package org.wso2.carbon.identity.authenticator.saml2.sso.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.X509Certificate;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.UnmarshallingException;
import org.w3c.dom.Element;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.authenticator.saml2.sso.SAML2SSOAuthenticatorException;
import org.wso2.carbon.identity.authenticator.saml2.sso.internal.SAML2SSOAuthBEDataHolder;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/wso2/carbon/identity/authenticator/saml2/sso/util/Util.class */
public class Util {
    private static boolean bootStrapped = false;
    private static Log log = LogFactory.getLog(Util.class);

    public static XMLObject unmarshall(String str) throws SAML2SSOAuthenticatorException {
        try {
            doBootstrap();
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            Element documentElement = newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(str.trim().getBytes())).getDocumentElement();
            XMLObject unmarshall = Configuration.getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement);
            if (unmarshall.getDOM().getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:protocol", "Response").getLength() <= 0) {
                return unmarshall;
            }
            log.error("Invalid schema for the SAML2 reponse");
            throw new SAML2SSOAuthenticatorException("Error occured while processing saml2 response");
        } catch (IOException e) {
            log.error(e.getMessage());
            throw new SAML2SSOAuthenticatorException("Error occured while processing saml2 response");
        } catch (ParserConfigurationException e2) {
            log.error(e2.getMessage());
            throw new SAML2SSOAuthenticatorException("Error occured while processing saml2 response");
        } catch (UnmarshallingException e3) {
            log.error(e3.getMessage());
            throw new SAML2SSOAuthenticatorException("Error occured while processing saml2 response");
        } catch (SAXException e4) {
            log.error(e4.getMessage());
            throw new SAML2SSOAuthenticatorException("Error occured while processing saml2 response");
        }
    }

    public static void doBootstrap() {
        if (bootStrapped) {
            return;
        }
        try {
            DefaultBootstrap.bootstrap();
            bootStrapped = true;
        } catch (ConfigurationException e) {
            log.error("Error in bootstrapping the OpenSAML2 library", e);
        }
    }

    public static X509CredentialImpl getX509CredentialImplForTenant(String str) throws SAML2SSOAuthenticatorException {
        X509Certificate defaultPrimaryCertificate;
        X509CredentialImpl x509CredentialImpl;
        int i = 0;
        SAML2SSOAuthBEDataHolder.getInstance().getRegistryService();
        RealmService realmService = SAML2SSOAuthBEDataHolder.getInstance().getRealmService();
        if (str != null) {
            try {
                i = realmService.getTenantManager().getTenantId(str);
            } catch (UserStoreException e) {
                log.error("Error getting the TenantID for the domain name", e);
                throw new SAML2SSOAuthenticatorException("Error getting the TenantID for the domain name", e);
            }
        }
        KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(i);
        try {
            if (i != 0) {
                x509CredentialImpl = new X509CredentialImpl((X509Certificate) keyStoreManager.getKeyStore(generateKSNameFromDomainName(str)).getCertificate(str));
            } else {
                String idPCertAlias = SAML2SSOAuthBEDataHolder.getInstance().getIdPCertAlias();
                if (idPCertAlias != null) {
                    defaultPrimaryCertificate = (X509Certificate) keyStoreManager.getPrimaryKeyStore().getCertificate(idPCertAlias);
                    if (defaultPrimaryCertificate == null) {
                        String str2 = "Cannot find a certificate with the alias " + idPCertAlias + " in the default key store. Please check the 'KeyAlias' property in the SSO configuration of the authenticators.xml";
                        log.error(str2);
                        throw new SAML2SSOAuthenticatorException(str2);
                    }
                } else {
                    defaultPrimaryCertificate = keyStoreManager.getDefaultPrimaryCertificate();
                }
                x509CredentialImpl = new X509CredentialImpl(defaultPrimaryCertificate);
            }
            return x509CredentialImpl;
        } catch (Exception e2) {
            log.error("Error instantiating an X509CredentialImpl object for the public cert.", e2);
            throw new SAML2SSOAuthenticatorException("Error instantiating an X509CredentialImpl object for the public cert.", e2);
        }
    }

    private static String generateKSNameFromDomainName(String str) {
        return str.trim().replace(".", "-") + ".jks";
    }
}
