package pl.edu.icm.unity.saml.metadata;

import eu.emi.security.authn.x509.X509Credential;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import org.apache.xmlbeans.XmlException;
import org.apache.xmlbeans.XmlOptions;
import pl.edu.icm.unity.saml.sp.SAMLSPProperties;
import xmlbeans.org.oasis.saml2.metadata.AnyURIListType;
import xmlbeans.org.oasis.saml2.metadata.EntityDescriptorDocument;
import xmlbeans.org.oasis.saml2.metadata.EntityDescriptorType;
import xmlbeans.org.oasis.saml2.metadata.IndexedEndpointType;
import xmlbeans.org.oasis.saml2.metadata.KeyDescriptorType;
import xmlbeans.org.oasis.saml2.metadata.KeyTypes;
import xmlbeans.org.oasis.saml2.metadata.SPSSODescriptorType;
import xmlbeans.org.w3.x2000.x09.xmldsig.KeyInfoType;

/* loaded from: input_file:pl/edu/icm/unity/saml/metadata/SPMetadataGenerator.class */
public class SPMetadataGenerator implements MetadataProvider {
    private Date generationDate;
    private SAMLSPProperties samlConfig;
    private EntityDescriptorDocument document;
    private IndexedEndpointType[] assertionConsumerEndpoints;

    public SPMetadataGenerator(SAMLSPProperties sAMLSPProperties, IndexedEndpointType[] indexedEndpointTypeArr) {
        this.samlConfig = sAMLSPProperties;
        this.assertionConsumerEndpoints = indexedEndpointTypeArr;
        generateMetadata();
    }

    @Override // pl.edu.icm.unity.saml.metadata.MetadataProvider
    public EntityDescriptorDocument getMetadata() {
        try {
            return EntityDescriptorDocument.Factory.parse(this.document.xmlText());
        } catch (XmlException e) {
            throw new RuntimeException("Can't re-parse metadata?", e);
        }
    }

    private void generateMetadata() {
        this.generationDate = new Date();
        this.document = EntityDescriptorDocument.Factory.newInstance(new XmlOptions().setSavePrettyPrint());
        EntityDescriptorType addNewEntityDescriptor = this.document.addNewEntityDescriptor();
        addNewEntityDescriptor.setEntityID(this.samlConfig.getValue(SAMLSPProperties.REQUESTER_ID));
        addSPSSODescriptor(addNewEntityDescriptor);
        try {
            this.document = EntityDescriptorDocument.Factory.parse(this.document.xmlText(new XmlOptions().setSavePrettyPrint()));
        } catch (XmlException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private void addSPSSODescriptor(EntityDescriptorType entityDescriptorType) {
        SPSSODescriptorType addNewSPSSODescriptor = entityDescriptorType.addNewSPSSODescriptor();
        fillSPDescriptor(addNewSPSSODescriptor);
        addNewSPSSODescriptor.setAssertionConsumerServiceArray(this.assertionConsumerEndpoints);
    }

    private void fillSPDescriptor(SPSSODescriptorType sPSSODescriptorType) {
        AnyURIListType newInstance = AnyURIListType.Factory.newInstance();
        newInstance.setStringValue("urn:oasis:names:tc:SAML:2.0:protocol");
        sPSSODescriptorType.setProtocolSupportEnumeration(newInstance.getListValue());
        sPSSODescriptorType.setAuthnRequestsSigned(this.samlConfig.isSignRequest((String) this.samlConfig.getStructuredListKeys(SAMLSPProperties.IDP_PREFIX).iterator().next()));
        sPSSODescriptorType.setWantAssertionsSigned(true);
        Iterator it = this.samlConfig.getListOfValues(SAMLSPProperties.ACCEPTED_NAME_FORMATS).iterator();
        while (it.hasNext()) {
            sPSSODescriptorType.addNameIDFormat((String) it.next());
        }
        X509Credential requesterCredential = this.samlConfig.getRequesterCredential();
        if (requesterCredential != null) {
            KeyDescriptorType addNewKeyDescriptor = sPSSODescriptorType.addNewKeyDescriptor();
            KeyInfoType addNewKeyInfo = addNewKeyDescriptor.addNewKeyInfo();
            X509Certificate certificate = requesterCredential.getCertificate();
            try {
                addNewKeyInfo.addNewX509Data().addNewX509Certificate().setByteArrayValue(certificate.getEncoded());
                addNewKeyDescriptor.setUse(KeyTypes.SIGNING);
            } catch (CertificateEncodingException e) {
                throw new RuntimeException("Can not encode SP certificate to binary representation for insertion in SAML metadata", e);
            }
        }
    }

    @Override // pl.edu.icm.unity.saml.metadata.MetadataProvider
    public Date getLastmodification() {
        return this.generationDate;
    }
}
