package org.wso2.carbon.identity.saml.common.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xerces.util.SecurityManager;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.wso2.carbon.identity.saml.common.util.exception.IdentityUnmarshallingException;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/wso2/carbon/identity/saml/common/util/UnmarshallUtils.class */
public class UnmarshallUtils {
    private static final Log log = LogFactory.getLog(UnmarshallUtils.class);
    private static final int ENTITY_EXPANSION_LIMIT = 0;

    public static XMLObject unmarshall(String str) throws IdentityUnmarshallingException {
        try {
            DocumentBuilderFactory securedDocumentBuilderFactory = getSecuredDocumentBuilderFactory();
            securedDocumentBuilderFactory.setIgnoringComments(true);
            Document document = getDocument(securedDocumentBuilderFactory, str);
            if (isSignedWithComments(document)) {
                securedDocumentBuilderFactory.setIgnoringComments(false);
                document = getDocument(securedDocumentBuilderFactory, str);
            }
            Element documentElement = document.getDocumentElement();
            return XMLObjectProviderRegistrySupport.getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement);
        } catch (ParserConfigurationException | UnmarshallingException | IOException | SAXException e) {
            throw new IdentityUnmarshallingException("Error in constructing XML Object from the encoded String", e);
        }
    }

    private static boolean isSignedWithComments(Document document) {
        NodeList nodeList;
        XPath newXPath = XPathFactory.newInstance().newXPath();
        try {
            String str = (String) newXPath.compile("//*[local-name()='Assertion']/@ID").evaluate(document, XPathConstants.STRING);
            if (!StringUtils.isBlank(str) && (nodeList = (NodeList) newXPath.compile("//*[local-name()='Assertion']/*[local-name()='Signature']/*[local-name()='SignedInfo']/*[local-name()='Reference'][@URI='#" + str + "']/*[local-name()='Transforms']/*[local-name()='Transform'][@Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#WithComments']").evaluate(document, XPathConstants.NODESET)) != null) {
                if (nodeList.getLength() > 0) {
                    return true;
                }
            }
            return false;
        } catch (XPathExpressionException e) {
            log.warn("Failed to find the canonicalization algorithm of the assertion. Defaulting to: http://www.w3.org/2001/10/xml-exc-c14n#");
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Failed to find the canonicalization algorithm of the assertion. Defaulting to: http://www.w3.org/2001/10/xml-exc-c14n#", e);
            return false;
        }
    }

    private static Document getDocument(DocumentBuilderFactory documentBuilderFactory, String str) throws IOException, SAXException, ParserConfigurationException {
        return documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(str.getBytes()));
    }

    public static DocumentBuilderFactory getSecuredDocumentBuilderFactory() {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        newInstance.setXIncludeAware(false);
        newInstance.setExpandEntityReferences(false);
        try {
            newInstance.setFeature("http://xml.org/sax/features/external-general-entities", false);
            newInstance.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
            newInstance.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
            newInstance.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
        } catch (ParserConfigurationException e) {
            log.error("Failed to load XML Processor Feature external-general-entities or external-parameter-entities or nonvalidating/load-external-dtd or secure-processing.");
        }
        SecurityManager securityManager = new SecurityManager();
        securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
        newInstance.setAttribute("http://apache.org/xml/properties/security-manager", securityManager);
        return newInstance;
    }
}
