package org.wso2.carbon.identity.sp.metadata.saml2.util;

import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.NameIDFormat;
import org.opensaml.saml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.xmlsec.keyinfo.KeyInfoSupport;
import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO;
import org.wso2.carbon.identity.saml.common.util.SAMLInitializer;
import org.wso2.carbon.identity.sp.metadata.saml2.exception.InvalidMetadataException;
import org.wso2.carbon.registry.core.Registry;

/* loaded from: input_file:org/wso2/carbon/identity/sp/metadata/saml2/util/Parser.class */
public class Parser {
    protected Registry registry;
    private static final String DEFAULT_NAME_ID_FORMAT = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";
    private static final Log log = LogFactory.getLog(Parser.class);
    private static boolean isBootStrapped = false;

    public Parser(Registry registry) {
        this.registry = null;
        this.registry = registry;
    }

    private void setAssertionConsumerUrl(SPSSODescriptor sPSSODescriptor, SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) throws InvalidMetadataException {
        List<AssertionConsumerService> assertionConsumerServices = sPSSODescriptor.getAssertionConsumerServices();
        if (assertionConsumerServices == null || assertionConsumerServices.size() <= 0) {
            throw new InvalidMetadataException("Invalid metadata content, no Assertion Consumer URL found.");
        }
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        for (AssertionConsumerService assertionConsumerService : assertionConsumerServices) {
            if (!arrayList.contains(assertionConsumerService.getLocation())) {
                arrayList.add(assertionConsumerService.getLocation());
                if (assertionConsumerService.isDefault().booleanValue()) {
                    sAMLSSOServiceProviderDO.setDefaultAssertionConsumerUrl(assertionConsumerService.getLocation());
                    sAMLSSOServiceProviderDO.setAssertionConsumerUrl(assertionConsumerService.getLocation());
                    z = true;
                }
            }
        }
        sAMLSSOServiceProviderDO.setAssertionConsumerUrls(arrayList);
        if (z) {
            return;
        }
        sAMLSSOServiceProviderDO.setDefaultAssertionConsumerUrl(((AssertionConsumerService) assertionConsumerServices.get(0)).getLocation());
    }

    private void setIssuer(EntityDescriptor entityDescriptor, SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) throws InvalidMetadataException {
        if (entityDescriptor.getEntityID() == null || entityDescriptor.getEntityID().length() == 0) {
            throw new InvalidMetadataException("Invalid metadata content, Issuer can't be empty");
        }
        sAMLSSOServiceProviderDO.setIssuer(entityDescriptor.getEntityID());
    }

    private void setNameIDFormat(SPSSODescriptor sPSSODescriptor, SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) {
        List nameIDFormats = sPSSODescriptor.getNameIDFormats();
        if (nameIDFormats.isEmpty()) {
            sAMLSSOServiceProviderDO.setNameIDFormat(DEFAULT_NAME_ID_FORMAT);
        } else {
            sAMLSSOServiceProviderDO.setNameIDFormat(((NameIDFormat) nameIDFormats.get(0)).getFormat());
        }
    }

    private void setClaims(SPSSODescriptor sPSSODescriptor, SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) {
        List attributeConsumingServices = sPSSODescriptor.getAttributeConsumingServices();
        if (attributeConsumingServices == null || attributeConsumingServices.size() <= 0) {
            return;
        }
        for (RequestedAttribute requestedAttribute : ((AttributeConsumingService) attributeConsumingServices.get(0)).getRequestAttributes()) {
        }
    }

    private void setDoSignAssertions(SPSSODescriptor sPSSODescriptor, SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) {
        sAMLSSOServiceProviderDO.setDoSignAssertions(sPSSODescriptor.getWantAssertionsSigned().booleanValue());
    }

    private void setDoValidateSignatureInRequests(SPSSODescriptor sPSSODescriptor, SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) {
        sAMLSSOServiceProviderDO.setDoValidateSignatureInRequests(sPSSODescriptor.isAuthnRequestsSigned().booleanValue());
    }

    private void setSingleLogoutServices(SPSSODescriptor sPSSODescriptor, SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) {
        List singleLogoutServices = sPSSODescriptor.getSingleLogoutServices();
        if (singleLogoutServices == null || singleLogoutServices.size() <= 0) {
            sAMLSSOServiceProviderDO.setDoSingleLogout(false);
            return;
        }
        Iterator it = singleLogoutServices.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SingleLogoutService singleLogoutService = (SingleLogoutService) it.next();
            if (singleLogoutService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
                sAMLSSOServiceProviderDO.setSloRequestURL(singleLogoutService.getLocation());
                sAMLSSOServiceProviderDO.setSloResponseURL(singleLogoutService.getResponseLocation());
                break;
            }
        }
        sAMLSSOServiceProviderDO.setSloRequestURL(((SingleLogoutService) singleLogoutServices.get(0)).getLocation());
        sAMLSSOServiceProviderDO.setSloResponseURL(((SingleLogoutService) singleLogoutServices.get(0)).getResponseLocation());
        sAMLSSOServiceProviderDO.setDoSingleLogout(true);
    }

    private void setX509Certificate(EntityDescriptor entityDescriptor, SPSSODescriptor sPSSODescriptor, SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) {
        KeyDescriptor keyDescriptor;
        List keyDescriptors = sPSSODescriptor.getKeyDescriptors();
        if (keyDescriptors == null || keyDescriptors.size() <= 0 || (keyDescriptor = (KeyDescriptor) keyDescriptors.get(0)) == null || !keyDescriptor.getUse().toString().equals("SIGNING")) {
            return;
        }
        try {
            sAMLSSOServiceProviderDO.setX509Certificate((X509Certificate) KeyInfoSupport.getCertificates(keyDescriptor.getKeyInfo()).get(0));
            sAMLSSOServiceProviderDO.setCertAlias(entityDescriptor.getEntityID());
        } catch (Exception e) {
            log.error("Error While setting Certificate and alias", e);
        }
    }

    private void setSigningAlgorithmUri(SPSSODescriptor sPSSODescriptor, SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) {
        sAMLSSOServiceProviderDO.setSigningAlgorithmUri("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
    }

    private void setDigestAlgorithmUri(SPSSODescriptor sPSSODescriptor, SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) {
        sAMLSSOServiceProviderDO.setDigestAlgorithmUri("http://www.w3.org/2000/09/xmldsig#sha1");
    }

    private void setAttributeConsumingServiceIndex(SPSSODescriptor sPSSODescriptor, SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) {
        List<AttributeConsumingService> attributeConsumingServices = sPSSODescriptor.getAttributeConsumingServices();
        if (attributeConsumingServices == null || attributeConsumingServices.size() <= 0) {
            return;
        }
        for (AttributeConsumingService attributeConsumingService : attributeConsumingServices) {
            if (attributeConsumingService != null) {
                sAMLSSOServiceProviderDO.setAttributeConsumingServiceIndex(attributeConsumingService.getIndex() + "");
                sAMLSSOServiceProviderDO.setEnableAttributesByDefault(true);
            }
        }
    }

    public SAMLSSOServiceProviderDO parse(String str, SAMLSSOServiceProviderDO sAMLSSOServiceProviderDO) throws InvalidMetadataException {
        EntityDescriptor generateMetadataObjectFromString = generateMetadataObjectFromString(str);
        if (generateMetadataObjectFromString != null) {
            setIssuer(generateMetadataObjectFromString, sAMLSSOServiceProviderDO);
            List roleDescriptors = generateMetadataObjectFromString.getRoleDescriptors();
            SPSSODescriptor sPSSODescriptor = null;
            if (CollectionUtils.isEmpty(roleDescriptors)) {
                throw new InvalidMetadataException("Role descriptor not found.");
            }
            Iterator it = roleDescriptors.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RoleDescriptor roleDescriptor = (RoleDescriptor) it.next();
                if (roleDescriptor instanceof SPSSODescriptor) {
                    sPSSODescriptor = (SPSSODescriptor) roleDescriptor;
                    break;
                }
            }
            if (sPSSODescriptor == null) {
                throw new InvalidMetadataException("Invalid role descriptor class found.");
            }
            setAssertionConsumerUrl(sPSSODescriptor, sAMLSSOServiceProviderDO);
            setNameIDFormat(sPSSODescriptor, sAMLSSOServiceProviderDO);
            setDoSignAssertions(sPSSODescriptor, sAMLSSOServiceProviderDO);
            setDoValidateSignatureInRequests(sPSSODescriptor, sAMLSSOServiceProviderDO);
            setSingleLogoutServices(sPSSODescriptor, sAMLSSOServiceProviderDO);
            setClaims(sPSSODescriptor, sAMLSSOServiceProviderDO);
            setSigningAlgorithmUri(sPSSODescriptor, sAMLSSOServiceProviderDO);
            setDigestAlgorithmUri(sPSSODescriptor, sAMLSSOServiceProviderDO);
            setX509Certificate(generateMetadataObjectFromString, sPSSODescriptor, sAMLSSOServiceProviderDO);
            setAttributeConsumingServiceIndex(sPSSODescriptor, sAMLSSOServiceProviderDO);
        }
        return sAMLSSOServiceProviderDO;
    }

    private EntityDescriptor generateMetadataObjectFromString(String str) throws InvalidMetadataException {
        try {
            doBootstrap();
            return XMLObjectSupport.unmarshallFromInputStream(XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream(str.trim().getBytes(StandardCharsets.UTF_8)));
        } catch (UnmarshallingException | XMLParserException e) {
            throw new InvalidMetadataException("Error reading SAML Service Provider metadata xml.", e);
        }
    }

    public static void doBootstrap() {
        if (isBootStrapped) {
            return;
        }
        try {
            SAMLInitializer.doBootstrap();
            isBootStrapped = true;
        } catch (InitializationException e) {
            log.error("Error in bootstrapping the OpenSAML3 library", e);
        }
    }
}
