package org.wso2.carbon.identity.core.dao;

import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.CertificateRetriever;
import org.wso2.carbon.identity.core.CertificateRetrievingException;
import org.wso2.carbon.identity.core.DatabaseCertificateRetriever;
import org.wso2.carbon.identity.core.IdentityRegistryResources;
import org.wso2.carbon.identity.core.KeyStoreCertificateRetriever;
import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO;
import org.wso2.carbon.identity.core.util.IdentityDatabaseUtil;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.registry.core.Collection;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.jdbc.utils.Transaction;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.user.api.Tenant;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.core-5.18.70.jar:org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderDAO.class */
public class SAMLSSOServiceProviderDAO extends AbstractDAO<SAMLSSOServiceProviderDO> {
    private static final String CERTIFICATE_PROPERTY_NAME = "CERTIFICATE";
    private static final String QUERY_TO_GET_APPLICATION_CERTIFICATE_ID = "SELECT META.VALUE FROM SP_INBOUND_AUTH INBOUND,SP_APP SP,SP_METADATA META WHERE SP.ID = INBOUND.APP_ID AND SP.ID = META.SP_ID AND META.NAME = ? AND INBOUND.INBOUND_AUTH_KEY = ? AND META.TENANT_ID = ?";
    private static Log log = LogFactory.getLog(SAMLSSOServiceProviderDAO.class);

    public SAMLSSOServiceProviderDAO(Registry registry) {
        this.registry = registry;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.wso2.carbon.identity.core.dao.AbstractDAO
    public SAMLSSOServiceProviderDO resourceToObject(Resource resource) {
        SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO = new SAMLSSOServiceProviderDO();
        sAMLSSOServiceProviderDO.setIssuer(resource.getProperty("Issuer"));
        sAMLSSOServiceProviderDO.setAssertionConsumerUrls(resource.getPropertyValues(IdentityRegistryResources.PROP_SAML_SSO_ASSERTION_CONS_URLS));
        sAMLSSOServiceProviderDO.setDefaultAssertionConsumerUrl(resource.getProperty(IdentityRegistryResources.PROP_DEFAULT_SAML_SSO_ASSERTION_CONS_URL));
        sAMLSSOServiceProviderDO.setCertAlias(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_ISSUER_CERT_ALIAS));
        if (StringUtils.isNotEmpty(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_SIGNING_ALGORITHM))) {
            sAMLSSOServiceProviderDO.setSigningAlgorithmUri(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_SIGNING_ALGORITHM));
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_ASSERTION_QUERY_REQUEST_PROFILE_ENABLED) != null) {
            sAMLSSOServiceProviderDO.setAssertionQueryRequestProfileEnabled(Boolean.valueOf(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_ASSERTION_QUERY_REQUEST_PROFILE_ENABLED).trim()).booleanValue());
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES) != null) {
            sAMLSSOServiceProviderDO.setSupportedAssertionQueryRequestTypes(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES).trim());
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_ENABLE_SAML2_ARTIFACT_BINDING) != null) {
            sAMLSSOServiceProviderDO.setEnableSAML2ArtifactBinding(Boolean.valueOf(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_ENABLE_SAML2_ARTIFACT_BINDING).trim()).booleanValue());
        }
        if (StringUtils.isNotEmpty(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_DIGEST_ALGORITHM))) {
            sAMLSSOServiceProviderDO.setDigestAlgorithmUri(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_DIGEST_ALGORITHM));
        }
        if (StringUtils.isNotEmpty(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_ASSERTION_ENCRYPTION_ALGORITHM))) {
            sAMLSSOServiceProviderDO.setAssertionEncryptionAlgorithmUri(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_ASSERTION_ENCRYPTION_ALGORITHM));
        }
        if (StringUtils.isNotEmpty(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_KEY_ENCRYPTION_ALGORITHM))) {
            sAMLSSOServiceProviderDO.setKeyEncryptionAlgorithmUri(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_KEY_ENCRYPTION_ALGORITHM));
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_DO_SINGLE_LOGOUT) != null) {
            sAMLSSOServiceProviderDO.setDoSingleLogout(Boolean.valueOf(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_DO_SINGLE_LOGOUT).trim()).booleanValue());
        }
        if (resource.getProperty("NameIDFormat") != null) {
            sAMLSSOServiceProviderDO.setNameIDFormat(resource.getProperty("NameIDFormat"));
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_ENABLE_NAMEID_CLAIMURI) != null && Boolean.valueOf(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_ENABLE_NAMEID_CLAIMURI).trim()).booleanValue()) {
            sAMLSSOServiceProviderDO.setNameIdClaimUri(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_NAMEID_CLAIMURI));
        }
        sAMLSSOServiceProviderDO.setLoginPageURL(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_LOGIN_PAGE_URL));
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_DO_SIGN_RESPONSE) != null) {
            sAMLSSOServiceProviderDO.setDoSignResponse(Boolean.valueOf(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_DO_SIGN_RESPONSE).trim()).booleanValue());
        }
        if (sAMLSSOServiceProviderDO.isDoSingleLogout()) {
            sAMLSSOServiceProviderDO.setSloResponseURL(resource.getProperty(IdentityRegistryResources.PROP_SAML_SLO_RESPONSE_URL));
            sAMLSSOServiceProviderDO.setSloRequestURL(resource.getProperty(IdentityRegistryResources.PROP_SAML_SLO_REQUEST_URL));
            if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_DO_FRONT_CHANNEL_LOGOUT) != null) {
                sAMLSSOServiceProviderDO.setDoFrontChannelLogout(Boolean.valueOf(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_DO_FRONT_CHANNEL_LOGOUT).trim()).booleanValue());
                if (sAMLSSOServiceProviderDO.isDoFrontChannelLogout()) {
                    if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_FRONT_CHANNEL_LOGOUT_BINDING) != null) {
                        sAMLSSOServiceProviderDO.setFrontChannelLogoutBinding(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_FRONT_CHANNEL_LOGOUT_BINDING));
                    } else {
                        sAMLSSOServiceProviderDO.setFrontChannelLogoutBinding(IdentityRegistryResources.DEFAULT_FRONT_CHANNEL_LOGOUT_BINDING);
                    }
                }
            }
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_DO_SIGN_ASSERTIONS) != null) {
            sAMLSSOServiceProviderDO.setDoSignAssertions(Boolean.valueOf(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_DO_SIGN_ASSERTIONS).trim()).booleanValue());
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_ENABLE_ECP) != null) {
            sAMLSSOServiceProviderDO.setSamlECP(Boolean.valueOf(resource.getProperty(IdentityRegistryResources.PROP_SAML_ENABLE_ECP).trim()).booleanValue());
        }
        if (resource.getProperty("AttributeConsumingServiceIndex") != null) {
            sAMLSSOServiceProviderDO.setAttributeConsumingServiceIndex(resource.getProperty("AttributeConsumingServiceIndex"));
        } else {
            sAMLSSOServiceProviderDO.setAttributeConsumingServiceIndex("");
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_REQUESTED_CLAIMS) != null) {
            sAMLSSOServiceProviderDO.setRequestedClaims(resource.getPropertyValues(IdentityRegistryResources.PROP_SAML_SSO_REQUESTED_CLAIMS));
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_REQUESTED_AUDIENCES) != null) {
            sAMLSSOServiceProviderDO.setRequestedAudiences(resource.getPropertyValues(IdentityRegistryResources.PROP_SAML_SSO_REQUESTED_AUDIENCES));
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_REQUESTED_RECIPIENTS) != null) {
            sAMLSSOServiceProviderDO.setRequestedRecipients(resource.getPropertyValues(IdentityRegistryResources.PROP_SAML_SSO_REQUESTED_RECIPIENTS));
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_ENABLE_ATTRIBUTES_BY_DEFAULT) != null) {
            sAMLSSOServiceProviderDO.setEnableAttributesByDefault(Boolean.valueOf(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_ENABLE_ATTRIBUTES_BY_DEFAULT)).booleanValue());
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_IDP_INIT_SSO_ENABLED) != null) {
            sAMLSSOServiceProviderDO.setIdPInitSSOEnabled(Boolean.valueOf(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_IDP_INIT_SSO_ENABLED).trim()).booleanValue());
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SLO_IDP_INIT_SLO_ENABLED) != null) {
            sAMLSSOServiceProviderDO.setIdPInitSLOEnabled(Boolean.valueOf(resource.getProperty(IdentityRegistryResources.PROP_SAML_SLO_IDP_INIT_SLO_ENABLED).trim()).booleanValue());
            if (sAMLSSOServiceProviderDO.isIdPInitSLOEnabled() && resource.getProperty(IdentityRegistryResources.PROP_SAML_IDP_INIT_SLO_RETURN_URLS) != null) {
                sAMLSSOServiceProviderDO.setIdpInitSLOReturnToURLs(resource.getPropertyValues(IdentityRegistryResources.PROP_SAML_IDP_INIT_SLO_RETURN_URLS));
            }
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_ENABLE_ENCRYPTED_ASSERTION) != null) {
            sAMLSSOServiceProviderDO.setDoEnableEncryptedAssertion(Boolean.valueOf(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_ENABLE_ENCRYPTED_ASSERTION).trim()).booleanValue());
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_VALIDATE_SIGNATURE_IN_REQUESTS) != null) {
            sAMLSSOServiceProviderDO.setDoValidateSignatureInRequests(Boolean.valueOf(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_VALIDATE_SIGNATURE_IN_REQUESTS).trim()).booleanValue());
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_VALIDATE_SIGNATURE_IN_ARTIFACT_RESOLVE) != null) {
            sAMLSSOServiceProviderDO.setDoValidateSignatureInArtifactResolve(Boolean.valueOf(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_VALIDATE_SIGNATURE_IN_ARTIFACT_RESOLVE).trim()).booleanValue());
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_ISSUER_QUALIFIER) != null) {
            sAMLSSOServiceProviderDO.setIssuerQualifier(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_ISSUER_QUALIFIER));
        }
        if (resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_IDP_ENTITY_ID_ALIAS) != null) {
            sAMLSSOServiceProviderDO.setIdpEntityIDAlias(resource.getProperty(IdentityRegistryResources.PROP_SAML_SSO_IDP_ENTITY_ID_ALIAS));
        }
        return sAMLSSOServiceProviderDO;
    }

    public boolean addServiceProvider(SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) throws IdentityException {
        if (sAMLSSOServiceProviderDO == null || sAMLSSOServiceProviderDO.getIssuer() == null || StringUtils.isBlank(sAMLSSOServiceProviderDO.getIssuer())) {
            throw new IdentityException("Issuer cannot be found in the provided arguments.");
        }
        if (StringUtils.isNotBlank(sAMLSSOServiceProviderDO.getIssuerQualifier())) {
            sAMLSSOServiceProviderDO.setIssuer(getIssuerWithQualifier(sAMLSSOServiceProviderDO.getIssuer(), sAMLSSOServiceProviderDO.getIssuerQualifier()));
        }
        String str = IdentityRegistryResources.SAML_SSO_SERVICE_PROVIDERS + encodePath(sAMLSSOServiceProviderDO.getIssuer());
        boolean isStarted = Transaction.isStarted();
        try {
            try {
                if (this.registry.resourceExists(str)) {
                    if (log.isDebugEnabled()) {
                        if (StringUtils.isNotBlank(sAMLSSOServiceProviderDO.getIssuerQualifier())) {
                            log.debug("SAML2 Service Provider already exists with the same issuer name " + getIssuerWithoutQualifier(sAMLSSOServiceProviderDO.getIssuer()) + " and qualifier name " + sAMLSSOServiceProviderDO.getIssuerQualifier());
                        } else {
                            log.debug("SAML2 Service Provider already exists with the same issuer name " + sAMLSSOServiceProviderDO.getIssuer());
                        }
                    }
                    return false;
                }
                Resource createResource = createResource(sAMLSSOServiceProviderDO);
                if (!isStarted) {
                    this.registry.beginTransaction();
                }
                this.registry.put(str, createResource);
                if (log.isDebugEnabled()) {
                    if (StringUtils.isNotBlank(sAMLSSOServiceProviderDO.getIssuerQualifier())) {
                        log.debug("SAML2 Service Provider " + sAMLSSOServiceProviderDO.getIssuer() + " with issuer " + getIssuerWithoutQualifier(sAMLSSOServiceProviderDO.getIssuer()) + " and qualifier " + sAMLSSOServiceProviderDO.getIssuerQualifier() + " is added successfully.");
                    } else {
                        log.debug("SAML2 Service Provider " + sAMLSSOServiceProviderDO.getIssuer() + " is added successfully.");
                    }
                }
                commitOrRollbackTransaction(false);
                return true;
            } catch (RegistryException e) {
                String str2 = StringUtils.isNotBlank(sAMLSSOServiceProviderDO.getIssuerQualifier()) ? "Error while adding SAML2 Service Provider for issuer: " + getIssuerWithoutQualifier(sAMLSSOServiceProviderDO.getIssuer()) + " and qualifier name " + sAMLSSOServiceProviderDO.getIssuerQualifier() : "Error while adding SAML2 Service Provider for issuer: " + sAMLSSOServiceProviderDO.getIssuer();
                log.error(str2, e);
                throw IdentityException.error(str2, e);
            }
        } finally {
            commitOrRollbackTransaction(false);
        }
    }

    private Resource createResource(SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) throws RegistryException {
        Resource newResource = this.registry.newResource();
        newResource.addProperty("Issuer", sAMLSSOServiceProviderDO.getIssuer());
        newResource.setProperty(IdentityRegistryResources.PROP_SAML_SSO_ASSERTION_CONS_URLS, sAMLSSOServiceProviderDO.getAssertionConsumerUrlList());
        newResource.addProperty(IdentityRegistryResources.PROP_DEFAULT_SAML_SSO_ASSERTION_CONS_URL, sAMLSSOServiceProviderDO.getDefaultAssertionConsumerUrl());
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_ISSUER_CERT_ALIAS, sAMLSSOServiceProviderDO.getCertAlias());
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_LOGIN_PAGE_URL, sAMLSSOServiceProviderDO.getLoginPageURL());
        newResource.addProperty("NameIDFormat", sAMLSSOServiceProviderDO.getNameIDFormat());
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_SIGNING_ALGORITHM, sAMLSSOServiceProviderDO.getSigningAlgorithmUri());
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_DIGEST_ALGORITHM, sAMLSSOServiceProviderDO.getDigestAlgorithmUri());
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_ASSERTION_ENCRYPTION_ALGORITHM, sAMLSSOServiceProviderDO.getAssertionEncryptionAlgorithmUri());
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_KEY_ENCRYPTION_ALGORITHM, sAMLSSOServiceProviderDO.getKeyEncryptionAlgorithmUri());
        if (sAMLSSOServiceProviderDO.getNameIdClaimUri() == null || sAMLSSOServiceProviderDO.getNameIdClaimUri().trim().length() <= 0) {
            newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_ENABLE_NAMEID_CLAIMURI, "false");
        } else {
            newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_ENABLE_NAMEID_CLAIMURI, "true");
            newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_NAMEID_CLAIMURI, sAMLSSOServiceProviderDO.getNameIdClaimUri());
        }
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_DO_SINGLE_LOGOUT, String.valueOf(sAMLSSOServiceProviderDO.isDoSingleLogout()));
        if (sAMLSSOServiceProviderDO.isDoSingleLogout()) {
            if (StringUtils.isNotBlank(sAMLSSOServiceProviderDO.getSloResponseURL())) {
                newResource.addProperty(IdentityRegistryResources.PROP_SAML_SLO_RESPONSE_URL, sAMLSSOServiceProviderDO.getSloResponseURL());
            }
            if (StringUtils.isNotBlank(sAMLSSOServiceProviderDO.getSloRequestURL())) {
                newResource.addProperty(IdentityRegistryResources.PROP_SAML_SLO_REQUEST_URL, sAMLSSOServiceProviderDO.getSloRequestURL());
            }
            newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_DO_FRONT_CHANNEL_LOGOUT, String.valueOf(sAMLSSOServiceProviderDO.isDoFrontChannelLogout()));
            if (sAMLSSOServiceProviderDO.isDoFrontChannelLogout()) {
                newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_FRONT_CHANNEL_LOGOUT_BINDING, sAMLSSOServiceProviderDO.getFrontChannelLogoutBinding());
            }
        }
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_DO_SIGN_RESPONSE, String.valueOf(sAMLSSOServiceProviderDO.isDoSignResponse()));
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_ASSERTION_QUERY_REQUEST_PROFILE_ENABLED, String.valueOf(sAMLSSOServiceProviderDO.isAssertionQueryRequestProfileEnabled()));
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES, sAMLSSOServiceProviderDO.getSupportedAssertionQueryRequestTypes());
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_ENABLE_SAML2_ARTIFACT_BINDING, String.valueOf(sAMLSSOServiceProviderDO.isEnableSAML2ArtifactBinding()));
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_DO_SIGN_ASSERTIONS, String.valueOf(sAMLSSOServiceProviderDO.isDoSignAssertions()));
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_ENABLE_ECP, String.valueOf(sAMLSSOServiceProviderDO.isSamlECP()));
        if (CollectionUtils.isNotEmpty(sAMLSSOServiceProviderDO.getRequestedClaimsList())) {
            newResource.setProperty(IdentityRegistryResources.PROP_SAML_SSO_REQUESTED_CLAIMS, sAMLSSOServiceProviderDO.getRequestedClaimsList());
        }
        if (sAMLSSOServiceProviderDO.getAttributeConsumingServiceIndex() != null) {
            newResource.addProperty("AttributeConsumingServiceIndex", sAMLSSOServiceProviderDO.getAttributeConsumingServiceIndex());
        }
        if (CollectionUtils.isNotEmpty(sAMLSSOServiceProviderDO.getRequestedAudiencesList())) {
            newResource.setProperty(IdentityRegistryResources.PROP_SAML_SSO_REQUESTED_AUDIENCES, sAMLSSOServiceProviderDO.getRequestedAudiencesList());
        }
        if (CollectionUtils.isNotEmpty(sAMLSSOServiceProviderDO.getRequestedRecipientsList())) {
            newResource.setProperty(IdentityRegistryResources.PROP_SAML_SSO_REQUESTED_RECIPIENTS, sAMLSSOServiceProviderDO.getRequestedRecipientsList());
        }
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_ENABLE_ATTRIBUTES_BY_DEFAULT, String.valueOf(sAMLSSOServiceProviderDO.isEnableAttributesByDefault()));
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_IDP_INIT_SSO_ENABLED, String.valueOf(sAMLSSOServiceProviderDO.isIdPInitSSOEnabled()));
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SLO_IDP_INIT_SLO_ENABLED, String.valueOf(sAMLSSOServiceProviderDO.isIdPInitSLOEnabled()));
        if (sAMLSSOServiceProviderDO.isIdPInitSLOEnabled() && sAMLSSOServiceProviderDO.getIdpInitSLOReturnToURLList().size() > 0) {
            newResource.setProperty(IdentityRegistryResources.PROP_SAML_IDP_INIT_SLO_RETURN_URLS, sAMLSSOServiceProviderDO.getIdpInitSLOReturnToURLList());
        }
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_ENABLE_ENCRYPTED_ASSERTION, String.valueOf(sAMLSSOServiceProviderDO.isDoEnableEncryptedAssertion()));
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_VALIDATE_SIGNATURE_IN_REQUESTS, String.valueOf(sAMLSSOServiceProviderDO.isDoValidateSignatureInRequests()));
        newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_VALIDATE_SIGNATURE_IN_ARTIFACT_RESOLVE, String.valueOf(sAMLSSOServiceProviderDO.isDoValidateSignatureInArtifactResolve()));
        if (StringUtils.isNotBlank(sAMLSSOServiceProviderDO.getIssuerQualifier())) {
            newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_ISSUER_QUALIFIER, sAMLSSOServiceProviderDO.getIssuerQualifier());
        }
        if (StringUtils.isNotBlank(sAMLSSOServiceProviderDO.getIdpEntityIDAlias())) {
            newResource.addProperty(IdentityRegistryResources.PROP_SAML_SSO_IDP_ENTITY_ID_ALIAS, sAMLSSOServiceProviderDO.getIdpEntityIDAlias());
        }
        return newResource;
    }

    private String getIssuerWithoutQualifier(String str) {
        return StringUtils.substringBeforeLast(str, IdentityRegistryResources.QUALIFIER_ID);
    }

    private String getIssuerWithQualifier(String str, String str2) {
        return str + IdentityRegistryResources.QUALIFIER_ID + str2;
    }

    public SAMLSSOServiceProviderDO[] getServiceProviders() throws IdentityException {
        ArrayList arrayList = new ArrayList();
        try {
            if (this.registry.resourceExists(IdentityRegistryResources.SAML_SSO_SERVICE_PROVIDERS)) {
                Resource resource = this.registry.get(IdentityRegistryResources.SAML_SSO_SERVICE_PROVIDERS);
                if (resource instanceof Collection) {
                    for (String str : ((Collection) resource).getChildren()) {
                        getChildResources(str, arrayList);
                    }
                }
            }
            return (SAMLSSOServiceProviderDO[]) arrayList.toArray(new SAMLSSOServiceProviderDO[arrayList.size()]);
        } catch (RegistryException e) {
            log.error("Error reading Service Providers from Registry", e);
            throw IdentityException.error("Error reading Service Providers from Registry", e);
        }
    }

    public boolean removeServiceProvider(String str) throws IdentityException {
        if (str == null || StringUtils.isEmpty(str.trim())) {
            throw new IllegalArgumentException("Trying to delete issuer '" + str + "'");
        }
        String str2 = IdentityRegistryResources.SAML_SSO_SERVICE_PROVIDERS + encodePath(str);
        boolean isStarted = Transaction.isStarted();
        try {
            try {
                if (!this.registry.resourceExists(str2)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Registry resource does not exist for the path: " + str2);
                    }
                    return false;
                }
                if (!isStarted) {
                    this.registry.beginTransaction();
                }
                this.registry.delete(str2);
                commitOrRollbackTransaction(false);
                return true;
            } catch (RegistryException e) {
                String str3 = "Error removing the service provider from the registry with name: " + str;
                log.error(str3, e);
                throw IdentityException.error(str3, e);
            }
        } finally {
            commitOrRollbackTransaction(false);
        }
    }

    public SAMLSSOServiceProviderDO getServiceProvider(String str) throws IdentityException {
        String str2 = IdentityRegistryResources.SAML_SSO_SERVICE_PROVIDERS + encodePath(str);
        SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO = null;
        UserRegistry userRegistry = null;
        String str3 = null;
        try {
            userRegistry = (UserRegistry) this.registry;
            str3 = IdentityTenantUtil.getRealmService().getTenantManager().getDomain(userRegistry.getTenantId());
            if (this.registry.resourceExists(str2)) {
                sAMLSSOServiceProviderDO = resourceToObject(this.registry.get(str2));
                if (sAMLSSOServiceProviderDO.isDoValidateSignatureInRequests() || sAMLSSOServiceProviderDO.isDoValidateSignatureInArtifactResolve()) {
                    Tenant tenant = new Tenant();
                    tenant.setDomain(str3);
                    tenant.setId(userRegistry.getTenantId());
                    sAMLSSOServiceProviderDO.setX509Certificate(getApplicationCertificate(sAMLSSOServiceProviderDO, tenant));
                }
                sAMLSSOServiceProviderDO.setTenantDomain(str3);
            }
            return sAMLSSOServiceProviderDO;
        } catch (SQLException e) {
            throw IdentityException.error(String.format("An error occurred while getting the application certificate id for validating the requests from the issuer '%s'", str), e);
        } catch (CertificateRetrievingException e2) {
            throw IdentityException.error(String.format("An error occurred while getting the application certificate for validating the requests from the issuer '%s'", str), e2);
        } catch (RegistryException e3) {
            throw IdentityException.error("Error occurred while checking if resource path '" + str2 + "' exists in registry for tenant domain : " + str3, e3);
        } catch (UserStoreException e4) {
            throw IdentityException.error("Error occurred while getting tenant domain from tenant ID : " + userRegistry.getTenantId(), e4);
        }
    }

    private X509Certificate getApplicationCertificate(SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO, Tenant tenant) throws SQLException, CertificateRetrievingException {
        CertificateRetriever keyStoreCertificateRetriever;
        String certAlias;
        int applicationCertificateId = getApplicationCertificateId(sAMLSSOServiceProviderDO.getIssuer(), tenant.getId());
        if (applicationCertificateId != -1) {
            keyStoreCertificateRetriever = new DatabaseCertificateRetriever();
            certAlias = Integer.toString(applicationCertificateId);
        } else {
            keyStoreCertificateRetriever = new KeyStoreCertificateRetriever();
            certAlias = sAMLSSOServiceProviderDO.getCertAlias();
        }
        return keyStoreCertificateRetriever.getCertificate(certAlias, tenant);
    }

    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x015f: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:104:0x015f */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x015a: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:102:0x015a */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r9v0, types: [java.sql.PreparedStatement] */
    private int getApplicationCertificateId(String str, int i) throws SQLException {
        ?? r9;
        ?? r10;
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection(false);
        Throwable th = null;
        try {
            try {
                PreparedStatement prepareStatement = dBConnection.prepareStatement(QUERY_TO_GET_APPLICATION_CERTIFICATE_ID);
                Throwable th2 = null;
                prepareStatement.setString(1, CERTIFICATE_PROPERTY_NAME);
                prepareStatement.setString(2, str);
                prepareStatement.setInt(3, i);
                ResultSet executeQuery = prepareStatement.executeQuery();
                Throwable th3 = null;
                try {
                    try {
                        if (executeQuery.next()) {
                            int i2 = executeQuery.getInt(1);
                            if (executeQuery != null) {
                                if (0 != 0) {
                                    try {
                                        executeQuery.close();
                                    } catch (Throwable th4) {
                                        th3.addSuppressed(th4);
                                    }
                                } else {
                                    executeQuery.close();
                                }
                            }
                            if (prepareStatement != null) {
                                if (0 != 0) {
                                    try {
                                        prepareStatement.close();
                                    } catch (Throwable th5) {
                                        th2.addSuppressed(th5);
                                    }
                                } else {
                                    prepareStatement.close();
                                }
                            }
                            return i2;
                        }
                        if (executeQuery != null) {
                            if (0 != 0) {
                                try {
                                    executeQuery.close();
                                } catch (Throwable th6) {
                                    th3.addSuppressed(th6);
                                }
                            } else {
                                executeQuery.close();
                            }
                        }
                        if (prepareStatement != null) {
                            if (0 != 0) {
                                try {
                                    prepareStatement.close();
                                } catch (Throwable th7) {
                                    th2.addSuppressed(th7);
                                }
                            } else {
                                prepareStatement.close();
                            }
                        }
                        if (dBConnection == null) {
                            return -1;
                        }
                        if (0 == 0) {
                            dBConnection.close();
                            return -1;
                        }
                        try {
                            dBConnection.close();
                            return -1;
                        } catch (Throwable th8) {
                            th.addSuppressed(th8);
                            return -1;
                        }
                    } catch (Throwable th9) {
                        th3 = th9;
                        throw th9;
                    }
                } catch (Throwable th10) {
                    if (executeQuery != null) {
                        if (th3 != null) {
                            try {
                                executeQuery.close();
                            } catch (Throwable th11) {
                                th3.addSuppressed(th11);
                            }
                        } else {
                            executeQuery.close();
                        }
                    }
                    throw th10;
                }
            } catch (Throwable th12) {
                if (r9 != 0) {
                    if (r10 != 0) {
                        try {
                            r9.close();
                        } catch (Throwable th13) {
                            r10.addSuppressed(th13);
                        }
                    } else {
                        r9.close();
                    }
                }
                throw th12;
            }
        } finally {
            if (dBConnection != null) {
                if (0 != 0) {
                    try {
                        dBConnection.close();
                    } catch (Throwable th14) {
                        th.addSuppressed(th14);
                    }
                } else {
                    dBConnection.close();
                }
            }
        }
    }

    public boolean isServiceProviderExists(String str) throws IdentityException {
        String str2 = IdentityRegistryResources.SAML_SSO_SERVICE_PROVIDERS + encodePath(str);
        try {
            return this.registry.resourceExists(str2);
        } catch (RegistryException e) {
            throw IdentityException.error("Error occurred while checking if resource path '" + str2 + "' exists in registry");
        }
    }

    private String encodePath(String str) {
        return new String(Base64.encodeBase64(str.getBytes())).replace("=", "");
    }

    public SAMLSSOServiceProviderDO uploadServiceProvider(SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) throws IdentityException {
        if (sAMLSSOServiceProviderDO == null || sAMLSSOServiceProviderDO.getIssuer() == null) {
            throw new IdentityException("Issuer cannot be found in the provided arguments.");
        }
        if (StringUtils.isNotBlank(sAMLSSOServiceProviderDO.getIssuerQualifier())) {
            sAMLSSOServiceProviderDO.setIssuer(getIssuerWithQualifier(sAMLSSOServiceProviderDO.getIssuer(), sAMLSSOServiceProviderDO.getIssuerQualifier()));
        }
        if (sAMLSSOServiceProviderDO.getDefaultAssertionConsumerUrl() == null) {
            throw new IdentityException("No default assertion consumer URL provided for service provider :" + sAMLSSOServiceProviderDO.getIssuer());
        }
        String str = IdentityRegistryResources.SAML_SSO_SERVICE_PROVIDERS + encodePath(sAMLSSOServiceProviderDO.getIssuer());
        boolean isStarted = Transaction.isStarted();
        try {
            try {
                if (this.registry.resourceExists(str)) {
                    if (log.isDebugEnabled()) {
                        if (StringUtils.isNotBlank(sAMLSSOServiceProviderDO.getIssuerQualifier())) {
                            log.debug("SAML2 Service Provider already exists with the same issuer name " + getIssuerWithoutQualifier(sAMLSSOServiceProviderDO.getIssuer()) + " and qualifier name " + sAMLSSOServiceProviderDO.getIssuerQualifier());
                        } else {
                            log.debug("SAML2 Service Provider already exists with the same issuer name " + sAMLSSOServiceProviderDO.getIssuer());
                        }
                    }
                    throw IdentityException.error("A Service Provider already exists.");
                }
                if (!isStarted) {
                    this.registry.beginTransaction();
                }
                this.registry.put(str, createResource(sAMLSSOServiceProviderDO));
                if (log.isDebugEnabled()) {
                    if (StringUtils.isNotBlank(sAMLSSOServiceProviderDO.getIssuerQualifier())) {
                        log.debug("SAML2 Service Provider " + sAMLSSOServiceProviderDO.getIssuer() + " with issuer " + getIssuerWithoutQualifier(sAMLSSOServiceProviderDO.getIssuer()) + " and qualifier " + sAMLSSOServiceProviderDO.getIssuerQualifier() + " is added successfully.");
                    } else {
                        log.debug("SAML2 Service Provider " + sAMLSSOServiceProviderDO.getIssuer() + " is added successfully.");
                    }
                }
                return sAMLSSOServiceProviderDO;
            } catch (RegistryException e) {
                throw IdentityException.error("Error while adding Service Provider.", e);
            }
        } finally {
            commitOrRollbackTransaction(false);
        }
    }

    private void commitOrRollbackTransaction(boolean z) throws IdentityException {
        try {
            if (z) {
                this.registry.rollbackTransaction();
            } else {
                this.registry.commitTransaction();
            }
        } catch (RegistryException e) {
            throw new IdentityException("Error occurred while trying to commit or rollback the registry operation.", e);
        }
    }

    private void getChildResources(String str, List<SAMLSSOServiceProviderDO> list) throws RegistryException {
        if (this.registry.resourceExists(str)) {
            Resource resource = this.registry.get(str);
            if (!(resource instanceof Collection)) {
                list.add(resourceToObject(resource));
                return;
            }
            for (String str2 : ((Collection) resource).getChildren()) {
                getChildResources(str2, list);
            }
        }
    }
}
