package de.governikus.panstar.sdk.saml.request;

import de.governikus.panstar.sdk.saml.SamlInitializer;
import de.governikus.panstar.sdk.saml.configuration.SamlConfiguration;
import de.governikus.panstar.sdk.saml.configuration.SamlConfigurationHelper;
import de.governikus.panstar.sdk.saml.exception.SamlRequestException;
import de.governikus.panstar.sdk.utils.RequestData;
import de.governikus.panstar.sdk.utils.exception.InvalidInputException;
import de.governikus.panstar.sdk.utils.saml.SAMLUtils;
import de.governikus.panstar.sdk.utils.xml.XMLSignatureHandler;
import de.governikus.panstar.sdk.utils.xml.XmlUtils;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import org.opensaml.core.config.InitializationException;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.xmlsec.signature.support.Signer;
import org.w3c.dom.Element;

/* loaded from: input_file:de/governikus/panstar/sdk/saml/request/SamlRequestGenerator.class */
public class SamlRequestGenerator {
    private final SamlConfiguration samlConfiguration;
    private final AuthnRequestGenerator authnRequestGenerator;
    private final SamlRequestCreationInterceptor interceptor;

    public SamlRequestGenerator(SamlConfiguration samlConfiguration) throws InvalidInputException, InitializationException, SamlRequestException {
        this.samlConfiguration = samlConfiguration;
        SamlConfigurationHelper.checkSamlConfiguration(this.samlConfiguration);
        SamlInitializer.initialize();
        this.interceptor = new SamlRequestCreationInterceptor();
        this.authnRequestGenerator = new AuthnRequestGenerator(this.samlConfiguration, this.interceptor);
    }

    public String createSamlRequestUrl(RequestData requestData) throws InvalidInputException, SamlRequestException {
        return createSamlRequestUrl(requestData, null, null);
    }

    public String createSamlRequestUrl(RequestData requestData, String str) throws InvalidInputException, SamlRequestException {
        return createSamlRequestUrl(requestData, str, null);
    }

    public String createSamlRequestUrl(RequestData requestData, String str, String str2) throws InvalidInputException, SamlRequestException {
        if (requestData == null) {
            throw new InvalidInputException("Request data may not be null.");
        }
        if (requestData.getUseEidas()) {
            throw new InvalidInputException("If eID authentication is used, the useEidas attribute must be set to false. Don't call the RequestData.useEidas() method.");
        }
        AuthnRequest generateAuthnRequest = this.authnRequestGenerator.generateAuthnRequest(requestData, str2);
        generateAuthnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        return marshallAndSignEidRequest(str, generateAuthnRequest);
    }

    public String createEidasSamlRequest(RequestData requestData) throws InvalidInputException, SamlRequestException {
        return createEidasSamlRequest(requestData, null);
    }

    public String createEidasSamlRequest(RequestData requestData, String str) throws InvalidInputException, SamlRequestException {
        if (requestData == null) {
            throw new InvalidInputException("Request data may not be null.");
        }
        if (!requestData.getUseEidas()) {
            throw new InvalidInputException("If eIDAS authentication is used, the useEidas attribute must be set to true by calling the RequestData.useEidas() method.");
        }
        AuthnRequest generateAuthnRequest = this.authnRequestGenerator.generateAuthnRequest(requestData, str);
        generateAuthnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        return marshallAndSignEidasRequest(generateAuthnRequest);
    }

    private String marshallAndSignEidasRequest(AuthnRequest authnRequest) throws SamlRequestException {
        try {
            XMLSignatureHandler.addSignature(authnRequest, this.samlConfiguration.getSamlKeyMaterial().getSamlRequestSigningPrivateKey(), this.samlConfiguration.getSamlKeyMaterial().getSamlRequestEncryptionCertificate(), XMLSignatureHandler.SigEntryType.CERTIFICATE);
            ArrayList arrayList = new ArrayList();
            arrayList.add(authnRequest.getSignature());
            Element marshallAuthnRequest = this.authnRequestGenerator.marshallAuthnRequest(authnRequest);
            Signer.signObjects(arrayList);
            return Base64.getMimeEncoder().encodeToString(XmlUtils.transformElement(marshallAuthnRequest).getBytes(StandardCharsets.UTF_8));
        } catch (Exception e) {
            throw new SamlRequestException("Unable to marshall saml request", e);
        }
    }

    private String marshallAndSignEidRequest(String str, AuthnRequest authnRequest) throws SamlRequestException {
        try {
            return SAMLUtils.signQueryParameter(this.samlConfiguration.getSamlEidServerConfiguration().getSamlRequestReceiverUrl(), true, this.interceptor.getDeflatedRequestModifier().apply(this.authnRequestGenerator.deflateAuthnRequest(this.interceptor.getMarshalledAuthnRequestModifier().apply(this.authnRequestGenerator.marshallAuthnRequest(this.interceptor.getAuthnRequestModifier().apply(authnRequest))))), str, this.samlConfiguration.getSamlKeyMaterial().getSamlRequestSigningPrivateKey(), this.interceptor.getNewSignatureDigestAlgo().apply("SHA-256"));
        } catch (Exception e) {
            throw new SamlRequestException("Could not generate saml request url.", e);
        }
    }

    public SamlRequestCreationInterceptor getSamlRequestCreationInterceptor() {
        return this.interceptor;
    }
}
