package com.vmware.vapi.cis.authn.json;

import com.vmware.vapi.CoreException;
import com.vmware.vapi.Message;
import com.vmware.vapi.MessageFactory;
import com.vmware.vapi.cis.authn.SamlAuthenticationData;
import com.vmware.vapi.cis.authn.SamlTokenSecurityContext;
import com.vmware.vapi.cis.authn.SecurityContextFactory;
import com.vmware.vapi.core.ExecutionContext;
import com.vmware.vapi.internal.cis.authn.Signer;
import com.vmware.vapi.internal.cis.authn.json.JsonSignatureStruct;
import com.vmware.vapi.internal.cis.authn.json.JsonSignerImpl;
import com.vmware.vapi.internal.dsig.json.JsonCanonicalizer;
import com.vmware.vapi.internal.protocol.common.json.JsonSecurityContextSerializer;
import com.vmware.vapi.internal.util.DateTimeConverter;
import com.vmware.vapi.internal.util.Validate;
import com.vmware.vapi.protocol.RequestProcessor;
import java.io.UnsupportedEncodingException;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/vmware/vapi/cis/authn/json/JsonSigningProcessor.class */
public final class JsonSigningProcessor implements RequestProcessor {
    private static final String UTF8_CHARSET = "UTF-8";
    private static final Logger logger;
    private static final Message DECODE_ERROR;
    static final /* synthetic */ boolean $assertionsDisabled;
    private final JsonSecurityContextSerializer scSerializer = new JsonSecurityContextSerializer();
    private final DateTimeConverter dateConverter = new DateTimeConverter();
    private final Signer jsonSigner = new JsonSignerImpl(new JsonCanonicalizer());

    public byte[] process(byte[] bArr, Map<String, Object> map, RequestProcessor.Request request) {
        Validate.notNull(bArr);
        Validate.notNull(map);
        byte[] bArr2 = bArr;
        Object obj = map.get("security_context");
        if (shouldSignRequest(obj)) {
            try {
                bArr2 = signRequest(new String(bArr, UTF8_CHARSET), (ExecutionContext.SecurityContext) obj);
            } catch (UnsupportedEncodingException e) {
                throw new CoreException(DECODE_ERROR);
            }
        }
        return bArr2;
    }

    boolean shouldSignRequest(Object obj) {
        boolean z = false;
        if (obj != null && (obj instanceof ExecutionContext.SecurityContext)) {
            ExecutionContext.SecurityContext securityContext = (ExecutionContext.SecurityContext) obj;
            if ("com.vmware.vapi.std.security.saml_hok_token".equals(securityContext.getProperty("authn_scheme_id"))) {
                z = SecurityContextFactory.parseSamlSecurityContext(securityContext).getPrivateKey() != null;
            }
        }
        return z;
    }

    private byte[] signRequest(String str, ExecutionContext.SecurityContext securityContext) throws UnsupportedEncodingException {
        if (!$assertionsDisabled && (str == null || securityContext == null)) {
            throw new AssertionError();
        }
        logger.debug("Signing the request");
        HashMap hashMap = new HashMap();
        hashMap.put("schemeId", "com.vmware.vapi.std.security.saml_hok_token");
        hashMap.put("timestamp", createTimestamp(10));
        hashMap.put("signatureAlgorithm", JsonSignatureStruct.SHA256_WITH_RSA);
        String serializeSecurityContext = this.scSerializer.serializeSecurityContext(hashMap, str);
        SamlAuthenticationData parseSamlSecurityContext = SecurityContextFactory.parseSamlSecurityContext(securityContext);
        String sign = this.jsonSigner.sign(serializeSecurityContext, parseSamlSecurityContext.getPrivateKey());
        HashMap hashMap2 = new HashMap();
        hashMap2.put("value", sign);
        hashMap2.put(SamlTokenSecurityContext.SAML_TOKEN_ID, parseSamlSecurityContext.getSamlTokenXml());
        hashMap.put("signature", hashMap2);
        return this.scSerializer.serializeSecurityContext(hashMap, str).getBytes(UTF8_CHARSET);
    }

    private Map<String, String> createTimestamp(int i) {
        Calendar calendar = Calendar.getInstance();
        HashMap hashMap = new HashMap();
        hashMap.put("created", this.dateConverter.toStringValue(calendar));
        calendar.add(12, i);
        hashMap.put("expires", this.dateConverter.toStringValue(calendar));
        return hashMap;
    }

    static {
        $assertionsDisabled = !JsonSigningProcessor.class.desiredAssertionStatus();
        logger = LoggerFactory.getLogger(JsonSigningProcessor.class);
        DECODE_ERROR = MessageFactory.getMessage("vapi.sso.signproc.decoderequest", new String[0]);
    }
}
