package be.ehealth.technicalconnector.service.sts.impl;

import be.ehealth.technicalconnector.config.domain.Duration;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.exception.TechnicalConnectorExceptionValues;
import be.ehealth.technicalconnector.idgenerator.IdGeneratorFactory;
import be.ehealth.technicalconnector.service.sts.STSService;
import be.ehealth.technicalconnector.service.sts.domain.SAMLAttribute;
import be.ehealth.technicalconnector.service.sts.domain.SAMLAttributeDesignator;
import be.ehealth.technicalconnector.service.sts.domain.SAMLNameIdentifier;
import be.ehealth.technicalconnector.service.sts.security.Credential;
import be.ehealth.technicalconnector.service.sts.utils.SAMLHelper;
import be.ehealth.technicalconnector.service.ws.ServiceFactory;
import be.ehealth.technicalconnector.utils.ConnectorIOUtils;
import be.ehealth.technicalconnector.utils.ConnectorXmlUtils;
import be.ehealth.technicalconnector.utils.DateUtils;
import be.ehealth.technicalconnector.ws.domain.GenericRequest;
import java.security.cert.CertificateEncodingException;
import java.util.HashSet;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.xml.soap.SOAPException;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.util.encoders.Base64;
import org.joda.time.DateTime;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:be/ehealth/technicalconnector/service/sts/impl/STSServiceWsTrustImpl.class */
public class STSServiceWsTrustImpl extends AbstractSTSService implements STSService {
    @Override // be.ehealth.technicalconnector.service.sts.STSService
    public Element getToken(Credential credential, Credential credential2, List<SAMLAttribute> list, List<SAMLAttributeDesignator> list2, String str, String str2, String str3, String str4, Duration duration) throws TechnicalConnectorException {
        Element issueSVToken;
        try {
            if (AbstractSTSService.HOK_METHOD.equals(str4)) {
                issueSVToken = issueHokToken(credential2, list, list2, duration);
            } else {
                if (!AbstractSTSService.SV_METHOD.equals(str4)) {
                    throw new UnsupportedOperationException("SubjectConfirmationMethod [" + str4 + "] not supported.");
                }
                issueSVToken = issueSVToken(generateNameIdentifier(credential2, str2, str3), str, list, list2, duration);
            }
            return processRequest(credential, credential2, issueSVToken);
        } catch (DOMException e) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_WS, e, e.getMessage());
        } catch (SOAPException e2) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_WS, (Throwable) e2, e2.getMessage());
        }
    }

    @Override // be.ehealth.technicalconnector.service.sts.STSService
    public Element getToken(Credential credential, Credential credential2, List<SAMLAttribute> list, List<SAMLAttributeDesignator> list2, String str, Duration duration) throws TechnicalConnectorException {
        return getToken(credential, credential2, list, list2, (String) null, (String) null, (String) null, str, duration);
    }

    private Element issueHokToken(Credential credential, List<SAMLAttribute> list, List<SAMLAttributeDesignator> list2, Duration duration) throws TechnicalConnectorException {
        try {
            Element element = ConnectorXmlUtils.toElement(ConnectorXmlUtils.flatten(ConnectorIOUtils.convertStreamToString(ConnectorIOUtils.getResourceAsStream("/wstrust/issue.samlv11.hok.template.xml"))).getBytes());
            element.setAttributeNS("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "Context", IdGeneratorFactory.getIdGenerator(IdGeneratorFactory.UUID).generateId());
            Document ownerDocument = element.getOwnerDocument();
            Element element2 = (Element) element.getElementsByTagNameNS("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "Claims").item(0);
            HashSet hashSet = new HashSet();
            for (SAMLAttribute sAMLAttribute : list) {
                Element createElementNS = ownerDocument.createElementNS("http://docs.oasis-open.org/wsfed/authorization/200706", "auth:ClaimType");
                createElementNS.setAttribute("Uri", sAMLAttribute.getName());
                Element createElementNS2 = ownerDocument.createElementNS("http://docs.oasis-open.org/wsfed/authorization/200706", "auth:Value");
                createElementNS2.setTextContent(StringUtils.join(sAMLAttribute.getValues(), ";"));
                createElementNS.appendChild(createElementNS2);
                element2.appendChild(createElementNS);
                hashSet.add(sAMLAttribute.getName());
            }
            for (SAMLAttributeDesignator sAMLAttributeDesignator : list2) {
                if (!hashSet.contains(sAMLAttributeDesignator.getName())) {
                    Element createElementNS3 = ownerDocument.createElementNS("http://docs.oasis-open.org/wsfed/authorization/200706", "auth:ClaimType");
                    createElementNS3.setAttribute("Uri", sAMLAttributeDesignator.getName());
                    element2.appendChild(createElementNS3);
                }
            }
            DateTime dateTime = new DateTime();
            ((Element) element.getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Created").item(0)).setTextContent(DateUtils.printDateTime(dateTime));
            ((Element) element.getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Expires").item(0)).setTextContent(DateUtils.printDateTime(dateTime.plusSeconds((int) duration.convert(TimeUnit.SECONDS))));
            ((Element) element.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "X509Certificate").item(0)).setTextContent(new String(Base64.encode(credential.getCertificate().getEncoded())));
            return element;
        } catch (CertificateEncodingException e) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_WS, e, e.getMessage());
        }
    }

    private Element issueSVToken(SAMLNameIdentifier sAMLNameIdentifier, String str, List<SAMLAttribute> list, List<SAMLAttributeDesignator> list2, Duration duration) throws TechnicalConnectorException {
        Element element = ConnectorXmlUtils.toElement(StringUtils.replace(processDefaultFields(ConnectorXmlUtils.flatten(StringUtils.isEmpty(str) ? ConnectorIOUtils.convertStreamToString(ConnectorIOUtils.getResourceAsStream("/wstrust/issue.samlv11.sv.template.xml")) : ConnectorIOUtils.convertStreamToString(ConnectorIOUtils.getResourceAsStream("/wstrust/issue.samlv11.sv.authmethod.template.xml"))), duration, sAMLNameIdentifier), "${authenticationMethod}", str).getBytes());
        Document ownerDocument = element.getOwnerDocument();
        Element element2 = (Element) element.getElementsByTagNameNS("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "Claims").item(0);
        for (SAMLAttributeDesignator sAMLAttributeDesignator : list2) {
            Element createElementNS = ownerDocument.createElementNS("http://docs.oasis-open.org/wsfed/authorization/200706", "auth:ClaimType");
            createElementNS.setAttribute("Uri", sAMLAttributeDesignator.getName());
            element2.appendChild(createElementNS);
        }
        Element element3 = (Element) element.getElementsByTagNameNS("urn:oasis:names:tc:SAML:1.0:assertion", SAMLHelper.SAML_ATTRIBUTESTATEMENT).item(0);
        for (SAMLAttribute sAMLAttribute : list) {
            Element createElementNS2 = ownerDocument.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "saml:Attribute");
            createElementNS2.setAttribute("AttributeName", sAMLAttribute.getName());
            createElementNS2.setAttribute("AttributeNamespace", sAMLAttribute.getNamespace());
            Element createElementNS3 = ownerDocument.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "saml:AttributeValue");
            if (!ArrayUtils.isEmpty(sAMLAttribute.getValues())) {
                createElementNS3.setTextContent(sAMLAttribute.getValues()[0]);
            }
            createElementNS2.appendChild(createElementNS3);
            element3.appendChild(createElementNS2);
        }
        return element;
    }

    @Override // be.ehealth.technicalconnector.service.sts.STSService
    public Element renewToken(Credential credential, Credential credential2, Element element, Duration duration) throws TechnicalConnectorException {
        try {
            Element element2 = ConnectorXmlUtils.toElement(ConnectorIOUtils.convertStreamToString(ConnectorIOUtils.getResourceAsStream("/wstrust/renew.samlv11.template.xml")).getBytes());
            element2.setAttributeNS("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "Context", IdGeneratorFactory.getIdGenerator(IdGeneratorFactory.UUID).generateId());
            Element element3 = (Element) element2.getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Embedded").item(0);
            element3.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Id", "token-" + IdGeneratorFactory.getIdGenerator(IdGeneratorFactory.UUID).generateId());
            element3.appendChild(element2.getOwnerDocument().importNode(element, true));
            return processRequest(credential, credential2, element2);
        } catch (SOAPException e) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_WS, (Throwable) e, e.getMessage());
        }
    }

    private Element processRequest(Credential credential, Credential credential2, Element element) throws TechnicalConnectorException, SOAPException {
        GenericRequest sTSService = ServiceFactory.getSTSService(credential.getCertificate(), credential.getPrivateKey());
        sTSService.setSoapAction("urn:be:fgov:ehealth:sts:protocol:v1:RequestSecurityToken");
        sTSService.setPayload(element.getOwnerDocument());
        Element element2 = (Element) be.ehealth.technicalconnector.ws.ServiceFactory.getGenericWsSender().send(sTSService).asNode();
        NodeList elementsByTagNameNS = element2.getElementsByTagNameNS("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "Challenge");
        if (elementsByTagNameNS != null && elementsByTagNameNS.getLength() >= 1) {
            GenericRequest sTSService2 = ServiceFactory.getSTSService(credential2.getCertificate(), credential2.getPrivateKey());
            sTSService2.setSoapAction("urn:be:fgov:ehealth:sts:protocol:v1:Challenge");
            sTSService2.setPayload(ConnectorXmlUtils.toElement(StringUtils.replaceEach(ConnectorXmlUtils.flatten(ConnectorIOUtils.convertStreamToString(ConnectorIOUtils.getResourceAsStream("/wstrust/signchallenge.template.xml"))), new String[]{"${context}", "${challenge}"}, new String[]{element2.getAttribute("Context"), elementsByTagNameNS.item(0).getTextContent()}).getBytes()).getOwnerDocument());
            element2 = (Element) be.ehealth.technicalconnector.ws.ServiceFactory.getGenericWsSender().send(sTSService2).asNode();
        }
        NodeList elementsByTagNameNS2 = element2.getElementsByTagNameNS("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "RequestedSecurityToken");
        if (elementsByTagNameNS2 == null || elementsByTagNameNS2.getLength() < 1) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_WS, "Unable to obtain token: reason unkown.");
        }
        return ConnectorXmlUtils.getFirstChildElement(elementsByTagNameNS2.item(0));
    }
}
