package org.wso2.carbon.identity.relyingparty.saml;

import java.io.StringReader;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.xml.stream.XMLInputFactory;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.util.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.DefaultBootstrap;
import org.opensaml.xml.ConfigurationException;
import org.w3c.dom.Element;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.relyingparty.RelyingPartyData;
import org.wso2.carbon.identity.relyingparty.RelyingPartyException;
import org.wso2.carbon.identity.relyingparty.TokenVerifierConstants;

/* loaded from: input_file:org/wso2/carbon/identity/relyingparty/saml/SAMLTokenConsumer.class */
public class SAMLTokenConsumer {
    private static final Log log = LogFactory.getLog(SAMLTokenConsumer.class);
    private static SAMLTokenConsumer consumer = new SAMLTokenConsumer();

    private SAMLTokenConsumer() {
    }

    public static SAMLTokenConsumer getInstance() {
        return consumer;
    }

    public void setInfocardSessionAttributes(HttpServletRequest httpServletRequest, String str, RelyingPartyData relyingPartyData) throws RelyingPartyException {
        SAMLTokenVerifier sAMLTokenVerifier = new SAMLTokenVerifier();
        boolean z = false;
        if (sAMLTokenVerifier.verifyDecryptedToken(sAMLTokenVerifier.decryptToken(str, relyingPartyData.getPrivateKey()), relyingPartyData) && validateIssuerInfoPolicy(sAMLTokenVerifier, relyingPartyData)) {
            z = true;
        }
        if (z) {
            injectDataToRequestOnSuccess(sAMLTokenVerifier, httpServletRequest);
        } else {
            injectDataToRequestOnFailure(sAMLTokenVerifier, httpServletRequest);
        }
    }

    protected boolean validateIssuerInfoPolicy(SAMLTokenVerifier sAMLTokenVerifier, RelyingPartyData relyingPartyData) throws RelyingPartyException {
        String issuerName = sAMLTokenVerifier.getIssuerName();
        String issuerPolicy = relyingPartyData.getIssuerPolicy();
        try {
            return "http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self".equals(issuerName) ? issuerPolicy == null || issuerPolicy.equals(TokenVerifierConstants.SELF_ONLY) || issuerPolicy.equals(TokenVerifierConstants.SELF_AND_MANGED) : !issuerPolicy.equals(TokenVerifierConstants.SELF_ONLY);
        } catch (Exception e) {
            log.error("Error in issuer policy validation", e);
            throw new RelyingPartyException("errorValidatingIssuerPolicy", e);
        }
    }

    protected void injectDataToRequestOnFailure(SAMLTokenVerifier sAMLTokenVerifier, ServletRequest servletRequest) {
        servletRequest.setAttribute(TokenVerifierConstants.SERVLET_ATTR_STATE, TokenVerifierConstants.STATE_FAILURE);
    }

    protected void injectDataToRequestOnSuccess(SAMLTokenVerifier sAMLTokenVerifier, ServletRequest servletRequest) throws RelyingPartyException {
        String issuerInfoString = getIssuerInfoString(sAMLTokenVerifier);
        if (issuerInfoString != null) {
            servletRequest.setAttribute(TokenVerifierConstants.ISSUER_INFO, issuerInfoString);
        }
        for (Map.Entry<String, String> entry : sAMLTokenVerifier.getAttributeTable().entrySet()) {
            servletRequest.setAttribute(entry.getKey(), entry.getValue());
        }
        servletRequest.setAttribute(TokenVerifierConstants.SERVLET_ATTR_STATE, TokenVerifierConstants.STATE_SUCCESS);
    }

    protected String getIssuerInfoString(SAMLTokenVerifier sAMLTokenVerifier) throws RelyingPartyException {
        String str = null;
        OMElement oMElement = null;
        OMElement oMElement2 = null;
        boolean z = false;
        try {
            OMFactory oMFactory = OMAbstractFactory.getOMFactory();
            OMNamespace createOMNamespace = oMFactory.createOMNamespace(TokenVerifierConstants.NS, TokenVerifierConstants.PREFIX);
            Element keyInfoElement = sAMLTokenVerifier.getKeyInfoElement();
            Iterator<X509Certificate> it = sAMLTokenVerifier.getCertificates().iterator();
            while (it.hasNext()) {
                String encode = Base64.encode(it.next().getEncoded());
                if (oMElement == null) {
                    oMElement = oMFactory.createOMElement(TokenVerifierConstants.LN_CERTIFICATES, createOMNamespace);
                }
                OMElement createOMElement = oMFactory.createOMElement(TokenVerifierConstants.LN_CERTIFICATE, createOMNamespace);
                if (!z) {
                    createOMElement.addAttribute(TokenVerifierConstants.LN_SIGNING_CERT, "true", (OMNamespace) null);
                    z = true;
                }
                createOMElement.setText(encode);
                oMElement.addChild(createOMElement);
            }
            if (keyInfoElement != null) {
                oMElement2 = new StAXOMBuilder(XMLInputFactory.newInstance().createXMLStreamReader(new StringReader(IdentityUtil.nodeToString(keyInfoElement)))).getDocumentElement();
            }
            if (oMElement != null) {
                str = oMElement.toString();
            }
            if (oMElement2 != null) {
                str = str != null ? str + oMElement2.toString() : oMElement2.toString();
            }
            return str;
        } catch (Exception e) {
            log.error("Error while building issuer info", e);
            throw new RelyingPartyException("errorBuildingIssuerInfo");
        }
    }

    static {
        try {
            DefaultBootstrap.bootstrap();
        } catch (ConfigurationException e) {
            log.error("SAMLTokenConsumerBootstrapFailure", e);
            throw new RuntimeException(e);
        }
    }
}
