package org.wso2.carbon.identity.sso.saml.admin;

import java.io.File;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Hashtable;
import java.util.Map;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.X509V3CertificateGenerator;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO;
import org.wso2.carbon.identity.core.persistence.IdentityPersistenceManager;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderInfoDTO;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.session.UserRegistry;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.class */
public class SAMLSSOConfigAdmin {
    private static Log log = LogFactory.getLog(SAMLSSOConfigAdmin.class);
    private UserRegistry registry;

    public SAMLSSOConfigAdmin(Registry registry) {
        this.registry = (UserRegistry) registry;
    }

    public boolean addRelyingPartyServiceProvider(SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO) throws IdentityException {
        SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO = new SAMLSSOServiceProviderDO();
        sAMLSSOServiceProviderDO.setIssuer(sAMLSSOServiceProviderDTO.getIssuer());
        sAMLSSOServiceProviderDO.setAssertionConsumerUrl(sAMLSSOServiceProviderDTO.getAssertionConsumerUrl());
        sAMLSSOServiceProviderDO.setCertAlias(sAMLSSOServiceProviderDTO.getCertAlias());
        sAMLSSOServiceProviderDO.setUseFullyQualifiedUsername(sAMLSSOServiceProviderDTO.isUseFullyQualifiedUsername());
        sAMLSSOServiceProviderDO.setDoSingleLogout(sAMLSSOServiceProviderDTO.isDoSingleLogout());
        sAMLSSOServiceProviderDO.setLogoutURL(sAMLSSOServiceProviderDTO.getLogoutURL());
        sAMLSSOServiceProviderDO.setDoSignAssertions(sAMLSSOServiceProviderDTO.isDoSignAssertions());
        try {
            return IdentityPersistenceManager.getPersistanceManager().addServiceProvider(this.registry, sAMLSSOServiceProviderDO);
        } catch (IdentityException e) {
            log.error("Error obtaining a registry for adding a new service provider", e);
            throw new IdentityException("Error obtaining a registry for adding a new service provider", e);
        }
    }

    public SAMLSSOServiceProviderInfoDTO getServiceProviders() throws IdentityException {
        try {
            SAMLSSOServiceProviderDO[] serviceProviders = IdentityPersistenceManager.getPersistanceManager().getServiceProviders(this.registry);
            SAMLSSOServiceProviderDTO[] sAMLSSOServiceProviderDTOArr = new SAMLSSOServiceProviderDTO[serviceProviders.length];
            for (int i = 0; i < serviceProviders.length; i++) {
                SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO = serviceProviders[i];
                SAMLSSOServiceProviderDTO sAMLSSOServiceProviderDTO = new SAMLSSOServiceProviderDTO();
                sAMLSSOServiceProviderDTO.setIssuer(sAMLSSOServiceProviderDO.getIssuer());
                sAMLSSOServiceProviderDTO.setAssertionConsumerUrl(sAMLSSOServiceProviderDO.getAssertionConsumerUrl());
                sAMLSSOServiceProviderDTO.setCertAlias(sAMLSSOServiceProviderDO.getCertAlias());
                sAMLSSOServiceProviderDTOArr[i] = sAMLSSOServiceProviderDTO;
            }
            SAMLSSOServiceProviderInfoDTO sAMLSSOServiceProviderInfoDTO = new SAMLSSOServiceProviderInfoDTO();
            sAMLSSOServiceProviderInfoDTO.setServiceProviders(sAMLSSOServiceProviderDTOArr);
            if (this.registry.getTenantId() == 0) {
                sAMLSSOServiceProviderInfoDTO.setTenantZero(true);
            }
            return sAMLSSOServiceProviderInfoDTO;
        } catch (IdentityException e) {
            log.error("Error obtaining a registry intance for reading service provider list", e);
            throw new IdentityException("Error obtaining a registry intance for reading service provider list", e);
        }
    }

    public boolean removeServiceProvider(String str) throws IdentityException {
        try {
            return IdentityPersistenceManager.getPersistanceManager().removeServiceProvider(this.registry, str);
        } catch (IdentityException e) {
            log.error("Error removing a Service Provider");
            throw new IdentityException("Error removing a Service Provider", e);
        }
    }

    private String generateKeyPair() throws Exception {
        String domain = SAMLSSOUtil.getRealmService().getTenantManager().getDomain(this.registry.getTenantId());
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        KeyStoreManager keyStoreManager = KeyStoreManager.getInstance((UserRegistry) null);
        KeyStore keyStore = keyStoreManager.getKeyStore("userSSO.jks");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(new SecureRandom().nextInt()));
        x509V3CertificateGenerator.setIssuerDN(new X509Principal("CN=" + domain + ", OU=None, O=None L=None, C=None"));
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - 2592000000L));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 315360000000L));
        x509V3CertificateGenerator.setSubjectDN(new X509Principal("CN=" + domain + ", OU=None, O=None L=None, C=None"));
        x509V3CertificateGenerator.setPublicKey(generateKeyPair.getPublic());
        x509V3CertificateGenerator.setSignatureAlgorithm("MD5WithRSAEncryption");
        X509Certificate generateX509Certificate = x509V3CertificateGenerator.generateX509Certificate(generateKeyPair.getPrivate());
        String bigInteger = new BigInteger(130, new SecureRandom()).toString(12);
        String substring = bigInteger.substring(bigInteger.length() - 10, bigInteger.length());
        keyStore.setKeyEntry(new Integer(this.registry.getTenantId()).toString(), generateKeyPair.getPrivate(), substring.toCharArray(), new Certificate[]{generateX509Certificate});
        keyStoreManager.updateKeyStore("userSSO.jks", keyStore);
        String dumpPubCert = dumpPubCert(MessageContext.getCurrentMessageContext().getConfigurationContext(), generateX509Certificate.getEncoded(), null);
        Resource newResource = this.registry.newResource();
        newResource.setContent(generateX509Certificate.getEncoded());
        newResource.addProperty("pub-Key-file-path", dumpPubCert);
        newResource.addProperty("private-key-password", substring);
        this.registry.put("/repository/identity/generated-key", newResource);
        newResource.discard();
        return dumpPubCert;
    }

    private String dumpPubCert(ConfigurationContext configurationContext, byte[] bArr, String str) {
        String str2 = (String) configurationContext.getProperty("WORK_DIR");
        File file = new File(str2 + File.separator + "pub_certs");
        if (str == null) {
            str = String.valueOf(System.currentTimeMillis() + Math.random()) + ".cert";
        }
        if (!file.exists()) {
            file.mkdirs();
        }
        String str3 = str2 + File.separator + "pub_certs" + File.separator + str;
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(str3);
            fileOutputStream.write(bArr);
            fileOutputStream.flush();
            fileOutputStream.close();
            Map map = (Map) configurationContext.getProperty("file.resource.map");
            if (map == null) {
                map = new Hashtable();
                configurationContext.setProperty("file.resource.map", map);
            }
            map.put(str, str3);
            return "/filedownload?id=" + str;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private String getPubKeyFilePath() throws Exception {
        if (!this.registry.resourceExists("/repository/identity/generated-key")) {
            return null;
        }
        Resource resource = this.registry.get("/repository/identity/generated-key");
        String property = resource.getProperty("pub-Key-file-path");
        verifyCertExistence(property, (byte[]) resource.getContent(), MessageContext.getCurrentMessageContext().getConfigurationContext());
        return property;
    }

    private void verifyCertExistence(String str, byte[] bArr, ConfigurationContext configurationContext) {
        String substring = str.substring("/filedownload?id=".length(), str.length());
        File file = new File(((String) configurationContext.getProperty("WORK_DIR")) + File.separator + "pub_certs" + File.separator + substring);
        if (!file.exists()) {
            dumpPubCert(configurationContext, bArr, substring);
            return;
        }
        Map map = (Map) configurationContext.getProperty("file.resource.map");
        if (map == null) {
            map = new Hashtable();
            configurationContext.setProperty("file.resource.map", map);
        }
        if (map.get(substring) == null) {
            map.put(substring, file);
        }
    }
}
