package org.apache.wss4j.common.saml;

import java.util.Iterator;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.xml.BasicParserPool;
import net.shibboleth.utilities.java.support.xml.ParserPool;
import openejb.shade.org.apache.xalan.templates.Constants;
import org.apache.wss4j.common.crypto.WSProviderConfig;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.core.config.provider.MapBasedConfiguration;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLObjectBuilder;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLConfigurationException;
import org.opensaml.core.xml.config.XMLObjectProviderRegistry;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.Marshaller;
import org.opensaml.core.xml.io.MarshallerFactory;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.Unmarshaller;
import org.opensaml.core.xml.io.UnmarshallerFactory;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.config.SAMLConfiguration;
import org.opensaml.saml.saml1.core.Assertion;
import org.opensaml.saml.saml1.core.Response;
import org.opensaml.xmlsec.config.DecryptionParserPool;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.Signer;
import org.opensaml.xmlsec.signature.support.SignerProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.DocumentFragment;
import org.w3c.dom.Element;

/* loaded from: input_file:lib/wss4j-ws-security-common-3.0.0.jar:org/apache/wss4j/common/saml/OpenSAMLUtil.class */
public final class OpenSAMLUtil {
    private static XMLObjectProviderRegistry providerRegistry;
    private static XMLObjectBuilderFactory builderFactory;
    private static MarshallerFactory marshallerFactory;
    private static UnmarshallerFactory unmarshallerFactory;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) OpenSAMLUtil.class);
    private static boolean samlEngineInitialized = false;

    private OpenSAMLUtil() {
    }

    public static synchronized void initSamlEngine() {
        initSamlEngine(true);
    }

    public static synchronized void initSamlEngine(boolean z) {
        if (samlEngineInitialized) {
            return;
        }
        LOG.debug("Initializing the opensaml2 library...");
        WSProviderConfig.init();
        MapBasedConfiguration mapBasedConfiguration = new MapBasedConfiguration();
        ConfigurationService.setConfiguration(mapBasedConfiguration);
        providerRegistry = new XMLObjectProviderRegistry();
        mapBasedConfiguration.register(XMLObjectProviderRegistry.class, providerRegistry, "default");
        try {
            OpenSAMLBootstrap.bootstrap(z);
            mapBasedConfiguration.register(SAMLConfiguration.class, new SAMLConfiguration(), "default");
            builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
            marshallerFactory = XMLObjectProviderRegistrySupport.getMarshallerFactory();
            unmarshallerFactory = XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
            try {
                configureParserPool();
                mapBasedConfiguration.register(DecryptionParserPool.class, new DecryptionParserPool(getParserPool()), "default");
            } catch (Throwable th) {
                LOG.warn("Unable to bootstrap the parser pool part of the opensaml library - some SAML operations may fail", th);
            }
            samlEngineInitialized = true;
            LOG.debug("opensaml3 library bootstrap complete");
        } catch (XMLConfigurationException e) {
            LOG.error("Unable to bootstrap the opensaml3 library - all SAML operations will fail", (Throwable) e);
        }
    }

    private static void configureParserPool() throws Throwable {
        BasicParserPool basicParserPool = new BasicParserPool();
        basicParserPool.setMaxPoolSize(50);
        basicParserPool.initialize();
        providerRegistry.setParserPool(basicParserPool);
    }

    public static ParserPool getParserPool() {
        return providerRegistry.getParserPool();
    }

    public static XMLObject fromDom(Element element) throws WSSecurityException {
        if (element == null) {
            LOG.debug("Attempting to unmarshal a null element!");
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, Constants.ELEMNAME_EMPTY_STRING, new Object[]{"Error unmarshalling a SAML assertion"});
        }
        Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
        if (unmarshaller == null) {
            LOG.debug("Unable to find an unmarshaller for element: " + element.getLocalName());
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, Constants.ELEMNAME_EMPTY_STRING, new Object[]{"Error unmarshalling a SAML assertion"});
        }
        try {
            return unmarshaller.unmarshall(element);
        } catch (UnmarshallingException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, Constants.ELEMNAME_EMPTY_STRING, new Object[]{"Error unmarshalling a SAML assertion"});
        }
    }

    public static Element toDom(XMLObject xMLObject, Document document) throws WSSecurityException {
        return toDom(xMLObject, document, true);
    }

    public static Element toDom(XMLObject xMLObject, Document document, boolean z) throws WSSecurityException {
        Marshaller marshaller = marshallerFactory.getMarshaller(xMLObject);
        DocumentFragment createDocumentFragment = document == null ? null : document.createDocumentFragment();
        if (createDocumentFragment != null) {
            while (document.getFirstChild() != null) {
                try {
                    createDocumentFragment.appendChild(document.removeChild(document.getFirstChild()));
                } finally {
                    if (createDocumentFragment != null) {
                        while (document.getFirstChild() != null) {
                            document.removeChild(document.getFirstChild());
                        }
                        document.appendChild(createDocumentFragment);
                    }
                }
            }
        }
        try {
            Element marshall = document == null ? marshaller.marshall(xMLObject) : marshaller.marshall(xMLObject, document);
            if (z) {
                signXMLObject(xMLObject);
            }
            return marshall;
        } catch (MarshallingException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, Constants.ELEMNAME_EMPTY_STRING, new Object[]{"Error marshalling a SAML assertion"});
        }
    }

    private static void signXMLObject(XMLObject xMLObject) throws WSSecurityException {
        if (xMLObject instanceof Response) {
            Response response = (Response) xMLObject;
            if (response.getAssertions() != null) {
                Iterator<Assertion> it = response.getAssertions().iterator();
                while (it.hasNext()) {
                    signObject(it.next().getSignature());
                }
            }
            signObject(response.getSignature());
            return;
        }
        if (!(xMLObject instanceof org.opensaml.saml.saml2.core.Response)) {
            if (xMLObject instanceof SignableSAMLObject) {
                signObject(((SignableSAMLObject) xMLObject).getSignature());
            }
        } else {
            org.opensaml.saml.saml2.core.Response response2 = (org.opensaml.saml.saml2.core.Response) xMLObject;
            if (response2.getAssertions() != null) {
                Iterator<org.opensaml.saml.saml2.core.Assertion> it2 = response2.getAssertions().iterator();
                while (it2.hasNext()) {
                    signObject(it2.next().getSignature());
                }
            }
            signObject(response2.getSignature());
        }
    }

    private static void signObject(Signature signature) throws WSSecurityException {
        if (signature != null) {
            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
            try {
                try {
                    Thread.currentThread().setContextClassLoader(SignerProvider.class.getClassLoader());
                    Signer.signObject(signature);
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                } catch (SignatureException e) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, Constants.ELEMNAME_EMPTY_STRING, new Object[]{"Error signing a SAML assertion"});
                }
            } catch (Throwable th) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
                throw th;
            }
        }
    }

    public static Signature buildSignature() {
        QName qName = Signature.DEFAULT_ELEMENT_NAME;
        XMLObjectBuilder<?> builder = builderFactory.getBuilder(qName);
        if (builder != null) {
            return (Signature) builder.buildObject(qName.getNamespaceURI(), qName.getLocalPart(), qName.getPrefix());
        }
        LOG.error("Unable to retrieve builder for object QName " + qName);
        return null;
    }

    public static boolean isMethodSenderVouches(String str) {
        return str != null && str.startsWith("urn:oasis:names:tc:SAML:") && str.endsWith(":cm:sender-vouches");
    }

    public static boolean isMethodHolderOfKey(String str) {
        return str != null && str.startsWith("urn:oasis:names:tc:SAML:") && str.endsWith(":cm:holder-of-key");
    }
}
