package org.wso2.carbon.identity.application.authenticator.samlsso.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.zip.DataFormatException;
import java.util.zip.Inflater;
import java.util.zip.InflaterInputStream;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import net.shibboleth.utilities.java.support.security.RandomIdentifierGenerationStrategy;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.Init;
import org.apache.xml.security.utils.Base64;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLObjectBuilder;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.saml.common.SAMLObjectContentReference;
import org.opensaml.saml.saml2.core.LogoutResponse;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.security.SecurityException;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.xmlsec.crypto.XMLSigningUtil;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.signature.SignableXMLObject;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.X509Certificate;
import org.opensaml.xmlsec.signature.X509Data;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureValidationProvider;
import org.opensaml.xmlsec.signature.support.Signer;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.w3c.dom.bootstrap.DOMImplementationRegistry;
import org.w3c.dom.ls.DOMImplementationLS;
import org.w3c.dom.ls.LSOutput;
import org.w3c.dom.ls.LSSerializer;
import org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException;
import org.wso2.carbon.identity.application.authenticator.samlsso.util.SSOErrorConstants;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOUtils.class */
public class SSOUtils {
    private static final Log log = LogFactory.getLog(SSOUtils.class);

    private SSOUtils() {
    }

    public static String createID() {
        return new RandomIdentifierGenerationStrategy().generateIdentifier();
    }

    public static void setSignature(LogoutResponse logoutResponse, String str, String str2, boolean z, X509Credential x509Credential) throws SAMLSSOException {
        doSetSignature(logoutResponse, str, str2, z, x509Credential);
    }

    public static void setSignature(RequestAbstractType requestAbstractType, String str, String str2, boolean z, X509Credential x509Credential) throws SAMLSSOException {
        doSetSignature(requestAbstractType, str, str2, z, x509Credential);
    }

    public static void doSetSignature(SignableXMLObject signableXMLObject, String str, String str2, boolean z, X509Credential x509Credential) throws SAMLSSOException {
        if (signableXMLObject == null) {
            throw new IllegalArgumentException("Request cannot be null");
        }
        if (x509Credential == null) {
            throw new IllegalArgumentException("X509Credential cannot be null");
        }
        if (x509Credential.getEntityCertificate() == null) {
            throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.IDP_CERTIFICATE_MISSING.getCode(), SSOErrorConstants.ErrorMessages.IDP_CERTIFICATE_MISSING.getMessage());
        }
        if (StringUtils.isEmpty(str)) {
            str = (String) IdentityApplicationManagementUtil.getXMLSignatureAlgorithms().get("RSA with SHA1");
        }
        if (StringUtils.isEmpty(str2)) {
            str2 = (String) IdentityApplicationManagementUtil.getXMLDigestAlgorithms().get("SHA1");
        }
        Signature buildXMLObject = buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setSigningCredential(x509Credential);
        buildXMLObject.setSignatureAlgorithm(str);
        buildXMLObject.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        if (z) {
            KeyInfo buildXMLObject2 = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
            X509Data buildXMLObject3 = buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
            X509Certificate buildXMLObject4 = buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
            try {
                buildXMLObject4.setValue(Base64.encode(x509Credential.getEntityCertificate().getEncoded()));
                buildXMLObject3.getX509Certificates().add(buildXMLObject4);
                buildXMLObject2.getX509Datas().add(buildXMLObject3);
                buildXMLObject.setKeyInfo(buildXMLObject2);
            } catch (CertificateEncodingException e) {
                throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.RETRIEVING_THE_CERTIFICATE_FAILED.getCode(), "Error getting the certificate to include in the signature", e);
            }
        }
        signableXMLObject.setSignature(buildXMLObject);
        ((SAMLObjectContentReference) buildXMLObject.getContentReferences().get(0)).setDigestAlgorithm(str2);
        ArrayList arrayList = new ArrayList();
        arrayList.add(buildXMLObject);
        try {
            XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(signableXMLObject).marshall(signableXMLObject);
            Init.init();
            Thread currentThread = Thread.currentThread();
            ClassLoader contextClassLoader = currentThread.getContextClassLoader();
            currentThread.setContextClassLoader(SignatureValidationProvider.class.getClassLoader());
            try {
                try {
                    Signer.signObjects(arrayList);
                    currentThread.setContextClassLoader(contextClassLoader);
                } catch (SignatureException e2) {
                    throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.SIGNING_SAML_REQUEST_FAILED.getCode(), SSOErrorConstants.ErrorMessages.SIGNING_SAML_REQUEST_FAILED.getMessage(), e2);
                }
            } catch (Throwable th) {
                currentThread.setContextClassLoader(contextClassLoader);
                throw th;
            }
        } catch (MarshallingException e3) {
            throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.MARSHALLING_SAML_REQUEST_FOR_SIGNING_FAILED.getCode(), SSOErrorConstants.ErrorMessages.MARSHALLING_SAML_REQUEST_FOR_SIGNING_FAILED.getMessage(), e3);
        }
    }

    public static void addSignatureToHTTPQueryString(StringBuilder sb, String str, X509Credential x509Credential) throws SAMLSSOException {
        try {
            sb.append("&SigAlg=");
            sb.append(URLEncoder.encode(str, "UTF-8").trim());
            String str2 = new String(org.apache.commons.codec.binary.Base64.encodeBase64(XMLSigningUtil.signWithURI(x509Credential, str, sb.toString().getBytes("UTF-8")), false));
            if (log.isDebugEnabled()) {
                log.debug("Generated digital signature value (base64-encoded) {} " + str2);
            }
            sb.append("&Signature=" + URLEncoder.encode(str2, "UTF-8").trim());
        } catch (UnsupportedEncodingException e) {
            throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.ADDING_SIGNATURE_TO_HTTP_QUERY_STRING_FAILED.getCode(), SSOErrorConstants.ErrorMessages.ADDING_SIGNATURE_TO_HTTP_QUERY_STRING_FAILED.getMessage(), e);
        } catch (SecurityException e2) {
            throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.UNABLE_TO_SIGN_QUERY_STRING.getCode(), SSOErrorConstants.ErrorMessages.UNABLE_TO_SIGN_QUERY_STRING.getMessage(), e2);
        }
    }

    private static XMLObject buildXMLObject(QName qName) throws SAMLSSOException {
        XMLObjectBuilder builder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName);
        if (builder == null) {
            throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.UNABLE_TO_RETRIEVE_BUILDER_FOR_OBJECT_QNAME.getCode(), String.format(SSOErrorConstants.ErrorMessages.UNABLE_TO_RETRIEVE_BUILDER_FOR_OBJECT_QNAME.getMessage(), qName));
        }
        return builder.buildObject(qName.getNamespaceURI(), qName.getLocalPart(), qName.getPrefix());
    }

    public static String decode(String str) throws SAMLSSOException {
        try {
            if (log.isDebugEnabled()) {
                log.debug(" >> encoded string in the SSOUtils/decode : " + str);
            }
            byte[] decode = new org.apache.commons.codec.binary.Base64().decode(str.getBytes("UTF-8"));
            try {
                Inflater inflater = new Inflater(true);
                inflater.setInput(decode);
                byte[] bArr = new byte[5000];
                int inflate = inflater.inflate(bArr);
                if (!inflater.finished()) {
                    throw new RuntimeException("End of the compressed data stream has NOT been reached");
                }
                inflater.end();
                String str2 = new String(bArr, 0, inflate, "UTF-8");
                if (log.isDebugEnabled()) {
                    log.debug("Request message " + str2);
                }
                return str2;
            } catch (DataFormatException e) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                InflaterInputStream inflaterInputStream = new InflaterInputStream(byteArrayInputStream);
                byte[] bArr2 = new byte[1024];
                for (int read = inflaterInputStream.read(bArr2); read != -1; read = inflaterInputStream.read(bArr2)) {
                    byteArrayOutputStream.write(bArr2, 0, read);
                }
                inflaterInputStream.close();
                String str3 = new String(byteArrayOutputStream.toByteArray(), Charset.forName("UTF-8"));
                if (log.isDebugEnabled()) {
                    log.debug("Request message " + str3);
                }
                return str3;
            }
        } catch (IOException e2) {
            throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.IO_ERROR.getCode(), "Error when decoding the SAML Request.", e2);
        }
    }

    public static String decodeForPost(String str) throws SAMLSSOException {
        try {
            String str2 = new String(new org.apache.commons.codec.binary.Base64().decode(str.getBytes("UTF-8")), "UTF-8");
            if (log.isDebugEnabled()) {
                log.debug("Request message " + str2);
            }
            return str2;
        } catch (IOException e) {
            throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.IO_ERROR.getCode(), "Error when decoding the SAML Request.", e);
        }
    }

    public static String marshall(XMLObject xMLObject) throws SAMLSSOException {
        try {
            System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
            Element marshall = XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(xMLObject).marshall(xMLObject);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DOMImplementationLS dOMImplementationLS = (DOMImplementationLS) DOMImplementationRegistry.newInstance().getDOMImplementation("LS");
            LSSerializer createLSSerializer = dOMImplementationLS.createLSSerializer();
            LSOutput createLSOutput = dOMImplementationLS.createLSOutput();
            createLSOutput.setByteStream(byteArrayOutputStream);
            createLSSerializer.write(marshall, createLSOutput);
            return byteArrayOutputStream.toString();
        } catch (Exception e) {
            log.error("Error Serializing the SAML Response");
            throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.IO_ERROR.getCode(), "Error Serializing the SAML Response", e);
        }
    }

    public static XMLObject unmarshall(String str) throws SAMLSSOException {
        try {
            DocumentBuilderFactory securedDocumentBuilderFactory = IdentityUtil.getSecuredDocumentBuilderFactory();
            securedDocumentBuilderFactory.setIgnoringComments(true);
            Document document = getDocument(securedDocumentBuilderFactory, str);
            if (isSignedWithComments(document)) {
                securedDocumentBuilderFactory.setIgnoringComments(false);
                document = getDocument(securedDocumentBuilderFactory, str);
            }
            Element documentElement = document.getDocumentElement();
            return XMLObjectProviderRegistrySupport.getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement);
        } catch (ParserConfigurationException | UnmarshallingException | IOException | SAXException e) {
            throw new SAMLSSOException(SSOErrorConstants.ErrorMessages.UNMARSHALLING_SAML_REQUEST_ENCODED_STRING_FAILED.getCode(), SSOErrorConstants.ErrorMessages.UNMARSHALLING_SAML_REQUEST_ENCODED_STRING_FAILED.getMessage(), e);
        }
    }

    public static String encode(String str) {
        return new String(org.apache.commons.codec.binary.Base64.encodeBase64(str.getBytes(), false)).trim();
    }

    public static boolean isAuthnRequestSigned(Map<String, String> map) {
        String str;
        if (map == null || (str = map.get("ISAuthnReqSigned")) == null) {
            return false;
        }
        return Boolean.parseBoolean(str);
    }

    public static boolean isLogoutEnabled(Map<String, String> map) {
        String str;
        if (map == null || (str = map.get("IsLogoutEnabled")) == null) {
            return false;
        }
        return Boolean.parseBoolean(str);
    }

    public static boolean isLogoutRequestSigned(Map<String, String> map) {
        String str;
        if (map == null || (str = map.get("IsLogoutReqSigned")) == null) {
            return false;
        }
        return Boolean.parseBoolean(str);
    }

    public static boolean isAuthnResponseSigned(Map<String, String> map) {
        String str;
        if (map == null || (str = map.get("IsAuthnRespSigned")) == null) {
            return false;
        }
        return Boolean.parseBoolean(str);
    }

    public static boolean isAssertionSigningEnabled(Map<String, String> map) {
        String str;
        if (map == null || (str = map.get("isAssertionSigned")) == null) {
            return false;
        }
        return Boolean.parseBoolean(str);
    }

    public static boolean isAssertionEncryptionEnabled(Map<String, String> map) {
        String str;
        if (map == null || (str = map.get("IsAssertionEncrypted")) == null) {
            return false;
        }
        return Boolean.parseBoolean(str);
    }

    public static boolean isArtifactResolveReqSigningEnabled(Map<String, String> map) {
        if (map == null) {
            return false;
        }
        String str = map.get("ISArtifactResolveReqSigned");
        if (StringUtils.isNotBlank(str)) {
            return Boolean.parseBoolean(str);
        }
        return false;
    }

    public static boolean isArtifactResponseSigningEnabled(Map<String, String> map) {
        if (map == null) {
            return false;
        }
        String str = map.get("ISArtifactResponseSigned");
        if (StringUtils.isNotBlank(str)) {
            return Boolean.parseBoolean(str);
        }
        return false;
    }

    public static String getArtifactResolveUrl(Map<String, String> map) {
        String str = null;
        if (map != null) {
            str = map.get("ArtifactResolveUrl");
            if (log.isDebugEnabled()) {
                log.debug("Artifact Resolution Service Url: " + str);
            }
        }
        return str;
    }

    public static String getSignatureAlgorithm(Map<String, String> map) {
        String str = null;
        if (map != null) {
            str = map.get("SignatureAlgorithm");
        }
        if (StringUtils.isEmpty(str)) {
            str = "RSA with SHA1";
        }
        String str2 = (String) IdentityApplicationManagementUtil.getXMLSignatureAlgorithms().get(str);
        if (log.isDebugEnabled()) {
            log.debug("Signature Algorithm: " + str2);
        }
        return str2;
    }

    public static String getDigestAlgorithm(Map<String, String> map) {
        String str = null;
        if (map != null) {
            str = map.get("DigestAlgorithm");
        }
        if (StringUtils.isEmpty(str)) {
            str = "SHA1";
        }
        String str2 = (String) IdentityApplicationManagementUtil.getXMLDigestAlgorithms().get(str);
        if (log.isDebugEnabled()) {
            log.debug("Digest Algorithm: " + str2);
        }
        return str2;
    }

    public static String getSPEntityID(Map<String, String> map) {
        String str = null;
        if (map != null) {
            str = map.get("SPEntityId");
            if (log.isDebugEnabled()) {
                log.debug("SP Entity ID: " + str);
            }
        }
        return str;
    }

    public static Map<String, String> getQueryMap(String str) {
        HashMap hashMap = new HashMap();
        if (StringUtils.isNotBlank(str)) {
            for (String str2 : str.split("&")) {
                String[] split = str2.split("=");
                String str3 = split[0];
                String str4 = "";
                if (split.length > 1) {
                    str4 = split[1];
                }
                hashMap.put(str3, str4);
            }
        }
        return hashMap;
    }

    private static boolean isSignedWithComments(Document document) {
        NodeList nodeList;
        XPath newXPath = XPathFactory.newInstance().newXPath();
        try {
            String str = (String) newXPath.compile("//*[local-name()='Assertion']/@ID").evaluate(document, XPathConstants.STRING);
            if (!StringUtils.isBlank(str) && (nodeList = (NodeList) newXPath.compile("//*[local-name()='Assertion']/*[local-name()='Signature']/*[local-name()='SignedInfo']/*[local-name()='Reference'][@URI='#" + str + "']/*[local-name()='Transforms']/*[local-name()='Transform'][@Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#WithComments']").evaluate(document, XPathConstants.NODESET)) != null) {
                if (nodeList.getLength() > 0) {
                    return true;
                }
            }
            return false;
        } catch (XPathExpressionException e) {
            log.warn("Failed to find the canonicalization algorithm of the assertion. Defaulting to: http://www.w3.org/2001/10/xml-exc-c14n#");
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Failed to find the canonicalization algorithm of the assertion. Defaulting to: http://www.w3.org/2001/10/xml-exc-c14n#", e);
            return false;
        }
    }

    private static Document getDocument(DocumentBuilderFactory documentBuilderFactory, String str) throws IOException, SAXException, ParserConfigurationException {
        return documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(str.getBytes()));
    }

    public static KeyStore loadKeyStoreFromFileSystem(String str, String str2, String str3) {
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                try {
                    KeyStore keyStore = KeyStore.getInstance(str3);
                    keyStore.load(fileInputStream, str2.toCharArray());
                    fileInputStream.close();
                    return keyStore;
                } catch (Throwable th) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (NoSuchAlgorithmException | CertificateException e) {
                throw new SecurityException("Error in loading keystore in path: " + str + ": " + e);
            }
        } catch (IOException e2) {
            throw new SecurityException("Could not open keystore in path: " + str + ": " + e2);
        } catch (KeyStoreException e3) {
            throw new SecurityException("Could not get a keystore instance of type: " + str3 + ": " + e3);
        }
    }
}
