package org.apache.rahas.impl.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.TrustException;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.Base64;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.opensaml.DefaultBootstrap;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.signature.KeyInfo;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
import org.w3c.dom.bootstrap.DOMImplementationRegistry;
import org.w3c.dom.ls.DOMImplementationLS;
import org.w3c.dom.ls.LSOutput;
import org.w3c.dom.ls.LSSerializer;
import org.wso2.carbon.identity.entitlement.proxy.wsxacml.WSXACMLEntitlementServiceClient;
import org.xml.sax.SAXException;

/* loaded from: input_file:lib/rampart-trust_1.6.1.wso2v16.jar:org/apache/rahas/impl/util/SAML2Utils.class */
public class SAML2Utils {
    private static final Log log = LogFactory.getLog(SAML2Utils.class);

    public static Element getElementFromAssertion(XMLObject xMLObject) throws TrustException {
        try {
            String property = System.getProperty("javax.xml.parsers.DocumentBuilderFactory");
            System.setProperty("javax.xml.parsers.DocumentBuilderFactory", WSXACMLEntitlementServiceClient.DOCUMENT_BUILDER_FACTORY_IMPL);
            Element marshall = Configuration.getMarshallerFactory().getMarshaller(xMLObject).marshall(xMLObject);
            if (property == null) {
                System.getProperties().remove("javax.xml.parsers.DocumentBuilderFactory");
            } else {
                System.setProperty("javax.xml.parsers.DocumentBuilderFactory", property);
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DOMImplementationLS dOMImplementationLS = (DOMImplementationLS) DOMImplementationRegistry.newInstance().getDOMImplementation("LS");
            LSSerializer createLSSerializer = dOMImplementationLS.createLSSerializer();
            LSOutput createLSOutput = dOMImplementationLS.createLSOutput();
            createLSOutput.setByteStream(byteArrayOutputStream);
            createLSSerializer.write(marshall, createLSOutput);
            String byteArrayOutputStream2 = byteArrayOutputStream.toString();
            DocumentBuilderFactoryImpl.setDOOMRequired(true);
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            Element documentElement = newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(byteArrayOutputStream2.trim().getBytes())).getDocumentElement();
            DocumentBuilderFactoryImpl.setDOOMRequired(false);
            log.debug("DOM element is created successfully from the OpenSAML2 XMLObject");
            return documentElement;
        } catch (Exception e) {
            throw new TrustException("Error creating DOM object from the assertion", e);
        }
    }

    public static SAML2KeyInfo getSAML2KeyInfo(Element element, Crypto crypto, CallbackHandler callbackHandler) throws WSSecurityException {
        try {
            DefaultBootstrap.bootstrap();
            String obj = element.toString();
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            Element documentElement = newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(obj.trim().getBytes())).getDocumentElement();
            return getSAML2KeyInfo((Assertion) org.opensaml.Configuration.getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement), crypto, callbackHandler);
        } catch (IOException e) {
            throw new WSSecurityException(0, "Failure in unmarshelling the assertion", (Object[]) null, e);
        } catch (ParserConfigurationException e2) {
            throw new WSSecurityException(0, "Failure in unmarshelling the assertion", (Object[]) null, e2);
        } catch (ConfigurationException e3) {
            throw new WSSecurityException(0, "Failure in bootstrapping", (Object[]) null, e3);
        } catch (UnmarshallingException e4) {
            throw new WSSecurityException(0, "Failure in unmarshelling the assertion", (Object[]) null, e4);
        } catch (SAXException e5) {
            throw new WSSecurityException(0, "Failure in unmarshelling the assertion", (Object[]) null, e5);
        }
    }

    public static SAML2KeyInfo getSAML2KeyInfo(Assertion assertion, Crypto crypto, CallbackHandler callbackHandler) throws WSSecurityException {
        WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(assertion.getID(), 7);
        if (callbackHandler != null) {
            try {
                callbackHandler.handle(new Callback[]{wSPasswordCallback});
            } catch (Exception e) {
                throw new WSSecurityException(0, "noKey", new Object[]{assertion.getID()}, e);
            }
        }
        byte[] key = wSPasswordCallback.getKey();
        if (key != null) {
            return new SAML2KeyInfo(assertion, key);
        }
        try {
            Subject subject = assertion.getSubject();
            if (subject == null) {
                throw new WSSecurityException(0, "invalidSAML2Token", new Object[]{"for Signature (no Subject)"});
            }
            SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0);
            if (subjectConfirmation == null) {
                throw new WSSecurityException(0, "invalidSAML2Token", new Object[]{"for Signature (no Subject Confirmation)"});
            }
            SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
            if (subjectConfirmationData == null) {
                throw new WSSecurityException(0, "invalidSAML2Token", new Object[]{"for Signature (no Subject Confirmation Data)"});
            }
            XMLObject xMLObject = null;
            Iterator<XMLObject> it = subjectConfirmationData.getOrderedChildren().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                XMLObject next = it.next();
                if (next instanceof KeyInfo) {
                    xMLObject = next;
                    break;
                }
            }
            if (xMLObject == null) {
                throw new WSSecurityException(0, "invalidSAML2Token", new Object[]{"for Signature (no key info element)"});
            }
            String property = System.getProperty("javax.xml.parsers.DocumentBuilderFactory");
            System.setProperty("javax.xml.parsers.DocumentBuilderFactory", WSXACMLEntitlementServiceClient.DOCUMENT_BUILDER_FACTORY_IMPL);
            Element marshall = Configuration.getMarshallerFactory().getMarshaller(xMLObject).marshall(xMLObject);
            if (property == null) {
                System.getProperties().remove("javax.xml.parsers.DocumentBuilderFactory");
            } else {
                System.setProperty("javax.xml.parsers.DocumentBuilderFactory", property);
            }
            AttributeStatement attributeStatement = assertion.getAttributeStatements().size() != 0 ? assertion.getAttributeStatements().get(0) : null;
            AuthnStatement authnStatement = assertion.getAuthnStatements().size() != 0 ? assertion.getAuthnStatements().get(0) : null;
            if (attributeStatement != null) {
                NodeList childNodes = marshall.getChildNodes();
                int length = childNodes.getLength();
                for (int i = 0; i < length; i++) {
                    Node item = childNodes.item(i);
                    if (item.getNodeType() == 1) {
                        QName qName = new QName(item.getNamespaceURI(), item.getLocalName());
                        if (qName.equals(WSSecurityEngine.ENCRYPTED_KEY)) {
                            EncryptedKeyProcessor encryptedKeyProcessor = new EncryptedKeyProcessor();
                            encryptedKeyProcessor.handleEncryptedKey((Element) item, callbackHandler, crypto, (PrivateKey) null);
                            return new SAML2KeyInfo(assertion, encryptedKeyProcessor.getDecryptedBytes());
                        }
                        if (qName.equals(new QName("http://schemas.xmlsoap.org/ws/2005/02/trust", "BinarySecret"))) {
                            return new SAML2KeyInfo(assertion, Base64.decode(((Text) item.getFirstChild()).getData()));
                        }
                        if (qName.equals(new QName("http://www.w3.org/2000/09/xmldsig#", "X509Data"))) {
                            try {
                                org.apache.xml.security.keys.KeyInfo keyInfo = new org.apache.xml.security.keys.KeyInfo(marshall, (String) null);
                                if (keyInfo.containsX509Data()) {
                                    X509Data itemX509Data = keyInfo.itemX509Data(0);
                                    XMLX509Certificate xMLX509Certificate = null;
                                    if (itemX509Data != null && itemX509Data.containsCertificate()) {
                                        xMLX509Certificate = itemX509Data.itemCertificate(0);
                                    }
                                    if (xMLX509Certificate != null) {
                                        return new SAML2KeyInfo(assertion, new X509Certificate[]{xMLX509Certificate.getX509Certificate()});
                                    }
                                }
                            } catch (XMLSecurityException e2) {
                                throw new WSSecurityException(0, "invalidSAMLsecurity", new Object[]{"cannot get certificate (key holder)"}, e2);
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
            if (authnStatement != null) {
                try {
                    org.apache.xml.security.keys.KeyInfo keyInfo2 = new org.apache.xml.security.keys.KeyInfo(marshall, (String) null);
                    if (keyInfo2.containsX509Data()) {
                        X509Data itemX509Data2 = keyInfo2.itemX509Data(0);
                        XMLX509Certificate xMLX509Certificate2 = null;
                        if (itemX509Data2 != null && itemX509Data2.containsCertificate()) {
                            xMLX509Certificate2 = itemX509Data2.itemCertificate(0);
                        }
                        if (xMLX509Certificate2 != null) {
                            return new SAML2KeyInfo(assertion, new X509Certificate[]{xMLX509Certificate2.getX509Certificate()});
                        }
                    }
                } catch (XMLSecurityException e3) {
                    throw new WSSecurityException(0, "invalidSAMLsecurity", new Object[]{"cannot get certificate (key holder)"}, e3);
                }
            }
            throw new WSSecurityException(0, "invalidSAMLsecurity", new Object[]{"cannot get certificate or key "});
        } catch (MarshallingException e4) {
            throw new WSSecurityException(0, "Failed marshalling the SAML Assertion", (Object[]) null, e4);
        }
    }
}
