package dk.digitalidentity.samlmodule.service.metadata;

import dk.digitalidentity.samlmodule.config.settings.DISAML_Configuration;
import dk.digitalidentity.samlmodule.service.DISAML_CredentialService;
import dk.digitalidentity.samlmodule.service.saml.DISAML_OpenSAMLHelperService;
import dk.digitalidentity.samlmodule.util.exceptions.InternalException;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml.saml2.metadata.ContactPerson;
import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration;
import org.opensaml.saml.saml2.metadata.EmailAddress;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.NameIDFormat;
import org.opensaml.saml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SSODescriptor;
import org.opensaml.saml.saml2.metadata.ServiceName;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.security.credential.UsageType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:dk/digitalidentity/samlmodule/service/metadata/DISAML_SPMetadataService.class */
public class DISAML_SPMetadataService {

    @Autowired
    private DISAML_Configuration configuration;

    @Autowired
    private DISAML_OpenSAMLHelperService samlHelper;

    @Autowired
    private DISAML_CredentialService credentialService;

    public EntityDescriptor getMetadata() throws InternalException {
        EntityDescriptor createEntityDescriptor = createEntityDescriptor();
        SPSSODescriptor sPSSODescriptor = (SPSSODescriptor) this.samlHelper.buildSAMLObject(SPSSODescriptor.class);
        createEntityDescriptor.getRoleDescriptors().add(sPSSODescriptor);
        sPSSODescriptor.addSupportedProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
        sPSSODescriptor.setAuthnRequestsSigned(true);
        sPSSODescriptor.setWantAssertionsSigned(true);
        NameIDFormat nameIDFormat = (NameIDFormat) this.samlHelper.buildSAMLObject(NameIDFormat.class);
        sPSSODescriptor.getNameIDFormats().add(nameIDFormat);
        nameIDFormat.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        ContactPerson contactPerson = (ContactPerson) this.samlHelper.buildSAMLObject(ContactPerson.class);
        sPSSODescriptor.getContactPersons().add(contactPerson);
        contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL);
        EmailAddress emailAddress = (EmailAddress) this.samlHelper.buildSAMLObject(EmailAddress.class);
        contactPerson.getEmailAddresses().add(emailAddress);
        emailAddress.setAddress(this.configuration.getSp().getTechnicalContactEmail());
        List keyDescriptors = sPSSODescriptor.getKeyDescriptors();
        keyDescriptors.add(getKeyDescriptor(UsageType.SIGNING));
        keyDescriptors.add(getKeyDescriptor(UsageType.ENCRYPTION));
        AssertionConsumerService assertionConsumerService = (AssertionConsumerService) this.samlHelper.buildSAMLObject(AssertionConsumerService.class);
        sPSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService);
        assertionConsumerService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        assertionConsumerService.setLocation(getAssertionConsumerService());
        assertionConsumerService.setIsDefault(true);
        assertionConsumerService.setIndex(0);
        SingleLogoutService singleLogoutService = (SingleLogoutService) this.samlHelper.buildSAMLObject(SingleLogoutService.class);
        sPSSODescriptor.getSingleLogoutServices().add(singleLogoutService);
        singleLogoutService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        singleLogoutService.setLocation(getLogoutEndpoint());
        singleLogoutService.setResponseLocation(getLogoutResponseEndpoint());
        SingleLogoutService singleLogoutService2 = (SingleLogoutService) this.samlHelper.buildSAMLObject(SingleLogoutService.class);
        sPSSODescriptor.getSingleLogoutServices().add(singleLogoutService2);
        singleLogoutService2.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        singleLogoutService2.setLocation(getLogoutEndpoint());
        singleLogoutService2.setResponseLocation(getLogoutResponseEndpoint());
        AttributeConsumingService attributeConsumingService = (AttributeConsumingService) this.samlHelper.buildSAMLObject(AttributeConsumingService.class);
        sPSSODescriptor.getAttributeConsumingServices().add(attributeConsumingService);
        attributeConsumingService.setIsDefault(true);
        ServiceName serviceName = (ServiceName) this.samlHelper.buildSAMLObject(ServiceName.class);
        serviceName.setXMLLang("da-DK");
        attributeConsumingService.getNames().add(serviceName);
        serviceName.setValue(this.configuration.getSp().getEntityId());
        List<RequestedAttribute> requestAttributes = attributeConsumingService.getRequestAttributes();
        createRequestedAttribute(requestAttributes, "https://data.gov.dk/model/core/specVersion", "SpecVer", true);
        createRequestedAttribute(requestAttributes, "https://data.gov.dk/concept/core/nsis/loa", "Level of Assurance", true);
        createRequestedAttribute(requestAttributes, "https://data.gov.dk/model/core/eid/cprNumber", "cpr", true);
        createRequestedAttribute(requestAttributes, "https://data.gov.dk/model/core/eid/professional/cvr", "CVRnumberIdentifier", false);
        createRequestedAttribute(requestAttributes, "https://data.gov.dk/model/core/eid/professional/orgName", "organizationName", false);
        return createEntityDescriptor;
    }

    public String getLogoutEndpoint() {
        return getUrl() + "/logout";
    }

    public String getLogoutResponseEndpoint() {
        return getUrl() + "/logout/response";
    }

    public String getAssertionConsumerService() {
        return getUrl() + "/login";
    }

    public SPSSODescriptor getSSODescriptor() throws InternalException {
        return getMetadata().getSPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
    }

    private void createRequestedAttribute(List<RequestedAttribute> list, String str, String str2, boolean z) {
        RequestedAttribute requestedAttribute = (RequestedAttribute) this.samlHelper.buildSAMLObject(RequestedAttribute.class);
        requestedAttribute.setIsRequired(Boolean.valueOf(z));
        requestedAttribute.setName(str);
        requestedAttribute.setFriendlyName(str2);
        requestedAttribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
        list.add(requestedAttribute);
    }

    private EntityDescriptor createEntityDescriptor() {
        EntityDescriptor entityDescriptor = (EntityDescriptor) this.samlHelper.buildSAMLObject(EntityDescriptor.class);
        entityDescriptor.setEntityID(this.configuration.getSp().getEntityId());
        entityDescriptor.setID("_" + UUID.nameUUIDFromBytes(this.configuration.getSp().getEntityId().getBytes()).toString());
        return entityDescriptor;
    }

    private KeyDescriptor getKeyDescriptor(UsageType usageType) throws InternalException {
        KeyDescriptor keyDescriptor = (KeyDescriptor) this.samlHelper.buildSAMLObject(KeyDescriptor.class);
        keyDescriptor.setUse(usageType);
        keyDescriptor.setKeyInfo(this.credentialService.getPublicKeyInfo());
        return keyDescriptor;
    }

    private String getUrl() {
        String baseUrl = this.configuration.getSp().getBaseUrl();
        if (baseUrl.endsWith("/")) {
            baseUrl = baseUrl.substring(0, baseUrl.length() - 1);
        }
        return baseUrl + this.configuration.getPages().getPrefix();
    }

    public SingleLogoutService getLogoutEndpoint(SSODescriptor sSODescriptor) throws InternalException {
        Optional findFirst = sSODescriptor.getSingleLogoutServices().stream().filter(singleLogoutService -> {
            return singleLogoutService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        }).findFirst();
        if (findFirst.isEmpty()) {
            throw new InternalException("Could not find SLO endpoint for Redirect binding in metadata");
        }
        return (SingleLogoutService) findFirst.get();
    }
}
