package org.wso2.carbon.identity.sso.agent.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.Random;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.XMLConstants;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.commons.lang.StringUtils;
import org.apache.xerces.util.SecurityManager;
import org.apache.xml.security.Init;
import org.apache.xml.security.utils.Base64;
import org.opensaml.DefaultBootstrap;
import org.opensaml.saml2.core.ArtifactResolve;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilder;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.SignableXMLObject;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.signature.X509Certificate;
import org.opensaml.xml.signature.X509Data;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.w3c.dom.bootstrap.DOMImplementationRegistry;
import org.w3c.dom.ls.DOMImplementationLS;
import org.w3c.dom.ls.LSOutput;
import org.w3c.dom.ls.LSSerializer;
import org.wso2.carbon.identity.sso.agent.exception.SSOAgentException;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.sso.agent-5.2.3.jar:org/wso2/carbon/identity/sso/agent/util/SSOAgentUtils.class */
public class SSOAgentUtils {
    private static Logger LOGGER = Logger.getLogger("org.wso2.carbon.identity.sso.agent");
    private static boolean isBootStrapped = false;
    private static Random random = new Random();
    private static final int ENTITY_EXPANSION_LIMIT = 0;

    private SSOAgentUtils() {
    }

    public static String createID() {
        byte[] bArr = new byte[20];
        random.nextBytes(bArr);
        char[] cArr = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p'};
        char[] cArr2 = new char[40];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = (bArr[i] >> 4) & 15;
            int i3 = bArr[i] & 15;
            cArr2[i * 2] = cArr[i2];
            cArr2[(i * 2) + 1] = cArr[i3];
        }
        return String.valueOf(cArr2);
    }

    public static void doBootstrap() throws SSOAgentException {
        if (isBootStrapped) {
            return;
        }
        try {
            DefaultBootstrap.bootstrap();
            isBootStrapped = true;
        } catch (ConfigurationException e) {
            throw new SSOAgentException("Error in bootstrapping the OpenSAML2 library", e);
        }
    }

    public static AuthnRequest setSignature(AuthnRequest authnRequest, String str, X509Credential x509Credential) throws SSOAgentException {
        doBootstrap();
        return (AuthnRequest) setSignatureValue(authnRequest, str, x509Credential);
    }

    public static LogoutRequest setSignature(LogoutRequest logoutRequest, String str, X509Credential x509Credential) throws SSOAgentException {
        return (LogoutRequest) setSignatureValue(logoutRequest, str, x509Credential);
    }

    public static ArtifactResolve setSignature(ArtifactResolve artifactResolve, String str, X509Credential x509Credential) throws SSOAgentException {
        return (ArtifactResolve) setSignatureValue(artifactResolve, str, x509Credential);
    }

    public static <T extends SignableXMLObject> T setSignatureValue(T t, String str, X509Credential x509Credential) throws SSOAgentException {
        try {
            Signature signatureRaw = setSignatureRaw(str, x509Credential);
            t.setSignature(signatureRaw);
            ArrayList arrayList = new ArrayList();
            arrayList.add(signatureRaw);
            Configuration.getMarshallerFactory().getMarshaller(t).marshall(t);
            Init.init();
            Signer.signObjects(arrayList);
            return t;
        } catch (Exception e) {
            throw new SSOAgentException("Error while signing the SAML Request message", e);
        }
    }

    private static Signature setSignatureRaw(String str, X509Credential x509Credential) throws SSOAgentException {
        Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
        signature.setSigningCredential(x509Credential);
        signature.setSignatureAlgorithm(str);
        signature.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        try {
            KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
            X509Data x509Data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
            X509Certificate x509Certificate = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
            x509Certificate.setValue(Base64.encode(x509Credential.getEntityCertificate().getEncoded()));
            x509Data.getX509Certificates().add(x509Certificate);
            keyInfo.getX509Datas().add(x509Data);
            signature.setKeyInfo(keyInfo);
            return signature;
        } catch (CertificateEncodingException e) {
            throw new SSOAgentException("Error getting certificate", e);
        }
    }

    public static void addDeflateSignatureToHTTPQueryString(StringBuilder sb, X509Credential x509Credential) throws SSOAgentException {
        doBootstrap();
        try {
            sb.append("&SigAlg=" + URLEncoder.encode("http://www.w3.org/2000/09/xmldsig#rsa-sha1", "UTF-8").trim());
            java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
            signature.initSign(x509Credential.getPrivateKey());
            signature.update(sb.toString().getBytes(Charset.forName("UTF-8")));
            sb.append("&Signature=" + URLEncoder.encode(org.opensaml.xml.util.Base64.encodeBytes(signature.sign(), 8), "UTF-8").trim());
        } catch (Exception e) {
            throw new SSOAgentException("Error applying SAML2 Redirect Binding signature", e);
        }
    }

    private static XMLObject buildXMLObject(QName qName) throws SSOAgentException {
        doBootstrap();
        XMLObjectBuilder builder = Configuration.getBuilderFactory().getBuilder(qName);
        if (builder == null) {
            throw new SSOAgentException("Unable to retrieve builder for object QName " + qName);
        }
        return builder.buildObject(qName.getNamespaceURI(), qName.getLocalPart(), qName.getPrefix());
    }

    public static void sendPostResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws SSOAgentException {
        PrintWriter printWriter = null;
        try {
            try {
                printWriter = httpServletResponse.getWriter();
                printWriter.write(str);
                httpServletResponse.flushBuffer();
                if (printWriter != null) {
                    try {
                        printWriter.close();
                    } catch (IOException e) {
                        LOGGER.log(Level.WARNING, "Error occurred while closing Writer", (Throwable) e);
                    }
                }
            } catch (IOException e2) {
                throw new SSOAgentException("Error occurred while writing to HttpServletResponse", e2);
            }
        } catch (Throwable th) {
            if (printWriter != null) {
                try {
                    printWriter.close();
                } catch (IOException e3) {
                    LOGGER.log(Level.WARNING, "Error occurred while closing Writer", (Throwable) e3);
                }
            }
            throw th;
        }
    }

    public static String marshall(XMLObject xMLObject) throws SSOAgentException {
        try {
            Element marshall = Configuration.getMarshallerFactory().getMarshaller(xMLObject).marshall(xMLObject);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DOMImplementationLS dOMImplementationLS = (DOMImplementationLS) DOMImplementationRegistry.newInstance().getDOMImplementation("LS");
            LSSerializer createLSSerializer = dOMImplementationLS.createLSSerializer();
            LSOutput createLSOutput = dOMImplementationLS.createLSOutput();
            createLSOutput.setByteStream(byteArrayOutputStream);
            createLSSerializer.write(marshall, createLSOutput);
            return byteArrayOutputStream.toString();
        } catch (Exception e) {
            throw new SSOAgentException("Error Serializing the SAML Response", e);
        }
    }

    public static XMLObject unmarshall(String str) throws SSOAgentException {
        doBootstrap();
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        newInstance.setXIncludeAware(false);
        newInstance.setExpandEntityReferences(false);
        try {
            newInstance.setFeature("http://xml.org/sax/features/external-general-entities", false);
            newInstance.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
            newInstance.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
            newInstance.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        } catch (ParserConfigurationException e) {
            LOGGER.log(Level.SEVERE, "Failed to load XML Processor Feature external-general-entities or external-parameter-entities or nonvalidating/load-external-dtd or secure-processing.");
        }
        SecurityManager securityManager = new SecurityManager();
        securityManager.setEntityExpansionLimit(0);
        newInstance.setAttribute("http://apache.org/xml/properties/security-manager", securityManager);
        try {
            newInstance.setIgnoringComments(true);
            Document document = getDocument(newInstance, str);
            if (isSignedWithComments(document)) {
                newInstance.setIgnoringComments(false);
                document = getDocument(newInstance, str);
            }
            Element documentElement = document.getDocumentElement();
            return org.opensaml.Configuration.getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement);
        } catch (IOException e2) {
            throw new SSOAgentException("Error in unmarshalling SAML2SSO Request from the encoded String", e2);
        } catch (ParserConfigurationException e3) {
            throw new SSOAgentException("Error in unmarshalling SAML2SSO Request from the encoded String", e3);
        } catch (UnmarshallingException e4) {
            throw new SSOAgentException("Error in unmarshalling SAML2SSO Request from the encoded String", e4);
        } catch (SAXException e5) {
            throw new SSOAgentException("Error in unmarshalling SAML2SSO Request from the encoded String", e5);
        }
    }

    private static boolean isSignedWithComments(Document document) {
        NodeList nodeList;
        XPath newXPath = XPathFactory.newInstance().newXPath();
        try {
            String str = (String) newXPath.compile("//*[local-name()='Assertion']/@ID").evaluate(document, XPathConstants.STRING);
            if (!StringUtils.isBlank(str) && (nodeList = (NodeList) newXPath.compile("//*[local-name()='Assertion']/*[local-name()='Signature']/*[local-name()='SignedInfo']/*[local-name()='Reference'][@URI='#" + str + "']/*[local-name()='Transforms']/*[local-name()='Transform'][@Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#WithComments']").evaluate(document, XPathConstants.NODESET)) != null) {
                if (nodeList.getLength() > 0) {
                    return true;
                }
            }
            return false;
        } catch (XPathExpressionException e) {
            LOGGER.log(Level.WARNING, "Failed to find the canonicalization algorithm of the assertion. Defaulting to: http://www.w3.org/2001/10/xml-exc-c14n#");
            return false;
        }
    }

    private static Document getDocument(DocumentBuilderFactory documentBuilderFactory, String str) throws IOException, SAXException, ParserConfigurationException {
        return documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(str.getBytes()));
    }
}
