package com.ibm.ws.security.saml.sso20.metadata;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.saml.Constants;
import com.ibm.ws.security.saml.SsoConfig;
import com.ibm.ws.security.saml.SsoSamlService;
import com.ibm.ws.security.saml.error.SamlException;
import com.ibm.ws.security.saml.sso20.internal.utils.RequestUtil;
import java.security.KeyStoreException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.servlet.http.HttpServletRequest;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.impl.AssertionConsumerServiceBuilder;
import org.opensaml.saml2.metadata.impl.EntityDescriptorBuilder;
import org.opensaml.saml2.metadata.impl.EntityDescriptorMarshaller;
import org.opensaml.saml2.metadata.impl.KeyDescriptorBuilder;
import org.opensaml.saml2.metadata.impl.SPSSODescriptorBuilder;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.impl.KeyInfoBuilder;
import org.opensaml.xml.util.XMLHelper;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.saml.sso.2.0_1.0.15.jar:com/ibm/ws/security/saml/sso20/metadata/SpMetadataBuilder.class */
public class SpMetadataBuilder {
    public static final TraceComponent tc = Tr.register((Class<?>) SpMetadataBuilder.class, "SAML20", "com.ibm.ws.security.saml.sso20.internal.resources.SamlSso20Messages");
    SsoSamlService ssoService;
    static final String acsStr = "/acs";
    static final long serialVersionUID = 5697996086532324818L;

    public SpMetadataBuilder(SsoSamlService ssoSamlService) {
        this.ssoService = null;
        this.ssoService = ssoSamlService;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SPMetadataBuilder(" + ssoSamlService.getProviderId() + ")", new Object[0]);
        }
    }

    public String buildSpMetadata(HttpServletRequest httpServletRequest) throws SamlException {
        String entityDescriptor = getEntityDescriptor(buildEntityDescriptor(httpServletRequest));
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " SpMetadataData:" + entityDescriptor, new Object[0]);
        }
        return entityDescriptor;
    }

    EntityDescriptor buildEntityDescriptor(HttpServletRequest httpServletRequest) throws SamlException {
        EntityDescriptor mo15285buildObject = new EntityDescriptorBuilder().mo15285buildObject();
        String entityUrl = RequestUtil.getEntityUrl(httpServletRequest, Constants.SAML20_CONTEXT_PATH, this.ssoService.getProviderId(), this.ssoService.getConfig());
        mo15285buildObject.setEntityID(entityUrl);
        SPSSODescriptor mo15285buildObject2 = new SPSSODescriptorBuilder().mo15285buildObject();
        mo15285buildObject2.addSupportedProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
        SsoConfig config = this.ssoService.getConfig();
        boolean isWantAssertionsSigned = config.isWantAssertionsSigned();
        boolean isAuthnRequestsSigned = config.isAuthnRequestsSigned();
        mo15285buildObject2.setWantAssertionsSigned(Boolean.valueOf(isWantAssertionsSigned));
        mo15285buildObject2.setAuthnRequestsSigned(Boolean.valueOf(isAuthnRequestsSigned));
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = (X509Certificate) this.ssoService.getSignatureCertificate();
        } catch (KeyStoreException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.saml.sso20.metadata.SpMetadataBuilder", "197", this, new Object[]{httpServletRequest});
        } catch (CertificateException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.saml.sso20.metadata.SpMetadataBuilder", "201", this, new Object[]{httpServletRequest});
        }
        if (isAuthnRequestsSigned && x509Certificate == null) {
            throw new SamlException("SAML20_NO_CERT", null, true, new Object[]{this.ssoService.getProviderId(), this.ssoService.getConfig().getKeyStoreRef()});
        }
        boolean isIncludeX509InSPMetadata = config.isIncludeX509InSPMetadata();
        if (x509Certificate != null && isIncludeX509InSPMetadata) {
            KeyDescriptorBuilder keyDescriptorBuilder = new KeyDescriptorBuilder();
            KeyInfoBuilder keyInfoBuilder = new KeyInfoBuilder();
            KeyDescriptor mo15285buildObject3 = keyDescriptorBuilder.mo15285buildObject();
            mo15285buildObject3.setUse(UsageType.SIGNING);
            KeyInfo buildObject = keyInfoBuilder.buildObject();
            try {
                KeyInfoHelper.addCertificate(buildObject, x509Certificate);
            } catch (CertificateEncodingException e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.saml.sso20.metadata.SpMetadataBuilder", "227", this, new Object[]{httpServletRequest});
            }
            mo15285buildObject3.setKeyInfo(buildObject);
            mo15285buildObject3.setParent(mo15285buildObject2);
            mo15285buildObject2.getKeyDescriptors().add(0, mo15285buildObject3);
            KeyDescriptor mo15285buildObject4 = keyDescriptorBuilder.mo15285buildObject();
            mo15285buildObject4.setUse(UsageType.ENCRYPTION);
            KeyInfo buildObject2 = keyInfoBuilder.buildObject();
            try {
                KeyInfoHelper.addCertificate(buildObject2, x509Certificate);
            } catch (CertificateEncodingException e4) {
                FFDCFilter.processException(e4, "com.ibm.ws.security.saml.sso20.metadata.SpMetadataBuilder", "242", this, new Object[]{httpServletRequest});
            }
            mo15285buildObject4.setKeyInfo(buildObject2);
            mo15285buildObject4.setParent(mo15285buildObject2);
            mo15285buildObject2.getKeyDescriptors().add(1, mo15285buildObject4);
        }
        AssertionConsumerService mo15285buildObject5 = new AssertionConsumerServiceBuilder().mo15285buildObject();
        mo15285buildObject5.setIsDefault(Boolean.TRUE);
        mo15285buildObject5.setIndex(0);
        mo15285buildObject5.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        mo15285buildObject5.setLocation(entityUrl.concat(acsStr));
        mo15285buildObject2.getAssertionConsumerServices().add(mo15285buildObject5);
        mo15285buildObject.getRoleDescriptors().add(mo15285buildObject2);
        return mo15285buildObject;
    }

    String getEntityDescriptor(EntityDescriptor entityDescriptor) throws SamlException {
        String str = null;
        if (entityDescriptor != null) {
            try {
                str = XMLHelper.nodeToString(new EntityDescriptorMarshaller().marshall(entityDescriptor));
            } catch (MarshallingException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.saml.sso20.metadata.SpMetadataBuilder", "274", this, new Object[]{entityDescriptor});
                throw new SamlException((Exception) e, true);
            }
        }
        return str;
    }
}
