package de.bos_bremen.gov.autent.safe.client;

import com.sun.xml.wss.saml.Advice;
import com.sun.xml.wss.saml.Conditions;
import com.sun.xml.wss.saml.NameID;
import com.sun.xml.wss.saml.SAMLAssertionFactory;
import com.sun.xml.wss.saml.Subject;
import com.sun.xml.wss.saml.SubjectLocality;
import com.sun.xml.wss.saml.assertion.saml20.jaxb20.AuthnContext;
import com.sun.xml.wss.saml.internal.saml20.jaxb20.ObjectFactory;
import de.bos_bremen.gov.autent.common.XmlHelper;
import de.bos_bremen.gov.autent.safe.pp.dto.RoleDto;
import de.egov.names.safe._1_0.authenticationcontext.AuthnContextDeclType;
import de.egov.names.safe._1_0.authenticationcontext.SecurityLevelType;
import java.io.ByteArrayOutputStream;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.GregorianCalendar;
import java.util.LinkedList;
import java.util.List;
import java.util.TimeZone;
import java.util.UUID;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.transform.TransformerException;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import oasis.names.tc.saml._2_0.ac.classes.x509.AuthnContextDeclarationBaseType;
import oasis.names.tc.saml._2_0.ac.classes.x509.ExtensionType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:de/bos_bremen/gov/autent/safe/client/SamlAssertionCreator.class */
public class SamlAssertionCreator {
    private static final Logger log = LoggerFactory.getLogger(SamlAssertionCreator.class);
    private static final String senderVouchesConfirmation_saml20 = "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches";

    public static Element createSvSamlAssertion20(String str, String str2, String str3, X509Certificate x509Certificate, PrivateKey privateKey, RoleDto... roleDtoArr) {
        try {
            SAMLAssertionFactory newInstance = SAMLAssertionFactory.newInstance("Saml2.0");
            String str4 = "SAFE_Assertion_" + UUID.randomUUID().toString();
            GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
            gregorianCalendar.setTimeInMillis(gregorianCalendar.getTimeInMillis() - 3600000);
            GregorianCalendar gregorianCalendar2 = (GregorianCalendar) gregorianCalendar.clone();
            GregorianCalendar gregorianCalendar3 = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
            gregorianCalendar3.setTimeInMillis(gregorianCalendar3.getTimeInMillis() + 3600000);
            GregorianCalendar gregorianCalendar4 = (GregorianCalendar) gregorianCalendar3.clone();
            GregorianCalendar gregorianCalendar5 = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
            Conditions createConditions = newInstance.createConditions(gregorianCalendar2, gregorianCalendar4, (List) null, (List) null, (List) null, (List) null);
            Subject createSubject = newInstance.createSubject(newInstance.createNameID(str2, str3, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"), newInstance.createSubjectConfirmation((NameID) null, senderVouchesConfirmation_saml20));
            LinkedList linkedList = new LinkedList();
            LinkedList linkedList2 = new LinkedList();
            for (RoleDto roleDto : roleDtoArr) {
                String format = String.format("/pp:PP/pp:Extension/safe:EJusticeAttributes/safe:Roles[safe:RoleName='%s']/safe:RoleValue", roleDto.getRoleName());
                LinkedList linkedList3 = new LinkedList();
                linkedList3.add(roleDto.getRoleValue());
                linkedList2.add(newInstance.createAttribute(format, "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", linkedList3));
            }
            linkedList.add(newInstance.createAttributeStatement(linkedList2));
            AuthnContext createAuthnContext = newInstance.createAuthnContext("urn:oasis:names:tc:SAML:2.0:ac:classes:X509", (String) null);
            createAuthnContext.getContent().add(generateAuthnContextDecl());
            linkedList.add(newInstance.createAuthnStatement(gregorianCalendar5, (SubjectLocality) null, createAuthnContext, (String) null, (GregorianCalendar) null));
            Element sign = newInstance.createAssertion(str4, newInstance.createNameID(str, str3, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"), gregorianCalendar5, createConditions, (Advice) null, createSubject, linkedList, JAXBContext.newInstance(new Class[]{ObjectFactory.class, com.sun.xml.wss.saml.internal.saml11.jaxb20.ObjectFactory.class, de.egov.names.safe._1_0.authenticationcontext.ObjectFactory.class, de.egov.names.safe._1_0.ac.x509_selfsigned.ObjectFactory.class, oasis.names.tc.saml._2_0.ac.classes.x509.ObjectFactory.class, oasis.names.tc.saml._2_0.ac.classes.password.ObjectFactory.class, oasis.names.tc.saml._2_0.ac.classes.smartcardpki.ObjectFactory.class})).sign(x509Certificate, privateKey, true);
            logElement(sign);
            return sign;
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private static JAXBElement<?> generateAuthnContextDecl() {
        oasis.names.tc.saml._2_0.ac.classes.x509.ObjectFactory objectFactory = new oasis.names.tc.saml._2_0.ac.classes.x509.ObjectFactory();
        de.egov.names.safe._1_0.authenticationcontext.ObjectFactory objectFactory2 = new de.egov.names.safe._1_0.authenticationcontext.ObjectFactory();
        SecurityLevelType createSecurityLevelType = objectFactory2.createSecurityLevelType();
        createSecurityLevelType.setAuthentication("urn:de:egov:names:fim:1.0:securitylevel:high");
        ExtensionType createExtensionType = objectFactory.createExtensionType();
        createExtensionType.getAny().add(objectFactory2.createSecurityLevel(createSecurityLevelType));
        AuthnContextDeclarationBaseType createAuthnContextDeclarationBaseType = objectFactory.createAuthnContextDeclarationBaseType();
        createAuthnContextDeclarationBaseType.getExtension().add(createExtensionType);
        createSecurityLevelType.getRegistration().add("urn:de:egov:names:fim:1.0:securitylevel:high");
        AuthnContextDeclType createAuthnContextDeclType = objectFactory2.createAuthnContextDeclType();
        createAuthnContextDeclType.getContent().add(objectFactory.createAuthenticationContextDeclaration(createAuthnContextDeclarationBaseType));
        return objectFactory2.createAuthnContextDecl(createAuthnContextDeclType);
    }

    protected static void logElement(Element element) {
        if (log.isDebugEnabled()) {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                XmlHelper.getTransfomer().transform(new DOMSource(element), new StreamResult(byteArrayOutputStream));
                log.debug("logElement() SAML node : " + byteArrayOutputStream.toString());
            } catch (TransformerException e) {
                log.trace(e.getMessage(), e);
                log.info("logElement() could not log the SAML assertion");
            }
        }
    }
}
