package be.ehealth.technicalconnector.service.sts.impl;

import be.ehealth.technicalconnector.config.domain.Duration;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.idgenerator.IdGeneratorFactory;
import be.ehealth.technicalconnector.service.sts.STSService;
import be.ehealth.technicalconnector.service.sts.domain.SAMLAttribute;
import be.ehealth.technicalconnector.service.sts.domain.SAMLAttributeDesignator;
import be.ehealth.technicalconnector.service.sts.domain.SAMLNameIdentifier;
import be.ehealth.technicalconnector.service.sts.security.Credential;
import be.ehealth.technicalconnector.utils.DateUtils;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.Validate;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.w3c.dom.Element;

/* loaded from: input_file:be/ehealth/technicalconnector/service/sts/impl/AbstractSTSService.class */
public abstract class AbstractSTSService implements STSService {
    public static final String HOK_METHOD = "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key";
    public static final String SV_METHOD = "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches";
    protected static final String NAMEID_UNSPECIFIED = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
    protected static final String NAMEID_X509SUBJECTNAME = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName";
    protected static final String XMLNS_WSSE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
    protected static final String XMLNS_DS = "http://www.w3.org/2000/09/xmldsig#";
    protected static final String XMLNS_WSU = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
    protected static final String XMLNS_AUTH = "http://docs.oasis-open.org/wsfed/authorization/200706";
    protected static final String XMLNS_WST = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
    protected static final String XMLNS_SAML = "urn:oasis:names:tc:SAML:1.0:assertion";
    protected static final String XMLNS_SAMLP = "urn:oasis:names:tc:SAML:1.0:protocol";

    private SAMLNameIdentifier generateNameIdentifier(X509Certificate x509Certificate) {
        Validate.notNull(x509Certificate, "Parameter authnCertificate is not nullable.");
        String name = x509Certificate.getSubjectX500Principal().getName("RFC1779");
        return new SAMLNameIdentifier(StringEscapeUtils.escapeXml(name), NAMEID_X509SUBJECTNAME, StringEscapeUtils.escapeXml(x509Certificate.getIssuerX500Principal().getName("RFC1779")), StringEscapeUtils.escapeXml(name));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String processDefaultFields(String str, Duration duration, SAMLNameIdentifier sAMLNameIdentifier) throws TechnicalConnectorException {
        DateTime dateTime = new DateTime();
        String generateId = IdGeneratorFactory.getIdGenerator(IdGeneratorFactory.UUID).generateId();
        String printDateTime = DateUtils.printDateTime(dateTime.toDateTime(DateTimeZone.UTC));
        return StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(str, "${uuid}", generateId), "${NotBefore}", printDateTime), "${NotOnOrAfter}", DateUtils.printDateTime(dateTime.plusSeconds((int) duration.convert(TimeUnit.SECONDS)).toDateTime(DateTimeZone.UTC))), "${issuer}", sAMLNameIdentifier.getAssertionIssuer()), "${nameid.format}", sAMLNameIdentifier.getFormat()), "${nameid.qualifier}", sAMLNameIdentifier.getNameQualifier()), "${nameid.value}", sAMLNameIdentifier.getValue());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SAMLNameIdentifier generateNameIdentifier(Credential credential, String str, String str2) throws TechnicalConnectorException {
        return (StringUtils.isEmpty(str) && StringUtils.isEmpty(str2)) ? generateNameIdentifier(credential.getCertificate()) : new SAMLNameIdentifier(str, NAMEID_UNSPECIFIED, str, str2);
    }

    @Override // be.ehealth.technicalconnector.service.sts.STSService
    public Element getToken(Credential credential, Credential credential2, List<SAMLAttribute> list, List<SAMLAttributeDesignator> list2, String str, int i) throws TechnicalConnectorException {
        return getToken(credential, credential2, list, list2, str, new Duration(i, TimeUnit.HOURS));
    }

    @Override // be.ehealth.technicalconnector.service.sts.STSService
    public Element getToken(Credential credential, Credential credential2, List<SAMLAttribute> list, List<SAMLAttributeDesignator> list2, String str, String str2, String str3, String str4, int i) throws TechnicalConnectorException {
        return getToken(credential, credential2, list, list2, str, str2, str3, str4, new Duration(i, TimeUnit.HOURS));
    }

    @Override // be.ehealth.technicalconnector.service.sts.STSService
    public Element renewToken(Credential credential, Credential credential2, Element element, int i) throws TechnicalConnectorException {
        return renewToken(credential, credential2, element, new Duration(i, TimeUnit.HOURS));
    }
}
