package net.unicon.cas.support.wsfederation;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import net.unicon.cas.support.wsfederation.authentication.principal.WsFederationCredential;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.opensaml.DefaultBootstrap;
import org.opensaml.saml1.core.Attribute;
import org.opensaml.saml1.core.AttributeStatement;
import org.opensaml.saml1.core.Audience;
import org.opensaml.saml1.core.AudienceRestrictionCondition;
import org.opensaml.saml1.core.AuthenticationStatement;
import org.opensaml.saml1.core.Conditions;
import org.opensaml.saml1.core.impl.AssertionImpl;
import org.opensaml.ws.wsfed.RequestedSecurityToken;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.parse.XMLParserException;
import org.opensaml.xml.schema.XSAny;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.validation.ValidationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;
import org.w3c.dom.Element;

/* loaded from: input_file:net/unicon/cas/support/wsfederation/WsFederationUtils.class */
public final class WsFederationUtils {
    private WsFederationUtils() {
    }

    public static WsFederationCredential createCredentialFromToken(AssertionImpl assertionImpl) {
        Logger logger = LoggerFactory.getLogger(WsFederationUtils.class);
        DateTime withZone = new DateTime().withZone(DateTimeZone.UTC);
        logger.debug("createCredentialFromToken: retrieved on {}", withZone.toString());
        WsFederationCredential wsFederationCredential = new WsFederationCredential();
        wsFederationCredential.setRetrievedOn(withZone);
        wsFederationCredential.setId(assertionImpl.getID());
        wsFederationCredential.setIssuer(assertionImpl.getIssuer());
        wsFederationCredential.setIssuedOn(assertionImpl.getIssueInstant());
        Conditions conditions = assertionImpl.getConditions();
        if (conditions != null) {
            wsFederationCredential.setNotBefore(conditions.getNotBefore());
            wsFederationCredential.setNotOnOrAfter(conditions.getNotOnOrAfter());
            wsFederationCredential.setAudience(((Audience) ((AudienceRestrictionCondition) conditions.getAudienceRestrictionConditions().get(0)).getAudiences().get(0)).getUri());
        }
        if (assertionImpl.getAuthenticationStatements() != null && assertionImpl.getAuthenticationStatements().size() > 0) {
            wsFederationCredential.setAuthenticationMethod(((AuthenticationStatement) assertionImpl.getAuthenticationStatements().get(0)).getAuthenticationMethod());
        }
        HashMap hashMap = new HashMap();
        for (Attribute attribute : ((AttributeStatement) assertionImpl.getAttributeStatements().get(0)).getAttributes()) {
            logger.debug("createCredentialFromToken: processed attribute: {}", attribute.getAttributeName());
            if (attribute.getAttributeValues().size() == 1) {
                hashMap.put(attribute.getAttributeName(), ((XSAny) attribute.getAttributeValues().get(0)).getTextContent());
            } else {
                ArrayList arrayList = new ArrayList();
                for (int i = 0; i < attribute.getAttributeValues().size(); i++) {
                    arrayList.add(((XSAny) attribute.getAttributeValues().get(i)).getTextContent());
                }
                if (!arrayList.isEmpty()) {
                    hashMap.put(attribute.getAttributeName(), arrayList);
                }
            }
        }
        wsFederationCredential.setAttributes(hashMap);
        logger.debug("createCredentialFromToken: {}", wsFederationCredential.toString());
        return wsFederationCredential;
    }

    public static BasicX509Credential getSigningCredential(Resource resource) {
        Logger logger = LoggerFactory.getLogger(WsFederationUtils.class);
        try {
            InputStream inputStream = resource.getInputStream();
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
            try {
                inputStream.close();
            } catch (IOException e) {
                logger.warn("Error closing the signing cert file: {}", e.getMessage());
            }
            PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(x509Certificate.getPublicKey().getEncoded()));
            BasicX509Credential basicX509Credential = new BasicX509Credential();
            basicX509Credential.setPublicKey(generatePublic);
            logger.debug("getSigningCredential: key retrieved.");
            return basicX509Credential;
        } catch (IOException e2) {
            logger.error("Error retrieving the signing cert: " + e2.getMessage());
            return null;
        } catch (NoSuchAlgorithmException e3) {
            logger.error("Error retrieving the signing cert: {}", e3.getMessage());
            return null;
        } catch (CertificateException e4) {
            logger.error("Error retrieving the signing cert: {}", e4.getMessage());
            return null;
        } catch (InvalidKeySpecException e5) {
            logger.error("Error retrieving the signing cert: {}", e5.getMessage());
            return null;
        }
    }

    public static AssertionImpl parseTokenFromString(String str) {
        Logger logger = LoggerFactory.getLogger(WsFederationUtils.class);
        BasicParserPool basicParserPool = new BasicParserPool();
        basicParserPool.setNamespaceAware(true);
        try {
            Element documentElement = basicParserPool.parse(new ByteArrayInputStream(str.getBytes("UTF-8"))).getDocumentElement();
            AssertionImpl assertionImpl = (AssertionImpl) ((RequestedSecurityToken) Configuration.getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement).getRequestedSecurityToken().get(0)).getSecurityTokens().get(0);
            if (assertionImpl == null) {
                logger.debug("parseTokenFromString: assertion null");
            } else {
                logger.debug("parseTokenFromString: {}", assertionImpl.toString());
            }
            return assertionImpl;
        } catch (UnsupportedEncodingException e) {
            logger.warn(e.getMessage());
            return null;
        } catch (XMLParserException e2) {
            logger.warn(e2.getMessage());
            return null;
        } catch (UnmarshallingException e3) {
            logger.warn(e3.getMessage());
            return null;
        }
    }

    public static boolean validateSignature(AssertionImpl assertionImpl, List<BasicX509Credential> list) {
        Logger logger = LoggerFactory.getLogger(WsFederationUtils.class);
        Iterator<BasicX509Credential> it = list.iterator();
        while (it.hasNext()) {
            try {
                try {
                    new SignatureValidator(it.next()).validate(assertionImpl.getSignature());
                    logger.debug("validateSignature: Signature is valid.");
                    return true;
                } catch (ValidationException e) {
                    logger.warn("validateSignature: Signature is NOT valid.");
                    logger.warn(e.getMessage());
                }
            } catch (Exception e2) {
                logger.warn(e2.getMessage());
            }
        }
        logger.warn("validateSignature: Signature doesn't match any signing credential.");
        return false;
    }

    static {
        Logger logger = LoggerFactory.getLogger(WsFederationUtils.class);
        try {
            DefaultBootstrap.bootstrap();
        } catch (ConfigurationException e) {
            logger.error(e.getMessage());
        }
    }
}
