package com.sun.xml.wss.saml.util;

import com.sun.xml.stream.buffer.MutableXMLStreamBuffer;
import com.sun.xml.stream.buffer.stax.StreamWriterBufferCreator;
import com.sun.xml.ws.security.opt.impl.util.StreamUtil;
import com.sun.xml.wss.WSITXMLFactory;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.SecurableSoapMessage;
import com.sun.xml.wss.impl.dsig.WSSPolicyConsumerImpl;
import com.sun.xml.wss.logging.LogDomainConstants;
import com.sun.xml.wss.logging.saml.LogStringsMessages;
import com.sun.xml.wss.saml.assertion.saml20.jaxb20.Assertion;
import com.sun.xml.wss.util.DateUtils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.security.PublicKey;
import java.text.ParseException;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.Marshaller;
import javax.xml.crypto.Data;
import javax.xml.crypto.NodeSetData;
import javax.xml.crypto.URIDereferencer;
import javax.xml.crypto.URIReference;
import javax.xml.crypto.URIReferenceException;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.stream.XMLStreamWriter;
import javax.xml.transform.dom.DOMResult;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com/sun/xml/wss/saml/util/SAMLUtil.class */
public class SAMLUtil {
    private static Logger logger = Logger.getLogger(LogDomainConstants.SAML_API_DOMAIN, LogDomainConstants.SAML_API_DOMAIN_BUNDLE);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sun/xml/wss/saml/util/SAMLUtil$DSigResolver.class */
    public static class DSigResolver implements URIDereferencer {
        Element elem;
        Map map;
        Class<?> _nodeSetClass = null;
        String optNSClassName = "org.apache.jcp.xml.dsig.internal.dom.DOMSubTreeData";
        Constructor _constructor = null;
        Boolean _false = false;

        DSigResolver(Map map, Element element) {
            this.elem = null;
            this.map = null;
            this.elem = element;
            this.map = map;
            init();
        }

        void init() {
            try {
                this._nodeSetClass = Class.forName(this.optNSClassName);
                this._constructor = this._nodeSetClass.getConstructor(Node.class, Boolean.TYPE);
            } catch (ClassNotFoundException e) {
            } catch (LinkageError e2) {
            } catch (NoSuchMethodException e3) {
            }
        }

        @Override // javax.xml.crypto.URIDereferencer
        public Data dereference(URIReference uRIReference, XMLCryptoContext xMLCryptoContext) throws URIReferenceException {
            try {
                return dereferenceURI(uRIReference.getURI(), xMLCryptoContext);
            } catch (Exception e) {
                throw new URIReferenceException(e);
            }
        }

        Data dereferenceURI(String str, XMLCryptoContext xMLCryptoContext) throws URIReferenceException {
            if (str.charAt(0) != '#') {
                return null;
            }
            String substring = str.substring(1, str.length());
            Node elementById = this.elem.getOwnerDocument().getElementById(substring);
            if (elementById == null) {
                elementById = (Element) this.map.get(substring);
            }
            if (this._constructor == null) {
                final HashSet hashSet = new HashSet();
                toNodeSet(elementById, hashSet);
                return new NodeSetData() { // from class: com.sun.xml.wss.saml.util.SAMLUtil.DSigResolver.1
                    @Override // javax.xml.crypto.NodeSetData
                    public Iterator iterator() {
                        return hashSet.iterator();
                    }
                };
            }
            try {
                return (Data) this._constructor.newInstance(elementById, this._false);
            } catch (Exception e) {
                e.printStackTrace();
                return null;
            }
        }

        void toNodeSet(Node node, Set<Object> set) {
            switch (node.getNodeType()) {
                case 1:
                    set.add(node);
                    if (((Element) node).hasAttributes()) {
                        NamedNodeMap attributes = ((Element) node).getAttributes();
                        for (int i = 0; i < attributes.getLength(); i++) {
                            set.add(attributes.item(i));
                        }
                        break;
                    }
                    break;
                case 2:
                case 3:
                case 4:
                case 5:
                case 6:
                case 7:
                default:
                    set.add(node);
                    return;
                case 8:
                    return;
                case 9:
                    break;
                case 10:
                    return;
            }
            Node firstChild = node.getFirstChild();
            while (true) {
                Node node2 = firstChild;
                if (node2 == null) {
                    return;
                }
                if (node2.getNodeType() == 3) {
                    set.add(node2);
                    while (node2 != null && node2.getNodeType() == 3) {
                        node2 = node2.getNextSibling();
                    }
                    if (node2 == null) {
                        return;
                    }
                }
                toNodeSet(node2, set);
                firstChild = node2.getNextSibling();
            }
        }
    }

    public static Element locateSamlAssertion(String str, Document document) throws XWSSecurityException {
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS("urn:oasis:names:tc:SAML:1.0:assertion", MessageConstants.SAML_ASSERTION_LNAME);
        if (elementsByTagNameNS.item(0) == null) {
            elementsByTagNameNS = document.getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:assertion", MessageConstants.SAML_ASSERTION_LNAME);
        }
        int length = elementsByTagNameNS.getLength();
        if (length == 0) {
            logger.log(Level.SEVERE, LogStringsMessages.WSS_001_SAML_ASSERTION_NOT_FOUND(str));
            throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_SECURITY_TOKEN_UNAVAILABLE, "Referenced Security Token could not be retrieved", null);
        }
        for (int i = 0; i < length; i++) {
            Element element = (Element) elementsByTagNameNS.item(i);
            String attribute = element.getAttribute(MessageConstants.SAML_ASSERTIONID_LNAME);
            String attribute2 = element.getAttribute(MessageConstants.SAML_ID_LNAME);
            if (attribute.equals(str) || attribute2.equals(str)) {
                return element;
            }
        }
        logger.log(Level.SEVERE, LogStringsMessages.WSS_001_SAML_ASSERTION_NOT_FOUND(str));
        throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_SECURITY_TOKEN_UNAVAILABLE, "Referenced Security Token could not be retrieved", null);
    }

    public static Element toElement(Node node, Object obj) throws XWSSecurityException {
        return toElement(node, obj, null);
    }

    public static Element toElement(Node node, Object obj, JAXBContext jAXBContext) throws XWSSecurityException {
        DOMResult dOMResult;
        Document document = null;
        if (node != null) {
            dOMResult = new DOMResult(node);
        } else {
            try {
                document = WSITXMLFactory.createDocumentBuilderFactory(WSITXMLFactory.DISABLE_SECURE_PROCESSING).newDocumentBuilder().newDocument();
                dOMResult = new DOMResult(document);
            } catch (Exception e) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_002_FAILED_CREATE_DOCUMENT(), (Throwable) e);
                throw new XWSSecurityException("Unable to create Document : " + e.getMessage());
            }
        }
        JAXBContext jAXBContext2 = jAXBContext;
        if (jAXBContext2 == null) {
            try {
                jAXBContext2 = System.getProperty("com.sun.xml.wss.saml.binding.jaxb") == null ? obj instanceof Assertion ? SAML20JAXBUtil.getJAXBContext() : SAMLJAXBUtil.getJAXBContext() : SAMLJAXBUtil.getJAXBContext();
            } catch (Exception e2) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_003_FAILEDTO_MARSHAL(), (Throwable) e2);
                throw new XWSSecurityException("Not able to Marshal " + obj.getClass().getName() + ", got exception: " + e2.getMessage());
            }
        }
        Marshaller createMarshaller = jAXBContext2.createMarshaller();
        if (obj == null && logger.isLoggable(Level.FINE)) {
            logger.log(Level.FINE, "Element is Null in SAMLUtil.toElement()");
        }
        createMarshaller.setProperty("com.sun.xml.bind.namespacePrefixMapper", new WSSNamespacePrefixMapper());
        createMarshaller.marshal(obj, dOMResult);
        return node != null ? node.getNodeType() == 1 ? node.getFirstChild().getNamespaceURI().equals("urn:oasis:names:tc:SAML:2.0:assertion") ? (Element) ((Element) node).getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:assertion", MessageConstants.SAML_ASSERTION_LNAME).item(0) : (Element) ((Element) node).getElementsByTagNameNS("urn:oasis:names:tc:SAML:1.0:assertion", MessageConstants.SAML_ASSERTION_LNAME).item(0) : node.getFirstChild().getNamespaceURI().equals("urn:oasis:names:tc:SAML:2.0:assertion") ? (Element) ((Document) node).getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:assertion", MessageConstants.SAML_ASSERTION_LNAME).item(0) : (Element) ((Document) node).getElementsByTagNameNS("urn:oasis:names:tc:SAML:1.0:assertion", MessageConstants.SAML_ASSERTION_LNAME).item(0) : document.getFirstChild().getNamespaceURI().equals("urn:oasis:names:tc:SAML:2.0:assertion") ? (Element) document.getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:assertion", MessageConstants.SAML_ASSERTION_LNAME).item(0) : (Element) document.getElementsByTagNameNS("urn:oasis:names:tc:SAML:1.0:assertion", MessageConstants.SAML_ASSERTION_LNAME).item(0);
    }

    public static Element createSAMLAssertion(XMLStreamReader xMLStreamReader) throws XWSSecurityException, XMLStreamException {
        XMLOutputFactory newInstance = XMLOutputFactory.newInstance();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        MutableXMLStreamBuffer mutableXMLStreamBuffer = new MutableXMLStreamBuffer();
        StreamWriterBufferCreator streamWriterBufferCreator = new StreamWriterBufferCreator(mutableXMLStreamBuffer);
        try {
            XMLStreamWriter createXMLStreamWriter = newInstance.createXMLStreamWriter(byteArrayOutputStream);
            while (8 != xMLStreamReader.getEventType()) {
                StreamUtil.writeCurrentEvent(xMLStreamReader, streamWriterBufferCreator);
                xMLStreamReader.next();
            }
            mutableXMLStreamBuffer.writeToXMLStreamWriter(createXMLStreamWriter);
            createXMLStreamWriter.close();
            try {
                byteArrayOutputStream.close();
                DocumentBuilderFactory createDocumentBuilderFactory = WSITXMLFactory.createDocumentBuilderFactory(WSITXMLFactory.DISABLE_SECURE_PROCESSING);
                createDocumentBuilderFactory.setNamespaceAware(true);
                return createDocumentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).getDocumentElement();
            } catch (IOException e) {
                throw new XWSSecurityException("Error occurred while trying to convert SAMLAssertion stream into DOM Element", e);
            }
        } catch (XMLStreamException e2) {
            throw new XMLStreamException("Error occurred while trying to convert SAMLAssertion stream into DOM Element", e2);
        } catch (Exception e3) {
            throw new XWSSecurityException("Error occurred while trying to convert SAMLAssertion stream into DOM Element", e3);
        }
    }

    public static boolean validateTimeInConditionsStatement(Element element) throws XWSSecurityException {
        Date date = null;
        Date date2 = null;
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(element.getNamespaceURI(), "Conditions");
        if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() <= 0) {
            logger.log(Level.INFO, "No Conditions Element found in SAML Assertion");
            return true;
        }
        Element element2 = (Element) elementsByTagNameNS.item(0);
        String localName = element2.getLocalName();
        if (localName == null) {
            throw new XWSSecurityException("Internal Error: LocalName of Conditions Element found Null");
        }
        if (!localName.equals("Conditions")) {
            throw new XWSSecurityException("Internal Error: LocalName of Conditions Element found to be :" + localName);
        }
        String attribute = element2.getAttribute("NotBefore");
        if (attribute != null && !attribute.equals("")) {
            try {
                date = DateUtils.stringToDate(attribute);
            } catch (ParseException e) {
                throw new XWSSecurityException(e);
            }
        }
        String attribute2 = element2.getAttribute("NotOnOrAfter");
        if (attribute2 != null && !attribute2.equals("")) {
            try {
                date2 = DateUtils.stringToDate(element2.getAttribute("NotOnOrAfter"));
            } catch (ParseException e2) {
                throw new XWSSecurityException(e2);
            }
        }
        long currentTimeMillis = System.currentTimeMillis();
        return date == null ? date2 == null || currentTimeMillis < date2.getTime() : date2 == null ? currentTimeMillis >= date.getTime() : currentTimeMillis >= date.getTime() && currentTimeMillis < date2.getTime();
    }

    public static boolean verifySignature(Element element, PublicKey publicKey) throws XWSSecurityException {
        try {
            HashMap hashMap = new HashMap();
            String attribute = element.getAttribute(MessageConstants.SAML_ID_LNAME);
            if (attribute == null || attribute.length() < 1) {
                attribute = element.getAttribute(MessageConstants.SAML_ASSERTIONID_LNAME);
            }
            hashMap.put(attribute, element);
            NodeList elementsByTagNameNS = element.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
            if (elementsByTagNameNS.getLength() == 0) {
                throw new XWSSecurityException("Unsigned SAML Assertion encountered while verifying the SAML signature");
            }
            DOMValidateContext dOMValidateContext = new DOMValidateContext(publicKey, (Element) elementsByTagNameNS.item(0));
            XMLSignature unmarshalXMLSignature = WSSPolicyConsumerImpl.getInstance().getSignatureFactory().unmarshalXMLSignature(dOMValidateContext);
            dOMValidateContext.setURIDereferencer(new DSigResolver(hashMap, element));
            return unmarshalXMLSignature.validate(dOMValidateContext);
        } catch (Exception e) {
            throw new XWSSecurityException(e);
        }
    }
}
