package com.mulesoft.connectors.salesforce.composite.internal.connection.provider;

import com.google.common.collect.ImmutableMap;
import com.mulesoft.connectors.salesforce.composite.internal.connection.SalesforceCompositeConnection;
import com.mulesoft.connectors.salesforce.composite.internal.connection.param.OAuthSamlParams;
import com.mulesoft.connectors.salesforce.composite.internal.error.CompositeErrorType;
import com.mulesoft.connectors.salesforce.composite.internal.model.AuthParams;
import com.mulesoft.connectors.salesforce.composite.internal.service.connection.oauth.SignerService;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.util.UUID;
import java.util.concurrent.TimeoutException;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.apache.commons.codec.binary.Base64;
import org.joda.time.DateTime;
import org.mule.connectors.commons.template.connection.ConnectorConnection;
import org.mule.runtime.api.connection.CachedConnectionProvider;
import org.mule.runtime.api.connection.ConnectionException;
import org.mule.runtime.api.connection.ConnectionValidationResult;
import org.mule.runtime.extension.api.annotation.Alias;
import org.mule.runtime.extension.api.annotation.param.ParameterGroup;
import org.mule.runtime.extension.api.annotation.param.display.DisplayName;
import org.mule.runtime.extension.api.annotation.param.display.Placement;
import org.mule.runtime.extension.api.exception.ModuleException;
import org.mule.runtime.http.api.HttpConstants;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.config.InitializationService;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Audience;
import org.opensaml.saml.saml2.core.AudienceRestriction;
import org.opensaml.saml.saml2.core.AuthnContext;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.core.SubjectConfirmationData;

@DisplayName("OAuth SAML")
@Alias("oauth-saml")
/* loaded from: input_file:com/mulesoft/connectors/salesforce/composite/internal/connection/provider/OAuthSamlConnectionProvider.class */
public class OAuthSamlConnectionProvider extends AbstractOAuthBearerConnectionProvider implements CachedConnectionProvider<SalesforceCompositeConnection> {

    @Placement(order = 2)
    @ParameterGroup(name = "Connection")
    private OAuthSamlParams oAuthSamlParams;

    @Override // com.mulesoft.connectors.salesforce.composite.internal.connection.provider.AbstractOAuthBearerConnectionProvider
    protected InputStream preAuthorize() throws TimeoutException {
        try {
            InputStream keyStoreResourceStream = getKeyStoreResourceStream(this.oAuthSamlParams.getKeyStore());
            Throwable th = null;
            try {
                InitializationService.initialize();
                XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
                NameID buildObject = builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME).buildObject();
                buildObject.setValue(this.oAuthSamlParams.getPrincipal());
                buildObject.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
                SubjectConfirmationData buildObject2 = builderFactory.getBuilder(SubjectConfirmationData.DEFAULT_ELEMENT_NAME).buildObject();
                DateTime minusMinutes = new DateTime().minusMinutes(1);
                DateTime plusMinutes = minusMinutes.plusMinutes(5);
                buildObject2.setNotOnOrAfter(plusMinutes);
                buildObject2.setRecipient(computeBaseUrl(this.oAuthSamlParams.getTokenEndpoint()));
                SubjectConfirmation buildObject3 = builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME).buildObject();
                buildObject3.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
                buildObject3.setSubjectConfirmationData(buildObject2);
                Subject buildObject4 = builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME).buildObject();
                buildObject4.setNameID(buildObject);
                buildObject4.getSubjectConfirmations().add(buildObject3);
                AuthnContextClassRef buildObject5 = builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME).buildObject();
                buildObject5.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
                AuthnContext buildObject6 = builderFactory.getBuilder(AuthnContext.DEFAULT_ELEMENT_NAME).buildObject();
                buildObject6.setAuthnContextClassRef(buildObject5);
                AuthnStatement buildObject7 = builderFactory.getBuilder(AuthnStatement.DEFAULT_ELEMENT_NAME).buildObject();
                buildObject7.setAuthnInstant(minusMinutes);
                buildObject7.setAuthnContext(buildObject6);
                Audience buildObject8 = builderFactory.getBuilder(Audience.DEFAULT_ELEMENT_NAME).buildObject();
                buildObject8.setAudienceURI(this.oAuthSamlParams.getTokenEndpoint());
                AudienceRestriction buildObject9 = builderFactory.getBuilder(AudienceRestriction.DEFAULT_ELEMENT_NAME).buildObject();
                buildObject9.getAudiences().add(buildObject8);
                Conditions buildObject10 = builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME).buildObject();
                buildObject10.setNotBefore(minusMinutes);
                buildObject10.setNotOnOrAfter(plusMinutes);
                buildObject10.getConditions().add(buildObject9);
                Issuer buildObject11 = builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME).buildObject();
                buildObject11.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
                buildObject11.setValue(this.oAuthSamlParams.getConsumerKey());
                SignableSAMLObject signableSAMLObject = (Assertion) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME).buildObject();
                signableSAMLObject.setIssuer(buildObject11);
                signableSAMLObject.setIssueInstant(minusMinutes);
                signableSAMLObject.setVersion(SAMLVersion.VERSION_20);
                signableSAMLObject.setSubject(buildObject4);
                signableSAMLObject.getAuthnStatements().add(buildObject7);
                signableSAMLObject.setConditions(buildObject10);
                signableSAMLObject.setID(UUID.randomUUID().toString());
                new SignerService().signSAMLObject(signableSAMLObject, keyStoreResourceStream, KeyStore.getDefaultType(), this.oAuthSamlParams.getStorePassword().toCharArray(), this.oAuthSamlParams.getCertificateAlias());
                InputStream sendAuthorizationRequest = sendAuthorizationRequest(this.oAuthSamlParams.getTokenEndpoint(), "urn:ietf:params:oauth:grant-type:saml2-bearer", Base64.encodeBase64URLSafeString(SerializeSupport.nodeToString(XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(signableSAMLObject).marshall(signableSAMLObject)).getBytes(StandardCharsets.UTF_8)));
                if (keyStoreResourceStream != null) {
                    if (0 != 0) {
                        try {
                            keyStoreResourceStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        keyStoreResourceStream.close();
                    }
                }
                return sendAuthorizationRequest;
            } finally {
            }
        } catch (MarshallingException | InitializationException | IOException | KeyManagementException | NoSuchAlgorithmException e) {
            throw new ModuleException("Failed generating SAML token", CompositeErrorType.CONNECTIVITY, e);
        }
    }

    private InputStream sendAuthorizationRequest(String str, String str2, String str3) throws IOException, TimeoutException {
        return getHttpClientService().sendRequest(str, HttpConstants.Method.POST, this.mapToInputStreamTransformer.transform(ImmutableMap.of(AuthParams.GRANT_TYPE, str2, "assertion", str3)), ImmutableMap.of("Content-Type", "application/x-www-form-urlencoded", "charset", StandardCharsets.UTF_8.name(), "Accept-Encoding", "gzip, deflate, sdch")).getContent();
    }

    public /* bridge */ /* synthetic */ ConnectionValidationResult validate(Object obj) {
        return super.validate((ConnectorConnection) obj);
    }

    public /* bridge */ /* synthetic */ void disconnect(Object obj) {
        super.disconnect((ConnectorConnection) obj);
    }

    public /* bridge */ /* synthetic */ Object connect() throws ConnectionException {
        return super.connect();
    }
}
