package cat.gencat.ctti.canigo.arch.security.saml.authentication.service.impl;

import cat.gencat.ctti.canigo.arch.core.config.PropertiesConfiguration;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.exception.SAMLAuthenticationException;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.service.SAMLValidationService;
import cat.gencat.ctti.canigo.arch.security.saml.validation.SAMLValidator;
import cat.gencat.ctti.canigo.arch.security.saml.validation.SAMLValidatorResult;
import cat.gencat.ctti.canigo.arch.security.saml.validation.credentials.SAMLIdPFilesystemMetadataCredentials;
import cat.gencat.ctti.canigo.arch.security.saml.validation.credentials.SAMLIdPMetadataCredentials;
import cat.gencat.ctti.canigo.arch.security.saml.validation.credentials.SAMLIdPResourceMetadataCredentials;
import cat.gencat.ctti.canigo.arch.security.saml.validation.credentials.SAMLKeystoreEncryptionCredentials;
import java.io.IOException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import javax.annotation.PostConstruct;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.encryption.DecryptionException;
import org.opensaml.xml.security.SecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cat/gencat/ctti/canigo/arch/security/saml/authentication/service/impl/SAMLValidationServiceOpenSAML.class */
public class SAMLValidationServiceOpenSAML implements SAMLValidationService {
    private static final Logger logger = LoggerFactory.getLogger(SAMLValidationServiceOpenSAML.class);
    private String idpEntityId;
    private String idpMetadaFile;
    private String idpMetadaResource;
    private String spBridgeEntityId;
    private String spBridgeKeystorePath;
    private String spBridgeKeystorePass;
    private String spBridgeEncryptionKeyAlias;
    private String spBridgeEncryptionKeyPass;
    private int extraValidityMinutes;
    protected SAMLIdPMetadataCredentials idpCredentials;
    protected SAMLKeystoreEncryptionCredentials spBridgeCredentials;
    private long metatadaMaxRefreshDelay;
    private long metatadaMinRefreshDelay;

    public void config(PropertiesConfiguration propertiesConfiguration) {
        setIdpEntityId(propertiesConfiguration.getProperty("saml.idpEntityId"));
        setIdpMetadaFile(propertiesConfiguration.getProperty("saml.idpMetadaFile"));
        setIdpMetadaResource(propertiesConfiguration.getProperty("saml.idpMetadaResource"));
        setSpBridgeEntityId(propertiesConfiguration.getProperty("saml.spBridgeEntityId"));
        setSpBridgeKeystorePath(propertiesConfiguration.getProperty("saml.spBridgeKeystorePath"));
        setSpBridgeKeystorePass(propertiesConfiguration.getProperty("saml.spBridgeKeystorePass"));
        setSpBridgeEncryptionKeyAlias(propertiesConfiguration.getProperty("saml.spBridgeEncryptionKeyAlias"));
        setSpBridgeEncryptionKeyPass(propertiesConfiguration.getProperty("saml.spBridgeEncryptionKeyPass"));
        setExtraValidityMinutes(getPropertyInteger(propertiesConfiguration, "saml.extraValidityMinutes"));
        setMetatadaMaxRefreshDelay(getPropertyLong(propertiesConfiguration, "saml.metatada.maxRefreshDelay"));
        setMetatadaMinRefreshDelay(getPropertyLong(propertiesConfiguration, "saml.metatada.minRefreshDelay"));
        logger.info("Configuration done {}", this);
    }

    @PostConstruct
    public void initValidator() throws MetadataProviderException, NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
        SAMLValidator.init();
        if (this.idpMetadaResource != null) {
            this.idpCredentials = new SAMLIdPResourceMetadataCredentials(this.idpEntityId, this.idpMetadaResource);
        } else {
            this.idpCredentials = new SAMLIdPFilesystemMetadataCredentials(this.idpEntityId, this.idpMetadaFile);
        }
        this.idpCredentials.setRefreshDelays(getMetatadaMinRefreshDelay(), getMetatadaMaxRefreshDelay());
        this.idpCredentials.init();
        if (this.spBridgeKeystorePath == null) {
            this.spBridgeCredentials = null;
        } else {
            this.spBridgeCredentials = new SAMLKeystoreEncryptionCredentials(this.spBridgeKeystorePath, this.spBridgeKeystorePass, this.spBridgeEncryptionKeyAlias, this.spBridgeEncryptionKeyPass);
            this.spBridgeCredentials.init();
        }
    }

    @Override // cat.gencat.ctti.canigo.arch.security.saml.authentication.service.SAMLValidationService
    public SAMLValidatorResult validate(String str) {
        Assertion samlAssertionBase64;
        try {
            SAMLValidator sAMLValidator = new SAMLValidator();
            sAMLValidator.setExtraValidityMinutes(Integer.valueOf(this.extraValidityMinutes));
            if (this.spBridgeCredentials != null) {
                samlAssertionBase64 = sAMLValidator.decryptAssertion(sAMLValidator.getSamlEncryptedAssertionBase64(str), this.spBridgeCredentials.getEncryptionCredential());
            } else {
                samlAssertionBase64 = sAMLValidator.getSamlAssertionBase64(str);
            }
            return sAMLValidator.validate(samlAssertionBase64, this.idpCredentials.getSigningCredential(), this.spBridgeEntityId);
        } catch (DecryptionException e) {
            throw new SAMLAuthenticationException("Can not decrypt assertion", e);
        } catch (SecurityException e2) {
            throw new SAMLAuthenticationException("Can not access IdP signing credentials", e2);
        }
    }

    public String getIdpEntityId() {
        return this.idpEntityId;
    }

    public void setIdpEntityId(String str) {
        this.idpEntityId = str;
    }

    public String getIdpMetadaFile() {
        return this.idpMetadaFile;
    }

    public void setIdpMetadaFile(String str) {
        this.idpMetadaFile = str;
    }

    public String getIdpMetadaResource() {
        return this.idpMetadaResource;
    }

    public void setIdpMetadaResource(String str) {
        this.idpMetadaResource = str;
    }

    public String getSpBridgeEntityId() {
        return this.spBridgeEntityId;
    }

    public void setSpBridgeEntityId(String str) {
        this.spBridgeEntityId = str;
    }

    public String getSpBridgeKeystorePath() {
        return this.spBridgeKeystorePath;
    }

    public void setSpBridgeKeystorePath(String str) {
        this.spBridgeKeystorePath = str;
    }

    public String getSpBridgeKeystorePass() {
        return this.spBridgeKeystorePass;
    }

    public void setSpBridgeKeystorePass(String str) {
        this.spBridgeKeystorePass = str;
    }

    public String getSpBridgeEncryptionKeyAlias() {
        return this.spBridgeEncryptionKeyAlias;
    }

    public void setSpBridgeEncryptionKeyAlias(String str) {
        this.spBridgeEncryptionKeyAlias = str;
    }

    public String getSpBridgeEncryptionKeyPass() {
        return this.spBridgeEncryptionKeyPass;
    }

    public void setSpBridgeEncryptionKeyPass(String str) {
        this.spBridgeEncryptionKeyPass = str;
    }

    public int getExtraValidityMinutes() {
        return this.extraValidityMinutes;
    }

    public void setExtraValidityMinutes(int i) {
        this.extraValidityMinutes = i;
    }

    public long getMetatadaMaxRefreshDelay() {
        return this.metatadaMaxRefreshDelay;
    }

    public void setMetatadaMaxRefreshDelay(long j) {
        this.metatadaMaxRefreshDelay = j;
    }

    public long getMetatadaMinRefreshDelay() {
        return this.metatadaMinRefreshDelay;
    }

    public void setMetatadaMinRefreshDelay(long j) {
        this.metatadaMinRefreshDelay = j;
    }

    public SAMLIdPMetadataCredentials getIdpCredentials() {
        return this.idpCredentials;
    }

    public void setIdpCredentials(SAMLIdPMetadataCredentials sAMLIdPMetadataCredentials) {
        this.idpCredentials = sAMLIdPMetadataCredentials;
    }

    public SAMLKeystoreEncryptionCredentials getSpBridgeCredentials() {
        return this.spBridgeCredentials;
    }

    public void setSpBridgeCredentials(SAMLKeystoreEncryptionCredentials sAMLKeystoreEncryptionCredentials) {
        this.spBridgeCredentials = sAMLKeystoreEncryptionCredentials;
    }

    private long getPropertyLong(PropertiesConfiguration propertiesConfiguration, String str) {
        try {
            return Long.valueOf(propertiesConfiguration.getProperty(str)).longValue();
        } catch (NumberFormatException e) {
            return 0L;
        }
    }

    private int getPropertyInteger(PropertiesConfiguration propertiesConfiguration, String str) {
        try {
            return Integer.valueOf(propertiesConfiguration.getProperty(str)).intValue();
        } catch (NumberFormatException e) {
            return 0;
        }
    }

    public String toString() {
        return "SAMLValidationServiceOpenSAML [idpEntityId=" + this.idpEntityId + ", idpMetadaFile=" + this.idpMetadaFile + ", idMetadaResource=" + this.idpMetadaResource + ", spBridgeEntityId=" + this.spBridgeEntityId + ", spBridgeKeystorePath=" + this.spBridgeKeystorePath + ", spBridgeKeystorePass=[PROTECTED], spBridgeEncryptionKeyAlias=" + this.spBridgeEncryptionKeyAlias + ", spBridgeEncryptionKeyPass=[PROTECTED], extraValidityMinutes=" + this.extraValidityMinutes + ", metatadaMaxRefreshDelay=" + this.metatadaMaxRefreshDelay + ", metatadaMinRefreshDelay=" + this.metatadaMinRefreshDelay + "]";
    }
}
