package weblogic.wsee.security.saml;

import java.io.CharArrayWriter;
import java.security.Key;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.stream.XMLStreamException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import weblogic.security.utils.SAMLAssertionInfo;
import weblogic.security.utils.SAMLAssertionInfoFactory;
import weblogic.xml.crypto.api.MarshalException;
import weblogic.xml.crypto.common.keyinfo.EncryptedKeyProvider;
import weblogic.xml.crypto.dsig.api.keyinfo.KeyInfo;
import weblogic.xml.crypto.dsig.api.keyinfo.X509Data;
import weblogic.xml.crypto.dsig.keyinfo.KeyInfoImpl;
import weblogic.xml.crypto.encrypt.api.keyinfo.EncryptedKey;
import weblogic.xml.crypto.wss.SecurityImpl;
import weblogic.xml.crypto.wss.WSSConstants;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.provider.SecurityTokenReference;
import weblogic.xml.dom.DOMStreamReader;
import weblogic.xml.dom.DOMUtils;

/* loaded from: input_file:weblogic/wsee/security/saml/SAMLCredentialImpl.class */
public class SAMLCredentialImpl implements SAMLCredential {
    private static final Logger LOGGER = Logger.getLogger(SAMLCredentialImpl.class.getName());
    private static final boolean debug = false;
    private static final boolean DEBUG_SX_INTEROP_ISSUED_TOKEN = false;
    private Key symmetircKey;
    private PrivateKey privateKey;
    private X509Certificate cert;
    private Key holderOfKey;
    private boolean isHolderOfKey;
    private Element encryptedKey;
    private EncryptedKeyProvider encryptedKeyProvider;
    private String tokenType;
    private String version;
    private boolean isSaml2;
    private Object credential;
    private SAMLAssertionInfo samlAsst;
    private SecurityTokenReference securityTokenReference;
    private SAMLAttributeStatementData attributes;

    protected SAMLCredentialImpl() throws WSSecurityException {
        this.symmetircKey = null;
        this.privateKey = null;
        this.cert = null;
        this.holderOfKey = null;
        this.isHolderOfKey = false;
        this.encryptedKey = null;
        this.encryptedKeyProvider = null;
        this.tokenType = null;
        this.version = null;
        this.isSaml2 = false;
        this.credential = null;
        this.samlAsst = null;
        this.attributes = null;
    }

    public SAMLCredentialImpl(Node node) throws WSSecurityException {
        this(null, node);
    }

    public SAMLCredentialImpl(String str, Object obj) throws WSSecurityException {
        this(str, obj, null);
    }

    public void verbose() {
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Assertion ID: " + this.samlAsst.getId());
            LOGGER.log(Level.FINE, "Assertion CM: " + this.samlAsst.getSubjectConfirmationMethod());
            LOGGER.log(Level.FINE, "Assertion Subject: " + this.samlAsst.getSubjectName());
            LOGGER.log(Level.FINE, "Assertion Version: " + this.samlAsst.getVersion());
        }
    }

    public SAMLCredentialImpl(String str, Object obj, PrivateKey privateKey) throws WSSecurityException {
        this.symmetircKey = null;
        this.privateKey = null;
        this.cert = null;
        this.holderOfKey = null;
        this.isHolderOfKey = false;
        this.encryptedKey = null;
        this.encryptedKeyProvider = null;
        this.tokenType = null;
        this.version = null;
        this.isSaml2 = false;
        this.credential = null;
        this.samlAsst = null;
        this.attributes = null;
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "tokenType: " + str + ", cred: " + obj + ", privkey: " + privateKey);
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Class of cred is: " + obj.getClass().toString());
        }
        Element element = null;
        DocumentBuilder documentBuilder = null;
        try {
            try {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Instantiating SAMLAssertionInfoFactory");
                }
                SAMLAssertionInfoFactory sAMLAssertionInfoFactory = SAMLAssertionInfoFactory.getInstance();
                if (obj instanceof Node) {
                    documentBuilder = CSSUtils.getParser();
                    Document newDocument = documentBuilder.newDocument();
                    Node importNode = newDocument.importNode((Node) obj, true);
                    newDocument.appendChild(importNode);
                    try {
                        if (LOGGER.isLoggable(Level.FINE)) {
                            LOGGER.log(Level.FINE, "Getting SAMLAssertionInfo from DOM Element of CSS");
                        }
                        this.samlAsst = sAMLAssertionInfoFactory.getSAMLAssertionInfo((Element) importNode);
                        element = SAMLAssertionInfoImpl.getSamlAssertionSignatureKeyInfoElement((Element) importNode);
                    } catch (Exception e) {
                        if (LOGGER.isLoggable(Level.FINE)) {
                            LOGGER.log(Level.FINE, "Got erroron on SAMLAssertionInfo from DOM Element of CSS, msg =" + e.getMessage());
                        }
                    }
                } else {
                    if (!(obj instanceof String)) {
                        throw new WSSecurityException("Invalid SAML token", WSSConstants.FAILURE_TOKEN_INVALID);
                    }
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Getting SAMLAssertionInfo from String XML");
                    }
                    this.samlAsst = sAMLAssertionInfoFactory.getSAMLAssertionInfo((String) obj);
                }
                if (this.samlAsst == null) {
                    throw new WSSecurityException("Invalid SAML token when samlAsst= null", WSSConstants.FAILURE_TOKEN_INVALID);
                }
                if (documentBuilder != null) {
                    CSSUtils.returnParser(documentBuilder);
                }
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Got SAMLAssertionInfo");
                }
                setVersion(this.samlAsst.getVersion());
                setTokenType(str == null ? isSaml2() ? SAML2Constants.SAML20_TOKEN_TYPE : SAML2Constants.SAML11_TOKEN_TYPE : str);
                setPrivateKey(privateKey);
                setCredential(obj);
                initHolderOfKey(this.samlAsst, element);
            } catch (Exception e2) {
                throw new WSSecurityException("Invalid SAML token on CCS?" + e2.getMessage(), e2, WSSConstants.FAILURE_TOKEN_INVALID);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                CSSUtils.returnParser(null);
            }
            throw th;
        }
    }

    private static String toXMLString(Node node) throws TransformerException {
        CharArrayWriter charArrayWriter = new CharArrayWriter();
        TransformerFactory.newInstance().newTransformer().transform(new DOMSource(node), new StreamResult(charArrayWriter));
        charArrayWriter.flush();
        return charArrayWriter.toString();
    }

    private void setVersion(String str) {
        this.version = str;
        if (str.equals(SAML2Constants.SAML_VERSION_20)) {
            this.isSaml2 = true;
        } else {
            this.isSaml2 = false;
        }
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public SAMLAttributeStatementData getAttributes() {
        return this.attributes;
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public void setAttributes(SAMLAttributeStatementData sAMLAttributeStatementData) {
        this.attributes = sAMLAttributeStatementData;
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public String getVersion() {
        return this.version;
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public boolean isSaml2() {
        return this.isSaml2;
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public String getAssertionID() {
        return this.samlAsst.getId();
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public String getTokenType() {
        return this.tokenType;
    }

    public void setTokenType(String str) {
        this.tokenType = str;
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public void setCredential(Object obj) {
        this.credential = obj;
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public Object getCredential() {
        return this.credential;
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public boolean isHolderOfKey() {
        return this.isHolderOfKey;
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public Key getHolderOfKey() {
        return this.holderOfKey;
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public Key getSymmetircKey() {
        return this.symmetircKey;
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public void setSymmetircKey(Key key) {
        this.symmetircKey = key;
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public Element getEncryptedKey() {
        return this.encryptedKey;
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public EncryptedKeyProvider getEncryptedKeyProvider() {
        return this.encryptedKeyProvider;
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public void setEncryptedKeyProvider(EncryptedKeyProvider encryptedKeyProvider) {
        this.encryptedKeyProvider = encryptedKeyProvider;
    }

    @Override // weblogic.wsee.security.saml.SAMLCredential
    public X509Certificate getX509Cert() {
        return this.cert;
    }

    private void initHolderOfKey(SAMLAssertionInfo sAMLAssertionInfo, Element element) throws WSSecurityException {
        String subjectConfirmationMethod = sAMLAssertionInfo.getSubjectConfirmationMethod();
        this.isHolderOfKey = (isSaml2() && "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key".equals(subjectConfirmationMethod)) || (!isSaml2() && SAML2Constants.SAML10_HOLDER_OF_KEY.equals(subjectConfirmationMethod));
        this.holderOfKey = null;
        Element element2 = null;
        if (this.isHolderOfKey) {
            element2 = sAMLAssertionInfo.getSubjectKeyInfo();
        } else if (null != element) {
            element2 = element;
        }
        if (element2 != null) {
            this.encryptedKey = DOMUtils.getFirstElement(element2, SecurityImpl.ENCRYPTED_KEY_QNAME);
            if (this.encryptedKey != null) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Got Encrypted Key =" + this.encryptedKey);
                    return;
                }
                return;
            }
            try {
                DOMStreamReader dOMStreamReader = new DOMStreamReader(element2);
                KeyInfoImpl keyInfoImpl = new KeyInfoImpl();
                keyInfoImpl.read(dOMStreamReader);
                setKeyObjectFromKeyInfo(keyInfoImpl);
            } catch (XMLStreamException e) {
                throw new WSSecurityException("Invalid SAML token on XML " + e.getMessage(), (Exception) e, WSSConstants.FAILURE_TOKEN_INVALID);
            } catch (MarshalException e2) {
                throw new WSSecurityException("Invalid SAML token  on Marshal " + e2.getMessage(), (Exception) e2, WSSConstants.FAILURE_TOKEN_INVALID);
            }
        }
    }

    private Key setKeyObjectFromKeyInfo(KeyInfo keyInfo) {
        for (Object obj : keyInfo.getContent()) {
            if (obj instanceof X509Data) {
                for (Object obj2 : ((X509Data) obj).getContent()) {
                    if (obj2 instanceof X509Certificate) {
                        this.cert = (X509Certificate) obj2;
                        this.holderOfKey = ((X509Certificate) obj2).getPublicKey();
                    }
                }
            } else if (obj instanceof SecurityTokenReference) {
                this.securityTokenReference = (SecurityTokenReference) obj;
            } else if ((obj instanceof EncryptedKey) && LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Got another EncryptedKey object here???? ");
            }
        }
        return null;
    }

    public SecurityTokenReference getSecurityTokenReference() {
        return this.securityTokenReference;
    }
}
