package se.litsec.swedisheid.opensaml.saml2.signservice;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.util.Base64URL;
import java.io.IOException;
import java.security.SignatureException;
import java.util.Base64;
import org.apache.commons.lang.RandomStringUtils;
import org.opensaml.security.x509.X509Credential;
import se.litsec.swedisheid.opensaml.saml2.signservice.sap.SAD;
import se.litsec.swedisheid.opensaml.saml2.signservice.sap.SADVersion;

/* loaded from: input_file:se/litsec/swedisheid/opensaml/saml2/signservice/SADFactory.class */
public class SADFactory {
    public static final int DEFAULT_VALIDITY_TIME = 300;
    public static final String DEFAULT_USER_ID_ATTRIBUTE_NAME = "urn:oid:1.2.752.29.4.13";
    public static final int DEFAULT_JWT_ID_SIZE = 24;
    public static final String DEFAULT_JWT_SIGNING_ALGORITHM = JWSAlgorithm.RS256.getName();
    private String idpEntityID;
    private X509Credential signingCredential;
    private int validityTime = DEFAULT_VALIDITY_TIME;
    private String userIdAttributeName = "urn:oid:1.2.752.29.4.13";
    private int jwtIdSize = 24;
    private String jwtSigningAlgorithm = DEFAULT_JWT_SIGNING_ALGORITHM;

    /* loaded from: input_file:se/litsec/swedisheid/opensaml/saml2/signservice/SADFactory$SADBuilder.class */
    public static class SADBuilder {
        private final SADFactory sadFactory;
        private SAD sad = new SAD();

        SADBuilder(SADFactory sADFactory) {
            this.sadFactory = sADFactory;
            this.sad.setIssuer(sADFactory.idpEntityID);
            this.sad.setSeElnSadext(new SAD.Extension());
            this.sad.getSeElnSadext().setAttributeName(sADFactory.userIdAttributeName);
        }

        public SAD buildSAD() {
            if (this.sad.getJwtId() == null) {
                this.sad.setJwtId(RandomStringUtils.random(this.sadFactory.jwtIdSize, true, true));
            }
            this.sad.setIssuedAt(Integer.valueOf((int) (System.currentTimeMillis() / 1000)));
            this.sad.setExpiry(Integer.valueOf(this.sad.getIssuedAt().intValue() + this.sadFactory.validityTime));
            if (this.sad.getSeElnSadext().getVersion() == null) {
                this.sad.getSeElnSadext().setVersion(SADVersion.VERSION_10.toString());
            }
            return this.sad;
        }

        public String buildJwt() throws IOException, SignatureException {
            return this.sadFactory.createJwt(buildSAD());
        }

        public SADBuilder subject(String str) {
            this.sad.setSubject(str);
            return this;
        }

        public SADBuilder audience(String str) {
            this.sad.setAudience(str);
            return this;
        }

        public SADBuilder jwtId(String str) {
            this.sad.setJwtId(str);
            return this;
        }

        public SADBuilder version(SADVersion sADVersion) {
            this.sad.getSeElnSadext().setVersion(sADVersion.toString());
            return this;
        }

        public SADBuilder inResponseTo(String str) {
            this.sad.getSeElnSadext().setInResponseTo(str);
            return this;
        }

        public SADBuilder loa(String str) {
            this.sad.getSeElnSadext().setLoa(str);
            return this;
        }

        public SADBuilder requestID(String str) {
            this.sad.getSeElnSadext().setRequestID(str);
            return this;
        }

        public SADBuilder numberOfDocuments(int i) {
            this.sad.getSeElnSadext().setNumberOfDocuments(Integer.valueOf(i));
            return this;
        }
    }

    public SADFactory(String str, X509Credential x509Credential) {
        this.idpEntityID = str;
        this.signingCredential = x509Credential;
    }

    public SADBuilder getBuilder() {
        return new SADBuilder(this);
    }

    public String createJwt(SAD sad) throws IOException, SignatureException {
        try {
            JWSObject jWSObject = new JWSObject(new JWSHeader.Builder(new JWSAlgorithm(this.jwtSigningAlgorithm)).type(JOSEObjectType.JWT).build(), new Payload(new Base64URL(Base64.getUrlEncoder().withoutPadding().encodeToString(sad.toJsonBytes()))));
            jWSObject.sign(new RSASSASigner(this.signingCredential.getPrivateKey()));
            return jWSObject.serialize();
        } catch (JOSEException e) {
            throw new SignatureException("Failed to sign JWT", e);
        }
    }

    public void setValidityTime(int i) {
        if (i < 1) {
            throw new IllegalArgumentException("seconds must be a positive integer");
        }
        this.validityTime = i;
    }

    public void setUserIdAttributeName(String str) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("userIdAttributeName must not be null or empty");
        }
        this.userIdAttributeName = str;
    }

    public void setJwtIdSize(int i) {
        if (i < 12) {
            throw new IllegalArgumentException("The jwtIdSize must be at least 12 characters");
        }
        this.jwtIdSize = i;
    }

    public void setJwtSigningAlgorithm(String str) {
        this.jwtSigningAlgorithm = str;
    }
}
