package com.mulesoft.modules.saml.internal.builder.generation;

import com.mulesoft.modules.saml.api.assertion.saml20.Action;
import com.mulesoft.modules.saml.api.assertion.saml20.Attribute;
import com.mulesoft.modules.saml.api.assertion.saml20.AttributeStatement;
import com.mulesoft.modules.saml.api.assertion.saml20.AudienceRestriction;
import com.mulesoft.modules.saml.api.assertion.saml20.AuthenticationStatement;
import com.mulesoft.modules.saml.api.assertion.saml20.AuthorizationDecisionStatement;
import com.mulesoft.modules.saml.api.assertion.saml20.Conditions;
import com.mulesoft.modules.saml.api.assertion.saml20.NameID;
import com.mulesoft.modules.saml.api.assertion.saml20.ProxyRestrictions;
import com.mulesoft.modules.saml.api.assertion.saml20.Subject;
import com.mulesoft.modules.saml.api.assertion.saml20.SubjectConfirmationData;
import com.mulesoft.modules.saml.api.constants.SamlVersion;
import com.mulesoft.modules.saml.internal.SamlUtils;
import com.mulesoft.modules.saml.internal.XMLUtils;
import com.mulesoft.modules.saml.internal.error.SamlError;
import com.mulesoft.modules.saml.internal.generation.SamlGenerationConfig;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.apache.wss4j.common.saml.bean.ActionBean;
import org.apache.wss4j.common.saml.bean.AttributeBean;
import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean;
import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
import org.apache.wss4j.common.saml.bean.ConditionsBean;
import org.apache.wss4j.common.saml.bean.KeyInfoBean;
import org.apache.wss4j.common.saml.bean.NameIDBean;
import org.apache.wss4j.common.saml.bean.ProxyRestrictionBean;
import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
import org.apache.wss4j.common.saml.bean.SubjectLocalityBean;
import org.joda.time.DateTime;
import org.mule.runtime.extension.api.exception.ModuleException;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLObjectBuilder;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.schema.XSAny;
import org.opensaml.saml.saml2.core.AttributeValue;
import org.w3c.dom.Document;

/* loaded from: input_file:com/mulesoft/modules/saml/internal/builder/generation/SamlComponentBuilder.class */
public class SamlComponentBuilder {
    private final SamlVersion samlVersion;
    private final DateTime dateNow = DateTime.now();
    private final Instant instantNow = Instant.now();
    private final Integer defaultSkewTime;
    private final TimeUnit defaultSkewTimeUnit;

    public SamlComponentBuilder(SamlGenerationConfig samlGenerationConfig, SamlVersion samlVersion) {
        this.samlVersion = samlVersion;
        this.defaultSkewTime = samlGenerationConfig.getSkewTime();
        this.defaultSkewTimeUnit = samlGenerationConfig.getSkewTimeUnit();
    }

    private Instant calculateSkewInstant(Integer num, TimeUnit timeUnit) {
        if (num == null) {
            return null;
        }
        return this.instantNow.minus(timeUnit.toMillis(num.intValue()), (TemporalUnit) ChronoUnit.MILLIS);
    }

    public SubjectBean createSubject(Subject subject) {
        SubjectBean subjectBean = new SubjectBean();
        subjectBean.setSubjectConfirmationMethod(SamlUtils.getConfirmationMethodStringForSAML(subject.getConfirmationMethod(), this.samlVersion));
        subjectBean.setKeyInfo(createKeyInfo(subject.getSubjectCertificate()));
        NameID nameID = subject.getNameID();
        if (nameID != null) {
            subjectBean.setSubjectName(nameID.getValue());
            subjectBean.setSubjectNameQualifier(nameID.getNameQualifier());
            subjectBean.setSubjectNameIDFormat(nameID.getFormat());
        }
        subjectBean.setSubjectConfirmationData(createSubjectConfirmationData(subject.getSubjectConfirmationData()));
        subjectBean.setSubjectConfirmationNameID(createNameID(subject.getSubjectConfirmationNameID()));
        return subjectBean;
    }

    private KeyInfoBean createKeyInfo(InputStream inputStream) {
        if (inputStream == null) {
            return null;
        }
        KeyInfoBean keyInfoBean = new KeyInfoBean();
        try {
            keyInfoBean.setCertificate(createX509Certificate(inputStream));
            return keyInfoBean;
        } catch (CertificateException e) {
            throw new ModuleException("The given subject certificate is invalid", SamlError.ASSERTION_CREATION, e);
        }
    }

    private X509Certificate createX509Certificate(InputStream inputStream) throws CertificateException {
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        if (generateCertificate instanceof X509Certificate) {
            return (X509Certificate) generateCertificate;
        }
        throw new ModuleException("The given subject certificate is not a X.509 certificate.", SamlError.ASSERTION_CREATION);
    }

    private SubjectConfirmationDataBean createSubjectConfirmationData(SubjectConfirmationData subjectConfirmationData) {
        if (subjectConfirmationData == null) {
            return null;
        }
        SubjectConfirmationDataBean subjectConfirmationDataBean = new SubjectConfirmationDataBean();
        subjectConfirmationDataBean.setAddress(subjectConfirmationData.getAddress());
        subjectConfirmationDataBean.setInResponseTo(subjectConfirmationData.getInResponseTo());
        subjectConfirmationDataBean.setRecipient(subjectConfirmationData.getRecipient());
        subjectConfirmationDataBean.setNotAfter(getNotAfterInstant(Integer.valueOf(subjectConfirmationData.getSubjectConfirmationValidity()), subjectConfirmationData.getSubjectConfirmationValidityTimeUnit()));
        subjectConfirmationDataBean.setNotBefore(resolveSkewInstant(subjectConfirmationData.getSkewTime(), subjectConfirmationData.getSkewTimeUnit()));
        return subjectConfirmationDataBean;
    }

    private Instant resolveSkewInstant(Integer num, TimeUnit timeUnit) {
        return calculateSkewInstant(num == null ? this.defaultSkewTime : num, timeUnit == null ? this.defaultSkewTimeUnit : timeUnit);
    }

    public AuthenticationStatementBean createAuthenticationStatement(AuthenticationStatement authenticationStatement, SubjectBean subjectBean) {
        if (authenticationStatement == null) {
            return null;
        }
        AuthenticationStatementBean authenticationStatementBean = new AuthenticationStatementBean();
        authenticationStatementBean.setSubject(subjectBean);
        authenticationStatementBean.setAuthenticationMethod(authenticationStatement.getAuthenticationMethod());
        SubjectLocalityBean subjectLocalityBean = new SubjectLocalityBean();
        subjectLocalityBean.setDnsAddress(authenticationStatement.getSubjectLocalityDnsAddress());
        subjectLocalityBean.setIpAddress(authenticationStatement.getSubjectLocalityIpAddress());
        authenticationStatementBean.setSubjectLocality(subjectLocalityBean);
        authenticationStatementBean.setSessionIndex(authenticationStatement.getSessionIndex());
        authenticationStatementBean.setSessionNotOnOrAfter(getNotAfterDateTime(authenticationStatement.getSessionValidity(), authenticationStatement.getSessionValidityTimeUnit()));
        return authenticationStatementBean;
    }

    public AttributeStatementBean createAttributeStatement(AttributeStatement attributeStatement, SubjectBean subjectBean) {
        if (attributeStatement == null) {
            return null;
        }
        AttributeStatementBean attributeStatementBean = new AttributeStatementBean();
        attributeStatementBean.setSubject(subjectBean);
        ArrayList arrayList = new ArrayList();
        for (Attribute attribute : attributeStatement.getAttributes()) {
            AttributeBean attributeBean = new AttributeBean();
            ArrayList arrayList2 = new ArrayList();
            attribute.getAttributeValues().forEach(str -> {
                arrayList2.add(resolveAttributeValue(str));
            });
            attributeBean.setAttributeValues(arrayList2);
            attributeBean.setSimpleName(attribute.getFriendlyName());
            attributeBean.setQualifiedName(attribute.getQualifiedName());
            attributeBean.setNameFormat(attribute.getNameFormat());
            arrayList.add(attributeBean);
        }
        attributeStatementBean.setSamlAttributes(arrayList);
        return attributeStatementBean;
    }

    private Object resolveAttributeValue(String str) {
        XMLObject xMLObject = null;
        if (maybeAnXml(str)) {
            xMLObject = resolveXmlAttribute(str);
        }
        return xMLObject == null ? str : xMLObject;
    }

    private XMLObject resolveXmlAttribute(String str) {
        OpenSAMLUtil.initSamlEngine();
        try {
            Document streamToDocument = XMLUtils.streamToDocument(new ByteArrayInputStream(str.getBytes()));
            XMLObjectBuilder builder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(XSAny.TYPE_NAME);
            XSAny buildObject = builder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME);
            XMLObject buildObject2 = builder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME);
            buildObject2.setDOM(streamToDocument.getDocumentElement());
            buildObject.getUnknownXMLObjects().add(buildObject2);
            return buildObject;
        } catch (Exception e) {
            return null;
        }
    }

    private boolean maybeAnXml(String str) {
        return str.startsWith("<");
    }

    public AuthDecisionStatementBean createAuthorizationDecisionStatement(AuthorizationDecisionStatement authorizationDecisionStatement, SubjectBean subjectBean) {
        if (authorizationDecisionStatement == null) {
            return null;
        }
        AuthDecisionStatementBean authDecisionStatementBean = new AuthDecisionStatementBean();
        authDecisionStatementBean.setSubject(subjectBean);
        authDecisionStatementBean.setDecision(SamlUtils.getDecision(authorizationDecisionStatement.getDecision()));
        authDecisionStatementBean.setResource(authorizationDecisionStatement.getResource());
        ArrayList arrayList = new ArrayList();
        for (Action action : authorizationDecisionStatement.getActions()) {
            for (String str : action.getActions()) {
                ActionBean actionBean = new ActionBean();
                actionBean.setContents(str);
                actionBean.setActionNamespace(action.getNamespace());
                arrayList.add(actionBean);
            }
        }
        authDecisionStatementBean.setActions(arrayList);
        return authDecisionStatementBean;
    }

    public ConditionsBean createConditions(Conditions conditions) {
        ConditionsBean conditionsBean = new ConditionsBean();
        if (conditions != null) {
            conditionsBean.setNotBefore(resolveSkewInstant(conditions.getSkewTime(), conditions.getSkewTimeUnit()));
            conditionsBean.setNotAfter(getNotAfterInstant(conditions.getAssertionValidity(), conditions.getAssertionValidityTimeUnit()));
            if (conditions.getAssertionValidity() != null) {
                conditionsBean.setTokenPeriodSeconds(conditions.getAssertionValidityTimeUnit().toSeconds(conditions.getAssertionValidity().intValue()));
            }
            conditionsBean.setOneTimeUse(conditions.isOneTimeUse());
            List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions();
            if (audienceRestrictions != null) {
                ArrayList arrayList = new ArrayList();
                Iterator<AudienceRestriction> it = audienceRestrictions.iterator();
                while (it.hasNext()) {
                    arrayList.add(new AudienceRestrictionBean(it.next().getUris()));
                }
                conditionsBean.setAudienceRestrictions(arrayList);
            }
            conditionsBean.setProxyRestriction(createProxyRestriction(conditions.getProxyRestrictions()));
        }
        return conditionsBean;
    }

    private ProxyRestrictionBean createProxyRestriction(ProxyRestrictions proxyRestrictions) {
        if (proxyRestrictions == null) {
            return null;
        }
        return new ProxyRestrictionBean(proxyRestrictions.getProxyCount().intValue(), proxyRestrictions.getAudiences());
    }

    private NameIDBean createNameID(NameID nameID) {
        if (nameID == null) {
            return null;
        }
        NameIDBean nameIDBean = new NameIDBean();
        nameIDBean.setNameValue(nameID.getValue());
        nameIDBean.setNameQualifier(nameID.getNameQualifier());
        nameIDBean.setNameIDFormat(nameID.getFormat());
        return nameIDBean;
    }

    private Instant getNotAfterInstant(Integer num, TimeUnit timeUnit) {
        if (num == null) {
            return null;
        }
        return this.instantNow.plus(timeUnit.toMillis(num.intValue()), (TemporalUnit) ChronoUnit.MILLIS);
    }

    private DateTime getNotAfterDateTime(Integer num, TimeUnit timeUnit) {
        if (num == null) {
            return null;
        }
        return this.dateNow.plus(timeUnit.toMillis(num.intValue()));
    }
}
