package org.apache.rahas.impl.util;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import org.apache.axiom.util.UIDGenerator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.TrustException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.util.Base64;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.saml1.core.Assertion;
import org.opensaml.saml1.core.Attribute;
import org.opensaml.saml1.core.AttributeStatement;
import org.opensaml.saml1.core.AttributeValue;
import org.opensaml.saml1.core.AuthenticationStatement;
import org.opensaml.saml1.core.Conditions;
import org.opensaml.saml1.core.ConfirmationMethod;
import org.opensaml.saml1.core.NameIdentifier;
import org.opensaml.saml1.core.Statement;
import org.opensaml.saml1.core.Subject;
import org.opensaml.saml1.core.SubjectConfirmation;
import org.opensaml.saml1.core.SubjectStatement;
import org.opensaml.ws.wssecurity.KeyIdentifier;
import org.opensaml.ws.wssecurity.SecurityTokenReference;
import org.opensaml.xml.encryption.CipherData;
import org.opensaml.xml.encryption.CipherValue;
import org.opensaml.xml.encryption.EncryptedKey;
import org.opensaml.xml.encryption.EncryptionMethod;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.impl.XSStringBuilder;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.BasicCredential;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureException;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.signature.X509Data;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/rampart-trust-1.7.0.jar:org/apache/rahas/impl/util/SAMLUtils.class */
public class SAMLUtils {
    private static final Log log = LogFactory.getLog(SAMLUtils.class);

    public static Collection<X509Certificate> getCertChainCollection(X509Certificate[] x509CertificateArr) {
        ArrayList arrayList = new ArrayList();
        if (x509CertificateArr == null) {
            return arrayList;
        }
        Collections.addAll(arrayList, x509CertificateArr);
        return arrayList;
    }

    public static Assertion buildAssertion(Element element) {
        return (Assertion) Configuration.getBuilderFactory().getBuilder(Assertion.DEFAULT_ELEMENT_NAME).buildObject(element);
    }

    public static void signAssertion(Assertion assertion, Crypto crypto, String str, String str2) throws TrustException {
        X509Certificate certificateByAlias = CommonUtil.getCertificateByAlias(crypto, str);
        PublicKey publicKey = certificateByAlias.getPublicKey();
        String str3 = publicKey.getAlgorithm().equalsIgnoreCase("DSA") ? "http://www.w3.org/2000/09/xmldsig#dsa-sha1" : "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
        try {
            BasicCredential simpleCredential = SecurityHelper.getSimpleCredential(publicKey, crypto.getPrivateKey(str, str2));
            Signature signature = (Signature) CommonUtil.buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
            signature.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
            signature.setSigningCredential(simpleCredential);
            signature.setSignatureAlgorithm(str3);
            signature.setKeyInfo(createKeyInfo(CommonUtil.createX509Data(certificateByAlias)));
            assertion.setSignature(signature);
            try {
                Configuration.getMarshallerFactory().getMarshaller(assertion).marshall(assertion, CommonUtil.getOMDOMDocument());
                try {
                    Signer.signObject(signature);
                } catch (SignatureException e) {
                    log.debug("Error signing SAML Assertion. An error occurred while signing SAML Assertion with alias " + str, e);
                    throw new TrustException("errorSigningAssertion", e);
                }
            } catch (MarshallingException e2) {
                log.debug("Error while marshalling assertion ", e2);
                throw new TrustException("errorMarshallingAssertion", e2);
            }
        } catch (Exception e3) {
            log.debug("Unable to get issuer private key for issuer alias " + str);
            throw new TrustException("issuerPrivateKeyNotFound", new Object[]{str});
        }
    }

    public static String getSAML11SubjectConfirmationMethod(Assertion assertion) {
        Subject subject;
        SubjectConfirmation subjectConfirmation;
        String str = "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key";
        List<Statement> statements = assertion.getStatements();
        if (!statements.isEmpty() && (subject = ((SubjectStatement) statements.get(0)).getSubject()) != null && (subjectConfirmation = subject.getSubjectConfirmation()) != null) {
            List<ConfirmationMethod> confirmationMethods = subjectConfirmation.getConfirmationMethods();
            if (!confirmationMethods.isEmpty()) {
                str = confirmationMethods.get(0).getConfirmationMethod();
            }
        }
        return str;
    }

    public static NameIdentifier createNamedIdentifier(String str, String str2) throws TrustException {
        NameIdentifier nameIdentifier = (NameIdentifier) CommonUtil.buildXMLObject(NameIdentifier.DEFAULT_ELEMENT_NAME);
        nameIdentifier.setNameIdentifier(str);
        nameIdentifier.setFormat(str2);
        return nameIdentifier;
    }

    public static ConfirmationMethod createSubjectConfirmationMethod(String str) throws TrustException {
        ConfirmationMethod confirmationMethod = (ConfirmationMethod) CommonUtil.buildXMLObject(ConfirmationMethod.DEFAULT_ELEMENT_NAME);
        confirmationMethod.setConfirmationMethod(str);
        return confirmationMethod;
    }

    public static SubjectConfirmation createSubjectConfirmation(String str, KeyInfo keyInfo) throws TrustException {
        SubjectConfirmation subjectConfirmation = (SubjectConfirmation) CommonUtil.buildXMLObject(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
        subjectConfirmation.getConfirmationMethods().add(createSubjectConfirmationMethod(str));
        if (keyInfo != null) {
            subjectConfirmation.setKeyInfo(keyInfo);
        }
        return subjectConfirmation;
    }

    public static Subject createSubject(NameIdentifier nameIdentifier, String str, KeyInfo keyInfo) throws TrustException {
        Subject subject = (Subject) CommonUtil.buildXMLObject(Subject.DEFAULT_ELEMENT_NAME);
        subject.setNameIdentifier(nameIdentifier);
        subject.setSubjectConfirmation(createSubjectConfirmation(str, keyInfo));
        return subject;
    }

    public static AuthenticationStatement createAuthenticationStatement(Subject subject, String str, DateTime dateTime) throws TrustException {
        AuthenticationStatement authenticationStatement = (AuthenticationStatement) CommonUtil.buildXMLObject(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
        authenticationStatement.setSubject(subject);
        authenticationStatement.setAuthenticationMethod(str);
        authenticationStatement.setAuthenticationInstant(dateTime);
        return authenticationStatement;
    }

    public static AttributeStatement createAttributeStatement(Subject subject, List<Attribute> list) throws TrustException {
        AttributeStatement attributeStatement = (AttributeStatement) CommonUtil.buildXMLObject(AttributeStatement.DEFAULT_ELEMENT_NAME);
        attributeStatement.setSubject(subject);
        attributeStatement.getAttributes().addAll(list);
        return attributeStatement;
    }

    public static Conditions createConditions(DateTime dateTime, DateTime dateTime2) throws TrustException {
        Conditions conditions = (Conditions) CommonUtil.buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME);
        conditions.setNotBefore(dateTime);
        conditions.setNotOnOrAfter(dateTime2);
        return conditions;
    }

    public static Assertion createAssertion(String str, DateTime dateTime, DateTime dateTime2, List<Statement> list) throws TrustException {
        Assertion assertion = (Assertion) CommonUtil.buildXMLObject(Assertion.DEFAULT_ELEMENT_NAME);
        assertion.setIssuer(str);
        assertion.setConditions(createConditions(dateTime, dateTime2));
        assertion.getStatements().addAll(list);
        assertion.setID(UIDGenerator.generateUID());
        assertion.setIssueInstant(new DateTime());
        return assertion;
    }

    public static Attribute createAttribute(String str, String str2, String str3) throws TrustException {
        Attribute attribute = (Attribute) CommonUtil.buildXMLObject(Attribute.DEFAULT_ELEMENT_NAME);
        attribute.setAttributeName(str);
        attribute.setAttributeNamespace(str2);
        XSString buildObject = ((XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME)).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
        buildObject.setValue(str3);
        attribute.getAttributeValues().add(buildObject);
        return attribute;
    }

    public static KeyInfo createKeyInfo() throws TrustException {
        return (KeyInfo) CommonUtil.buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    }

    public static KeyInfo createKeyInfo(EncryptedKey encryptedKey) throws TrustException {
        KeyInfo createKeyInfo = createKeyInfo();
        createKeyInfo.getEncryptedKeys().add(encryptedKey);
        return createKeyInfo;
    }

    public static KeyInfo createKeyInfo(X509Data x509Data) throws TrustException {
        KeyInfo createKeyInfo = createKeyInfo();
        createKeyInfo.getX509Datas().add(x509Data);
        return createKeyInfo;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EncryptedKey createEncryptedKey(X509Certificate x509Certificate, WSSecEncryptedKey wSSecEncryptedKey) throws TrustException {
        SecurityTokenReference securityTokenReference = (SecurityTokenReference) CommonUtil.buildXMLObject(SecurityTokenReference.ELEMENT_NAME);
        KeyIdentifier keyIdentifier = (KeyIdentifier) CommonUtil.buildXMLObject(KeyIdentifier.ELEMENT_NAME);
        keyIdentifier.setEncodingType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
        keyIdentifier.setValueType(org.apache.ws.security.message.token.SecurityTokenReference.THUMB_URI);
        keyIdentifier.setValue(getThumbprintSha1(x509Certificate));
        securityTokenReference.getUnknownXMLObjects().add(keyIdentifier);
        KeyInfo createKeyInfo = createKeyInfo();
        createKeyInfo.getXMLObjects().add(securityTokenReference);
        CipherValue cipherValue = (CipherValue) CommonUtil.buildXMLObject(CipherValue.DEFAULT_ELEMENT_NAME);
        cipherValue.setValue(Base64.encode(wSSecEncryptedKey.getEncryptedEphemeralKey()));
        CipherData cipherData = (CipherData) CommonUtil.buildXMLObject(CipherData.DEFAULT_ELEMENT_NAME);
        cipherData.setCipherValue(cipherValue);
        EncryptionMethod encryptionMethod = (EncryptionMethod) CommonUtil.buildXMLObject(EncryptionMethod.DEFAULT_ELEMENT_NAME);
        encryptionMethod.setAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-1_5");
        EncryptedKey encryptedKey = (EncryptedKey) CommonUtil.buildXMLObject(EncryptedKey.DEFAULT_ELEMENT_NAME);
        encryptedKey.setID(wSSecEncryptedKey.getId());
        encryptedKey.setEncryptionMethod(encryptionMethod);
        encryptedKey.setCipherData(cipherData);
        encryptedKey.setKeyInfo(createKeyInfo);
        return encryptedKey;
    }

    private static String getThumbprintSha1(X509Certificate x509Certificate) throws TrustException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.reset();
            try {
                messageDigest.update(x509Certificate.getEncoded());
                return Base64.encode(messageDigest.digest());
            } catch (CertificateEncodingException e) {
                throw new TrustException("certificateEncodingError", e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new TrustException("sha1NotFound", e2);
        }
    }
}
