package org.apereo.cas.support.saml.idp.metadata.generator;

import java.io.BufferedWriter;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Objects;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.util.crypto.PrivateKeyFactoryBean;
import org.apereo.cas.util.function.FunctionUtils;
import org.opensaml.core.xml.io.Unmarshaller;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap;
import org.opensaml.xmlsec.signature.SignableXMLObject;
import org.opensaml.xmlsec.signature.support.SignatureSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.core.io.Resource;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apereo/cas/support/saml/idp/metadata/generator/FileSystemSamlIdPMetadataGenerator.class */
public class FileSystemSamlIdPMetadataGenerator extends BaseSamlIdPMetadataGenerator implements InitializingBean {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(FileSystemSamlIdPMetadataGenerator.class);

    public FileSystemSamlIdPMetadataGenerator(SamlIdPMetadataGeneratorConfigurationContext samlIdPMetadataGeneratorConfigurationContext) {
        super(samlIdPMetadataGeneratorConfigurationContext);
    }

    @Override // org.apereo.cas.support.saml.idp.metadata.generator.BaseSamlIdPMetadataGenerator
    public Pair<String, String> buildSelfSignedEncryptionCert(Optional<SamlRegisteredService> optional) throws Throwable {
        File file = getConfigurationContext().getSamlIdPMetadataLocator().getEncryptionCertificate(optional).getFile();
        File file2 = getConfigurationContext().getSamlIdPMetadataLocator().resolveEncryptionKey(optional).getFile();
        writeCertificateAndKey(file, file2, optional);
        return Pair.of(FileUtils.readFileToString(file, StandardCharsets.UTF_8), FileUtils.readFileToString(file2, StandardCharsets.UTF_8));
    }

    @Override // org.apereo.cas.support.saml.idp.metadata.generator.BaseSamlIdPMetadataGenerator
    public Pair<String, String> buildSelfSignedSigningCert(Optional<SamlRegisteredService> optional) throws Throwable {
        File file = getConfigurationContext().getSamlIdPMetadataLocator().resolveSigningCertificate(optional).getFile();
        File file2 = getConfigurationContext().getSamlIdPMetadataLocator().resolveSigningKey(optional).getFile();
        writeCertificateAndKey(file, file2, optional);
        return Pair.of(FileUtils.readFileToString(file, StandardCharsets.UTF_8), FileUtils.readFileToString(file2, StandardCharsets.UTF_8));
    }

    @Override // org.apereo.cas.support.saml.idp.metadata.generator.BaseSamlIdPMetadataGenerator
    protected String writeMetadata(String str, Optional<SamlRegisteredService> optional) throws Throwable {
        File file = getConfigurationContext().getSamlIdPMetadataLocator().resolveMetadata(optional).getFile();
        LOGGER.info("Writing SAML2 metadata to [{}]", file);
        if (getConfigurationContext().getCasProperties().getAuthn().getSamlIdp().getMetadata().getFileSystem().isSignMetadata()) {
            X509Certificate readCertificate = SamlUtils.readCertificate(getConfigurationContext().getSamlIdPMetadataLocator().resolveSigningCertificate(optional));
            Resource resolveSigningKey = getConfigurationContext().getSamlIdPMetadataLocator().resolveSigningKey(optional);
            PrivateKeyFactoryBean privateKeyFactoryBean = new PrivateKeyFactoryBean();
            privateKeyFactoryBean.setLocation(resolveSigningKey);
            privateKeyFactoryBean.afterPropertiesSet();
            FileUtils.write(file, new String(sign(str.getBytes(StandardCharsets.UTF_8), readCertificate, (PrivateKey) privateKeyFactoryBean.getObject()), StandardCharsets.UTF_8), StandardCharsets.UTF_8);
        } else {
            FileUtils.write(file, str, StandardCharsets.UTF_8);
        }
        LOGGER.info("Wrote SAML2 metadata to [{}]", file);
        return str;
    }

    private byte[] sign(byte[] bArr, X509Certificate x509Certificate, PrivateKey privateKey) throws Exception {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            Element documentElement = getConfigurationContext().getOpenSamlConfigBean().getParserPool().parse(byteArrayInputStream).getDocumentElement();
            SignableXMLObject unmarshall = ((Unmarshaller) Objects.requireNonNull(getConfigurationContext().getOpenSamlConfigBean().getUnmarshallerFactory().getUnmarshaller(documentElement))).unmarshall(documentElement);
            if (unmarshall instanceof SignableXMLObject) {
                SignableXMLObject signableXMLObject = unmarshall;
                if (!signableXMLObject.isSigned()) {
                    SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
                    BasicX509Credential basicX509Credential = new BasicX509Credential(x509Certificate, privateKey);
                    signatureSigningParameters.setKeyInfoGenerator(DefaultSecurityConfigurationBootstrap.buildBasicKeyInfoGeneratorManager().getDefaultManager().getFactory(basicX509Credential).newInstance());
                    signatureSigningParameters.setSigningCredential(basicX509Credential);
                    signatureSigningParameters.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
                    signatureSigningParameters.setSignatureReferenceDigestMethod("http://www.w3.org/2001/04/xmlenc#sha256");
                    signatureSigningParameters.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
                    SignatureSupport.signObject(signableXMLObject, signatureSigningParameters);
                    byte[] bytes = SamlUtils.transformSamlObject(getConfigurationContext().getOpenSamlConfigBean(), signableXMLObject).toString().getBytes(StandardCharsets.UTF_8);
                    byteArrayInputStream.close();
                    return bytes;
                }
            }
            byteArrayInputStream.close();
            return bArr;
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    protected void writeCertificateAndKey(File file, File file2, Optional<SamlRegisteredService> optional) throws Exception {
        if (file.exists()) {
            LOGGER.info("Certificate file [{}] already exists, and will be deleted", file.getCanonicalPath());
            FileUtils.forceDelete(file);
        }
        if (file2.exists()) {
            LOGGER.info("Key file [{}] already exists, and will be deleted", file2.getCanonicalPath());
            FileUtils.forceDelete(file2);
        }
        LOGGER.debug("Writing SAML2 key file to [{}]", file2.getPath());
        LOGGER.debug("Writing SAML2 certificate file to [{}]", file.getPath());
        BufferedWriter newBufferedWriter = Files.newBufferedWriter(file2.toPath(), StandardCharsets.UTF_8, new OpenOption[0]);
        try {
            BufferedWriter newBufferedWriter2 = Files.newBufferedWriter(file.toPath(), StandardCharsets.UTF_8, new OpenOption[0]);
            try {
                getConfigurationContext().getSamlIdPCertificateAndKeyWriter().writeCertificateAndKey(newBufferedWriter, newBufferedWriter2);
                if (newBufferedWriter2 != null) {
                    newBufferedWriter2.close();
                }
                if (newBufferedWriter != null) {
                    newBufferedWriter.close();
                }
            } catch (Throwable th) {
                if (newBufferedWriter2 != null) {
                    try {
                        newBufferedWriter2.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (newBufferedWriter != null) {
                try {
                    newBufferedWriter.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    public void afterPropertiesSet() {
        FunctionUtils.doUnchecked(obj -> {
            generate(Optional.empty());
        }, new Object[0]);
    }

    public void initialize() throws Throwable {
        getConfigurationContext().getSamlIdPMetadataLocator().initialize();
        generate(Optional.empty());
    }
}
