package com.digiwin.dap.middleware.iam.util;

import com.digiwin.dap.middleware.iam.domain.tenant.metadata.TenantMetadataSAMLVO;
import com.digiwin.dap.middleware.iam.entity.SysSsoUrlConfig;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.HashMap;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.security.RandomIdentifierGenerationStrategy;
import net.shibboleth.utilities.java.support.xml.BasicParserPool;
import net.shibboleth.utilities.java.support.xml.ParserPool;
import org.joda.time.DateTime;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml.saml2.core.SessionIndex;
import org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder;
import org.opensaml.saml.saml2.core.impl.NameIDBuilder;
import org.opensaml.saml.saml2.core.impl.SessionIndexBuilder;
import org.opensaml.saml.saml2.metadata.Endpoint;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.signature.SignableXMLObject;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.Signer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/digiwin/dap/middleware/iam/util/SAMLUtil.class */
public class SAMLUtil {
    private static final Logger logger = LoggerFactory.getLogger(SAMLUtil.class);
    private static final RandomIdentifierGenerationStrategy secureRandomIdGenerator = new RandomIdentifierGenerationStrategy();

    public static String generateSecureRandomId() {
        return secureRandomIdGenerator.generateIdentifier();
    }

    public static AuthnRequest buildAuthnRequest(String str, TenantMetadataSAMLVO tenantMetadataSAMLVO, SysSsoUrlConfig sysSsoUrlConfig, String str2) {
        AuthnRequest authnRequest = (AuthnRequest) buildSAMLObject(AuthnRequest.class);
        authnRequest.setIssueInstant(new DateTime());
        authnRequest.setDestination(tenantMetadataSAMLVO.getSsoUrl());
        authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        authnRequest.setAssertionConsumerServiceURL(getAssertionConsumerEndpoint(str2, str, sysSsoUrlConfig));
        authnRequest.setID(generateSecureRandomId());
        authnRequest.setIssuer(buildIssuer(str2));
        authnRequest.setNameIDPolicy(buildNameIdPolicy());
        authnRequest.setRequestedAuthnContext(buildRequestedAuthnContext());
        return authnRequest;
    }

    public static LogoutRequest buildLogoutRequest(TenantMetadataSAMLVO tenantMetadataSAMLVO, String str, String str2, String str3) {
        LogoutRequest buildObject = new LogoutRequestBuilder().buildObject();
        buildObject.setID(generateSecureRandomId());
        buildObject.setVersion(SAMLVersion.VERSION_20);
        buildObject.setIssueInstant(new DateTime());
        buildObject.setDestination(tenantMetadataSAMLVO.getLogoutUrl());
        NameID buildObject2 = new NameIDBuilder().buildObject();
        buildObject2.setValue(str2);
        buildObject.setNameID(buildObject2);
        SessionIndex buildObject3 = new SessionIndexBuilder().buildObject();
        buildObject3.setSessionIndex(str3);
        buildObject.getSessionIndexes().add(buildObject3);
        buildObject.setIssuer(buildIssuer(str));
        return buildObject;
    }

    public static RequestedAuthnContext buildRequestedAuthnContext() {
        RequestedAuthnContext requestedAuthnContext = (RequestedAuthnContext) buildSAMLObject(RequestedAuthnContext.class);
        requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
        AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) buildSAMLObject(AuthnContextClassRef.class);
        authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:Password");
        requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
        return requestedAuthnContext;
    }

    public static NameIDPolicy buildNameIdPolicy() {
        NameIDPolicy nameIDPolicy = (NameIDPolicy) buildSAMLObject(NameIDPolicy.class);
        nameIDPolicy.setAllowCreate(true);
        nameIDPolicy.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        return nameIDPolicy;
    }

    public static Issuer buildIssuer(String str) {
        Issuer issuer = (Issuer) buildSAMLObject(Issuer.class);
        issuer.setValue(str);
        return issuer;
    }

    public static Endpoint getIDPEndpoint(TenantMetadataSAMLVO tenantMetadataSAMLVO, boolean z) {
        SingleSignOnService singleSignOnService = (SingleSignOnService) buildSAMLObject(SingleSignOnService.class);
        if ("REDIRECT".equals(tenantMetadataSAMLVO.getBindType())) {
            singleSignOnService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        } else {
            singleSignOnService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        }
        if (z) {
            singleSignOnService.setLocation(tenantMetadataSAMLVO.getSsoUrl());
        } else {
            singleSignOnService.setLocation(tenantMetadataSAMLVO.getLogoutUrl());
        }
        return singleSignOnService;
    }

    public static String getAssertionConsumerEndpoint(String str, String str2, SysSsoUrlConfig sysSsoUrlConfig) {
        return String.format("%s/api/iam/v2/saml/acs/%s/%s", str, str2, sysSsoUrlConfig.getSysId());
    }

    public static <T> T buildSAMLObject(Class<T> cls) {
        try {
            XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
            QName qName = (QName) cls.getDeclaredField("DEFAULT_ELEMENT_NAME").get(null);
            return (T) builderFactory.getBuilder(qName).buildObject(qName);
        } catch (IllegalAccessException e) {
            throw new IllegalArgumentException("Could not create SAML object");
        } catch (NoSuchFieldException e2) {
            throw new IllegalArgumentException("Could not create SAML object");
        }
    }

    public static String getFailCallbackUrl(String str, String str2) {
        return str + (str.contains("?") ? "&" : "?") + "errormsg=" + urlEncode(str2);
    }

    public static String getSuccessCallbackUrl(String str, String str2, String str3, String str4) {
        return str + (str.contains("?") ? "&" : "?") + "code=" + str2 + "&nameId=" + str3 + "&sessionIndex=" + str4;
    }

    private static String urlEncode(String str) {
        try {
            return URLEncoder.encode(str, "utf-8");
        } catch (UnsupportedEncodingException e) {
            logger.error("【saml】 urlEncode异常", e);
            return str;
        }
    }

    public static void signXMLObject(SignableXMLObject signableXMLObject, Credential credential) throws MarshallingException, SignatureException {
        Signature signature = (Signature) buildSAMLObject(Signature.class);
        signature.setSigningCredential(credential);
        signature.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        signature.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        signableXMLObject.setSignature(signature);
        XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(signableXMLObject).marshall(signableXMLObject);
        Signer.signObject(signature);
    }

    public static ParserPool getParserPool() {
        BasicParserPool basicParserPool = new BasicParserPool();
        basicParserPool.setMaxPoolSize(100);
        basicParserPool.setCoalescing(true);
        basicParserPool.setIgnoreComments(true);
        basicParserPool.setIgnoreElementContentWhitespace(true);
        basicParserPool.setNamespaceAware(true);
        basicParserPool.setExpandEntityReferences(false);
        basicParserPool.setXincludeAware(false);
        HashMap hashMap = new HashMap();
        hashMap.put("http://xml.org/sax/features/external-general-entities", Boolean.FALSE);
        hashMap.put("http://xml.org/sax/features/external-parameter-entities", Boolean.FALSE);
        hashMap.put("http://apache.org/xml/features/disallow-doctype-decl", Boolean.TRUE);
        hashMap.put("http://apache.org/xml/features/validation/schema/normalized-value", Boolean.FALSE);
        hashMap.put("http://javax.xml.XMLConstants/feature/secure-processing", Boolean.TRUE);
        basicParserPool.setBuilderFeatures(hashMap);
        basicParserPool.setBuilderAttributes(new HashMap());
        try {
            basicParserPool.initialize();
        } catch (ComponentInitializationException e) {
            logger.error(e.getMessage(), e);
        }
        return basicParserPool;
    }
}
