package com.bea.security.saml2.util;

import com.bea.common.security.saml2.ConfigValidationException;
import com.bea.common.security.saml2.SingleSignOnServicesConfigSpi;
import com.bea.common.security.utils.CommonUtils;
import com.bea.security.saml2.Saml2Logger;
import com.bea.security.saml2.providers.registry.Partner;
import com.bea.security.saml2.providers.registry.WSSIdPPartner;
import com.bea.security.saml2.providers.registry.WSSPartner;
import com.bea.security.saml2.providers.registry.WebSSOIdPPartner;
import com.bea.security.saml2.providers.registry.WebSSOPartner;
import com.bea.security.saml2.providers.registry.WebSSOSPPartner;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.security.KeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.common.xml.ParserPoolManager;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.parse.XMLParserException;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.validation.ValidationException;
import org.w3c.dom.Element;
import org.xml.sax.InputSource;
import weblogic.management.utils.InvalidParameterException;
import weblogic.security.service.ContextHandler;
import weblogic.utils.encoders.BASE64Decoder;
import weblogic.utils.encoders.BASE64Encoder;

/* loaded from: input_file:com/bea/security/saml2/util/SAML2Utils.class */
public class SAML2Utils {
    public static final String QUERY_PARAMS_DELIMITER = "&";
    public static final String NO_QUERY_PARAMS_DELIMITER = "?";
    private static final String DEFAULT_ENCODING = "UTF-8";
    public static final String ASSERTION_TYPE_BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
    public static final String ASSERTION_TYPE_HOLDER_OF_KEY = "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
    public static final String ASSERTION_TYPE_SENDER_VOUCHES = "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches";
    public static final boolean ALLOW_EXPIRE_CERTS = Boolean.getBoolean("com.bea.common.security.saml2.allowExpiredCerts");
    public static final boolean ENABLE_URL_REWRITING = Boolean.getBoolean("com.bea.common.security.saml2.enableURLRewriting");
    public static final boolean USE_SHA1_SIGALGO = Boolean.getBoolean("com.bea.common.security.saml2.useSHA1SigAlgorithm");

    private SAML2Utils() {
    }

    public static EntityDescriptor createSSODescriptor(String str) throws IOException, XMLParserException {
        if (str == null || str.trim().equals("")) {
            throw new IllegalArgumentException("Null or empty filename");
        }
        try {
            Element documentElement = ParserPoolManager.getSAML2Instance().parse(new FileInputStream(str)).getDocumentElement();
            return Configuration.getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement);
        } catch (ClassCastException e) {
            throw new XMLParserException(Saml2Logger.getMetadataNotEntityDescriptor());
        } catch (UnmarshallingException e2) {
            throw new XMLParserException("Unmarshalling failed when parsing descriptor: " + e2);
        }
    }

    public static Assertion createAssertion(String str) throws XMLParserException {
        return createAssertion(ParserPoolManager.getSAML2Instance().parse(new InputSource(new StringReader(str))).getDocumentElement());
    }

    public static Assertion createAssertion(Element element) throws XMLParserException {
        try {
            return Configuration.getUnmarshallerFactory().getUnmarshaller(element).unmarshall(element);
        } catch (UnmarshallingException e) {
            throw new XMLParserException("Unmarshalling failed when parsing content: " + element + ": " + e);
        }
    }

    public static SAMLObject signSamlObject(PrivateKey privateKey, SignableSAMLObject signableSAMLObject) throws MarshallingException {
        return signSamlObject(privateKey, signableSAMLObject, null);
    }

    public static SAMLObject signSamlObject(PrivateKey privateKey, SignableSAMLObject signableSAMLObject, List list) throws MarshallingException {
        if (privateKey == null || signableSAMLObject == null) {
            throw new IllegalArgumentException("null parameter");
        }
        Signature buildObject = Configuration.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setSigningKey(privateKey);
        buildObject.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        if (SAML2Constants.DSA_KEY_TYPE.equals(privateKey.getAlgorithm())) {
            if (USE_SHA1_SIGALGO) {
                buildObject.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#dsa-sha1");
            } else {
                buildObject.setSignatureAlgorithm(SAML2Constants.SIGNATUREMETHOD_DSA_SHA256_URI);
            }
        } else {
            if (!"RSA".equals(privateKey.getAlgorithm())) {
                throw new MarshallingException("Invalid key algorithm found: " + privateKey.getAlgorithm());
            }
            if (USE_SHA1_SIGALGO) {
                buildObject.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
            } else {
                buildObject.setSignatureAlgorithm(SAML2Constants.SIGNATUREMETHOD_RSA_SHA256_URI);
            }
        }
        if (list != null && list.size() > 0) {
            buildObject.setKeyInfo(buildKeyInfo(list));
        }
        signableSAMLObject.setSignature(buildObject);
        Configuration.getMarshallerFactory().getMarshaller(signableSAMLObject).marshall(signableSAMLObject);
        Signer.signObject(buildObject);
        return signableSAMLObject;
    }

    private static KeyInfo buildKeyInfo(List list) {
        KeyInfo buildObject = Configuration.getBuilderFactory().getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME).buildObject();
        List certificates = buildObject.getCertificates();
        for (int i = 0; i < list.size(); i++) {
            certificates.add((X509Certificate) list.get(i));
        }
        return buildObject;
    }

    public static void verifySamlObjectSignature(PublicKey publicKey, SignableSAMLObject signableSAMLObject) throws ValidationException {
        if (signableSAMLObject == null) {
            throw new ValidationException("Signable SAML Object cannot be null.");
        }
        verifySamlObjectSignature(publicKey, signableSAMLObject.getSignature());
    }

    public static void verifySamlObjectSignature(PublicKey publicKey, Signature signature) throws ValidationException {
        if (publicKey == null) {
            throw new ValidationException("No public key to verify the signature.");
        }
        if (signature == null) {
            throw new ValidationException("the SAML object is not signed.");
        }
        new SignatureValidator(publicKey).validate(signature);
    }

    public static byte[] signString(byte[] bArr, String str, PrivateKey privateKey) throws Exception {
        if (bArr == null || bArr.length == 0 || str == null || str.equals("") || privateKey == null) {
            throw new IllegalArgumentException("null parameter");
        }
        java.security.Signature signature = java.security.Signature.getInstance(str);
        signature.initSign(privateKey);
        signature.update(bArr);
        return signature.sign();
    }

    public static boolean verifyStringSignature(byte[] bArr, byte[] bArr2, String str, PublicKey publicKey) throws Exception {
        if (bArr == null || bArr.length == 0 || bArr2 == null || bArr2.length == 0 || str == null || str.equals("") || publicKey == null) {
            throw new IllegalArgumentException("null parameter");
        }
        java.security.Signature signature = java.security.Signature.getInstance(str);
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public static String base64Encode(byte[] bArr) {
        return new BASE64Encoder().encodeBuffer(bArr);
    }

    public static String urlEncode(String str) throws UnsupportedEncodingException {
        return URLEncoder.encode(str, "UTF-8");
    }

    public static byte[] base64Decode(String str) throws IOException {
        return new BASE64Decoder().decodeBuffer(str);
    }

    public static String determineConfirmationMethodName(Partner partner) {
        return partner instanceof WSSPartner ? ((WSSPartner) partner).getConfirmationMethod() : "urn:oasis:names:tc:SAML:2.0:cm:bearer";
    }

    public static boolean isHoldOfKeyPartner(Partner partner) {
        return determineConfirmationMethodName(partner).equals("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
    }

    public static byte[] sha1Hash(String str) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
        messageDigest.update(str.getBytes("UTF-8"));
        return messageDigest.digest();
    }

    public static String getLocalSiteFromPublishedURL(String str) {
        if (str == null || str.trim().equals("")) {
            return "";
        }
        int indexOf = str.indexOf("://");
        if (indexOf < 0) {
            indexOf = str.indexOf(":\\\\");
        }
        if (indexOf >= 0) {
            indexOf += "://".length();
        }
        int indexOf2 = str.indexOf("/", indexOf);
        int indexOf3 = str.indexOf(CommonUtils.SINGLE_ESCAPE_STR, indexOf);
        if (indexOf2 <= 0 || indexOf3 <= 0) {
            if (indexOf2 < 0) {
                indexOf2 = indexOf3;
            }
        } else if (indexOf3 < indexOf2) {
            indexOf2 = indexOf3;
        }
        if (indexOf2 < 0) {
            indexOf2 = str.length();
        }
        String substring = str.substring(0, indexOf2);
        if (substring.endsWith("/") || substring.endsWith(CommonUtils.SINGLE_ESCAPE_STR)) {
            substring = substring.substring(0, substring.length() - 1);
        }
        return substring;
    }

    public static void validatePartner(Partner partner) throws InvalidParameterException {
        if (partner == null || !partner.isEnabled()) {
            return;
        }
        if (checkNull(partner.getName())) {
            throw new InvalidParameterException(Saml2Logger.getEmptyPartnerName());
        }
        if (partner instanceof WebSSOPartner) {
            validateWebSSOPartner((WebSSOPartner) partner);
        } else if (partner instanceof WSSPartner) {
            validateWSSPartner((WSSPartner) partner);
        }
    }

    private static void validateWSSPartner(WSSPartner wSSPartner) throws InvalidParameterException {
        if (checkNull(wSSPartner.getConfirmationMethod())) {
            throw new InvalidParameterException(Saml2Logger.getEmptyConfirmationMethod());
        }
        if ((wSSPartner instanceof WSSIdPPartner) && checkNull(((WSSIdPPartner) wSSPartner).getIssuerURI())) {
            throw new InvalidParameterException(Saml2Logger.getEmptyIssuerURI());
        }
    }

    private static void validateWebSSOPartner(WebSSOPartner webSSOPartner) throws InvalidParameterException {
        if (checkNull(webSSOPartner.getEntityID())) {
            throw new InvalidParameterException(Saml2Logger.getEmptyPartnerEntityId());
        }
        String contactPersonType = webSSOPartner.getContactPersonType();
        if (!checkNull(contactPersonType) && !ContactPersonTypeEnumeration.TECHNICAL.toString().equals(contactPersonType) && !ContactPersonTypeEnumeration.SUPPORT.toString().equals(contactPersonType) && !ContactPersonTypeEnumeration.ADMINISTRATIVE.toString().equals(contactPersonType) && !ContactPersonTypeEnumeration.BILLING.toString().equals(contactPersonType) && !ContactPersonTypeEnumeration.OTHER.toString().equals(contactPersonType)) {
            throw new IllegalArgumentException(Saml2Logger.getIllegalContactPersonType());
        }
        X509Certificate sSOSigningCert = webSSOPartner.getSSOSigningCert();
        if (sSOSigningCert != null) {
            try {
                sSOSigningCert.checkValidity();
            } catch (CertificateExpiredException e) {
                if (!ALLOW_EXPIRE_CERTS) {
                    throw new InvalidParameterException(e);
                }
            } catch (CertificateNotYetValidException e2) {
                if (!ALLOW_EXPIRE_CERTS) {
                    throw new InvalidParameterException(e2);
                }
            }
        }
        if (webSSOPartner instanceof WebSSOIdPPartner) {
            WebSSOIdPPartner webSSOIdPPartner = (WebSSOIdPPartner) webSSOPartner;
            if (webSSOIdPPartner.getSingleSignOnService() == null || webSSOIdPPartner.getSingleSignOnService().length == 0) {
                throw new InvalidParameterException(Saml2Logger.getEmptySingleSignService());
            }
            if (webSSOIdPPartner.getSSOSigningCert() == null && webSSOIdPPartner.isWantArtifactRequestSigned()) {
                throw new InvalidParameterException(Saml2Logger.getEmptySSOSigningCert());
            }
            String identityProviderNameMapperClassname = webSSOIdPPartner.getIdentityProviderNameMapperClassname();
            if (identityProviderNameMapperClassname == null || identityProviderNameMapperClassname.equals("")) {
                return;
            }
            try {
                Class.forName(identityProviderNameMapperClassname);
                return;
            } catch (ClassNotFoundException e3) {
                throw new InvalidParameterException(Saml2Logger.getSAML2InvalidNameMapperClassName(identityProviderNameMapperClassname));
            }
        }
        if (webSSOPartner instanceof WebSSOSPPartner) {
            WebSSOSPPartner webSSOSPPartner = (WebSSOSPPartner) webSSOPartner;
            if (webSSOSPPartner.getAssertionConsumerService() == null || webSSOSPPartner.getAssertionConsumerService().length == 0) {
                throw new InvalidParameterException(Saml2Logger.getEmptyAssertionConsumerServices());
            }
            if (webSSOSPPartner.getSSOSigningCert() == null && (webSSOSPPartner.isWantArtifactRequestSigned() || webSSOSPPartner.isWantAuthnRequestsSigned())) {
                throw new InvalidParameterException(Saml2Logger.getEmptySSOSigningCert());
            }
            String serviceProviderNameMapperClassname = webSSOSPPartner.getServiceProviderNameMapperClassname();
            if (serviceProviderNameMapperClassname == null || serviceProviderNameMapperClassname.equals("")) {
                return;
            }
            try {
                Class.forName(serviceProviderNameMapperClassname);
            } catch (ClassNotFoundException e4) {
                throw new InvalidParameterException(Saml2Logger.getSAML2InvalidNameMapperClassName(serviceProviderNameMapperClassname));
            }
        }
    }

    public static boolean validateEndpointBinding(String str) {
        return "HTTP/Redirect".equals(str) || "HTTP/POST".equals(str) || "HTTP/Artifact".equals(str) || "SOAP".equals(str);
    }

    public static void validateLocalConfig(SingleSignOnServicesConfigSpi singleSignOnServicesConfigSpi) throws ConfigValidationException {
        if (singleSignOnServicesConfigSpi != null) {
            if (singleSignOnServicesConfigSpi.isServiceProviderEnabled() || singleSignOnServicesConfigSpi.isIdentityProviderEnabled()) {
                if (checkNull(singleSignOnServicesConfigSpi.getEntityID())) {
                    throw new ConfigValidationException(Saml2Logger.getNoSAML2EntityConfig());
                }
                String publishedSiteURL = singleSignOnServicesConfigSpi.getPublishedSiteURL();
                if (checkNull(publishedSiteURL)) {
                    throw new ConfigValidationException(Saml2Logger.getNoSAML2PublishedSiteURLConfig());
                }
                try {
                    String path = new URL(publishedSiteURL).getPath();
                    if (path == null || path.trim().length() == 0) {
                        throw new ConfigValidationException(Saml2Logger.getIllegalPublishedSiteURL(publishedSiteURL));
                    }
                } catch (MalformedURLException e) {
                    throw new ConfigValidationException(Saml2Logger.getIllegalPublishedSiteURL(publishedSiteURL));
                }
            }
        }
    }

    private static boolean checkNull(String str) {
        return str == null || str.trim().length() == 0;
    }

    public static final boolean getBooleanContextElement(String str, ContextHandler contextHandler) {
        Object value;
        if (str == null || contextHandler == null || (value = contextHandler.getValue(str)) == null || !(value instanceof Boolean)) {
            return false;
        }
        return ((Boolean) value).booleanValue();
    }

    public static final String displaySubject(Subject subject) {
        if (subject == null) {
            return "Subject == null";
        }
        StringBuffer stringBuffer = new StringBuffer("Subject: ");
        Set<Principal> principals = subject.getPrincipals();
        stringBuffer.append(principals.size());
        stringBuffer.append("\n");
        for (Object obj : principals.toArray()) {
            Principal principal = (Principal) obj;
            stringBuffer.append("\tPrincipal = ");
            stringBuffer.append(principal.getClass());
            stringBuffer.append("(\"");
            String name = principal.getName();
            if (name != null) {
                stringBuffer.append(name);
            }
            stringBuffer.append("\")\n");
        }
        return stringBuffer.toString();
    }

    public static PublicKey getVerifyKey(WebSSOPartner webSSOPartner) throws CertificateException, KeyException {
        if (webSSOPartner == null) {
            throw new IllegalArgumentException("Partner can not be null.");
        }
        X509Certificate sSOSigningCert = webSSOPartner.getSSOSigningCert();
        if (sSOSigningCert == null) {
            throw new CertificateException("Can not get the signing certificate from the partner registry.");
        }
        sSOSigningCert.checkValidity();
        PublicKey publicKey = sSOSigningCert.getPublicKey();
        if (publicKey == null) {
            throw new KeyException("Can not get the public key from the certificate");
        }
        return publicKey;
    }

    public static boolean isValidConfirmationMethod(String str) {
        boolean z = false;
        if (str.compareTo("urn:oasis:names:tc:SAML:2.0:cm:bearer") == 0 || str.compareTo("urn:oasis:names:tc:SAML:2.0:cm:sender-vouches") == 0 || str.compareTo("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key") == 0) {
            z = true;
        }
        return z;
    }

    public static Element marshall(XMLObject xMLObject) {
        try {
            return Configuration.getMarshallerFactory().getMarshaller(xMLObject).marshall(xMLObject);
        } catch (MarshallingException e) {
            return null;
        }
    }

    public static String outputXml(Element element) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            TransformerFactory.newInstance().newTransformer().transform(new DOMSource(element.getOwnerDocument()), new StreamResult(byteArrayOutputStream));
            String str = new String(byteArrayOutputStream.toByteArray(), "UTF-8");
            byteArrayOutputStream.close();
            return str;
        } catch (Throwable th) {
            byteArrayOutputStream.close();
            throw th;
        }
    }

    public static String getDelimiterForQueryParams(String str) {
        String str2 = "?";
        if (str != null && str.indexOf(63) != -1) {
            str2 = "&";
        }
        return str2;
    }
}
