package com.onelogin.saml2;

import com.onelogin.saml2.model.Contact;
import com.onelogin.saml2.model.Organization;
import com.onelogin.saml2.settings.Saml2Settings;
import com.onelogin.saml2.util.Util;
import java.net.URL;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.HashMap;
import java.util.List;
import javax.xml.xpath.XPathExpressionException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.text.StrSubstitutor;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/onelogin/saml2/Metadata.class */
public class Metadata {
    private static final Logger LOGGER = LoggerFactory.getLogger(Metadata.class);
    private static final int N_DAYS_VALID_UNTIL = 2;
    private static final int SECONDS_CACHED = 604800;
    private final String metadataString;
    private final Calendar validUntilTime;
    private final Integer cacheDuration;

    public Metadata(Saml2Settings saml2Settings, Calendar calendar, Integer num) throws CertificateEncodingException {
        if (calendar == null) {
            this.validUntilTime = Calendar.getInstance();
            this.validUntilTime.add(6, N_DAYS_VALID_UNTIL);
        } else {
            this.validUntilTime = calendar;
        }
        if (num == null) {
            this.cacheDuration = Integer.valueOf(SECONDS_CACHED);
        } else {
            this.cacheDuration = num;
        }
        String replace = generateSubstitutor(saml2Settings).replace(getMetadataTemplate());
        LOGGER.debug("metadata --> " + replace);
        this.metadataString = replace;
    }

    public Metadata(Saml2Settings saml2Settings) throws CertificateEncodingException {
        this(saml2Settings, null, null);
    }

    private StrSubstitutor generateSubstitutor(Saml2Settings saml2Settings) throws CertificateEncodingException {
        HashMap hashMap = new HashMap();
        hashMap.put("id", Util.generateUniqueID());
        hashMap.put("validUntilTime", Util.formatDateTime(this.validUntilTime.getTimeInMillis()));
        hashMap.put("cacheDuration", String.valueOf(this.cacheDuration));
        hashMap.put("spEntityId", saml2Settings.getSpEntityId());
        hashMap.put("strAuthnsign", String.valueOf(saml2Settings.getAuthnRequestsSigned()));
        hashMap.put("strWsign", String.valueOf(saml2Settings.getWantAssertionsSigned()));
        hashMap.put("spNameIDFormat", saml2Settings.getSpNameIDFormat());
        hashMap.put("spAssertionConsumerServiceBinding", saml2Settings.getSpAssertionConsumerServiceBinding());
        hashMap.put("spAssertionConsumerServiceUrl", saml2Settings.getSpAssertionConsumerServiceUrl().toString());
        hashMap.put("sls", toSLSXml(saml2Settings.getSpSingleLogoutServiceUrl(), saml2Settings.getSpSingleLogoutServiceBinding()).toString());
        hashMap.put("strKeyDescriptor", toX509KeyDescriptorsXML(saml2Settings.getSPcert()).toString());
        hashMap.put("strContacts", toContactsXml(saml2Settings.getContacts()));
        hashMap.put("strOrganization", toOrganizationXml(saml2Settings.getOrganization(), "en"));
        return new StrSubstitutor(hashMap);
    }

    private static StringBuilder getMetadataTemplate() {
        StringBuilder sb = new StringBuilder();
        sb.append("<?xml version=\"1.0\"?>");
        sb.append("<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"");
        sb.append(" validUntil=\"${validUntilTime}\"");
        sb.append(" cacheDuration=\"PT${cacheDuration}S\"");
        sb.append(" entityID=\"${spEntityId}\"");
        sb.append(" ID=\"${id}\">");
        sb.append("<md:SPSSODescriptor AuthnRequestsSigned=\"${strAuthnsign}\" WantAssertionsSigned=\"${strWsign}\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">");
        sb.append("${strKeyDescriptor}");
        sb.append("${sls}<md:NameIDFormat>${spNameIDFormat}</md:NameIDFormat>");
        sb.append("<md:AssertionConsumerService Binding=\"${spAssertionConsumerServiceBinding}\"");
        sb.append(" Location=\"${spAssertionConsumerServiceUrl}\"");
        sb.append(" index=\"1\"/>");
        sb.append("</md:SPSSODescriptor>${strOrganization}${strContacts}");
        sb.append("</md:EntityDescriptor>");
        return sb;
    }

    private String toContactsXml(List<Contact> list) {
        StringBuilder sb = new StringBuilder();
        for (Contact contact : list) {
            sb.append("<md:ContactPerson contactType=\"" + contact.getContactType() + "\">");
            sb.append("<md:GivenName>" + contact.getGivenName() + "</md:GivenName>");
            sb.append("<md:EmailAddress>" + contact.getEmailAddress() + "</md:EmailAddress>");
            sb.append("</md:ContactPerson>");
        }
        return sb.toString();
    }

    private String toOrganizationXml(Organization organization, String str) {
        if (str == null) {
            str = "en";
        }
        return organization != null ? "<md:Organization><md:OrganizationName xml:lang=\"" + str + "\">" + organization.getOrgName() + "</md:OrganizationName><md:OrganizationDisplayName xml:lang=\"" + str + "\">" + organization.getOrgDisplayName() + "</md:OrganizationDisplayName><md:OrganizationURL xml:lang=\"" + str + "\">" + organization.getOrgUrl() + "</md:OrganizationURL></md:Organization>" : "";
    }

    private String toX509KeyDescriptorsXML(X509Certificate x509Certificate) throws CertificateEncodingException {
        StringBuilder sb = new StringBuilder();
        if (x509Certificate != null) {
            String str = new String(new Base64(64).encode(x509Certificate.getEncoded()));
            sb.append("<md:KeyDescriptor use=\"signing\">");
            sb.append("<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">");
            sb.append("<ds:X509Data>");
            sb.append("<ds:X509Certificate>" + str + "</ds:X509Certificate>");
            sb.append("</ds:X509Data>");
            sb.append("</ds:KeyInfo>");
            sb.append("</md:KeyDescriptor>");
            sb.append("<md:KeyDescriptor use=\"encryption\">");
            sb.append("<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">");
            sb.append("<ds:X509Data>");
            sb.append("<ds:X509Certificate>" + str + "</ds:X509Certificate>");
            sb.append("</ds:X509Data>");
            sb.append("</ds:KeyInfo>");
            sb.append("</md:KeyDescriptor>");
        }
        return sb.toString();
    }

    private String toSLSXml(URL url, String str) {
        StringBuilder sb = new StringBuilder();
        if (url != null) {
            sb.append("<md:SingleLogoutService Binding=\"" + str + "\"");
            sb.append(" Location=\"" + url.toString() + "\"/>");
        }
        return sb.toString();
    }

    public final String getMetadataString() {
        return this.metadataString;
    }

    public static String signMetadata(String str, PrivateKey privateKey, X509Certificate x509Certificate, String str2) throws XPathExpressionException, XMLSecurityException {
        String addSign = Util.addSign(Util.loadXML(str), privateKey, x509Certificate, str2);
        LOGGER.debug("Signed metadata --> " + addSign);
        return addSign;
    }
}
