package se.signatureservice.support.utils;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.UUID;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.util.encoders.Hex;
import org.certificateservices.messages.MessageContentException;
import org.certificateservices.messages.MessageProcessingException;
import org.certificateservices.messages.MessageSecurityProvider;
import org.certificateservices.messages.SimpleMessageSecurityProvider;
import org.certificateservices.messages.authcontsaci1.AuthContSaciMessageParser;
import org.certificateservices.messages.authcontsaci1.jaxb.AttributeMappingType;
import org.certificateservices.messages.authcontsaci1.jaxb.SAMLAuthContextType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.signatureservice.support.api.ErrorCode;
import se.signatureservice.support.api.v2.PreparedSignatureResponse;
import se.signatureservice.support.api.v2.ServerErrorException;
import se.signatureservice.support.api.v2.V2SupportServiceAPI;
import se.signatureservice.support.system.SupportAPIConfiguration;
import se.signatureservice.support.system.SupportAPIProfile;

/* loaded from: input_file:se/signatureservice/support/utils/SupportLibraryUtils.class */
public class SupportLibraryUtils {
    public static final String OID_AUTHCONTEXT_EXTENTION = "1.2.752.201.5.1";
    private static final Logger log = LoggerFactory.getLogger(V2SupportServiceAPI.class);

    public static MessageSecurityProvider createSimpleMessageSecurityProvider(String str, String str2, String str3, String str4, String str5) throws MessageProcessingException {
        Properties properties = new Properties();
        properties.setProperty("simplesecurityprovider.signingkeystore.path", str);
        properties.setProperty("simplesecurityprovider.signingkeystore.password", str2);
        properties.setProperty("simplesecurityprovider.signingkeystore.alias", str3);
        properties.setProperty("simplesecurityprovider.trustkeystore.path", str4);
        properties.setProperty("simplesecurityprovider.trustkeystore.password", str5);
        properties.setProperty("simplesecurityprovider.encryption.algorithm", "RSA_PKCS1_5_WITH_AES256");
        return new SimpleMessageSecurityProvider(properties);
    }

    public static String generateTransactionId() {
        return UUID.randomUUID().toString();
    }

    public static String generateReferenceId() {
        return UUID.randomUUID().toString();
    }

    public static String generateStrongReferenceId(String str, String str2) throws ServerErrorException {
        if (str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            throw ((ServerErrorException) ErrorCode.INTERNAL_ERROR.toException("Transaction ID and/or reference ID is empty or null. Cannot calculate strong reference ID."));
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(str.getBytes(StandardCharsets.UTF_8));
            messageDigest.update(str2.getBytes(StandardCharsets.UTF_8));
            return Hex.toHexString(messageDigest.digest()).toLowerCase();
        } catch (NoSuchAlgorithmException e) {
            throw ((ServerErrorException) ErrorCode.INTERNAL_ERROR.toException("Failed to calculate strong reference ID: " + e.getMessage()));
        }
    }

    public static String getUserIdFromAuthContext(SAMLAuthContextType sAMLAuthContextType, SupportAPIProfile supportAPIProfile) {
        if (supportAPIProfile.getUserIdAttributeMapping() != null) {
            log.warn("Profile configuration 'userIdAttributeMapping' is deprecated. Please remove it and use 'defaultUserIdAttributeMapping' instead.");
        }
        return getAttributeValueFromAuthContext(sAMLAuthContextType, supportAPIProfile.getDefaultUserIdAttributeMapping() != null ? supportAPIProfile.getDefaultUserIdAttributeMapping() : supportAPIProfile.getUserIdAttributeMapping());
    }

    public static String getDisplayNameFromAuthContext(SAMLAuthContextType sAMLAuthContextType) {
        String attributeValueFromAuthContext = getAttributeValueFromAuthContext(sAMLAuthContextType, "urn:oid:2.16.840.1.113730.3.1.241");
        if (attributeValueFromAuthContext == null) {
            String attributeValueFromAuthContext2 = getAttributeValueFromAuthContext(sAMLAuthContextType, "urn:oid:2.5.4.42");
            String attributeValueFromAuthContext3 = getAttributeValueFromAuthContext(sAMLAuthContextType, "urn:oid:2.5.4.4");
            attributeValueFromAuthContext = (attributeValueFromAuthContext2 == null || attributeValueFromAuthContext3 == null) ? attributeValueFromAuthContext2 : attributeValueFromAuthContext2 + " " + attributeValueFromAuthContext3;
        }
        return attributeValueFromAuthContext;
    }

    public static String getLevelOfAssuranceFromAuthContext(SupportAPIConfiguration supportAPIConfiguration, SAMLAuthContextType sAMLAuthContextType) throws ServerErrorException {
        String str = null;
        if (supportAPIConfiguration.getAuthContextMappings() == null) {
            throw ((ServerErrorException) ErrorCode.INVALID_CONFIGURATION.toException("No mapping between authentication contexts and level of assurance have been added."));
        }
        if (sAMLAuthContextType != null) {
            String authnContextClassRef = sAMLAuthContextType.getAuthContextInfo().getAuthnContextClassRef();
            Iterator<Map.Entry<String, Map>> it = supportAPIConfiguration.getAuthContextMappings().entrySet().iterator();
            while (it.hasNext()) {
                Iterator it2 = it.next().getValue().entrySet().iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    Object next = it2.next();
                    if (next instanceof Map) {
                        Map map = (Map) next;
                        if (map.get("context") != null) {
                            str = (String) map.get("loa");
                            break;
                        }
                    }
                }
                if (str != null) {
                    break;
                }
            }
            if (str == null) {
                str = authnContextClassRef;
            }
        }
        return str;
    }

    static String getAttributeValueFromAuthContext(SAMLAuthContextType sAMLAuthContextType, String str) {
        String str2 = null;
        if (sAMLAuthContextType != null) {
            Iterator it = sAMLAuthContextType.getIdAttributes().getAttributeMapping().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                AttributeMappingType attributeMappingType = (AttributeMappingType) it.next();
                if (attributeMappingType.getAttribute().getName().equals(str) && attributeMappingType.getAttribute().getAttributeValue().size() > 0) {
                    str2 = attributeMappingType.getAttribute().getAttributeValue().get(0).toString();
                    break;
                }
            }
        }
        return str2;
    }

    public static SAMLAuthContextType getAuthContextFromCertificate(AuthContSaciMessageParser authContSaciMessageParser, X509Certificate x509Certificate) throws IOException, MessageContentException, MessageProcessingException {
        String str = null;
        byte[] extensionValue = x509Certificate.getExtensionValue(OID_AUTHCONTEXT_EXTENTION);
        if (extensionValue == null) {
            return null;
        }
        ASN1Sequence readObject = new ASN1InputStream(new ByteArrayInputStream(new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject().getOctets())).readObject();
        if (readObject != null && readObject.size() == 1) {
            ASN1Sequence objectAt = readObject.getObjectAt(0);
            if (objectAt.size() == 2) {
                str = objectAt.getObjectAt(1).toString();
            }
        }
        if (str != null) {
            return authContSaciMessageParser.parse(str.getBytes("UTF-8"));
        }
        return null;
    }

    public static String generateRedirectHtml(PreparedSignatureResponse preparedSignatureResponse) {
        StringBuilder sb = new StringBuilder();
        sb.append("<html>\n");
        sb.append("<body onload=\"document.forms[0].submit()\">\n");
        sb.append("<center>Processing signature...</center>\n");
        sb.append("<form method=\"post\" action=\"" + preparedSignatureResponse.getActionURL() + "\" style=\"display: none;\">\n");
        sb.append("<input type=\"hidden\" name=\"RelayState\" value=\"" + preparedSignatureResponse.getTransactionId() + "\" />\n");
        sb.append("<input type=\"hidden\" name=\"EidSignRequest\" value=\"" + preparedSignatureResponse.getSignRequest() + "\" />\n");
        sb.append("<input type=\"submit\" value=\"Submit\" />\n");
        sb.append("</form>\n");
        sb.append("</body>\n");
        sb.append("</html>\n");
        return sb.toString();
    }
}
