package org.wso2.solutions.identity.relyingparty;

import java.io.ByteArrayInputStream;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import javax.crypto.SecretKey;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.Init;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.signature.XMLSignature;
import org.opensaml.InvalidCryptoException;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAttribute;
import org.opensaml.SAMLAttributeStatement;
import org.opensaml.SAMLException;
import org.opensaml.SAMLStatement;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.wso2.solutions.identity.i18n.Messages;

/* loaded from: input_file:org/wso2/solutions/identity/relyingparty/TokenVerifier.class */
public class TokenVerifier {
    private static Log log;
    private static Messages messages;
    private Hashtable attributeTable = new Hashtable();
    private List certificates = new ArrayList();
    private Element keyInfoElement = null;
    private String issuerName = null;
    private boolean isMultipleValues = false;
    private X509Certificate signingCert = null;
    static Class class$org$wso2$solutions$identity$relyingparty$TokenVerifier;

    public Element decryptToken(String str, PrivateKey privateKey) throws RelyingPartyException {
        try {
            if (log.isDebugEnabled()) {
                log.debug(messages.getMessage("receivedEncryuptedToken", new String[]{str}));
            }
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            return decryptElement(privateKey, newInstance.newDocumentBuilder().parse(byteArrayInputStream).getDocumentElement());
        } catch (Exception e) {
            throw new RelyingPartyException("verificationFailure", e);
        }
    }

    public boolean verifyDecryptedToken(Element element) throws RelyingPartyException {
        try {
            if (log.isDebugEnabled()) {
                log.debug(messages.getMessage("verifyingDecryptedToken"));
            }
            SAMLAssertion sAMLAssertion = new SAMLAssertion(element);
            if (sAMLAssertion.isSigned()) {
                sAMLAssertion.verify();
                try {
                    Iterator x509Certificates = sAMLAssertion.getX509Certificates();
                    boolean z = false;
                    while (x509Certificates.hasNext()) {
                        X509Certificate x509Certificate = (X509Certificate) x509Certificates.next();
                        if (!z) {
                            this.signingCert = x509Certificate;
                            z = true;
                        }
                        this.certificates.add(x509Certificate);
                    }
                } catch (InvalidCryptoException e) {
                    XMLSignature xMLSignature = (XMLSignature) sAMLAssertion.getNativeSignature();
                    if (xMLSignature == null) {
                        throw e;
                    }
                    this.keyInfoElement = xMLSignature.getKeyInfo().getElement();
                }
            }
            Iterator statements = sAMLAssertion.getStatements();
            while (statements.hasNext()) {
                SAMLAttributeStatement sAMLAttributeStatement = (SAMLStatement) statements.next();
                if (sAMLAttributeStatement instanceof SAMLAttributeStatement) {
                    Iterator attributes = sAMLAttributeStatement.getAttributes();
                    while (attributes.hasNext()) {
                        SAMLAttribute sAMLAttribute = (SAMLAttribute) attributes.next();
                        String stringBuffer = new StringBuffer().append(sAMLAttribute.getNamespace()).append("/").append(sAMLAttribute.getName()).toString();
                        Iterator values = sAMLAttribute.getValues();
                        int i = 0;
                        StringBuffer stringBuffer2 = new StringBuffer();
                        while (values.hasNext()) {
                            stringBuffer2.append(values.next());
                            i++;
                        }
                        if (i > 1) {
                            this.isMultipleValues = true;
                        }
                        String stringBuffer3 = stringBuffer2.toString();
                        if (log.isDebugEnabled()) {
                            log.debug(messages.getMessage("samlAttrFound", new Object[]{stringBuffer, stringBuffer3}));
                        }
                        this.attributeTable.put(stringBuffer, stringBuffer3);
                    }
                }
            }
            this.issuerName = sAMLAssertion.getIssuer();
            if (this.issuerName == null) {
                throw new RelyingPartyException("issuerIsNull");
            }
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug(messages.getMessage("verifyingDecryptedTokenDone"));
            return true;
        } catch (SAMLException e2) {
            throw new RelyingPartyException("verificationFailure", (Throwable) e2);
        }
    }

    private Element decryptElement(PrivateKey privateKey, Element element) throws Exception {
        if (log.isDebugEnabled()) {
            log.debug(messages.getMessage("decryptingToken"));
        }
        Element element2 = (Element) ((Element) element.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "KeyInfo").item(0)).getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey").item(0);
        EncryptedKeyProcessor encryptedKeyProcessor = new EncryptedKeyProcessor();
        encryptedKeyProcessor.handleEncryptedKey(element2, privateKey);
        SecretKey prepareSecretKey = WSSecurityUtil.prepareSecretKey("http://www.w3.org/2001/04/xmlenc#aes128-cbc", encryptedKeyProcessor.getDecryptedBytes());
        XMLCipher xMLCipher = XMLCipher.getInstance();
        xMLCipher.init(2, prepareSecretKey);
        Document doFinal = xMLCipher.doFinal(element.getOwnerDocument(), element);
        if (log.isDebugEnabled()) {
            log.debug(messages.getMessage("decryptingTokenDone"));
        }
        return doFinal.getDocumentElement();
    }

    public X509Certificate getSigningCert() {
        return this.signingCert;
    }

    public Hashtable getAttributeTable() {
        return this.attributeTable;
    }

    public List getCertificates() {
        return this.certificates;
    }

    public Element getKeyInfoElement() {
        return this.keyInfoElement;
    }

    public String getIssuerName() {
        return this.issuerName;
    }

    public void setIssuerName(String str) {
        this.issuerName = str;
    }

    public boolean isMultipleValues() {
        return this.isMultipleValues;
    }

    public void setMultipleValues(boolean z) {
        this.isMultipleValues = z;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$wso2$solutions$identity$relyingparty$TokenVerifier == null) {
            cls = class$("org.wso2.solutions.identity.relyingparty.TokenVerifier");
            class$org$wso2$solutions$identity$relyingparty$TokenVerifier = cls;
        } else {
            cls = class$org$wso2$solutions$identity$relyingparty$TokenVerifier;
        }
        log = LogFactory.getLog(cls);
        messages = Messages.getInstance(TokenVerifierConstants.RESOURCES);
        Init.init();
    }
}
