.isKeyEncryptionAlgorithm(algorithmDescriptor) || AlgorithmSupport.credentialSupportsAlgorithmForEncryption(credential, algorithmDescriptor)) {
                    EncryptionMethod encryptionMethod = (EncryptionMethod) XMLObjectSupport.buildXMLObject(EncryptionMethod.DEFAULT_ELEMENT_NAME);
                    encryptionMethod.setAlgorithm(algorithmDescriptor.getURI());
                    if (encryptionMethod instanceof KeyLengthSpecifiedAlgorithm) {
                        KeyLengthSpecifiedAlgorithm keyLengthSpecifiedAlgorithm = (KeyLengthSpecifiedAlgorithm) encryptionMethod;
                        KeySize buildObject = new KeySizeBuilder().buildObject();
                        buildObject.setValue(keyLengthSpecifiedAlgorithm.getKeyLength());
                        encryptionMethod.setKeySize(buildObject);
                    }
                    encryptionMethods.add(encryptionMethod);
                }
            }
        }
        return buildKeyDescriptor;
    }

    private static List<XMLObject> _getExtensionXmlObjects(Credential credential) {
        ArrayList arrayList = new ArrayList();
        AlgorithmRegistry globalAlgorithmRegistry = AlgorithmSupport.getGlobalAlgorithmRegistry();
        SignatureSigningConfiguration signatureSigningConfiguration = (SignatureSigningConfiguration) ConfigurationService.get(SignatureSigningConfiguration.class);
        Collection<String> blacklistedAlgorithms = signatureSigningConfiguration.getBlacklistedAlgorithms();
        for (String str : signatureSigningConfiguration.getSignatureReferenceDigestMethods()) {
            if (globalAlgorithmRegistry.isRuntimeSupported(str) && !blacklistedAlgorithms.contains(str)) {
                AlgorithmDescriptor algorithmDescriptor = globalAlgorithmRegistry.get(str);
                DigestMethod digestMethod = (DigestMethod) XMLObjectSupport.buildXMLObject(DigestMethod.DEFAULT_ELEMENT_NAME);
                digestMethod.setAlgorithm(algorithmDescriptor.getURI());
                arrayList.add(digestMethod);
            }
        }
        for (String str2 : signatureSigningConfiguration.getSignatureAlgorithms()) {
            if (globalAlgorithmRegistry.isRuntimeSupported(str2) && !blacklistedAlgorithms.contains(str2)) {
                AlgorithmDescriptor algorithmDescriptor2 = globalAlgorithmRegistry.get(str2);
                if (AlgorithmSupport.credentialSupportsAlgorithmForSigning(credential, algorithmDescriptor2)) {
                    SigningMethod signingMethod = (SigningMethod) XMLObjectSupport.buildXMLObject(SigningMethod.DEFAULT_ELEMENT_NAME);
                    signingMethod.setAlgorithm(algorithmDescriptor2.getURI());
                    arrayList.add(signingMethod);
                }
            }
        }
        return arrayList;
    }
}
