package org.apereo.cas.ws.idp.metadata;

import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import javax.xml.stream.XMLStreamWriter;
import lombok.Generated;
import org.apache.cxf.fediz.core.util.CertsUtils;
import org.apache.cxf.fediz.core.util.SignatureUtils;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.util.DOM2Writer;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.utils.Base64;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.wsfed.WsFederationProperties;
import org.apereo.cas.support.util.CryptoUtils;
import org.apereo.cas.ws.idp.WSFederationClaims;
import org.jooq.lambda.Unchecked;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:org/apereo/cas/ws/idp/metadata/WSFederationMetadataWriter.class */
public class WSFederationMetadataWriter {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(WSFederationMetadataWriter.class);

    public static Document produceMetadataDocument(CasConfigurationProperties casConfigurationProperties) {
        try {
            WsFederationProperties.SecurityTokenService sts = casConfigurationProperties.getAuthn().getWsfedIdp().getSts();
            Crypto cryptoFactory = CryptoFactory.getInstance(CryptoUtils.getSecurityProperties(sts.getRealm().getKeystoreFile(), sts.getRealm().getKeystorePassword(), sts.getRealm().getKeystoreAlias()));
            W3CDOMStreamWriter w3CDOMStreamWriter = new W3CDOMStreamWriter();
            w3CDOMStreamWriter.writeStartDocument(StandardCharsets.UTF_8.name(), "1.0");
            String generateID = IDGenerator.generateID("_");
            w3CDOMStreamWriter.writeStartElement("md", "EntityDescriptor", "urn:oasis:names:tc:SAML:2.0:metadata");
            w3CDOMStreamWriter.writeAttribute("ID", generateID);
            String concat = casConfigurationProperties.getServer().getPrefix().concat("/ws/idp/federation");
            w3CDOMStreamWriter.writeAttribute("entityID", concat);
            w3CDOMStreamWriter.writeNamespace("md", "urn:oasis:names:tc:SAML:2.0:metadata");
            w3CDOMStreamWriter.writeNamespace("fed", "http://docs.oasis-open.org/wsfed/federation/200706");
            w3CDOMStreamWriter.writeNamespace("wsa", "http://www.w3.org/2005/08/addressing");
            w3CDOMStreamWriter.writeNamespace("auth", "http://docs.oasis-open.org/wsfed/federation/200706");
            w3CDOMStreamWriter.writeNamespace("xsi", "http://www.w3.org/2001/XMLSchema-instance");
            writeFederationMetadata(w3CDOMStreamWriter, concat, casConfigurationProperties.getServer().getPrefix().concat("/ws/sts/").concat(casConfigurationProperties.getAuthn().getWsfedIdp().getIdp().getRealmName()), cryptoFactory);
            w3CDOMStreamWriter.writeEndElement();
            w3CDOMStreamWriter.writeEndDocument();
            w3CDOMStreamWriter.close();
            String nodeToString = DOM2Writer.nodeToString(w3CDOMStreamWriter.getDocument());
            LOGGER.debug("Produced unsigned metadata");
            LOGGER.debug(nodeToString);
            Document signMetaInfo = SignatureUtils.signMetaInfo(cryptoFactory, (String) null, casConfigurationProperties.getAuthn().getWsfedIdp().getSts().getRealm().getKeyPassword(), w3CDOMStreamWriter.getDocument(), generateID);
            if (signMetaInfo != null) {
                return signMetaInfo;
            }
            throw new IllegalArgumentException("Failed to sign the metadata document");
        } catch (Exception e) {
            throw new IllegalArgumentException("Error creating service metadata information: " + e.getMessage(), e);
        }
    }

    private static void writeFederationMetadata(XMLStreamWriter xMLStreamWriter, String str, String str2, Crypto crypto) throws Exception {
        xMLStreamWriter.writeStartElement("md", "RoleDescriptor", "http://docs.oasis-open.org/wsfed/federation/200706");
        xMLStreamWriter.writeAttribute("http://www.w3.org/2001/XMLSchema-instance", "type", "fed:SecurityTokenServiceType");
        xMLStreamWriter.writeAttribute("protocolSupportEnumeration", "http://docs.oasis-open.org/wsfed/federation/200706");
        xMLStreamWriter.writeStartElement("", "KeyDescriptor", "urn:oasis:names:tc:SAML:2.0:metadata");
        xMLStreamWriter.writeAttribute("use", "signing");
        xMLStreamWriter.writeStartElement("", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
        xMLStreamWriter.writeStartElement("", "X509Data", "http://www.w3.org/2000/09/xmldsig#");
        xMLStreamWriter.writeStartElement("", "X509Certificate", "http://www.w3.org/2000/09/xmldsig#");
        xMLStreamWriter.writeCharacters(Base64.encode(CertsUtils.getX509CertificateFromCrypto(crypto, crypto.getDefaultX509Identifier()).getEncoded()));
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeStartElement("fed", "SecurityTokenServiceEndpoint", "http://docs.oasis-open.org/wsfed/federation/200706");
        xMLStreamWriter.writeStartElement("wsa", "EndpointReference", "http://www.w3.org/2005/08/addressing");
        xMLStreamWriter.writeStartElement("wsa", "Address", "http://www.w3.org/2005/08/addressing");
        xMLStreamWriter.writeCharacters(str2);
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeStartElement("fed", "PassiveRequestorEndpoint", "http://docs.oasis-open.org/wsfed/federation/200706");
        xMLStreamWriter.writeStartElement("wsa", "EndpointReference", "http://www.w3.org/2005/08/addressing");
        xMLStreamWriter.writeStartElement("wsa", "Address", "http://www.w3.org/2005/08/addressing");
        xMLStreamWriter.writeCharacters(str);
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeStartElement("fed", "ClaimTypesOffered", "http://docs.oasis-open.org/wsfed/federation/200706");
        Arrays.stream(WSFederationClaims.values()).forEach(Unchecked.consumer(wSFederationClaims -> {
            xMLStreamWriter.writeStartElement("auth", "ClaimType", "http://docs.oasis-open.org/wsfed/federation/200706");
            xMLStreamWriter.writeAttribute("Uri", wSFederationClaims.getUri());
            xMLStreamWriter.writeAttribute("Optional", "true");
            xMLStreamWriter.writeEndElement();
        }));
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeEndElement();
    }

    @Generated
    public WSFederationMetadataWriter() {
    }
}
