package org.mule.modules.salesforce.analytics.internal.connection.service;

import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.text.MessageFormat;
import java.util.UUID;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.apache.commons.codec.binary.Base64;
import org.joda.time.DateTime;
import org.mule.modules.salesforce.analytics.internal.error.AnalyticsErrorType;
import org.mule.modules.salesforce.analytics.internal.error.exception.AnalyticsException;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.config.InitializationService;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Audience;
import org.opensaml.saml.saml2.core.AudienceRestriction;
import org.opensaml.saml.saml2.core.AuthnContext;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.NameIDType;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.core.SubjectConfirmationData;

/* loaded from: input_file:repository/com/mulesoft/connectors/mule-sfdc-analytics-connector/3.17.1/mule-sfdc-analytics-connector-3.17.1-mule-plugin.jar:org/mule/modules/salesforce/analytics/internal/connection/service/OAuthTokenGeneratorService.class */
public class OAuthTokenGeneratorService {
    private static final String JWT_ALLOWED_ALG = "SHA256WithRSA";
    private SignerService signerService = new SignerService();

    public String generateSAMLToken(String str, String str2, String str3, String str4, InputStream inputStream, char[] cArr) {
        try {
            InitializationService.initialize();
            XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
            NameID nameID = (NameID) ((SAMLObjectBuilder) builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME)).buildObject();
            nameID.setValue(str2);
            nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
            SubjectConfirmationData subjectConfirmationData = (SubjectConfirmationData) ((SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmationData.DEFAULT_ELEMENT_NAME)).buildObject();
            DateTime minusMinutes = new DateTime().minusMinutes(1);
            DateTime plusMinutes = minusMinutes.plusMinutes(5);
            subjectConfirmationData.setNotOnOrAfter(plusMinutes);
            subjectConfirmationData.setRecipient(str3);
            SubjectConfirmation subjectConfirmation = (SubjectConfirmation) ((SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME)).buildObject();
            subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
            subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
            Subject subject = (Subject) ((SAMLObjectBuilder) builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME)).buildObject();
            subject.setNameID(nameID);
            subject.getSubjectConfirmations().add(subjectConfirmation);
            AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) ((SAMLObjectBuilder) builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME)).buildObject();
            authnContextClassRef.setAuthnContextClassRef(AuthnContext.UNSPECIFIED_AUTHN_CTX);
            AuthnContext authnContext = (AuthnContext) ((SAMLObjectBuilder) builderFactory.getBuilder(AuthnContext.DEFAULT_ELEMENT_NAME)).buildObject();
            authnContext.setAuthnContextClassRef(authnContextClassRef);
            AuthnStatement authnStatement = (AuthnStatement) ((SAMLObjectBuilder) builderFactory.getBuilder(AuthnStatement.DEFAULT_ELEMENT_NAME)).buildObject();
            authnStatement.setAuthnInstant(minusMinutes);
            authnStatement.setAuthnContext(authnContext);
            Audience audience = (Audience) ((SAMLObjectBuilder) builderFactory.getBuilder(Audience.DEFAULT_ELEMENT_NAME)).buildObject();
            audience.setAudienceURI(str4);
            AudienceRestriction audienceRestriction = (AudienceRestriction) ((SAMLObjectBuilder) builderFactory.getBuilder(AudienceRestriction.DEFAULT_ELEMENT_NAME)).buildObject();
            audienceRestriction.getAudiences().add(audience);
            Conditions conditions = (Conditions) ((SAMLObjectBuilder) builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME)).buildObject();
            conditions.setNotBefore(minusMinutes);
            conditions.setNotOnOrAfter(plusMinutes);
            conditions.getConditions().add(audienceRestriction);
            Issuer issuer = (Issuer) ((SAMLObjectBuilder) builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME)).buildObject();
            issuer.setFormat(NameIDType.ENTITY);
            issuer.setValue(str);
            Assertion assertion = (Assertion) ((SAMLObjectBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME)).buildObject();
            assertion.setIssuer(issuer);
            assertion.setIssueInstant(minusMinutes);
            assertion.setVersion(SAMLVersion.VERSION_20);
            assertion.setSubject(subject);
            assertion.getAuthnStatements().add(authnStatement);
            assertion.setConditions(conditions);
            assertion.setID(UUID.randomUUID().toString());
            validateKeystoreInfo(inputStream, cArr);
            this.signerService.signSAMLObject(assertion, inputStream, KeyStore.getDefaultType(), cArr);
            return Base64.encodeBase64URLSafeString(SerializeSupport.nodeToString(XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(assertion).marshall(assertion)).getBytes(StandardCharsets.UTF_8));
        } catch (InitializationException | MarshallingException e) {
            throw new AnalyticsException("Failed generating SAML token " + e.getMessage(), AnalyticsErrorType.CONNECTIVITY);
        }
    }

    private void validateKeystoreInfo(InputStream inputStream, char[] cArr) {
        if (inputStream == null) {
            throw new AnalyticsException("Invalid key store stream. It can not be null.", AnalyticsErrorType.CONNECTIVITY);
        }
        if (cArr == null) {
            throw new AnalyticsException("Invalid key store password. It can not be null.", AnalyticsErrorType.CONNECTIVITY);
        }
    }

    public String generateJWTToken(String str, String str2, String str3, InputStream inputStream, char[] cArr) {
        StringBuilder sb = new StringBuilder();
        sb.append(Base64.encodeBase64URLSafeString("{\"alg\":\"RS256\"}".getBytes(StandardCharsets.UTF_8)));
        sb.append(".");
        sb.append(Base64.encodeBase64URLSafeString(new MessageFormat("'{'\"iss\": \"{0}\", \"prn\": \"{1}\", \"aud\": \"{2}\", \"exp\": \"{3}\"'}'").format(new String[]{str, str2, str3, Long.toString((System.currentTimeMillis() / 1000) + 300)}).getBytes(StandardCharsets.UTF_8)));
        validateKeystoreInfo(inputStream, cArr);
        String encodeBase64URLSafeString = Base64.encodeBase64URLSafeString(this.signerService.signPayload(JWT_ALLOWED_ALG, sb.toString().getBytes(StandardCharsets.UTF_8), inputStream, KeyStore.getDefaultType(), cArr));
        sb.append(".");
        sb.append(encodeBase64URLSafeString);
        return sb.toString();
    }
}
