package org.apache.cxf.rs.security.saml.sso;

import com.nimbusds.openid.connect.sdk.federation.entities.EntityStatementClaimsSet;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ResourceBundle;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.callback.CallbackHandler;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import org.apache.cxf.common.i18n.BundleUtils;
import org.apache.cxf.common.i18n.Message;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.w3c.dom.Document;

@Path(EntityStatementClaimsSet.METADATA_CLAIM_NAME)
/* loaded from: input_file:WEB-INF/lib/cxf-rt-rs-security-sso-saml-3.3.6.jar:org/apache/cxf/rs/security/saml/sso/MetadataService.class */
public class MetadataService extends AbstractSSOSpHandler {
    protected static final Logger LOG = LogUtils.getL7dLogger(MetadataService.class);
    protected static final ResourceBundle BUNDLE = BundleUtils.getBundle(MetadataService.class);
    private String serviceAddress;
    private String assertionConsumerServiceAddress;
    private String logoutServiceAddress;
    private boolean addEndpointAddressToContext;

    @GET
    @Produces({"text/xml"})
    public Document getMetadata() {
        try {
            MetadataWriter metadataWriter = new MetadataWriter();
            Crypto signatureCrypto = getSignatureCrypto();
            if (signatureCrypto == null) {
                LOG.fine("No crypto instance of properties file configured for signature");
                throw ExceptionUtils.toInternalServerErrorException(null, null);
            }
            String signatureUsername = getSignatureUsername();
            if (signatureUsername == null) {
                LOG.fine("No user configured for signature");
                throw ExceptionUtils.toInternalServerErrorException(null, null);
            }
            CallbackHandler callbackHandler = getCallbackHandler();
            if (callbackHandler == null) {
                LOG.fine("No CallbackHandler configured to supply a password for signature");
                throw ExceptionUtils.toInternalServerErrorException(null, null);
            }
            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
            cryptoType.setAlias(signatureUsername);
            X509Certificate[] x509Certificates = signatureCrypto.getX509Certificates(cryptoType);
            if (x509Certificates == null) {
                throw new Exception("No issuer certs were found to sign the request using name: " + signatureUsername);
            }
            WSPasswordCallback[] wSPasswordCallbackArr = {new WSPasswordCallback(signatureUsername, 3)};
            callbackHandler.handle(wSPasswordCallbackArr);
            PrivateKey privateKey = signatureCrypto.getPrivateKey(signatureUsername, wSPasswordCallbackArr[0].getPassword());
            if (this.addEndpointAddressToContext) {
                String str = (String) JAXRSUtils.getCurrentMessage().get("http.base.path");
                return metadataWriter.getMetaData(str + this.serviceAddress, str + this.assertionConsumerServiceAddress, str + this.logoutServiceAddress, privateKey, x509Certificates[0], true);
            }
            Document metaData = metadataWriter.getMetaData(this.serviceAddress, this.assertionConsumerServiceAddress, this.logoutServiceAddress, privateKey, x509Certificates[0], true);
            try {
                privateKey.destroy();
            } catch (DestroyFailedException e) {
            }
            return metaData;
        } catch (Exception e2) {
            LOG.log(Level.FINE, e2.getMessage(), (Throwable) e2);
            throw ExceptionUtils.toInternalServerErrorException(e2, null);
        }
    }

    protected void reportError(String str) {
        LOG.warning(new Message(str, BUNDLE, new Object[0]).toString());
    }

    public String getServiceAddress() {
        return this.serviceAddress;
    }

    public void setServiceAddress(String str) {
        this.serviceAddress = str;
    }

    public String getLogoutServiceAddress() {
        return this.logoutServiceAddress;
    }

    public void setLogoutServiceAddress(String str) {
        this.logoutServiceAddress = str;
    }

    public void setAddEndpointAddressToContext(boolean z) {
        this.addEndpointAddressToContext = z;
    }

    public String getAssertionConsumerServiceAddress() {
        return this.assertionConsumerServiceAddress;
    }

    public void setAssertionConsumerServiceAddress(String str) {
        this.assertionConsumerServiceAddress = str;
    }
}
