package dk.gov.oio.saml.service;

import dk.gov.oio.saml.config.Configuration;
import dk.gov.oio.saml.util.Constants;
import dk.gov.oio.saml.util.InternalException;
import dk.gov.oio.saml.util.SamlHelper;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml.saml2.metadata.ContactPerson;
import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration;
import org.opensaml.saml.saml2.metadata.EmailAddress;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.NameIDFormat;
import org.opensaml.saml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml.saml2.metadata.ServiceName;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml.saml2.metadata.impl.EntityDescriptorMarshaller;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.signature.KeyInfo;

/* loaded from: input_file:dk/gov/oio/saml/service/SPMetadataService.class */
public class SPMetadataService {
    private static SPMetadataService singleInstance = new SPMetadataService();
    private String marshalledMetadata;

    public static SPMetadataService getInstance() {
        return singleInstance;
    }

    public String getMarshalledMetadata() throws InternalException, InitializationException {
        if (this.marshalledMetadata == null) {
            createMetadata();
        }
        return this.marshalledMetadata;
    }

    public void createMetadata() throws InternalException, InitializationException {
        Configuration config = OIOSAML3Service.getConfig();
        EntityDescriptor createEntityDescriptor = createEntityDescriptor(config.getSpEntityID());
        SPSSODescriptor sPSSODescriptor = (SPSSODescriptor) SamlHelper.build(SPSSODescriptor.class);
        createEntityDescriptor.getRoleDescriptors().add(sPSSODescriptor);
        sPSSODescriptor.addSupportedProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
        sPSSODescriptor.setAuthnRequestsSigned(true);
        sPSSODescriptor.setWantAssertionsSigned(true);
        NameIDFormat nameIDFormat = (NameIDFormat) SamlHelper.build(NameIDFormat.class);
        nameIDFormat.setFormat(config.getNameIDFormat());
        sPSSODescriptor.getNameIDFormats().add(nameIDFormat);
        ServiceName serviceName = (ServiceName) SamlHelper.build(ServiceName.class);
        serviceName.setXMLLang("da");
        serviceName.setValue(config.getSpEntityID());
        AttributeConsumingService attributeConsumingService = (AttributeConsumingService) SamlHelper.build(AttributeConsumingService.class);
        attributeConsumingService.setIsDefault(true);
        attributeConsumingService.getNames().add(serviceName);
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute(Constants.SPEC_VER, true));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute("https://data.gov.dk/model/core/eid/bootstrapToken", false));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute(Constants.PRIVILEGE_ATTRIBUTE, false));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute(Constants.LOA, true));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute("https://data.gov.dk/concept/core/nsis/ial", false));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute("https://data.gov.dk/concept/core/nsis/aal", false));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute("https://data.gov.dk/model/core/eid/fullName", false));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute("https://data.gov.dk/model/core/eid/firstName", false));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute("https://data.gov.dk/model/core/eid/lastName", false));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute("https://data.gov.dk/model/core/eid/email", false));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute("https://data.gov.dk/model/core/eid/cprNumber", false));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute("https://data.gov.dk/model/core/eid/age", false));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute("https://data.gov.dk/model/core/eid/cprUuid", false));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute("https://data.gov.dk/model/core/eid/dateOfBirth", false));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute("https://data.gov.dk/model/core/eid/person/pid", false));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute("https://data.gov.dk/model/core/eid/professional/uuid/persistent", false));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute("https://data.gov.dk/model/core/eid/professional/rid", false));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute(Constants.CVR_NUMBER, true));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute(Constants.ORGANIZATION_NAME, true));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute("https://data.gov.dk/model/core/eid/professional/productionUnit", false));
        attributeConsumingService.getRequestAttributes().add(buildRequiredAttribute("https://data.gov.dk/model/core/eid/professional/seNumber", false));
        sPSSODescriptor.getAttributeConsumingServices().add(attributeConsumingService);
        sPSSODescriptor.getKeyDescriptors().addAll(getKeyDescriptors());
        AssertionConsumerService assertionConsumerService = (AssertionConsumerService) SamlHelper.build(AssertionConsumerService.class);
        sPSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService);
        assertionConsumerService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        assertionConsumerService.setLocation(config.getServletAssertionConsumerURL());
        assertionConsumerService.setIsDefault(true);
        assertionConsumerService.setIndex(0);
        SingleLogoutService singleLogoutService = (SingleLogoutService) SamlHelper.build(SingleLogoutService.class);
        sPSSODescriptor.getSingleLogoutServices().add(singleLogoutService);
        singleLogoutService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        singleLogoutService.setLocation(config.getServletLogoutURL());
        singleLogoutService.setResponseLocation(config.getServletLogoutResponseURL());
        SingleLogoutService singleLogoutService2 = (SingleLogoutService) SamlHelper.build(SingleLogoutService.class);
        sPSSODescriptor.getSingleLogoutServices().add(singleLogoutService2);
        singleLogoutService2.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        singleLogoutService2.setLocation(config.getServletLogoutURL());
        singleLogoutService2.setResponseLocation(config.getServletLogoutResponseURL());
        String contactEmail = config.getContactEmail();
        if (contactEmail != null && !"".equals(contactEmail)) {
            EmailAddress emailAddress = (EmailAddress) SamlHelper.build(EmailAddress.class);
            emailAddress.setAddress(contactEmail);
            ContactPerson contactPerson = (ContactPerson) SamlHelper.build(ContactPerson.class);
            contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL);
            contactPerson.getEmailAddresses().add(emailAddress);
            sPSSODescriptor.getContactPersons().add(contactPerson);
        }
        this.marshalledMetadata = marshallMetadata(createEntityDescriptor);
    }

    private RequestedAttribute buildRequiredAttribute(String str, boolean z) {
        RequestedAttribute requestedAttribute = (RequestedAttribute) SamlHelper.build(RequestedAttribute.class);
        requestedAttribute.setName(str);
        requestedAttribute.setFriendlyName("");
        requestedAttribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
        requestedAttribute.setIsRequired(Boolean.valueOf(z));
        return requestedAttribute;
    }

    private String marshallMetadata(EntityDescriptor entityDescriptor) throws InternalException {
        try {
            DOMSource dOMSource = new DOMSource(new EntityDescriptorMarshaller().marshall(entityDescriptor));
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            newTransformer.setOutputProperty("method", "xml");
            newTransformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
            newTransformer.setOutputProperty("omit-xml-declaration", "no");
            newTransformer.setOutputProperty("indent", "yes");
            newTransformer.setOutputProperty("encoding", "UTF-8");
            StringWriter stringWriter = new StringWriter();
            newTransformer.transform(dOMSource, new StreamResult(stringWriter));
            return stringWriter.toString();
        } catch (TransformerException | MarshallingException e) {
            throw new InternalException("Could not marshall metadata", e);
        }
    }

    private EntityDescriptor createEntityDescriptor(String str) {
        EntityDescriptor entityDescriptor = (EntityDescriptor) SamlHelper.build(EntityDescriptor.class);
        entityDescriptor.setEntityID(str);
        entityDescriptor.setID("_" + UUID.nameUUIDFromBytes(str.getBytes()).toString());
        return entityDescriptor;
    }

    private List<KeyDescriptor> getKeyDescriptors() throws InternalException {
        try {
            ArrayList arrayList = new ArrayList();
            CredentialService credentialService = CredentialService.getInstance();
            BasicX509Credential primaryBasicX509Credential = credentialService.getPrimaryBasicX509Credential();
            arrayList.add(getKeyDescriptor(UsageType.SIGNING, credentialService.getPublicKeyInfo(primaryBasicX509Credential)));
            arrayList.add(getKeyDescriptor(UsageType.ENCRYPTION, credentialService.getPublicKeyInfo(primaryBasicX509Credential)));
            BasicX509Credential secondaryBasicX509Credential = credentialService.getSecondaryBasicX509Credential();
            if (secondaryBasicX509Credential != null) {
                arrayList.add(getKeyDescriptor(UsageType.SIGNING, credentialService.getPublicKeyInfo(secondaryBasicX509Credential)));
                arrayList.add(getKeyDescriptor(UsageType.ENCRYPTION, credentialService.getPublicKeyInfo(secondaryBasicX509Credential)));
            }
            return arrayList;
        } catch (InitializationException e) {
            throw new InternalException("CredentialService was not initialized", e);
        }
    }

    private KeyDescriptor getKeyDescriptor(UsageType usageType, KeyInfo keyInfo) {
        KeyDescriptor keyDescriptor = (KeyDescriptor) SamlHelper.build(KeyDescriptor.class);
        keyDescriptor.setUse(usageType);
        keyDescriptor.setKeyInfo(keyInfo);
        return keyDescriptor;
    }
}
