package org.apereo.cas.support.saml.sts;

import java.lang.reflect.Method;
import java.time.Instant;
import lombok.Generated;
import org.apache.cxf.common.util.ReflectionUtil;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.sts.cache.CacheUtils;
import org.apache.cxf.sts.request.KeyRequirements;
import org.apache.cxf.sts.request.TokenRequirements;
import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
import org.apache.cxf.sts.token.provider.TokenProviderParameters;
import org.apache.cxf.sts.token.provider.TokenProviderResponse;
import org.apache.cxf.sts.token.provider.TokenProviderUtils;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apereo.cas.util.function.FunctionUtils;
import org.opensaml.saml.common.SAMLVersion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

@Deprecated(since = "6.6.0")
/* loaded from: input_file:org/apereo/cas/support/saml/sts/SamlTokenProvider.class */
public class SamlTokenProvider extends SAMLTokenProvider {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlTokenProvider.class);

    public TokenProviderResponse createToken(TokenProviderParameters tokenProviderParameters) {
        return (TokenProviderResponse) FunctionUtils.doUnchecked(() -> {
            KeyRequirements keyRequirements = tokenProviderParameters.getKeyRequirements();
            TokenRequirements tokenRequirements = tokenProviderParameters.getTokenRequirements();
            LOGGER.debug("Handling token of type: [{}]", tokenRequirements.getTokenType());
            Document createDocument = DOMUtils.createDocument();
            Method declaredMethod = ReflectionUtil.getDeclaredMethod(SAMLTokenProvider.class, "createSamlToken", new Class[]{TokenProviderParameters.class, byte[].class, Document.class});
            declaredMethod.setAccessible(true);
            SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) declaredMethod.invoke(this, tokenProviderParameters, null, createDocument);
            Element dom = samlAssertionWrapper.toDOM(createDocument);
            byte[] signatureValue = samlAssertionWrapper.getSignatureValue();
            if (tokenProviderParameters.getTokenStore() != null && signatureValue != null && signatureValue.length > 0) {
                CacheUtils.storeTokenInCache(CacheUtils.createSecurityTokenForStorage(dom, samlAssertionWrapper.getId(), samlAssertionWrapper.getNotOnOrAfter(), tokenProviderParameters.getPrincipal(), tokenProviderParameters.getRealm(), tokenProviderParameters.getTokenRequirements().getRenewing()), tokenProviderParameters.getTokenStore(), signatureValue);
            }
            TokenProviderResponse tokenProviderResponse = new TokenProviderResponse();
            String tokenType = tokenRequirements.getTokenType();
            if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0".equals(tokenType) || "urn:oasis:names:tc:SAML:2.0:assertion".equals(tokenType)) {
                tokenProviderResponse.setTokenId(dom.getAttributeNS(null, "ID"));
            } else {
                tokenProviderResponse.setTokenId(dom.getAttributeNS(null, "AssertionID"));
            }
            if (tokenProviderParameters.isEncryptToken()) {
                dom = TokenProviderUtils.encryptToken(dom, tokenProviderResponse.getTokenId(), tokenProviderParameters.getStsProperties(), tokenProviderParameters.getEncryptionProperties(), keyRequirements, tokenProviderParameters.getMessageContext());
            }
            tokenProviderResponse.setToken(dom);
            Instant notBefore = getNotBefore(samlAssertionWrapper);
            Instant notOnOrAfter = getNotOnOrAfter(samlAssertionWrapper);
            tokenProviderResponse.setCreated(notBefore);
            tokenProviderResponse.setExpires(notOnOrAfter);
            tokenProviderResponse.setEntropy((byte[]) null);
            tokenProviderResponse.setComputedKey(false);
            LOGGER.debug("SAML Token successfully created");
            return tokenProviderResponse;
        });
    }

    private static Instant getNotBefore(SamlAssertionWrapper samlAssertionWrapper) {
        return samlAssertionWrapper.getSamlVersion().equals(SAMLVersion.VERSION_20) ? samlAssertionWrapper.getSaml2().getConditions().getNotBefore() : samlAssertionWrapper.getSaml1().getConditions().getNotBefore();
    }

    private static Instant getNotOnOrAfter(SamlAssertionWrapper samlAssertionWrapper) {
        return samlAssertionWrapper.getSamlVersion().equals(SAMLVersion.VERSION_20) ? samlAssertionWrapper.getSaml2().getConditions().getNotOnOrAfter() : samlAssertionWrapper.getSaml1().getConditions().getNotOnOrAfter();
    }
}
