package org.openxri.server.impl;

import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.Properties;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xerces.dom.DocumentImpl;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.openxri.exceptions.ServerInternalException;
import org.openxri.pipeline.stages.AddXMLElementStage;
import org.openxri.saml.Assertion;
import org.openxri.saml.Attribute;
import org.openxri.saml.AttributeStatement;
import org.openxri.saml.Conditions;
import org.openxri.saml.NameID;
import org.openxri.saml.Subject;
import org.openxri.store.Authority;
import org.openxri.store.SubSegment;
import org.openxri.util.DOMUtils;
import org.openxri.xml.XRD;
import org.openxri.xml.XRDS;

/* loaded from: input_file:org/openxri/server/impl/TrustedServer.class */
public class TrustedServer extends BasicServer {
    protected static Log log = LogFactory.getLog(TrustedServer.class.getName());
    public static final String CONFIG_CERTIFICATE_LOCATION = "certificate.location";
    public static final String CONFIG_PRIVATE_KEY_LOCATION = "private.key.location";
    public static final String CONFIG_SAML_ISSUER = "saml.issuer";
    private String keyInfo;
    private String keyLocation;
    private String certificateLocation;
    private String samlIssuer;

    public TrustedServer(Properties properties) {
        super(properties);
    }

    @Override // org.openxri.server.impl.BasicServer, org.openxri.server.impl.AbstractServer, org.openxri.config.Component
    public void init() {
        super.init();
        this.keyLocation = this.properties.getProperty(CONFIG_PRIVATE_KEY_LOCATION);
        this.certificateLocation = this.properties.getProperty(CONFIG_CERTIFICATE_LOCATION);
        this.samlIssuer = this.properties.getProperty(CONFIG_SAML_ISSUER);
        X509Certificate[] certificateChain = getCertificateChain();
        try {
            DocumentImpl documentImpl = new DocumentImpl();
            KeyInfo keyInfo = new KeyInfo(documentImpl);
            X509Data x509Data = new X509Data(documentImpl);
            x509Data.addCertificate(certificateChain[certificateChain.length - 1]);
            keyInfo.add(x509Data);
            this.keyInfo = DOMUtils.toString(keyInfo.getElement(), false, true);
        } catch (Exception e) {
            log.warn("Unable to create KeyInfo object for local authorities");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.openxri.server.impl.BasicServer, org.openxri.server.impl.AbstractServer
    public boolean initXRDS(XRDS xrds, String str, boolean z) throws ServerInternalException {
        if (!z || getPrivateKey() != null) {
            return super.initXRDS(xrds, str, z);
        }
        ServerInternalException serverInternalException = new ServerInternalException("Server not configured for trusted resolution");
        log.warn(serverInternalException);
        throw serverInternalException;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.openxri.server.impl.BasicServer, org.openxri.server.impl.AbstractServer
    public void finishXRD(XRD xrd, Authority authority, SubSegment subSegment, Authority authority2, boolean z) throws ServerInternalException {
        super.finishXRD(xrd, authority, subSegment, authority2, z);
        xrd.genXmlID();
        if (!z || getPrivateKey() == null) {
            return;
        }
        try {
            xrd.setSAMLAssertion(createAssertion(xrd.getXmlID(), AddXMLElementStage.DEFAULT_ELEMENTVALUE, subSegment.getName()));
            xrd.sign(getPrivateKey());
        } catch (Exception e) {
            log.warn("Unable to sign descriptor: " + e);
        }
    }

    private Assertion createAssertion(String str, String str2, String str3) {
        log.debug("createAssertion(" + str + "," + str2 + "," + str3 + ")");
        Subject subject = new Subject();
        NameID nameID = new NameID("NameID");
        nameID.setNameQualifier(str2);
        nameID.setValue(str3);
        subject.setNameID(nameID);
        AttributeStatement attributeStatement = new AttributeStatement();
        Attribute attribute = new Attribute();
        attribute.setValue("#" + str);
        attribute.setName("xri://$xrd*($v*2.0)");
        attributeStatement.setAttribute(attribute);
        Conditions conditions = new Conditions();
        Assertion assertion = new Assertion();
        assertion.setIssueInstant(DOMUtils.toXMLDateTime(new Date()));
        NameID nameID2 = new NameID("Issuer");
        nameID2.setValue(this.samlIssuer);
        assertion.setIssuer(nameID2);
        assertion.setSubject(subject);
        assertion.setAttrStatement(attributeStatement);
        assertion.setConditions(conditions);
        log.debug("Done.");
        return assertion;
    }

    protected X509Certificate[] getCertificateChain() {
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(this.certificateLocation);
                Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream);
                X509Certificate[] x509CertificateArr = new X509Certificate[generateCertificates.size()];
                Iterator<? extends Certificate> it = generateCertificates.iterator();
                int i = 0;
                while (it.hasNext()) {
                    x509CertificateArr[i] = (X509Certificate) it.next();
                    i++;
                }
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e) {
                    }
                }
                return x509CertificateArr;
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e2) {
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            throw new RuntimeException("XRI Server Setup Error: Failed to read certificate chain: ", e3);
        }
    }

    protected PrivateKey getPrivateKey() {
        try {
            FileInputStream fileInputStream = new FileInputStream(this.keyLocation);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            for (int available = fileInputStream.available(); available > 0; available = fileInputStream.available()) {
                byte[] bArr = new byte[available];
                fileInputStream.read(bArr);
                byteArrayOutputStream.write(bArr);
            }
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(byteArrayOutputStream.toByteArray()));
        } catch (Exception e) {
            throw new RuntimeException("XRI Server Setup Error: Failed to read private key: ", e);
        }
    }
}
