package org.wso2.carbon.identity.application.authenticator.samlsso.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.URLEncoder;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.Random;
import java.util.zip.DataFormatException;
import java.util.zip.Inflater;
import java.util.zip.InflaterInputStream;
import javax.xml.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.Init;
import org.apache.xml.security.utils.Base64;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilder;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.signature.X509Certificate;
import org.opensaml.xml.signature.X509Data;
import org.w3c.dom.Element;
import org.w3c.dom.bootstrap.DOMImplementationRegistry;
import org.w3c.dom.ls.DOMImplementationLS;
import org.w3c.dom.ls.LSOutput;
import org.w3c.dom.ls.LSSerializer;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException;
import org.wso2.carbon.identity.application.authenticator.samlsso.manager.X509CredentialImpl;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOUtils.class */
public class SSOUtils {
    private static Log log = LogFactory.getLog(SSOUtils.class);

    public static String createID() {
        byte[] bArr = new byte[20];
        new Random().nextBytes(bArr);
        char[] cArr = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p'};
        char[] cArr2 = new char[40];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = (bArr[i] >> 4) & 15;
            int i3 = bArr[i] & 15;
            cArr2[i * 2] = cArr[i2];
            cArr2[(i * 2) + 1] = cArr[i3];
        }
        return String.valueOf(cArr2);
    }

    public static AuthnRequest setSignature(AuthnRequest authnRequest, String str, X509Credential x509Credential) throws SAMLSSOException {
        try {
            Signature buildXMLObject = buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
            buildXMLObject.setSigningCredential(x509Credential);
            buildXMLObject.setSignatureAlgorithm(str);
            buildXMLObject.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
            try {
                KeyInfo buildXMLObject2 = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
                X509Data buildXMLObject3 = buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
                X509Certificate buildXMLObject4 = buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
                buildXMLObject4.setValue(Base64.encode(x509Credential.getEntityCertificate().getEncoded()));
                buildXMLObject3.getX509Certificates().add(buildXMLObject4);
                buildXMLObject2.getX509Datas().add(buildXMLObject3);
                buildXMLObject.setKeyInfo(buildXMLObject2);
                authnRequest.setSignature(buildXMLObject);
                ArrayList arrayList = new ArrayList();
                arrayList.add(buildXMLObject);
                Configuration.getMarshallerFactory().getMarshaller(authnRequest).marshall(authnRequest);
                Init.init();
                Signer.signObjects(arrayList);
                return authnRequest;
            } catch (CertificateEncodingException e) {
                throw new SAMLSSOException("Error getting certificate", e);
            }
        } catch (Exception e2) {
            throw new SAMLSSOException("Error while signing the SAML Request message", e2);
        }
    }

    public static LogoutRequest setSignature(LogoutRequest logoutRequest, String str, X509Credential x509Credential) throws SAMLSSOException {
        try {
            Signature buildXMLObject = buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
            buildXMLObject.setSigningCredential(x509Credential);
            buildXMLObject.setSignatureAlgorithm(str);
            buildXMLObject.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
            try {
                KeyInfo buildXMLObject2 = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
                X509Data buildXMLObject3 = buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
                X509Certificate buildXMLObject4 = buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
                buildXMLObject4.setValue(Base64.encode(x509Credential.getEntityCertificate().getEncoded()));
                buildXMLObject3.getX509Certificates().add(buildXMLObject4);
                buildXMLObject2.getX509Datas().add(buildXMLObject3);
                buildXMLObject.setKeyInfo(buildXMLObject2);
                logoutRequest.setSignature(buildXMLObject);
                ArrayList arrayList = new ArrayList();
                arrayList.add(buildXMLObject);
                Configuration.getMarshallerFactory().getMarshaller(logoutRequest).marshall(logoutRequest);
                Init.init();
                Signer.signObjects(arrayList);
                return logoutRequest;
            } catch (CertificateEncodingException e) {
                throw new SAMLSSOException("Error getting certificate", e);
            }
        } catch (Exception e2) {
            throw new SAMLSSOException("Error while signing the Logout Request message", e2);
        }
    }

    @Deprecated
    public static void addDeflateSignatureToHTTPQueryString(StringBuilder sb) throws SAMLSSOException {
        try {
            sb.append("&SigAlg=" + URLEncoder.encode("http://www.w3.org/2000/09/xmldsig#rsa-sha1", "UTF-8").trim());
            java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
            signature.initSign(KeyStoreManager.getInstance(-1234).getDefaultPrivateKey());
            signature.update(sb.toString().getBytes());
            sb.append("&Signature=" + URLEncoder.encode(org.opensaml.xml.util.Base64.encodeBytes(signature.sign(), 8), "UTF-8").trim());
        } catch (Exception e) {
            throw new SAMLSSOException("Error applying SAML2 Redirect Binding signature", e);
        }
    }

    public static void addSignatureToHTTPQueryString(String str, StringBuilder sb) throws SAMLSSOException {
        try {
            sb.append("&SigAlg=");
            sb.append(URLEncoder.encode("http://www.w3.org/2000/09/xmldsig#rsa-sha1", "UTF-8").trim());
            X509CredentialImpl x509CredentialImpl = new X509CredentialImpl(str, null);
            java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
            signature.initSign(x509CredentialImpl.getPrivateKey());
            signature.update(sb.toString().getBytes());
            String encodeBytes = org.opensaml.xml.util.Base64.encodeBytes(signature.sign(), 8);
            sb.append("&Signature=");
            sb.append(URLEncoder.encode(encodeBytes, "UTF-8").trim());
        } catch (Exception e) {
            throw new SAMLSSOException("Error while applying SAML2 Redirect Binding signature", e);
        }
    }

    private static XMLObject buildXMLObject(QName qName) throws SAMLSSOException {
        XMLObjectBuilder builder = Configuration.getBuilderFactory().getBuilder(qName);
        if (builder == null) {
            throw new SAMLSSOException("Unable to retrieve builder for object QName " + qName);
        }
        return builder.buildObject(qName.getNamespaceURI(), qName.getLocalPart(), qName.getPrefix());
    }

    public static String decode(String str) throws SAMLSSOException {
        try {
            byte[] decode = new org.apache.commons.codec.binary.Base64().decode(str.getBytes("UTF-8"));
            try {
                Inflater inflater = new Inflater(true);
                inflater.setInput(decode);
                byte[] bArr = new byte[5000];
                int inflate = inflater.inflate(bArr);
                if (inflater.getRemaining() > 0) {
                    throw new RuntimeException("didn't allocate enough space to hold decompressed data");
                }
                inflater.end();
                String str2 = new String(bArr, 0, inflate, "UTF-8");
                if (log.isDebugEnabled()) {
                    log.debug("Request message " + str2);
                }
                return str2;
            } catch (DataFormatException e) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                InflaterInputStream inflaterInputStream = new InflaterInputStream(byteArrayInputStream);
                byte[] bArr2 = new byte[1024];
                for (int read = inflaterInputStream.read(bArr2); read != -1; read = inflaterInputStream.read(bArr2)) {
                    byteArrayOutputStream.write(bArr2, 0, read);
                }
                inflaterInputStream.close();
                String str3 = new String(byteArrayOutputStream.toByteArray());
                if (log.isDebugEnabled()) {
                    log.debug("Request message " + str3);
                }
                return str3;
            }
        } catch (IOException e2) {
            throw new SAMLSSOException("Error when decoding the SAML Request.", e2);
        }
    }

    public static String decodeForPost(String str) throws SAMLSSOException {
        try {
            String str2 = new String(new org.apache.commons.codec.binary.Base64().decode(str.getBytes("UTF-8")), "UTF-8");
            if (log.isDebugEnabled()) {
                log.debug("Request message " + str2);
            }
            return str2;
        } catch (IOException e) {
            throw new SAMLSSOException("Error when decoding the SAML Request.", e);
        }
    }

    public static String marshall(XMLObject xMLObject) throws SAMLSSOException {
        try {
            System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
            Element marshall = Configuration.getMarshallerFactory().getMarshaller(xMLObject).marshall(xMLObject);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DOMImplementationLS dOMImplementationLS = (DOMImplementationLS) DOMImplementationRegistry.newInstance().getDOMImplementation("LS");
            LSSerializer createLSSerializer = dOMImplementationLS.createLSSerializer();
            LSOutput createLSOutput = dOMImplementationLS.createLSOutput();
            createLSOutput.setByteStream(byteArrayOutputStream);
            createLSSerializer.write(marshall, createLSOutput);
            return byteArrayOutputStream.toString();
        } catch (Exception e) {
            log.error("Error Serializing the SAML Response");
            throw new SAMLSSOException("Error Serializing the SAML Response", e);
        }
    }

    public static String encode(String str) {
        return org.opensaml.xml.util.Base64.encodeBytes(str.getBytes(), 8).trim();
    }

    public static boolean isAuthnRequestSigned(Map<String, String> map) {
        String str;
        if (map == null || (str = map.get("ISAuthnReqSigned")) == null) {
            return false;
        }
        return Boolean.parseBoolean(str);
    }

    public static boolean isLogoutEnabled(Map<String, String> map) {
        String str;
        if (map == null || (str = map.get("IsLogoutEnabled")) == null) {
            return false;
        }
        return Boolean.parseBoolean(str);
    }

    public static boolean isLogoutRequestSigned(Map<String, String> map) {
        String str;
        if (map == null || (str = map.get("IsLogoutReqSigned")) == null) {
            return false;
        }
        return Boolean.parseBoolean(str);
    }

    public static boolean isAuthnResponseSigned(Map<String, String> map) {
        String str;
        if (map == null || (str = map.get("IsAuthnRespSigned")) == null) {
            return false;
        }
        return Boolean.parseBoolean(str);
    }

    public static boolean isAssertionSigningEnabled(Map<String, String> map) {
        String str;
        if (map == null || (str = map.get("isAssertionSigned")) == null) {
            return false;
        }
        return Boolean.parseBoolean(str);
    }

    public static boolean isAssertionEncryptionEnabled(Map<String, String> map) {
        String str;
        if (map == null || (str = map.get("IsAssertionEncrypted")) == null) {
            return false;
        }
        return Boolean.parseBoolean(str);
    }

    public static Map<String, String> getQueryMap(String str) {
        String[] split = str.split("&");
        HashMap hashMap = new HashMap();
        for (String str2 : split) {
            String[] split2 = str2.split("=");
            String str3 = split2[0];
            String str4 = "";
            if (split2.length > 1) {
                str4 = split2[1];
            }
            hashMap.put(str3, str4);
        }
        return hashMap;
    }
}
