package com.adobe.ep.auth.ticket.impl;

import com.adobe.ep.auth.ticket.InvalidTicketException;
import com.adobe.ep.auth.ticket.Ticket;
import com.adobe.ep.auth.ticket.TicketOptions;
import com.adobe.ep.auth.ticket.TicketService;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Map;
import java.util.Properties;
import org.apache.commons.codec.binary.Base64;
import org.apache.sling.commons.osgi.OsgiUtil;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/ep/auth/ticket/impl/SAMLTicketService.class */
public class SAMLTicketService implements TicketService {
    private static final Logger log = LoggerFactory.getLogger(SAMLTicketService.class);
    public static final String COMPONENT_PID = "com.adobe.ep.auth.ticket.SAMLTicketService";
    private static final int KEY_STRING_LENGTH = 32;
    private static final String DEFAULT_SIGNING_KEY = "DEFAULT_SIGNING_KEY";
    private static final String PROP_TICKET_SIGNING_KEY = "ticket.signing.key";
    private static final String PROP_TICKET_VALIDITY_DURATION = "ticket.validity.seconds";
    private static final String PROP_ISSUER_NAME = "ticket.issuer.name";
    private SAMLHelper samlHelper = new SAMLHelper();
    private ConfigurationAdmin configAdmin;

    private void activate(Map<String, Object> map) throws IOException, NoSuchAlgorithmException {
        if (!DEFAULT_SIGNING_KEY.equals(OsgiUtil.toString(map.get(PROP_TICKET_SIGNING_KEY), DEFAULT_SIGNING_KEY))) {
            modified(map);
            return;
        }
        byte[] bArr = new byte[32];
        SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
        String encodeBase64String = Base64.encodeBase64String(bArr);
        Configuration configuration = this.configAdmin.getConfiguration(COMPONENT_PID);
        Properties properties = new Properties();
        properties.put(PROP_TICKET_SIGNING_KEY, encodeBase64String);
        configuration.update(properties);
        modified(properties);
        log.info("Updated the configuration for SAMl Ticket service by generating a random signing key");
    }

    private void modified(Map map) throws UnsupportedEncodingException {
        String osgiUtil = OsgiUtil.toString(map.get(PROP_ISSUER_NAME), SAMLHelper.DEFAULT_ISSUER_NAME);
        int integer = OsgiUtil.toInteger(map.get(PROP_TICKET_VALIDITY_DURATION), 600);
        String osgiUtil2 = OsgiUtil.toString(map.get(PROP_TICKET_SIGNING_KEY), DEFAULT_SIGNING_KEY);
        if (DEFAULT_SIGNING_KEY.equals(osgiUtil2)) {
            log.warn("Signing key found to be the default one. Should have been system generated");
        }
        this.samlHelper.setAssertionTimeoutInSeconds(integer);
        this.samlHelper.setIssuerName(osgiUtil);
        this.samlHelper.initialize(osgiUtil2);
    }

    @Override // com.adobe.ep.auth.ticket.TicketService
    public Ticket issueTicket(String str, TicketOptions ticketOptions) {
        return this.samlHelper.issueTicket(str, ticketOptions);
    }

    @Override // com.adobe.ep.auth.ticket.TicketService
    public Ticket verifyTicket(String str) throws InvalidTicketException {
        return this.samlHelper.verifyTicket(str);
    }

    protected void bindConfigAdmin(ConfigurationAdmin configurationAdmin) {
        this.configAdmin = configurationAdmin;
    }

    protected void unbindConfigAdmin(ConfigurationAdmin configurationAdmin) {
        if (this.configAdmin == configurationAdmin) {
            this.configAdmin = null;
        }
    }
}
