package org.jasig.cas.support.saml.util;

import java.io.ByteArrayInputStream;
import java.io.Serializable;
import java.io.StringWriter;
import java.nio.charset.Charset;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.Collections;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.bouncycastle.util.encoders.Hex;
import org.jdom.Document;
import org.jdom.input.DOMBuilder;
import org.jdom.input.SAXBuilder;
import org.jdom.output.XMLOutputter;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.Marshaller;
import org.opensaml.core.xml.schema.XSString;
import org.opensaml.core.xml.schema.impl.XSStringBuilder;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/jasig/cas/support/saml/util/AbstractSamlObjectBuilder.class */
public abstract class AbstractSamlObjectBuilder implements Serializable {
    protected static final String DEFAULT_ELEMENT_NAME_FIELD = "DEFAULT_ELEMENT_NAME";
    protected static final String DEFAULT_ELEMENT_LOCAL_NAME_FIELD = "DEFAULT_ELEMENT_LOCAL_NAME";
    private static final int RANDOM_ID_SIZE = 16;
    private static final String SIGNATURE_FACTORY_PROVIDER_CLASS = "org.jcp.xml.dsig.internal.dom.XMLDSigRI";
    protected final transient Logger logger = LoggerFactory.getLogger(getClass());

    public final <T extends SAMLObject> T newSamlObject(Class<T> cls) {
        QName samlObjectQName = getSamlObjectQName(cls);
        SAMLObjectBuilder builder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(samlObjectQName);
        if (builder == null) {
            throw new IllegalStateException("No SAMLObjectBuilder registered for class " + cls.getName());
        }
        return cls.cast(builder.buildObject(samlObjectQName));
    }

    public QName getSamlObjectQName(Class cls) throws RuntimeException {
        try {
            return (QName) cls.getField(DEFAULT_ELEMENT_NAME_FIELD).get(null);
        } catch (IllegalAccessException unused) {
            throw new IllegalStateException("Cannot access field " + cls.getName() + '.' + DEFAULT_ELEMENT_NAME_FIELD);
        } catch (NoSuchFieldException unused2) {
            throw new IllegalStateException("Cannot find field " + cls.getName() + '.' + DEFAULT_ELEMENT_NAME_FIELD);
        }
    }

    private <T extends SAMLObject> T newSamlObject(Class<T> cls, QName qName) {
        SAMLObjectBuilder builder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName);
        if (builder == null) {
            throw new IllegalStateException("No SAMLObjectBuilder registered for class " + cls.getName());
        }
        return cls.cast(builder.buildObject());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final XSString newAttributeValue(Object obj, QName qName) {
        XSString buildObject = new XSStringBuilder().buildObject(qName, XSString.TYPE_NAME);
        if (obj instanceof String) {
            buildObject.setValue((String) obj);
        } else {
            buildObject.setValue(obj.toString());
        }
        return buildObject;
    }

    public String generateSecureRandomId() {
        try {
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            byte[] bArr = new byte[RANDOM_ID_SIZE];
            secureRandom.nextBytes(bArr);
            return "_".concat(new String(Hex.encode(bArr)));
        } catch (Exception e) {
            throw new IllegalStateException("Cannot create secure random ID generator for SAML message IDs.", e);
        }
    }

    public String marshalSamlXmlObject(XMLObject xMLObject, StringWriter stringWriter) {
        try {
            Marshaller marshaller = XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(xMLObject);
            if (marshaller == null) {
                throw new IllegalArgumentException("Cannot obtain marshaller for object " + xMLObject.getElementQName());
            }
            Element marshall = marshaller.marshall(xMLObject);
            marshall.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "urn:oasis:names:tc:SAML:2.0:assertion");
            marshall.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:xenc", "http://www.w3.org/2001/04/xmlenc#");
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            newTransformer.setOutputProperty("omit-xml-declaration", "yes");
            newTransformer.setOutputProperty("indent", "yes");
            newTransformer.transform(new DOMSource(marshall), new StreamResult(stringWriter));
            return stringWriter.toString();
        } catch (Exception e) {
            throw new IllegalStateException("An error has occurred while marshalling SAML object to xml", e);
        }
    }

    public final String signSamlResponse(String str, PrivateKey privateKey, PublicKey publicKey) {
        Document constructDocumentFromXml = constructDocumentFromXml(str);
        if (constructDocumentFromXml == null) {
            throw new RuntimeException("Error signing SAML Response: Null document");
        }
        constructDocumentFromXml.setRootElement(signSamlElement(constructDocumentFromXml.getRootElement(), privateKey, publicKey).detach());
        return new XMLOutputter().outputString(constructDocumentFromXml);
    }

    public static Document constructDocumentFromXml(String str) {
        try {
            SAXBuilder sAXBuilder = new SAXBuilder();
            sAXBuilder.setFeature("http://xml.org/sax/features/external-general-entities", false);
            sAXBuilder.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
            return sAXBuilder.build(new ByteArrayInputStream(str.getBytes(Charset.defaultCharset())));
        } catch (Exception unused) {
            return null;
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:3:0x0052. Please report as an issue. */
    private org.jdom.Element signSamlElement(org.jdom.Element element, PrivateKey privateKey, PublicKey publicKey) {
        SignatureMethod newSignatureMethod;
        try {
            XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(System.getProperty("jsr105Provider", SIGNATURE_FACTORY_PROVIDER_CLASS)).newInstance());
            Reference newReference = xMLSignatureFactory.newReference("", xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null)), (String) null, (String) null);
            String algorithm = publicKey.getAlgorithm();
            switch (algorithm.hashCode()) {
                case 67986:
                    if (!algorithm.equals("DSA")) {
                        throw new RuntimeException("Error signing SAML element: Unsupported type of key");
                    }
                    newSignatureMethod = xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#dsa-sha1", (SignatureMethodParameterSpec) null);
                    SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments", (C14NMethodParameterSpec) null), newSignatureMethod, Collections.singletonList(newReference));
                    KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
                    KeyInfo newKeyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue(publicKey)));
                    Element dom = toDom(element);
                    DOMSignContext dOMSignContext = new DOMSignContext(privateKey, dom);
                    dOMSignContext.setNextSibling(getXmlSignatureInsertLocation(dom));
                    xMLSignatureFactory.newXMLSignature(newSignedInfo, newKeyInfo).sign(dOMSignContext);
                    return toJdom(dom);
                case 81440:
                    if (!algorithm.equals("RSA")) {
                        throw new RuntimeException("Error signing SAML element: Unsupported type of key");
                    }
                    newSignatureMethod = xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec) null);
                    SignedInfo newSignedInfo2 = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments", (C14NMethodParameterSpec) null), newSignatureMethod, Collections.singletonList(newReference));
                    KeyInfoFactory keyInfoFactory2 = xMLSignatureFactory.getKeyInfoFactory();
                    KeyInfo newKeyInfo2 = keyInfoFactory2.newKeyInfo(Collections.singletonList(keyInfoFactory2.newKeyValue(publicKey)));
                    Element dom2 = toDom(element);
                    DOMSignContext dOMSignContext2 = new DOMSignContext(privateKey, dom2);
                    dOMSignContext2.setNextSibling(getXmlSignatureInsertLocation(dom2));
                    xMLSignatureFactory.newXMLSignature(newSignedInfo2, newKeyInfo2).sign(dOMSignContext2);
                    return toJdom(dom2);
                default:
                    throw new RuntimeException("Error signing SAML element: Unsupported type of key");
            }
        } catch (Exception e) {
            throw new RuntimeException("Error signing SAML element: " + e.getMessage(), e);
        }
    }

    private static Node getXmlSignatureInsertLocation(Element element) {
        Node item;
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:protocol", "Extensions");
        if (elementsByTagNameNS.getLength() != 0) {
            item = elementsByTagNameNS.item(elementsByTagNameNS.getLength() - 1);
        } else {
            NodeList elementsByTagNameNS2 = element.getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:protocol", "Status");
            item = elementsByTagNameNS2.item(elementsByTagNameNS2.getLength() - 1);
        }
        return item;
    }

    private Element toDom(org.jdom.Element element) {
        return toDom(element.getDocument()).getDocumentElement();
    }

    private org.w3c.dom.Document toDom(Document document) {
        try {
            XMLOutputter xMLOutputter = new XMLOutputter();
            StringWriter stringWriter = new StringWriter();
            xMLOutputter.output(document, stringWriter);
            byte[] bytes = stringWriter.toString().getBytes(Charset.defaultCharset());
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            return newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(bytes));
        } catch (Exception e) {
            this.logger.trace(e.getMessage(), e);
            return null;
        }
    }

    private static org.jdom.Element toJdom(Element element) {
        return new DOMBuilder().build(element);
    }
}
