package org.pac4j.saml.client;

import java.io.FileOutputStream;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.opensaml.xmlsec.config.DefaultSecurityConfigurationBootstrap;
import org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration;
import org.pac4j.core.context.HttpConstants;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.core.util.InitializableObject;
import org.pac4j.saml.exceptions.SAMLException;
import org.pac4j.saml.storage.EmptyStorageFactory;
import org.pac4j.saml.storage.SAMLMessageStorageFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.FileSystemResource;
import org.springframework.core.io.Resource;
import org.springframework.core.io.UrlResource;
import org.springframework.core.io.WritableResource;

/* loaded from: input_file:WEB-INF/lib/pac4j-saml-2.3.1.jar:org/pac4j/saml/client/SAML2ClientConfiguration.class */
public class SAML2ClientConfiguration extends InitializableObject {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SAML2ClientConfiguration.class);
    protected static final String RESOURCE_PREFIX = "resource:";
    protected static final String CLASSPATH_PREFIX = "classpath:";
    protected static final String FILE_PREFIX = "file:";
    private Resource keystoreResource;
    private String keystorePassword;
    private String privateKeyPassword;
    private Resource identityProviderMetadataResource;
    private String identityProviderEntityId;
    private String serviceProviderEntityId;
    private int maximumAuthenticationLifetime;
    private boolean forceAuth;
    private boolean passive;
    private boolean forceSignRedirectBindingAuthnRequest;
    private String comparisonType;
    private String destinationBindingType;
    private String authnContextClassRef;
    private String nameIdPolicyFormat;
    private WritableResource serviceProviderMetadataResource;
    private boolean forceServiceProviderMetadataGeneration;
    private SAMLMessageStorageFactory samlMessageStorageFactory;
    private boolean authnRequestSigned;
    private Collection<String> blackListedSignatureSigningAlgorithms;
    private List<String> signatureAlgorithms;
    private List<String> signatureReferenceDigestMethods;
    private String signatureCanonicalizationAlgorithm;
    private boolean wantsAssertionsSigned;
    private String keyStoreAlias;
    private String keyStoreType;
    private int assertionConsumerServiceIndex;
    private int attributeConsumingServiceIndex;

    public SAML2ClientConfiguration() {
        this.forceAuth = false;
        this.passive = false;
        this.comparisonType = null;
        this.destinationBindingType = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
        this.authnContextClassRef = null;
        this.nameIdPolicyFormat = null;
        this.samlMessageStorageFactory = new EmptyStorageFactory();
        this.authnRequestSigned = true;
        this.wantsAssertionsSigned = true;
        this.assertionConsumerServiceIndex = -1;
        this.attributeConsumingServiceIndex = -1;
    }

    public SAML2ClientConfiguration(String str, String str2, String str3, String str4) {
        this(null, null, mapPathToResource(str), str2, str3, mapPathToResource(str4), null, null);
    }

    public SAML2ClientConfiguration(Resource resource, String str, String str2, Resource resource2) {
        this(null, null, resource, str, str2, resource2, null, null);
    }

    public SAML2ClientConfiguration(Resource resource, String str, String str2, String str3, String str4, Resource resource2) {
        this(str, str2, resource, str3, str4, resource2, null, null);
    }

    private SAML2ClientConfiguration(String str, String str2, Resource resource, String str3, String str4, Resource resource2, String str5, String str6) {
        this.forceAuth = false;
        this.passive = false;
        this.comparisonType = null;
        this.destinationBindingType = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
        this.authnContextClassRef = null;
        this.nameIdPolicyFormat = null;
        this.samlMessageStorageFactory = new EmptyStorageFactory();
        this.authnRequestSigned = true;
        this.wantsAssertionsSigned = true;
        this.assertionConsumerServiceIndex = -1;
        this.attributeConsumingServiceIndex = -1;
        this.keyStoreAlias = str;
        this.keyStoreType = str2;
        this.keystoreResource = resource;
        this.keystorePassword = str3;
        this.privateKeyPassword = str4;
        this.identityProviderMetadataResource = resource2;
        this.identityProviderEntityId = str5;
        this.serviceProviderEntityId = str6;
    }

    @Override // org.pac4j.core.util.InitializableObject
    protected void internalInit() {
        CommonHelper.assertNotNull("keystoreResource", this.keystoreResource);
        CommonHelper.assertNotBlank("keystorePassword", this.keystorePassword);
        CommonHelper.assertNotBlank("privateKeyPassword", this.privateKeyPassword);
        CommonHelper.assertNotNull("identityProviderMetadataResource", this.identityProviderMetadataResource);
        if (!this.keystoreResource.exists()) {
            if (!(this.keystoreResource instanceof WritableResource)) {
                throw new TechnicalException("Provided keystoreResource does not exist and cannot be created");
            }
            LOGGER.warn("Provided keystoreResource does not exist. Creating one for: {}", this.keystoreResource);
            createKeystore();
        }
        BasicSignatureSigningConfiguration buildDefaultSignatureSigningConfiguration = DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration();
        this.blackListedSignatureSigningAlgorithms = new ArrayList(buildDefaultSignatureSigningConfiguration.getBlacklistedAlgorithms());
        this.signatureAlgorithms = new ArrayList(buildDefaultSignatureSigningConfiguration.getSignatureAlgorithms());
        this.signatureReferenceDigestMethods = new ArrayList(buildDefaultSignatureSigningConfiguration.getSignatureReferenceDigestMethods());
        this.signatureReferenceDigestMethods.remove("http://www.w3.org/2001/04/xmlenc#sha512");
        this.signatureCanonicalizationAlgorithm = buildDefaultSignatureSigningConfiguration.getSignatureCanonicalizationAlgorithm();
    }

    public void setIdentityProviderMetadataResource(Resource resource) {
        this.identityProviderMetadataResource = resource;
    }

    public void setIdentityProviderMetadataResourceFilepath(String str) {
        this.identityProviderMetadataResource = new FileSystemResource(str);
    }

    public void setIdentityProviderMetadataResourceClasspath(String str) {
        this.identityProviderMetadataResource = new ClassPathResource(str);
    }

    public void setIdentityProviderMetadataResourceUrl(String str) {
        this.identityProviderMetadataResource = newUrlResource(str);
    }

    public void setIdentityProviderMetadataPath(String str) {
        this.identityProviderMetadataResource = mapPathToResource(str);
    }

    public int getAssertionConsumerServiceIndex() {
        return this.assertionConsumerServiceIndex;
    }

    public void setAssertionConsumerServiceIndex(int i) {
        this.assertionConsumerServiceIndex = i;
    }

    protected static UrlResource newUrlResource(String str) {
        try {
            return new UrlResource(str);
        } catch (MalformedURLException e) {
            throw new TechnicalException(e);
        }
    }

    protected static Resource mapPathToResource(String str) {
        CommonHelper.assertNotBlank("path", str);
        return str.startsWith(RESOURCE_PREFIX) ? new ClassPathResource(str.substring(RESOURCE_PREFIX.length())) : str.startsWith("classpath:") ? new ClassPathResource(str.substring("classpath:".length())) : (str.startsWith("http") || str.startsWith(HttpConstants.SCHEME_HTTPS)) ? newUrlResource(str) : str.startsWith("file:") ? new FileSystemResource(str.substring("file:".length())) : new FileSystemResource(str);
    }

    public Resource getIdentityProviderMetadataResource() {
        return this.identityProviderMetadataResource;
    }

    public void setIdentityProviderEntityId(String str) {
        this.identityProviderEntityId = str;
    }

    public String getIdentityProviderEntityId() {
        return this.identityProviderEntityId;
    }

    public void setKeystoreAlias(String str) {
        this.keyStoreAlias = str;
    }

    public void setKeystoreType(String str) {
        this.keyStoreType = str;
    }

    public void setKeystoreResource(Resource resource) {
        this.keystoreResource = resource;
    }

    public void setKeystoreResourceFilepath(String str) {
        this.keystoreResource = new FileSystemResource(str);
    }

    public void setKeystoreResourceClasspath(String str) {
        this.keystoreResource = new ClassPathResource(str);
    }

    public void setKeystoreResourceUrl(String str) {
        this.keystoreResource = newUrlResource(str);
    }

    public void setKeystorePath(String str) {
        this.keystoreResource = mapPathToResource(str);
    }

    public void setKeystorePassword(String str) {
        this.keystorePassword = str;
    }

    public void setPrivateKeyPassword(String str) {
        this.privateKeyPassword = str;
    }

    public String getKeyStoreAlias() {
        return this.keyStoreAlias;
    }

    public String getKeyStoreType() {
        return this.keyStoreType;
    }

    public Resource getKeystoreResource() {
        return this.keystoreResource;
    }

    public String getKeystorePassword() {
        return this.keystorePassword;
    }

    public String getPrivateKeyPassword() {
        return this.privateKeyPassword;
    }

    public void setServiceProviderMetadataResource(WritableResource writableResource) {
        this.serviceProviderMetadataResource = writableResource;
    }

    public void setServiceProviderMetadataResourceFilepath(String str) {
        this.serviceProviderMetadataResource = new FileSystemResource(str);
    }

    public void setServiceProviderMetadataPath(String str) {
        Resource mapPathToResource = mapPathToResource(str);
        if (!(mapPathToResource instanceof WritableResource)) {
            throw new TechnicalException(str + " must be a writable resource");
        }
        this.serviceProviderMetadataResource = (WritableResource) mapPathToResource;
    }

    public void setForceServiceProviderMetadataGeneration(boolean z) {
        this.forceServiceProviderMetadataGeneration = z;
    }

    public WritableResource getServiceProviderMetadataResource() {
        return this.serviceProviderMetadataResource;
    }

    public void setServiceProviderEntityId(String str) {
        this.serviceProviderEntityId = str;
    }

    public String getServiceProviderEntityId() {
        return this.serviceProviderEntityId;
    }

    public boolean isPassive() {
        return this.passive;
    }

    public void setPassive(boolean z) {
        this.passive = z;
    }

    public boolean isForceAuth() {
        return this.forceAuth;
    }

    public void setForceAuth(boolean z) {
        this.forceAuth = z;
    }

    public String getComparisonType() {
        return this.comparisonType;
    }

    public void setComparisonType(String str) {
        this.comparisonType = str;
    }

    public String getDestinationBindingType() {
        return this.destinationBindingType;
    }

    public void setDestinationBindingType(String str) {
        this.destinationBindingType = str;
    }

    public String getAuthnContextClassRef() {
        return this.authnContextClassRef;
    }

    public void setAuthnContextClassRef(String str) {
        this.authnContextClassRef = str;
    }

    public String getNameIdPolicyFormat() {
        return this.nameIdPolicyFormat;
    }

    public void setNameIdPolicyFormat(String str) {
        this.nameIdPolicyFormat = str;
    }

    public int getMaximumAuthenticationLifetime() {
        return this.maximumAuthenticationLifetime;
    }

    public void setMaximumAuthenticationLifetime(int i) {
        this.maximumAuthenticationLifetime = i;
    }

    public boolean isForceServiceProviderMetadataGeneration() {
        return this.forceServiceProviderMetadataGeneration;
    }

    public SAMLMessageStorageFactory getSamlMessageStorageFactory() {
        return this.samlMessageStorageFactory;
    }

    public void setSamlMessageStorageFactory(SAMLMessageStorageFactory sAMLMessageStorageFactory) {
        this.samlMessageStorageFactory = sAMLMessageStorageFactory;
    }

    public Collection<String> getBlackListedSignatureSigningAlgorithms() {
        return this.blackListedSignatureSigningAlgorithms;
    }

    public void setBlackListedSignatureSigningAlgorithms(Collection<String> collection) {
        this.blackListedSignatureSigningAlgorithms = collection;
    }

    public List<String> getSignatureAlgorithms() {
        return this.signatureAlgorithms;
    }

    public void setSignatureAlgorithms(List<String> list) {
        this.signatureAlgorithms = list;
    }

    public List<String> getSignatureReferenceDigestMethods() {
        return this.signatureReferenceDigestMethods;
    }

    public void setSignatureReferenceDigestMethods(List<String> list) {
        this.signatureReferenceDigestMethods = list;
    }

    public String getSignatureCanonicalizationAlgorithm() {
        return this.signatureCanonicalizationAlgorithm;
    }

    public void setSignatureCanonicalizationAlgorithm(String str) {
        this.signatureCanonicalizationAlgorithm = str;
    }

    public boolean getWantsAssertionsSigned() {
        return this.wantsAssertionsSigned;
    }

    public void setWantsAssertionsSigned(boolean z) {
        this.wantsAssertionsSigned = z;
    }

    public boolean isForceSignRedirectBindingAuthnRequest() {
        return this.forceSignRedirectBindingAuthnRequest;
    }

    public void setForceSignRedirectBindingAuthnRequest(boolean z) {
        this.forceSignRedirectBindingAuthnRequest = z;
    }

    public boolean isAuthnRequestSigned() {
        return this.authnRequestSigned;
    }

    public int getAttributeConsumingServiceIndex() {
        return this.attributeConsumingServiceIndex;
    }

    public void setAttributeConsumingServiceIndex(int i) {
        this.attributeConsumingServiceIndex = i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void init(String str, WebContext webContext) {
        init();
    }

    private void createKeystore() {
        try {
            Security.addProvider(new BouncyCastleProvider());
            if (CommonHelper.isBlank(this.keyStoreAlias)) {
                this.keyStoreAlias = getClass().getSimpleName();
                LOGGER.warn("Using keystore alias {}", this.keyStoreAlias);
            }
            if (CommonHelper.isBlank(this.keyStoreType)) {
                this.keyStoreType = KeyStore.getDefaultType();
                LOGGER.warn("Using keystore type {}", this.keyStoreType);
            }
            KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
            char[] charArray = this.keystorePassword.toCharArray();
            keyStore.load(null, charArray);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
            x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(1L));
            String hostName = InetAddress.getLocalHost().getHostName();
            x509V3CertificateGenerator.setSubjectDN(new X509Principal("CN=" + hostName));
            x509V3CertificateGenerator.setIssuerDN(new X509Principal("CN=" + hostName));
            x509V3CertificateGenerator.setPublicKey(genKeyPair.getPublic());
            x509V3CertificateGenerator.setNotBefore(new Date());
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(new Date());
            calendar.add(1, 1);
            x509V3CertificateGenerator.setNotAfter(calendar.getTime());
            x509V3CertificateGenerator.setSignatureAlgorithm("SHA1WithRSA");
            PrivateKey privateKey = genKeyPair.getPrivate();
            keyStore.setKeyEntry(this.keyStoreAlias, privateKey, this.privateKeyPassword.toCharArray(), new Certificate[]{x509V3CertificateGenerator.generate(privateKey, BouncyCastleProvider.PROVIDER_NAME)});
            FileOutputStream fileOutputStream = new FileOutputStream(this.keystoreResource.getFile().getCanonicalPath());
            Throwable th = null;
            try {
                keyStore.store(fileOutputStream, charArray);
                fileOutputStream.flush();
                if (fileOutputStream != null) {
                    if (0 != 0) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                LOGGER.info("Created keystore {} with key alias {} ", this.keystoreResource.getFile().getCanonicalPath(), keyStore.aliases().nextElement());
            } finally {
            }
        } catch (Exception e) {
            throw new SAMLException("Could not create keystore", e);
        }
    }
}
