package org.mule.modules.salesforce.config;

import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.KeyStore;
import java.text.MessageFormat;
import java.util.UUID;
import org.apache.commons.codec.binary.Base64;
import org.joda.time.DateTime;
import org.mule.extension.salesforce.internal.service.exception.SalesforceException;
import org.mule.extension.salesforce.internal.service.soap.SalesforceUtils;
import org.opensaml.DefaultBootstrap;
import org.opensaml.common.SAMLVersion;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Audience;
import org.opensaml.saml2.core.AudienceRestriction;
import org.opensaml.saml2.core.AuthnContext;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Conditions;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.util.XMLHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/mule/modules/salesforce/config/OAuthTokenGeneratorService.class */
public class OAuthTokenGeneratorService {
    private static final Logger logger = LoggerFactory.getLogger(OAuthTokenGeneratorService.class);
    private static final String JWT_ALLOWED_ALG = "SHA256WithRSA";
    public static final String SAML_TOKEN_EXCEPTION_MESSAGE = "Failed generating SAML token";
    public static final String JWT_TOKEN_EXCEPTION_MESSAGE = "Failed generating JWT token";

    public String generateSAMLToken(String str, String str2, String str3, String str4, InputStream inputStream, char[] cArr) throws SalesforceException {
        try {
            DefaultBootstrap.bootstrap();
            XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
            NameID buildObject = builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject.setValue(str2);
            buildObject.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
            SubjectConfirmationData buildObject2 = builderFactory.getBuilder(SubjectConfirmationData.DEFAULT_ELEMENT_NAME).buildObject();
            DateTime minusMinutes = new DateTime().minusMinutes(1);
            DateTime plusMinutes = minusMinutes.plusMinutes(5);
            buildObject2.setNotOnOrAfter(plusMinutes);
            buildObject2.setRecipient(str3);
            SubjectConfirmation buildObject3 = builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject3.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
            buildObject3.setSubjectConfirmationData(buildObject2);
            Subject buildObject4 = builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject4.setNameID(buildObject);
            buildObject4.getSubjectConfirmations().add(buildObject3);
            AuthnContextClassRef buildObject5 = builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject5.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
            AuthnContext buildObject6 = builderFactory.getBuilder(AuthnContext.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject6.setAuthnContextClassRef(buildObject5);
            AuthnStatement buildObject7 = builderFactory.getBuilder(AuthnStatement.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject7.setAuthnInstant(minusMinutes);
            buildObject7.setAuthnContext(buildObject6);
            Audience buildObject8 = builderFactory.getBuilder(Audience.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject8.setAudienceURI(str4);
            AudienceRestriction buildObject9 = builderFactory.getBuilder(AudienceRestriction.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject9.getAudiences().add(buildObject8);
            Conditions buildObject10 = builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject10.setNotBefore(minusMinutes);
            buildObject10.setNotOnOrAfter(plusMinutes);
            buildObject10.getConditions().add(buildObject9);
            Issuer buildObject11 = builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME).buildObject();
            buildObject11.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
            buildObject11.setValue(str);
            SignableSAMLObject signableSAMLObject = (Assertion) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME).buildObject();
            signableSAMLObject.setIssuer(buildObject11);
            signableSAMLObject.setIssueInstant(minusMinutes);
            signableSAMLObject.setVersion(SAMLVersion.VERSION_20);
            signableSAMLObject.setSubject(buildObject4);
            signableSAMLObject.getAuthnStatements().add(buildObject7);
            signableSAMLObject.setConditions(buildObject10);
            signableSAMLObject.setID(UUID.randomUUID().toString());
            new SignerService().signSAMLObject(signableSAMLObject, inputStream, KeyStore.getDefaultType(), cArr);
            return Base64.encodeBase64URLSafeString(XMLHelper.nodeToString(Configuration.getMarshallerFactory().getMarshaller(signableSAMLObject).marshall(signableSAMLObject)).getBytes(SalesforceUtils.UTF_8_ENCODING_NAME));
        } catch (ConfigurationException e) {
            logger.error(SAML_TOKEN_EXCEPTION_MESSAGE, e);
            throw new SalesforceException(SAML_TOKEN_EXCEPTION_MESSAGE, (Throwable) e);
        } catch (MarshallingException e2) {
            logger.error(SAML_TOKEN_EXCEPTION_MESSAGE, e2);
            throw new SalesforceException(SAML_TOKEN_EXCEPTION_MESSAGE, (Throwable) e2);
        } catch (UnsupportedEncodingException e3) {
            logger.error(SAML_TOKEN_EXCEPTION_MESSAGE, e3);
            throw new SalesforceException(SAML_TOKEN_EXCEPTION_MESSAGE, e3);
        }
    }

    public String generateJWTToken(String str, String str2, String str3, InputStream inputStream, char[] cArr) throws SalesforceException {
        StringBuilder sb = new StringBuilder();
        try {
            sb.append(Base64.encodeBase64URLSafeString("{\"alg\":\"RS256\"}".getBytes(SalesforceUtils.UTF_8_ENCODING_NAME)));
            sb.append(".");
            sb.append(Base64.encodeBase64URLSafeString(new MessageFormat("'{'\"iss\": \"{0}\", \"prn\": \"{1}\", \"aud\": \"{2}\", \"exp\": \"{3}\"'}'").format(new String[]{str, str2, str3, Long.toString((System.currentTimeMillis() / 1000) + 300)}).getBytes(SalesforceUtils.UTF_8_ENCODING_NAME)));
            if (inputStream == null) {
                throw new Exception("Key store file not found. The path provided should be relative to resources directory.");
            }
            String encodeBase64URLSafeString = Base64.encodeBase64URLSafeString(new SignerService().signPayload(JWT_ALLOWED_ALG, sb.toString().getBytes(SalesforceUtils.UTF_8_ENCODING_NAME), inputStream, KeyStore.getDefaultType(), cArr));
            sb.append(".");
            sb.append(encodeBase64URLSafeString);
            return sb.toString();
        } catch (Exception e) {
            logger.error(JWT_TOKEN_EXCEPTION_MESSAGE, e);
            throw new SalesforceException(JWT_TOKEN_EXCEPTION_MESSAGE, e);
        }
    }
}
