package com.adobe.granite.auth.saml.util;

import com.adobe.granite.auth.saml.model.Assertion;
import com.adobe.granite.auth.saml.model.Attribute;
import com.adobe.granite.auth.saml.model.AuthnStatement;
import com.adobe.granite.auth.saml.model.Issuer;
import com.adobe.granite.auth.saml.model.LogoutRequest;
import com.adobe.granite.auth.saml.model.Message;
import com.adobe.granite.auth.saml.model.NameId;
import com.adobe.granite.auth.saml.model.Response;
import com.adobe.granite.auth.saml.model.Status;
import com.adobe.granite.auth.saml.model.Subject;
import com.adobe.granite.auth.saml.model.xml.SamlXmlConstants;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.security.Key;
import java.security.Provider;
import java.util.Calendar;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Locale;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.xml.security.Init;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.joda.time.DateTimeZone;
import org.joda.time.format.ISODateTimeFormat;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.ErrorHandler;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;

/* loaded from: input_file:com/adobe/granite/auth/saml/util/SamlReader.class */
public class SamlReader {
    private final Logger log = LoggerFactory.getLogger(getClass());

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/adobe/granite/auth/saml/util/SamlReader$LoggingErrorHandler.class */
    public class LoggingErrorHandler implements ErrorHandler {
        private LoggingErrorHandler() {
        }

        @Override // org.xml.sax.ErrorHandler
        public void warning(SAXParseException sAXParseException) throws SAXException {
            SamlReader.this.log.warn(sAXParseException.getMessage());
        }

        @Override // org.xml.sax.ErrorHandler
        public void error(SAXParseException sAXParseException) throws SAXException {
            SamlReader.this.log.error(sAXParseException.getMessage());
        }

        @Override // org.xml.sax.ErrorHandler
        public void fatalError(SAXParseException sAXParseException) throws SAXException {
            SamlReader.this.log.error(sAXParseException.getMessage());
        }
    }

    public Message read(InputStream inputStream, Key key, Key key2, boolean z) throws SamlReaderException, IOException {
        Response parseRequest;
        try {
            DocumentBuilder newDocumentBuilder = createBuilderFactory().newDocumentBuilder();
            newDocumentBuilder.setErrorHandler(new LoggingErrorHandler());
            Document parse = newDocumentBuilder.parse(inputStream);
            if (z) {
                parseRequest = parseRequest(parse, key2);
                if (parseRequest == null) {
                    throw new SamlReaderException("Unable to parse document from stream.", new Exception());
                }
            } else {
                if (key != null) {
                    parse = decryptResponse(parse, key);
                }
                parseRequest = parse(parse, key2);
                if (parseRequest == null) {
                    throw new SamlReaderException("Unable to parse document from stream.", new Exception());
                }
                Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
                StringWriter stringWriter = new StringWriter();
                newTransformer.transform(new DOMSource(parse), new StreamResult(stringWriter));
                parseRequest.setRawMessage(stringWriter.toString());
            }
            return parseRequest;
        } catch (ParserConfigurationException e) {
            throw new SamlReaderException("Unable to create document builder factory", e);
        } catch (TransformerConfigurationException e2) {
            throw new SamlReaderException("Unable to parse document from stream", e2);
        } catch (TransformerException e3) {
            throw new SamlReaderException("Unable to parse document from stream", e3);
        } catch (SAXException e4) {
            throw new SamlReaderException("Unable to parse document from stream", e4);
        }
    }

    public Message read(InputStream inputStream, Key key, Key key2) throws SamlReaderException, IOException {
        return read(inputStream, key, key2, false);
    }

    private DocumentBuilderFactory createBuilderFactory() throws ParserConfigurationException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        newInstance.setExpandEntityReferences(false);
        newInstance.setFeature("http://xml.org/sax/features/external-general-entities", false);
        newInstance.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
        newInstance.setFeature("http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false);
        newInstance.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
        return newInstance;
    }

    protected Response parse(Document document, Key key) {
        Element childElement;
        Element childElement2 = getChildElement(document, SamlXmlConstants.RESPONSE_ELEMENT);
        if (childElement2 == null) {
            this.log.error("Unable to read Response element from document.");
            return null;
        }
        childElement2.setIdAttribute("ID", true);
        Response response = new Response();
        response.setId(childElement2.getAttribute("ID"));
        response.setVersion(childElement2.getAttribute("Version"));
        response.setIssueInstant(getDateAttr(childElement2, SamlXmlConstants.ISSUE_INSTANT_ATTR));
        Element childElement3 = getChildElement(childElement2, SamlXmlConstants.STATUS_ELEMENT);
        if (null != childElement3) {
            response.setStatus(parseStatus(childElement3));
        }
        Element childElement4 = getChildElement(childElement2, SamlXmlConstants.ISSUER_ELEMENT);
        if (null != childElement4) {
            response.setIssuer(parseIssuer(childElement4));
        }
        response.setInResponseTo(childElement2.getAttribute(SamlXmlConstants.IN_RESPONSE_TO_ATTR));
        response.setDestination(childElement2.getAttribute("Destination"));
        NodeList elementsByTagNameNS = childElement2.getElementsByTagNameNS(SamlXmlConstants.SAML_ASSERTION_NAMESPACE, SamlXmlConstants.ASSERTION_ELEMENT);
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            Element element = (Element) elementsByTagNameNS.item(i);
            Assertion parseAssertion = parseAssertion(element);
            Element childElement5 = getChildElement(element, SamlXmlConstants.SUBJECT_ELEMENT);
            if (null != childElement5 && null != (childElement = getChildElement(childElement5, SamlXmlConstants.NAME_ID_ELEMENT))) {
                response.setNameId(childElement.getTextContent());
                if (childElement.hasAttribute(SamlXmlConstants.FORMAT_ATTR)) {
                    response.setNameIdFormat(childElement.getAttribute(SamlXmlConstants.FORMAT_ATTR));
                }
                if (childElement.hasAttribute(SamlXmlConstants.NAME_QUALIFIER_ATTR)) {
                    response.setNameQualifier(childElement.getAttribute(SamlXmlConstants.NAME_QUALIFIER_ATTR));
                }
                if (childElement.hasAttribute(SamlXmlConstants.SP_NAME_QUALIFIER_ATTR)) {
                    response.setSpNameQualifier(childElement.getAttribute(SamlXmlConstants.SP_NAME_QUALIFIER_ATTR));
                }
            }
            parseAssertion.setSignatureValid(verifySignatures(childElement2, (Element) elementsByTagNameNS.item(i), key));
            response.addAssertion(parseAssertion);
        }
        return response;
    }

    private LogoutRequest parseRequest(Document document, Key key) {
        Element childElement = getChildElement(document, SamlXmlConstants.LOGOUT_REQUEST);
        if (childElement == null) {
            this.log.error("Could not find LogoutRequest element in document");
            return null;
        }
        LogoutRequest logoutRequest = new LogoutRequest();
        if (childElement.hasAttribute("ID")) {
            logoutRequest.setId(childElement.getAttribute("ID"));
        }
        if (childElement.hasAttribute(SamlXmlConstants.ISSUE_INSTANT_ATTR)) {
            logoutRequest.setIssueInstant(getDateAttr(childElement, SamlXmlConstants.ISSUE_INSTANT_ATTR));
        }
        if (childElement.hasAttribute("Destination")) {
            logoutRequest.setDestination(childElement.getAttribute("Destination"));
        }
        Element childElement2 = getChildElement(childElement, SamlXmlConstants.ISSUER_ELEMENT);
        if (childElement2 != null) {
            logoutRequest.setIssuer(parseIssuer(childElement2));
        }
        Element childElement3 = getChildElement(childElement, SamlXmlConstants.NAME_ID_ELEMENT);
        if (childElement3 != null) {
            if (childElement3.hasAttribute(SamlXmlConstants.NAME_FORMAT_ATTR)) {
                logoutRequest.setNameIdFormat(childElement3.getAttribute(SamlXmlConstants.NAME_FORMAT_ATTR));
            }
            logoutRequest.setNameId(childElement3.getTextContent());
        }
        Iterator<Element> it = getChildElements(childElement, "SessionIndex").iterator();
        while (it.hasNext()) {
            logoutRequest.addSessionIndex(it.next().getTextContent());
        }
        logoutRequest.setSignatureValid(verifySignatures(childElement, childElement, key));
        return logoutRequest;
    }

    private boolean verifySignatures(Element element, Element element2, Key key) {
        if (key == null) {
            this.log.warn("Could not verify signatures. Public key of IdP not provided.");
            return false;
        }
        NodeList elementsByTagNameNS = element2.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            this.log.warn("Received SAML message without signature element.");
            return false;
        }
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            try {
                DOMValidateContext dOMValidateContext = new DOMValidateContext(key, elementsByTagNameNS.item(i));
                dOMValidateContext.setIdAttributeNS(element2, (String) null, "ID");
                dOMValidateContext.setIdAttributeNS(element, (String) null, "ID");
                if (!XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(System.getProperty("jsr105Provider", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI")).newInstance()).unmarshalXMLSignature(dOMValidateContext).validate(dOMValidateContext)) {
                    return false;
                }
            } catch (ClassNotFoundException e) {
                this.log.error("Failed obtaining the signature provider: ", e);
                return false;
            } catch (InstantiationException e2) {
                this.log.error("Failed obtaining the signature provider: ", e2);
                return false;
            } catch (XMLSignatureException e3) {
                this.log.error("Failed validating signature.", e3);
                return false;
            } catch (IllegalAccessException e4) {
                this.log.error("Failed obtaining the signature provider: ", e4);
                return false;
            } catch (MarshalException e5) {
                this.log.error("Could not unmarshal XML signature.", e5);
                return false;
            }
        }
        return true;
    }

    protected Document decryptResponse(Document document, Key key) {
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(SamlXmlConstants.SAML_ASSERTION_NAMESPACE, SamlXmlConstants.ENCRYPTED_ASSERTION_ELEMENT);
        if (0 >= elementsByTagNameNS.getLength()) {
            throw new RuntimeException("No EncryptedAssertion element was found");
        }
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            decryptAssertion((Element) elementsByTagNameNS.item(i), key);
        }
        return document;
    }

    protected void decryptAssertion(Element element, Key key) {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        try {
            Element element2 = (Element) element.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData").item(0);
            String attributeNS = ((Element) element2.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptionMethod").item(0)).getAttributeNS(null, "Algorithm");
            DocumentBuilder newDocumentBuilder = newInstance.newDocumentBuilder();
            XMLCipher xMLCipher = XMLCipher.getInstance();
            xMLCipher.init(2, (Key) null);
            xMLCipher.setKEK(key);
            xMLCipher.registerInternalKeyResolver(new RetrievalMethodEncryptedKeyResolver(attributeNS, key));
            Node importNode = element.getOwnerDocument().importNode(newDocumentBuilder.parse(new ByteArrayInputStream(xMLCipher.decryptToByteArray(element2))).getDocumentElement(), true);
            Element element3 = (Element) element.getParentNode();
            element3.removeChild(element);
            element3.appendChild(importNode);
        } catch (IOException e) {
            throw new RuntimeException("Error decrypting response", e);
        } catch (ParserConfigurationException e2) {
            throw new RuntimeException("Error decrypting response", e2);
        } catch (SAXException e3) {
            throw new RuntimeException("Error decrypting response", e3);
        } catch (XMLEncryptionException e4) {
            throw new RuntimeException("Error decrypting response", e4);
        }
    }

    protected Issuer parseIssuer(Element element) {
        String textContent = element.getTextContent();
        if (null == textContent) {
            return null;
        }
        return new Issuer(textContent.trim());
    }

    protected Assertion parseAssertion(Element element) {
        Assertion assertion = new Assertion();
        Element childElement = getChildElement(element, SamlXmlConstants.SUBJECT_ELEMENT);
        if (null != childElement) {
            Subject subject = new Subject();
            Element childElement2 = getChildElement(childElement, SamlXmlConstants.NAME_ID_ELEMENT);
            if (childElement2 != null) {
                NameId nameId = new NameId();
                nameId.setValue(childElement2.getTextContent());
                nameId.setFormat(childElement2.getAttribute(SamlXmlConstants.FORMAT_ATTR));
                subject.setNameId(nameId);
            }
            assertion.setSubject(subject);
        }
        Element childElement3 = getChildElement(element, SamlXmlConstants.ATTRIBUTE_STATEMENT_ELEMENT);
        if (null != childElement3) {
            NodeList elementsByTagNameNS = childElement3.getElementsByTagNameNS(SamlXmlConstants.SAML_ASSERTION_NAMESPACE, SamlXmlConstants.ATTRIBUTE_ELEMENT);
            for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
                assertion.addAttribute(parseAttribute((Element) elementsByTagNameNS.item(i)));
            }
        }
        Element childElement4 = getChildElement(element, SamlXmlConstants.CONDITIONS_ELEMENT);
        if (childElement4.hasAttribute(SamlXmlConstants.NOT_BEFORE_ATTR)) {
            assertion.setNotBefore(getDateAttr(childElement4, SamlXmlConstants.NOT_BEFORE_ATTR));
        }
        if (childElement4.hasAttribute(SamlXmlConstants.NOT_ON_OR_AFTER_ATTR)) {
            assertion.setNotOnOrAfter(getDateAttr(childElement4, SamlXmlConstants.NOT_ON_OR_AFTER_ATTR));
        }
        Element childElement5 = getChildElement(childElement4, SamlXmlConstants.AUDIENCE_RESTRICTION_ELEMENT);
        if (null != childElement5) {
            NodeList elementsByTagNameNS2 = childElement5.getElementsByTagNameNS(SamlXmlConstants.SAML_ASSERTION_NAMESPACE, SamlXmlConstants.AUDIENCE_ELEMENT);
            for (int i2 = 0; i2 < elementsByTagNameNS2.getLength(); i2++) {
                assertion.addAudienceRestriction(elementsByTagNameNS2.item(i2).getTextContent());
            }
        }
        Iterator<Element> it = getChildElements(element, SamlXmlConstants.AUTHN_STATEMENT_ELEMENT).iterator();
        while (it.hasNext()) {
            Element next = it.next();
            AuthnStatement authnStatement = new AuthnStatement();
            if (next.hasAttribute(SamlXmlConstants.AUTHN_INSTANT_ATTR)) {
                authnStatement.setAuthnInstant(getDateAttr(next, SamlXmlConstants.AUTHN_INSTANT_ATTR));
            }
            if (next.hasAttribute(SamlXmlConstants.SESSION_NOT_ON_OR_AFTER_ATTR)) {
                authnStatement.setSessionNotOnOrAfter(getDateAttr(next, SamlXmlConstants.SESSION_NOT_ON_OR_AFTER_ATTR));
            }
            if (next.hasAttribute("SessionIndex")) {
                authnStatement.setSessionIndex(next.getAttribute("SessionIndex"));
            }
            assertion.addAuthnStatement(authnStatement);
        }
        return assertion;
    }

    protected Attribute parseAttribute(Element element) {
        Attribute attribute = new Attribute();
        attribute.setName(element.getAttribute("Name"));
        attribute.setNameFormat(element.getAttribute(SamlXmlConstants.NAME_FORMAT_ATTR));
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(SamlXmlConstants.SAML_ASSERTION_NAMESPACE, SamlXmlConstants.ATTRIBUTE_VALUE_ELEMENT);
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            attribute.addAttributeValue(((Element) elementsByTagNameNS.item(i)).getTextContent().trim());
        }
        return attribute;
    }

    protected Status parseStatus(Element element) {
        Status status = new Status();
        Element childElement = getChildElement(element, SamlXmlConstants.STATUS_CODE_ELEMENT);
        if (null == childElement) {
            return null;
        }
        status.setStatusCode(childElement.getAttribute(SamlXmlConstants.VALUE_ATTR));
        return status;
    }

    protected Calendar getDateAttr(Element element, String str) {
        String attribute = element.getAttribute(str);
        if (null == attribute || "".equals(attribute)) {
            return null;
        }
        return ISODateTimeFormat.dateTimeParser().withZone(DateTimeZone.forOffsetHours(0)).parseDateTime(attribute).toCalendar(Locale.getDefault());
    }

    protected Element getChildElement(Node node, String str) {
        NodeList childNodes = node.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (1 == item.getNodeType() && item.getLocalName().equals(str)) {
                return (Element) item;
            }
        }
        return null;
    }

    protected LinkedList<Element> getChildElements(Node node, String str) {
        NodeList childNodes = node.getChildNodes();
        LinkedList<Element> linkedList = new LinkedList<>();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (1 == item.getNodeType() && item.getLocalName().equals(str)) {
                linkedList.add((Element) item);
            }
        }
        return linkedList;
    }

    static {
        Init.init();
    }
}
