package org.apache.ws.security.saml;

import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAttributeStatement;
import org.opensaml.SAMLAuthenticationStatement;
import org.opensaml.SAMLException;
import org.opensaml.SAMLObject;
import org.opensaml.SAMLStatement;
import org.opensaml.SAMLSubject;
import org.opensaml.SAMLSubjectStatement;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;

/* loaded from: input_file:org/apache/ws/security/saml/SAMLUtil.class */
public class SAMLUtil {
    private static Log log;
    static Class class$org$apache$ws$security$saml$SAMLUtil;

    public static SAMLKeyInfo getSAMLKeyInfo(Element element, Crypto crypto, CallbackHandler callbackHandler) throws WSSecurityException {
        try {
            return getSAMLKeyInfo(new SAMLAssertion(element), crypto, callbackHandler);
        } catch (SAMLException e) {
            throw new WSSecurityException(0, "invalidSAMLToken", new Object[]{"for Signature (cannot parse)"}, e);
        }
    }

    public static SAMLKeyInfo getSAMLKeyInfo(SAMLAssertion sAMLAssertion, Crypto crypto, CallbackHandler callbackHandler) throws WSSecurityException {
        WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(sAMLAssertion.getId(), 7);
        if (callbackHandler != null) {
            try {
                callbackHandler.handle(new Callback[]{wSPasswordCallback});
            } catch (Exception e) {
                throw new WSSecurityException(0, "noKey", new Object[]{sAMLAssertion.getId()}, e);
            }
        }
        byte[] key = wSPasswordCallback.getKey();
        if (key != null) {
            return new SAMLKeyInfo(sAMLAssertion, key);
        }
        Iterator statements = sAMLAssertion.getStatements();
        while (statements.hasNext()) {
            SAMLAuthenticationStatement sAMLAuthenticationStatement = (SAMLStatement) statements.next();
            if (sAMLAuthenticationStatement instanceof SAMLAttributeStatement) {
                NodeList childNodes = ((SAMLAttributeStatement) sAMLAuthenticationStatement).getSubject().getKeyInfo().getChildNodes();
                int length = childNodes.getLength();
                for (int i = 0; i < length; i++) {
                    Node item = childNodes.item(i);
                    if (item.getNodeType() == 1) {
                        QName qName = new QName(item.getNamespaceURI(), item.getLocalName());
                        if (qName.equals(WSSecurityEngine.ENCRYPTED_KEY)) {
                            EncryptedKeyProcessor encryptedKeyProcessor = new EncryptedKeyProcessor();
                            encryptedKeyProcessor.handleEncryptedKey((Element) item, callbackHandler, crypto, null);
                            return new SAMLKeyInfo(sAMLAssertion, encryptedKeyProcessor.getDecryptedBytes());
                        }
                        if (qName.equals(new QName(WSConstants.WST_NS, "BinarySecret"))) {
                            return new SAMLKeyInfo(sAMLAssertion, Base64.decode(((Text) item.getFirstChild()).getData()));
                        }
                    }
                }
            } else {
                if (!(sAMLAuthenticationStatement instanceof SAMLAuthenticationStatement)) {
                    throw new WSSecurityException(0, "invalidSAMLsecurity", new Object[]{"cannot get certificate or key "});
                }
                SAMLSubject subject = sAMLAuthenticationStatement.getSubject();
                if (subject == null) {
                    throw new WSSecurityException(0, "invalidSAMLToken", new Object[]{"for Signature (no Subject)"});
                }
                try {
                    KeyInfo keyInfo = new KeyInfo(subject.getKeyInfo(), (String) null);
                    if (keyInfo.containsX509Data()) {
                        X509Data itemX509Data = keyInfo.itemX509Data(0);
                        XMLX509Certificate xMLX509Certificate = null;
                        if (itemX509Data != null && itemX509Data.containsCertificate()) {
                            xMLX509Certificate = itemX509Data.itemCertificate(0);
                        }
                        if (xMLX509Certificate != null) {
                            return new SAMLKeyInfo(sAMLAssertion, new X509Certificate[]{xMLX509Certificate.getX509Certificate()});
                        }
                    } else {
                        continue;
                    }
                } catch (XMLSecurityException e2) {
                    throw new WSSecurityException(0, "invalidSAMLsecurity", new Object[]{"cannot get certificate (key holder)"}, e2);
                }
            }
        }
        throw new WSSecurityException(0, "invalidSAMLsecurity", new Object[]{"cannot get certificate or key "});
    }

    public static X509Certificate[] getCertificatesFromSAML(Element element) throws WSSecurityException {
        try {
            SAMLSubjectStatement sAMLSubjectStatement = null;
            Iterator statements = new SAMLAssertion(element).getStatements();
            while (true) {
                if (!statements.hasNext()) {
                    break;
                }
                SAMLObject sAMLObject = (SAMLObject) statements.next();
                if (sAMLObject instanceof SAMLSubjectStatement) {
                    sAMLSubjectStatement = (SAMLSubjectStatement) sAMLObject;
                    break;
                }
            }
            SAMLSubject sAMLSubject = null;
            if (sAMLSubjectStatement != null) {
                sAMLSubject = sAMLSubjectStatement.getSubject();
            }
            if (sAMLSubject == null) {
                throw new WSSecurityException(0, "invalidSAMLToken", new Object[]{"for Signature (no Subject)"});
            }
            X509Certificate[] x509CertificateArr = null;
            try {
                KeyInfo keyInfo = new KeyInfo(sAMLSubject.getKeyInfo(), (String) null);
                if (keyInfo.containsX509Data()) {
                    X509Data itemX509Data = keyInfo.itemX509Data(0);
                    XMLX509Certificate xMLX509Certificate = null;
                    if (itemX509Data != null && itemX509Data.containsCertificate()) {
                        xMLX509Certificate = itemX509Data.itemCertificate(0);
                    }
                    if (xMLX509Certificate != null) {
                        x509CertificateArr = new X509Certificate[]{xMLX509Certificate.getX509Certificate()};
                    }
                }
                return x509CertificateArr;
            } catch (XMLSecurityException e) {
                throw new WSSecurityException(0, "invalidSAMLsecurity", new Object[]{"cannot get certificate (key holder)"}, e);
            }
        } catch (SAMLException e2) {
            throw new WSSecurityException(0, "invalidSAMLToken", new Object[]{"for Signature (cannot parse)"}, e2);
        }
    }

    public static String getAssertionId(Element element, String str, String str2) throws WSSecurityException {
        try {
            return new SAMLAssertion((Element) WSSecurityUtil.findElement(element, str, str2)).getId();
        } catch (Exception e) {
            log.error(e);
            throw new WSSecurityException(10, "noXMLSig", null, e);
        }
    }

    public static Timestamp getTimestampForSAMLAssertion(Element element) throws WSSecurityException {
        String[] validityPeriod = getValidityPeriod(element);
        if (validityPeriod[0] == null || validityPeriod[1] == null) {
            return null;
        }
        try {
            Document newDocument = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
            Element createElement = newDocument.createElement("SAMLTimestamp");
            Element createElementNS = newDocument.createElementNS(WSConstants.WSU_NS, WSConstants.CREATED_LN);
            createElementNS.setTextContent(validityPeriod[0]);
            createElement.appendChild(createElementNS);
            Element createElementNS2 = newDocument.createElementNS(WSConstants.WSU_NS, "Expires");
            createElementNS2.setTextContent(validityPeriod[1]);
            createElement.appendChild(createElementNS2);
            return new Timestamp(createElement);
        } catch (ParserConfigurationException e) {
            throw new WSSecurityException(0, "SAMLTimeStampBuildError", null, e);
        } catch (WSSecurityException e2) {
            throw new WSSecurityException(0, "SAMLTimeStampBuildError", null, e2);
        }
    }

    private static String[] getValidityPeriod(Element element) {
        String[] strArr = new String[2];
        Node firstChild = element.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                break;
            }
            if (WSConstants.SAML_CONDITION.equals(node.getLocalName()) && WSConstants.SAML_NS.equals(node.getNamespaceURI())) {
                NamedNodeMap attributes = node.getAttributes();
                for (int i = 0; i < attributes.getLength(); i++) {
                    Node item = attributes.item(i);
                    if (WSConstants.SAML_NOT_BEFORE.equals(item.getLocalName())) {
                        strArr[0] = item.getNodeValue();
                    } else if (WSConstants.SAML_NOT_AFTER.equals(item.getLocalName())) {
                        strArr[1] = item.getNodeValue();
                    }
                }
            } else {
                firstChild = node.getNextSibling();
            }
        }
        return strArr;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$ws$security$saml$SAMLUtil == null) {
            cls = class$("org.apache.ws.security.saml.SAMLUtil");
            class$org$apache$ws$security$saml$SAMLUtil = cls;
        } else {
            cls = class$org$apache$ws$security$saml$SAMLUtil;
        }
        log = LogFactory.getLog(cls.getName());
    }
}
