package com.sun.xml.wss.saml;

import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
import com.sun.org.apache.xml.internal.security.encryption.EncryptedKey;
import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;
import com.sun.org.apache.xml.internal.security.keys.KeyInfo;
import com.sun.org.apache.xml.internal.security.keys.content.KeyValue;
import com.sun.org.apache.xml.internal.security.keys.content.X509Data;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.KeyInfoHeaderBlock;
import com.sun.xml.wss.core.ReferenceElement;
import com.sun.xml.wss.core.reference.KeyIdentifier;
import com.sun.xml.wss.core.reference.X509IssuerSerial;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback;
import com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl;
import com.sun.xml.wss.saml.internal.saml11.jaxb10.impl.AssertionImpl;
import com.sun.xml.wss.saml.internal.saml20.jaxb20.AssertionType;
import com.sun.xml.wss.saml.util.SAML20JAXBUtil;
import com.sun.xml.wss.saml.util.SAMLJAXBUtil;
import java.math.BigInteger;
import java.security.Key;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.bind.JAXBElement;
import org.w3c.dom.DOMException;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:spg-ui-war-2.1.46rel-2.1.24.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/saml/AssertionUtil.class */
public class AssertionUtil {
    private static Logger log = Logger.getLogger("javax.enterprise.resource.xml.webservices.security", "com.sun.xml.wss.logging.LogStrings");

    private AssertionUtil(CallbackHandler callbackHandler) {
    }

    public static Key getSubjectConfirmationKey(Element element, CallbackHandler callbackHandler) throws XWSSecurityException {
        NodeList elementsByTagName = element.getElementsByTagName("SubjectConfirmation");
        if (elementsByTagName.getLength() == 0) {
            throw new XWSSecurityException("SAML Assertion does not contain a key");
        }
        NodeList elementsByTagNameNS = ((Element) elementsByTagName.item(0)).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "KeyInfo");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new XWSSecurityException("SAML Assertion does not contain a key");
        }
        try {
            KeyInfo keyInfo = new KeyInfo((Element) elementsByTagNameNS.item(0), (String) null);
            if (keyInfo.containsKeyValue()) {
                return keyInfo.itemKeyValue(0).getPublicKey();
            }
            if (keyInfo.containsX509Data()) {
                return resolveX509Data(keyInfo.itemX509Data(0), callbackHandler);
            }
            if (keyInfo.length(MessageConstants.XENC_NS, "EncryptedKey") > 0) {
                return resolveEncryptedKey(keyInfo.itemEncryptedKey(0), callbackHandler);
            }
            throw new XWSSecurityException("Unsupported Key Information");
        } catch (Exception e) {
            throw new XWSSecurityException(e);
        }
    }

    public static Key resolveX509Data(X509Data x509Data, CallbackHandler callbackHandler) throws XWSSecurityException {
        X509Certificate x509Certificate;
        x509Data.getElement().normalize();
        try {
            if (x509Data.containsCertificate()) {
                x509Certificate = x509Data.itemCertificate(0).getX509Certificate();
            } else if (x509Data.containsSKI()) {
                byte[] sKIBytes = x509Data.itemSKI(0).getSKIBytes();
                SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest x509SubjectKeyIdentifierBasedRequest = new SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest(sKIBytes);
                try {
                    callbackHandler.handle(new Callback[]{new SignatureVerificationKeyCallback(x509SubjectKeyIdentifierBasedRequest)});
                    x509Certificate = x509SubjectKeyIdentifierBasedRequest.getX509Certificate();
                    if (x509Certificate == null) {
                        throw new XWSSecurityException("No Matching public key for " + Base64.encode(sKIBytes) + " subject key identifier found");
                    }
                } catch (Exception e) {
                    throw new XWSSecurityException(e);
                }
            } else {
                if (!x509Data.containsIssuerSerial()) {
                    throw new XWSSecurityException("Unsupported child element of X509Data encountered");
                }
                String issuerName = x509Data.itemIssuerSerial(0).getIssuerName();
                BigInteger serialNumber = x509Data.itemIssuerSerial(0).getSerialNumber();
                SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest x509IssuerSerialBasedRequest = new SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest(issuerName, serialNumber);
                try {
                    callbackHandler.handle(new Callback[]{new SignatureVerificationKeyCallback(x509IssuerSerialBasedRequest)});
                    x509Certificate = x509IssuerSerialBasedRequest.getX509Certificate();
                    if (x509Certificate == null) {
                        throw new XWSSecurityException("No Matching public key for serial number " + serialNumber + " and issuer name " + issuerName + " found");
                    }
                } catch (Exception e2) {
                    throw new XWSSecurityException(e2);
                }
            }
            return x509Certificate.getPublicKey();
        } catch (Exception e3) {
            throw new XWSSecurityException(e3);
        }
    }

    public static Key resolveEncryptedKey(EncryptedKey encryptedKey, CallbackHandler callbackHandler) throws XWSSecurityException {
        Key processX509Data;
        KeyInfoHeaderBlock keyInfoHeaderBlock = new KeyInfoHeaderBlock(encryptedKey.getKeyInfo());
        try {
            if (keyInfoHeaderBlock.containsSecurityTokenReference()) {
                processX509Data = processSecurityTokenReference(keyInfoHeaderBlock, callbackHandler);
            } else if (keyInfoHeaderBlock.containsKeyValue()) {
                DefaultSecurityEnvironmentImpl defaultSecurityEnvironmentImpl = new DefaultSecurityEnvironmentImpl(callbackHandler);
                KeyValue keyValue = keyInfoHeaderBlock.getKeyValue(0);
                keyValue.getElement().normalize();
                processX509Data = defaultSecurityEnvironmentImpl.getPrivateKey((Map) null, keyValue.getPublicKey(), false);
            } else {
                if (!keyInfoHeaderBlock.containsX509Data()) {
                    throw new XWSSecurityException("Unsupported Key Information");
                }
                processX509Data = processX509Data(keyInfoHeaderBlock, callbackHandler);
            }
            String algorithm = encryptedKey.getEncryptionMethod().getAlgorithm();
            XMLCipher xMLCipher = XMLCipher.getInstance();
            xMLCipher.init(4, (Key) null);
            xMLCipher.setKEK(processX509Data);
            return xMLCipher.decryptKey(encryptedKey, algorithm);
        } catch (Exception e) {
            throw new XWSSecurityException(e);
        }
    }

    private static Key processSecurityTokenReference(KeyInfoHeaderBlock keyInfoHeaderBlock, CallbackHandler callbackHandler) throws XWSSecurityException {
        PrivateKey privateKey = null;
        DefaultSecurityEnvironmentImpl defaultSecurityEnvironmentImpl = new DefaultSecurityEnvironmentImpl(callbackHandler);
        ReferenceElement reference = keyInfoHeaderBlock.getSecurityTokenReference(0).getReference();
        if (reference instanceof KeyIdentifier) {
            KeyIdentifier keyIdentifier = (KeyIdentifier) reference;
            byte[] bytes = keyIdentifier.getDecodedReferenceValue().getBytes();
            if (MessageConstants.X509SubjectKeyIdentifier_NS.equals(keyIdentifier.getValueType()) || MessageConstants.X509v3SubjectKeyIdentifier_NS.equals(keyIdentifier.getValueType())) {
                privateKey = defaultSecurityEnvironmentImpl.getPrivateKey((Map) null, bytes);
            } else if (MessageConstants.ThumbPrintIdentifier_NS.equals(keyIdentifier.getValueType())) {
                throw new XWSSecurityException("Unsupported KeyValueType :" + keyIdentifier.getValueType());
            }
        } else {
            if (!(reference instanceof X509IssuerSerial)) {
                log.log(Level.SEVERE, "WSS0338.unsupported.reference.mechanism");
                throw new XWSSecurityException("Key reference mechanism not supported");
            }
            privateKey = defaultSecurityEnvironmentImpl.getPrivateKey((Map) null, ((X509IssuerSerial) reference).getSerialNumber(), ((X509IssuerSerial) reference).getIssuerName());
        }
        return privateKey;
    }

    private static Key processX509Data(KeyInfoHeaderBlock keyInfoHeaderBlock, CallbackHandler callbackHandler) throws XWSSecurityException {
        DefaultSecurityEnvironmentImpl defaultSecurityEnvironmentImpl = new DefaultSecurityEnvironmentImpl(callbackHandler);
        X509Data x509Data = keyInfoHeaderBlock.getX509Data(0);
        try {
            if (x509Data.containsCertificate()) {
                return defaultSecurityEnvironmentImpl.getPrivateKey((Map) null, x509Data.itemCertificate(0).getX509Certificate());
            }
            if (x509Data.containsSKI()) {
                return defaultSecurityEnvironmentImpl.getPrivateKey((Map) null, x509Data.itemSKI(0).getSKIBytes());
            }
            if (x509Data.containsIssuerSerial()) {
                return defaultSecurityEnvironmentImpl.getPrivateKey((Map) null, x509Data.itemIssuerSerial(0).getSerialNumber(), x509Data.itemIssuerSerial(0).getIssuerName());
            }
            log.log(Level.SEVERE, "WSS0339.unsupported.keyinfo");
            throw new XWSSecurityException("Unsupported child element of X509Data encountered");
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0602.illegal.x509.data", e.getMessage());
            throw new XWSSecurityException(e);
        }
    }

    public static Assertion fromElement(Element element) throws SAMLException {
        try {
            return System.getProperty("com.sun.xml.wss.saml.binding.jaxb") != null ? new com.sun.xml.wss.saml.assertion.saml11.jaxb10.Assertion((AssertionImpl) SAMLJAXBUtil.getJAXBContext().createUnmarshaller().unmarshal(element)) : element.getAttributeNode(MessageConstants.SAML_ID_LNAME) != null ? new com.sun.xml.wss.saml.assertion.saml20.jaxb20.Assertion((AssertionType) ((JAXBElement) SAML20JAXBUtil.getJAXBContext().createUnmarshaller().unmarshal(element)).getValue()) : new com.sun.xml.wss.saml.assertion.saml11.jaxb20.Assertion((com.sun.xml.wss.saml.internal.saml11.jaxb20.AssertionType) ((JAXBElement) SAMLJAXBUtil.getJAXBContext().createUnmarshaller().unmarshal(element)).getValue());
        } catch (Exception e) {
            throw new SAMLException(e);
        }
    }

    public static String getConfirmationMethod(Element element) {
        NodeList elementsByTagNameNS = element.getAttributeNode(MessageConstants.SAML_ID_LNAME) != null ? element.getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:assertion", "SubjectConfirmation") : element.getElementsByTagNameNS("urn:oasis:names:tc:SAML:1.0:assertion", "ConfirmationMethod");
        if (elementsByTagNameNS.getLength() == 0) {
            return null;
        }
        Element element2 = (Element) elementsByTagNameNS.item(0);
        try {
            return element.getAttributeNode(MessageConstants.SAML_ID_LNAME) != null ? element2.getAttribute("Method") : element2.getTextContent();
        } catch (DOMException e) {
            return null;
        }
    }

    private static NodeList skipAdviceValidation(Element element, NodeList nodeList) {
        boolean z = false;
        int i = 0;
        int i2 = 0;
        while (true) {
            if (i2 < nodeList.getLength()) {
                if (!nodeList.item(i2).getParentNode().getParentNode().getParentNode().getParentNode().getLocalName().equals("Advice")) {
                    z = true;
                    i = i2;
                    break;
                }
                i2++;
            } else {
                break;
            }
        }
        if (z) {
            return ((Element) nodeList.item(i)).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "KeyInfo");
        }
        return null;
    }

    public static Element getSubjectConfirmationKeyInfo(Element element) throws XWSSecurityException {
        Element element2;
        try {
            NodeList elementsByTagNameNS = element.getAttributeNode(MessageConstants.SAML_ID_LNAME) != null ? element.getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:assertion", "SubjectConfirmationData") : element.getElementsByTagNameNS("urn:oasis:names:tc:SAML:1.0:assertion", "SubjectConfirmation");
            if (elementsByTagNameNS.getLength() == 0) {
                throw new XWSSecurityException("SAML Assertion does not contain a key");
            }
            NodeList skipAdviceValidation = skipAdviceValidation(element, elementsByTagNameNS);
            if (skipAdviceValidation == null || skipAdviceValidation.getLength() == 0) {
                throw new XWSSecurityException("SAML Assertion does not contain a key");
            }
            if (skipAdviceValidation.getLength() == 0 || (element2 = (Element) skipAdviceValidation.item(0)) == null) {
                throw new XWSSecurityException("Unable to locate KeyInfo inside SubjectConfirmation of SAML Assertion");
            }
            return element2;
        } catch (Exception e) {
            throw new XWSSecurityException(e);
        }
    }
}
