package weblogic.wsee.security.saml;

import java.util.HashSet;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import javax.xml.namespace.QName;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import weblogic.security.SimplePrincipal;
import weblogic.xml.crypto.utils.DOMUtils;

/* loaded from: input_file:weblogic/wsee/security/saml/SAMLUtils.class */
public class SAMLUtils {
    private static final Logger LOGGER = Logger.getLogger(SAMLUtils.class.getName());
    private static final String SAML_ASSERTION_TAG = "Assertion";
    private static final String SAML11_ID_ATTR = "AssertionID";
    private static final String SAML11_MAJOR_VERSION_ATTR = "MajorVersion";
    private static final String SAML11_MINOR_VERSION_ATTR = "MinorVersion";
    private static final String SAML11_VERSION = "1.1";
    private static final String SAML20_ID_ATTR = "ID";
    private static final String SAML20_VERSION_ATTR = "Version";
    private static final String SAML20_VERSION = "2.0";
    private static final String SAML_ISSUER_ATTR = "Issuer";
    private static final String SAML_CONDITIONS_TAG = "Conditions";
    private static final String SAML_NOTBEFORE_ATTR = "NotBefore";
    private static final String SAML_NOTONORAFTER_ATTR = "NotOnOrAfter";
    public static final String SAML_SUBJECT_TAG = "Subject";
    public static final String SAML_ATN_STATEMENT_TAG = "AuthenticationStatement";
    public static final String SAML_ATTRIBUTE_STATEMENT_TAG = "AttributeStatement";
    private static final String SAML11_NAMEID_TAG = "NameIdentifier";
    private static final String SAML20_NAMEID_TAG = "NameID";
    public static final String SAML_SUBJCONF_TAG = "SubjectConfirmation";
    private static final String SAML20_SUBJCONF_METHOD_ATTR = "Method";
    private static final String SAML11_SUBJCONF_METHOD_TAG = "ConfirmationMethod";
    private static final String SAML_KEYINFO_TAG = "KeyInfo";
    private static final String SAML_SUBJCONF_DATA_TAG = "SubjectConfirmationData";
    private static final String FORMAT = "Format";
    private static final String X509_SUBJECT_NAME = "X509SubjectName";
    private static final String AUTHN_INSTANT = "AuthenticationInstant";
    private static final String AUTHN_METHOD = "AuthenticationMethod";
    private static final String AUTHN_METHOD_PASSWORD = "urn:oasis:names:tc:SAML:1.0:am:password";
    private static Set saml11TokenSet;

    public static String getTokenTypeFromAssertionElement(Element element) {
        if (element == null || !SAML_ASSERTION_TAG.equals(element.getLocalName())) {
            return null;
        }
        if ("2.0".equals(element.getAttribute("Version"))) {
            return SAML2Constants.SAML20_TOKEN_TYPE;
        }
        if ("1.1".equals(element.getAttribute(SAML11_MAJOR_VERSION_ATTR) + "." + element.getAttribute(SAML11_MINOR_VERSION_ATTR))) {
            return SAML2Constants.SAML11_TOKEN_TYPE;
        }
        return null;
    }

    public static boolean isEquivalentSamlTokenType(String str, String str2) {
        if (str != null && str.equals(str2) && str.equals(SAML2Constants.SAML20_TOKEN_TYPE)) {
            return true;
        }
        return saml11TokenSet.contains(str) && saml11TokenSet.contains(str2);
    }

    public static boolean isSamlTokenType(String str) {
        return SAML2Constants.SAML20_TOKEN_TYPE.equals(str) || saml11TokenSet.contains(str);
    }

    public static boolean isSymmetricKeyType(String str) {
        if (null == str) {
            return false;
        }
        return str.endsWith("/SymmetricKey");
    }

    public static Element getFirstMatchingChildElement(Element element, String str) {
        NodeList childNodes = element.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (item.getNodeType() == 1 && item.getLocalName().equals(str)) {
                return (Element) item;
            }
        }
        return null;
    }

    public static Node getReplaceAttributeStmtToAuthenticateStmtSAMLNode(Element element) {
        String str;
        if (null == getFirstMatchingChildElement(element, SAML_ATTRIBUTE_STATEMENT_TAG)) {
            return element;
        }
        Node cloneNode = element.cloneNode(true);
        Element createElement = DOMUtils.createElement((Element) cloneNode, new QName(element.getNamespaceURI(), SAML_ATN_STATEMENT_TAG, element.getPrefix()), element.getPrefix());
        Element firstMatchingChildElement = getFirstMatchingChildElement(element, SAML_CONDITIONS_TAG);
        str = "2008-12-02T20:08:42.359Z";
        createElement.setAttribute(AUTHN_INSTANT, null != firstMatchingChildElement ? DOMUtils.getAttributeValue(firstMatchingChildElement, new QName(SAML_NOTBEFORE_ATTR), str) : "2008-12-02T20:08:42.359Z");
        createElement.setAttribute(AUTHN_METHOD, AUTHN_METHOD_PASSWORD);
        Element firstMatchingChildElement2 = getFirstMatchingChildElement((Element) cloneNode, SAML_ATTRIBUTE_STATEMENT_TAG);
        createElement.appendChild(getFirstMatchingChildElement(firstMatchingChildElement2, SAML_SUBJECT_TAG));
        cloneNode.replaceChild(createElement, firstMatchingChildElement2);
        return cloneNode;
    }

    public static boolean hasAttributeNoAuthenticateStmt(Element element) {
        Element firstMatchingChildElement;
        return (null == element || null != getFirstMatchingChildElement(element, SAML_ATN_STATEMENT_TAG) || null == (firstMatchingChildElement = getFirstMatchingChildElement(element, SAML_ATTRIBUTE_STATEMENT_TAG)) || null == getFirstMatchingChildElement(firstMatchingChildElement, SAML_SUBJECT_TAG)) ? false : true;
    }

    public static Element getSubjectElementFromSamlAssertion(Element element) {
        Element firstMatchingChildElement = getFirstMatchingChildElement(element, SAML_ATN_STATEMENT_TAG);
        if (firstMatchingChildElement != null) {
            return getFirstMatchingChildElement(firstMatchingChildElement, SAML_SUBJECT_TAG);
        }
        Element firstMatchingChildElement2 = getFirstMatchingChildElement(element, SAML_ATTRIBUTE_STATEMENT_TAG);
        return firstMatchingChildElement2 != null ? getFirstMatchingChildElement(firstMatchingChildElement2, SAML_SUBJECT_TAG) : getFirstMatchingChildElement(element, SAML_SUBJECT_TAG);
    }

    public static Element getNameIdentifierElm(Element element) {
        if (null == element) {
            return null;
        }
        Element firstMatchingChildElement = getFirstMatchingChildElement(element, SAML11_NAMEID_TAG);
        return null != firstMatchingChildElement ? firstMatchingChildElement : getFirstMatchingChildElement(element, SAML20_NAMEID_TAG);
    }

    public static boolean hasX509SubjectName(Element element) {
        if (null == element) {
            return false;
        }
        String attributeValue = DOMUtils.getAttributeValue(element, new QName(FORMAT));
        if (null == attributeValue) {
            attributeValue = DOMUtils.getAttributeValue(element, new QName(element.getNamespaceURI(), FORMAT));
        }
        if (null != attributeValue) {
            return attributeValue.indexOf("X509SubjectName") != -1;
        }
        String text = DOMUtils.getText(element);
        if (null == text) {
            return false;
        }
        return text.startsWith("CN=");
    }

    public static Subject getJavaSubjectFromSamlElement(Node node) {
        Element nameIdentifierElm = getNameIdentifierElm(getSubjectElementFromSamlAssertion((Element) node));
        if (null == nameIdentifierElm) {
            return null;
        }
        String text = DOMUtils.getText(nameIdentifierElm);
        Subject subject = new Subject();
        if (null == text) {
            return subject;
        }
        if (hasX509SubjectName(nameIdentifierElm)) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "X509 Subject name =" + text);
            }
            subject.getPrincipals().add(new X500Principal(text));
        } else {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Simple principla name =" + text);
            }
            subject.getPrincipals().add(new SimplePrincipal(text));
        }
        return subject;
    }

    static {
        saml11TokenSet = null;
        saml11TokenSet = new HashSet();
        saml11TokenSet.add(SAML2Constants.SAML11_TOKEN_TYPE);
        saml11TokenSet.add("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
        saml11TokenSet.add(SAMLConstants.SAML_VALUE_TYPE_2004_01);
    }
}
