package org.wso2.appserver.webapp.security.utils;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.IntStream;
import java.util.stream.Stream;
import java.util.zip.Deflater;
import java.util.zip.DeflaterOutputStream;
import javax.crypto.SecretKey;
import javax.servlet.http.HttpServletResponse;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import net.shibboleth.utilities.java.support.codec.Base64Support;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.connector.Request;
import org.apache.commons.lang3.StringUtils;
import org.apache.xml.security.Init;
import org.apache.xml.security.utils.Base64;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.config.InitializationService;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLObjectBuilder;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.Marshaller;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.Unmarshaller;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.xmlsec.encryption.EncryptedKey;
import org.opensaml.xmlsec.encryption.EncryptionMethod;
import org.opensaml.xmlsec.encryption.support.DecryptionException;
import org.opensaml.xmlsec.encryption.support.EncryptedKeyResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.X509Certificate;
import org.opensaml.xmlsec.signature.X509Data;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.Signer;
import org.w3c.dom.Element;
import org.w3c.dom.bootstrap.DOMImplementationRegistry;
import org.w3c.dom.ls.DOMImplementationLS;
import org.w3c.dom.ls.LSOutput;
import org.w3c.dom.ls.LSSerializer;
import org.wso2.appserver.webapp.security.Constants;
import org.wso2.appserver.webapp.security.saml.signature.SSOX509Credential;
import org.wso2.appserver.webapp.security.saml.signature.X509CredentialImplementation;
import org.wso2.appserver.webapp.security.utils.exception.SSOException;
import org.xml.sax.EntityResolver;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/wso2/appserver/webapp/security/utils/SSOUtils.class */
public class SSOUtils {
    private static boolean isBootstrapped = false;

    private SSOUtils() {
    }

    public static String createID() {
        byte[] bArr = new byte[20];
        new SecureRandom().nextBytes(bArr);
        char[] cArr = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p'};
        char[] cArr2 = new char[40];
        IntStream.range(0, bArr.length).forEach(i -> {
            int i = (bArr[i] >> 4) & 15;
            int i2 = bArr[i] & 15;
            cArr2[i * 2] = cArr[i];
            cArr2[(i * 2) + 1] = cArr[i2];
        });
        return String.valueOf(cArr2);
    }

    public static Optional<String> constructApplicationServerURL(Request request) {
        if (request == null) {
            return Optional.empty();
        }
        String str = "https";
        StringBuilder sb = new StringBuilder("https://");
        String name = request.getHost().getName();
        Optional findFirst = Arrays.stream(request.getHost().getParent().getService().findConnectors()).filter(connector -> {
            return connector.getScheme().equals(str);
        }).findFirst();
        return findFirst.isPresent() ? Optional.of(sb.append(name).append(":").append(((Connector) findFirst.get()).getPort()).toString()) : Optional.empty();
    }

    public static Map<String, String[]> getSplitQueryParameters(String str) {
        HashMap hashMap = new HashMap();
        if (!StringUtils.isBlank(str)) {
            HashMap hashMap2 = new HashMap();
            Stream.of((Object[]) str.split("&")).map(str2 -> {
                return str2.split("=");
            }).forEach(strArr -> {
                if (strArr.length == 2) {
                    if (hashMap2.get(strArr[0]) != null) {
                        ((List) hashMap2.get(strArr[0])).add(strArr[1]);
                        return;
                    }
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(strArr[1]);
                    hashMap2.put(strArr[0], arrayList);
                }
            });
            hashMap2.entrySet().stream().forEach(entry -> {
                hashMap.put(entry.getKey(), (String[]) ((List) entry.getValue()).toArray(new String[((List) entry.getValue()).size()]));
            });
        }
        return hashMap;
    }

    public static Map<String, Object> generateRelayState(Request request) {
        HashMap hashMap = new HashMap();
        Optional.ofNullable(request).ifPresent(request2 -> {
            hashMap.put(Constants.REQUEST_URL, request2.getRequestURI());
            hashMap.put(Constants.REQUEST_QUERY_STRING, request2.getQueryString());
            hashMap.put(Constants.REQUEST_PARAMETERS, request2.getParameterMap());
        });
        Optional.ofNullable(request.getAttribute(Constants.RELAY_STATE)).ifPresent(obj -> {
            hashMap.getClass();
            ((Map) obj).forEach((v1, v2) -> {
                r1.put(v1, v2);
            });
        });
        return hashMap;
    }

    public static Optional<String> generateIssuerID(String str, String str2) {
        if (str == null) {
            return Optional.empty();
        }
        String replace = str.replaceFirst("/" + str2, "").replace("/", "_");
        if (replace.startsWith("_")) {
            replace = replace.substring(1);
        }
        return Optional.of(replace);
    }

    public static Optional<String> generateConsumerURL(String str, String str2, String str3) {
        return (str == null || str2 == null || str3 == null) ? Optional.empty() : Optional.of(str2 + str + "/" + str3);
    }

    public static Optional generateKeyStore() throws SSOException {
        String property = System.getProperty("javax.net.ssl.keyStore");
        String property2 = System.getProperty("javax.net.ssl.keyStorePassword");
        if (property2 == null || property == null) {
            return Optional.empty();
        }
        Path path = Paths.get(URI.create(property).getPath(), new String[0]);
        if (!Files.exists(path, new LinkOption[0])) {
            throw new SSOException("File path specified for the keystore does not exist");
        }
        try {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            Throwable th = null;
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance(System.getProperty("javax.net.ssl.keyStoreType"));
                    keyStore.load(newInputStream, property2.toCharArray());
                    Optional of = Optional.of(keyStore);
                    if (newInputStream != null) {
                        if (0 != 0) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newInputStream.close();
                        }
                    }
                    return of;
                } finally {
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new SSOException("Error while loading the key store", e);
        }
    }

    public static void sendCharacterData(HttpServletResponse httpServletResponse, String str) throws SSOException {
        try {
            httpServletResponse.getWriter().write(str);
            httpServletResponse.flushBuffer();
        } catch (IOException e) {
            throw new SSOException("Error occurred while writing to HttpServletResponse", e);
        }
    }

    public static void doBootstrap() throws SSOException {
        try {
            if (!isBootstrapped) {
                InitializationService.initialize();
                isBootstrapped = true;
            }
        } catch (InitializationException e) {
            throw new SSOException("Error in bootstrapping the OpenSAML library", e);
        }
    }

    public static RequestAbstractType setSignature(RequestAbstractType requestAbstractType, String str, X509Credential x509Credential) throws SSOException {
        try {
            Signature signatureRaw = setSignatureRaw(str, x509Credential);
            requestAbstractType.setSignature(signatureRaw);
            ArrayList arrayList = new ArrayList();
            arrayList.add(signatureRaw);
            Marshaller marshaller = XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(requestAbstractType);
            if (marshaller != null) {
                marshaller.marshall(requestAbstractType);
            }
            Init.init();
            Signer.signObjects(arrayList);
            return requestAbstractType;
        } catch (MarshallingException | SignatureException e) {
            throw new SSOException("Error while signing the SAML 2.0 Request message", e);
        }
    }

    private static Signature setSignatureRaw(String str, X509Credential x509Credential) throws SSOException {
        Signature buildXMLObject = buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setSigningCredential(x509Credential);
        buildXMLObject.setSignatureAlgorithm(str);
        buildXMLObject.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        try {
            KeyInfo buildXMLObject2 = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
            X509Data buildXMLObject3 = buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
            X509Certificate buildXMLObject4 = buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
            buildXMLObject4.setValue(Base64.encode(x509Credential.getEntityCertificate().getEncoded()));
            buildXMLObject3.getX509Certificates().add(buildXMLObject4);
            buildXMLObject2.getX509Datas().add(buildXMLObject3);
            buildXMLObject.setKeyInfo(buildXMLObject2);
            return buildXMLObject;
        } catch (CertificateEncodingException e) {
            throw new SSOException("Error getting certificate", e);
        }
    }

    private static XMLObject buildXMLObject(QName qName) throws SSOException {
        XMLObjectBuilder builder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName);
        if (builder == null) {
            throw new SSOException("Unable to retrieve builder for object QName " + qName);
        }
        return builder.buildObject(qName.getNamespaceURI(), qName.getLocalPart(), qName.getPrefix());
    }

    public static String encodeRequestMessage(RequestAbstractType requestAbstractType, String str) throws SSOException {
        Marshaller marshaller = XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(requestAbstractType);
        Element element = null;
        if (marshaller != null) {
            try {
                element = marshaller.marshall(requestAbstractType);
            } catch (MarshallingException e) {
                throw new SSOException("Error occurred while encoding SAML 2.0 Request, failed to marshall the SAML 2.0. Request element XMLObject to its corresponding W3C DOM element", e);
            }
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (element != null) {
            SerializeSupport.writeNode(element, byteArrayOutputStream);
        }
        if (!"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect".equals(str)) {
            return Base64Support.encode(byteArrayOutputStream.toByteArray(), false);
        }
        Deflater deflater = new Deflater(8, true);
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        try {
            DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream2, deflater);
            Throwable th = null;
            try {
                deflaterOutputStream.write(byteArrayOutputStream.toByteArray());
                if (deflaterOutputStream != null) {
                    if (0 != 0) {
                        try {
                            deflaterOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        deflaterOutputStream.close();
                    }
                }
                try {
                    return URLEncoder.encode(Base64Support.encode(byteArrayOutputStream2.toByteArray(), false), StandardCharsets.UTF_8.name()).trim();
                } catch (UnsupportedEncodingException e2) {
                    throw new SSOException("Error occurred while encoding SAML 2.0 request", e2);
                }
            } finally {
            }
        } catch (IOException e3) {
            throw new SSOException("Error occurred while deflate encoding SAML 2.0 request", e3);
        }
    }

    public static String marshall(XMLObject xMLObject) throws SSOException {
        try {
            Marshaller marshaller = XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(xMLObject);
            Element element = null;
            if (marshaller != null) {
                element = marshaller.marshall(xMLObject);
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DOMImplementationLS dOMImplementationLS = (DOMImplementationLS) DOMImplementationRegistry.newInstance().getDOMImplementation("LS");
            LSSerializer createLSSerializer = dOMImplementationLS.createLSSerializer();
            LSOutput createLSOutput = dOMImplementationLS.createLSOutput();
            createLSOutput.setByteStream(byteArrayOutputStream);
            createLSSerializer.write(element, createLSOutput);
            return new String(byteArrayOutputStream.toByteArray(), StandardCharsets.UTF_8);
        } catch (ClassNotFoundException | InstantiationException | MarshallingException | IllegalAccessException e) {
            throw new SSOException("Error in marshalling SAML 2.0 Assertion", e);
        }
    }

    public static Optional<XMLObject> unmarshall(String str) throws SSOException {
        try {
            Element documentElement = getDocumentBuilder(false, true, new XMLEntityResolver()).parse(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8))).getDocumentElement();
            Unmarshaller unmarshaller = XMLObjectProviderRegistrySupport.getUnmarshallerFactory().getUnmarshaller(documentElement);
            return unmarshaller == null ? Optional.empty() : Optional.of(unmarshaller.unmarshall(documentElement));
        } catch (UnmarshallingException | IOException | SAXException e) {
            throw new SSOException("Error in unmarshalling the XML string representation", e);
        }
    }

    public static Assertion decryptAssertion(SSOX509Credential sSOX509Credential, EncryptedAssertion encryptedAssertion) throws SSOException {
        String algorithm;
        try {
            StaticKeyInfoCredentialResolver staticKeyInfoCredentialResolver = new StaticKeyInfoCredentialResolver(new X509CredentialImplementation(sSOX509Credential));
            KeyInfo keyInfo = encryptedAssertion.getEncryptedData().getKeyInfo();
            Optional empty = Optional.empty();
            if (keyInfo != null) {
                empty = keyInfo.getEncryptedKeys().stream().findFirst();
            }
            EncryptedKey encryptedKey = null;
            if (empty.isPresent()) {
                encryptedKey = (EncryptedKey) empty.get();
            }
            Decrypter decrypter = new Decrypter((KeyInfoCredentialResolver) null, staticKeyInfoCredentialResolver, (EncryptedKeyResolver) null);
            SecretKey secretKey = null;
            if (encryptedKey != null) {
                EncryptionMethod encryptionMethod = encryptedAssertion.getEncryptedData().getEncryptionMethod();
                if (encryptionMethod != null && (algorithm = encryptionMethod.getAlgorithm()) != null) {
                    secretKey = (SecretKey) decrypter.decryptKey(encryptedKey, algorithm);
                }
                decrypter = new Decrypter(new StaticKeyInfoCredentialResolver(getSimpleCredential(secretKey)), (KeyInfoCredentialResolver) null, (EncryptedKeyResolver) null);
                decrypter.setRootInNewDocument(true);
            }
            return decrypter.decrypt(encryptedAssertion);
        } catch (DecryptionException e) {
            throw new SSOException("Decrypted assertion error", e);
        }
    }

    private static BasicCredential getSimpleCredential(SecretKey secretKey) {
        if (secretKey == null) {
            throw new IllegalArgumentException("A secret key is required");
        }
        return new BasicCredential(secretKey);
    }

    public static Map<String, String> getAssertionStatements(Assertion assertion) {
        HashMap hashMap = new HashMap();
        if (assertion != null && assertion.getAttributeStatements() != null) {
            assertion.getAttributeStatements().stream().forEach(attributeStatement -> {
                attributeStatement.getAttributes().stream().forEach(attribute -> {
                    Optional findFirst = attribute.getAttributeValues().stream().findFirst();
                    if (findFirst.isPresent()) {
                        Optional.ofNullable(((XMLObject) findFirst.get()).getDOM()).ifPresent(element -> {
                            hashMap.put(attribute.getName(), element.getTextContent());
                        });
                    }
                });
            });
        }
        return hashMap;
    }

    public static void addDeflateSignatureToHTTPQueryString(StringBuilder sb, X509Credential x509Credential) throws SSOException {
        try {
            sb.append("&SigAlg=").append(URLEncoder.encode("http://www.w3.org/2000/09/xmldsig#rsa-sha1", StandardCharsets.UTF_8.name()).trim());
            java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
            signature.initSign(x509Credential.getPrivateKey());
            signature.update(sb.toString().getBytes(StandardCharsets.UTF_8));
            sb.append("&Signature=").append(URLEncoder.encode(Base64Support.encode(signature.sign(), false), StandardCharsets.UTF_8.name()).trim());
        } catch (UnsupportedEncodingException | InvalidKeyException | NoSuchAlgorithmException | java.security.SignatureException e) {
            throw new SSOException("Error applying SAML 2.0 Redirect Binding signature", e);
        }
    }

    private static DocumentBuilder getDocumentBuilder(boolean z, boolean z2, EntityResolver entityResolver) throws SSOException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        if (!z) {
            newInstance.setExpandEntityReferences(false);
        }
        if (z2) {
            newInstance.setNamespaceAware(true);
        }
        try {
            DocumentBuilder newDocumentBuilder = newInstance.newDocumentBuilder();
            Optional ofNullable = Optional.ofNullable(entityResolver);
            newDocumentBuilder.getClass();
            ofNullable.ifPresent(newDocumentBuilder::setEntityResolver);
            return newDocumentBuilder;
        } catch (ParserConfigurationException e) {
            throw new SSOException("Error when generating the new DocumentBuilder", e);
        }
    }
}
