package org.apereo.cas.support.saml.util;

import com.fasterxml.jackson.annotation.JsonTypeInfo;
import java.io.ByteArrayInputStream;
import java.io.Serializable;
import java.io.StringWriter;
import java.nio.charset.Charset;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.time.ZonedDateTime;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Stream;
import javax.xml.XMLConstants;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import lombok.Generated;
import org.apache.xerces.xs.XSObject;
import org.apereo.cas.support.saml.OpenSamlConfigBean;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.util.gen.HexRandomStringGenerator;
import org.apereo.cas.util.serialization.JacksonXmlSerializer;
import org.jdom2.Document;
import org.jdom2.Element;
import org.jdom2.input.DOMBuilder;
import org.jdom2.input.SAXBuilder;
import org.jdom2.output.XMLOutputter;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.schema.XSAny;
import org.opensaml.core.xml.schema.XSBase64Binary;
import org.opensaml.core.xml.schema.XSBoolean;
import org.opensaml.core.xml.schema.XSBooleanValue;
import org.opensaml.core.xml.schema.XSDateTime;
import org.opensaml.core.xml.schema.XSInteger;
import org.opensaml.core.xml.schema.XSString;
import org.opensaml.core.xml.schema.XSURI;
import org.opensaml.core.xml.schema.impl.XSAnyBuilder;
import org.opensaml.core.xml.schema.impl.XSBase64BinaryBuilder;
import org.opensaml.core.xml.schema.impl.XSBooleanBuilder;
import org.opensaml.core.xml.schema.impl.XSDateTimeBuilder;
import org.opensaml.core.xml.schema.impl.XSIntegerBuilder;
import org.opensaml.core.xml.schema.impl.XSStringBuilder;
import org.opensaml.core.xml.schema.impl.XSURIBuilder;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.NameIDType;
import org.opensaml.security.crypto.JCAConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
/* loaded from: input_file:WEB-INF/lib/cas-server-support-saml-core-api-6.5.3.jar:org/apereo/cas/support/saml/util/AbstractSamlObjectBuilder.class */
public abstract class AbstractSamlObjectBuilder implements Serializable {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AbstractSamlObjectBuilder.class);
    protected static final String DEFAULT_ELEMENT_LOCAL_NAME_FIELD = "DEFAULT_ELEMENT_LOCAL_NAME";
    private static final int RANDOM_ID_SIZE = 16;
    private static final String SIGNATURE_FACTORY_PROVIDER_CLASS = "org.jcp.xml.dsig.internal.dom.XMLDSigRI";
    private static final long serialVersionUID = -6833230731146922780L;
    private static final String LOG_MESSAGE_ATTR_CREATED = "Created attribute value XMLObject: [{}]";
    protected final transient OpenSamlConfigBean openSamlConfigBean;

    public static String signSamlResponse(String str, PrivateKey privateKey, PublicKey publicKey) {
        Document constructDocumentFromXml = constructDocumentFromXml(str);
        if (constructDocumentFromXml == null) {
            throw new IllegalArgumentException("Error signing SAML Response: Null document");
        }
        constructDocumentFromXml.setRootElement(signSamlElement(constructDocumentFromXml.getRootElement(), privateKey, publicKey).detach());
        return new XMLOutputter().outputString(constructDocumentFromXml);
    }

    public static Document constructDocumentFromXml(String str) {
        LOGGER.trace("Attempting to construct an instance of Document from xml: [{}]", str);
        try {
            SAXBuilder sAXBuilder = new SAXBuilder();
            sAXBuilder.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
            sAXBuilder.setFeature("http://xml.org/sax/features/external-general-entities", false);
            sAXBuilder.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
            return sAXBuilder.build(new ByteArrayInputStream(str.getBytes(Charset.defaultCharset())));
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
            return null;
        }
    }

    private static Element signSamlElement(Element element, PrivateKey privateKey, PublicKey publicKey) {
        try {
            LOGGER.trace("Attempting to sign Element: [{}]", element);
            XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(System.getProperty("jsr105Provider", SIGNATURE_FACTORY_PROVIDER_CLASS)).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]));
            Reference newReference = xMLSignatureFactory.newReference("", xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), CollectionUtils.wrap(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null)), (String) null, (String) null);
            SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments", (C14NMethodParameterSpec) null), getSignatureMethodFromPublicKey(publicKey, xMLSignatureFactory), CollectionUtils.wrap(newReference));
            KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
            KeyInfo newKeyInfo = keyInfoFactory.newKeyInfo(CollectionUtils.wrap(keyInfoFactory.newKeyValue(publicKey)));
            org.w3c.dom.Element dom = toDom(element);
            DOMSignContext dOMSignContext = new DOMSignContext(privateKey, dom);
            dOMSignContext.setNextSibling(getXmlSignatureInsertLocation(dom));
            xMLSignatureFactory.newXMLSignature(newSignedInfo, newKeyInfo).sign(dOMSignContext);
            return new DOMBuilder().build(dom);
        } catch (Exception e) {
            throw new IllegalArgumentException("Error signing SAML element: " + e.getMessage(), e);
        }
    }

    private static SignatureMethod getSignatureMethodFromPublicKey(PublicKey publicKey, XMLSignatureFactory xMLSignatureFactory) {
        String algorithm = publicKey.getAlgorithm();
        if (JCAConstants.KEY_ALGO_DSA.equalsIgnoreCase(algorithm)) {
            return xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#dsa-sha1", (SignatureMethodParameterSpec) null);
        }
        if ("RSA".equalsIgnoreCase(algorithm)) {
            return xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec) null);
        }
        throw new IllegalArgumentException(String.format("Unsupported type of key algorithm: [%s]. Only DSA or RSA are supported", algorithm));
    }

    private static Node getXmlSignatureInsertLocation(org.w3c.dom.Element element) {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(SAMLConstants.SAML20P_NS, "Extensions");
        if (elementsByTagNameNS.getLength() != 0) {
            return elementsByTagNameNS.item(elementsByTagNameNS.getLength() - 1);
        }
        NodeList elementsByTagNameNS2 = element.getElementsByTagNameNS(SAMLConstants.SAML20P_NS, "Status");
        return elementsByTagNameNS2.item(elementsByTagNameNS2.getLength() - 1);
    }

    private static org.w3c.dom.Element toDom(Element element) throws Exception {
        return ((org.w3c.dom.Document) Objects.requireNonNull(toDom(element.getDocument()))).getDocumentElement();
    }

    private static org.w3c.dom.Document toDom(Document document) throws Exception {
        LOGGER.trace("Creating document from: [{}]", document);
        XMLOutputter xMLOutputter = new XMLOutputter();
        StringWriter stringWriter = new StringWriter();
        xMLOutputter.output(document, stringWriter);
        byte[] bytes = stringWriter.toString().getBytes(Charset.defaultCharset());
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        newInstance.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        newInstance.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
        newInstance.setFeature("http://apache.org/xml/features/validation/schema/normalized-value", false);
        newInstance.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        newInstance.setFeature("http://xml.org/sax/features/external-general-entities", false);
        newInstance.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
        return newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(bytes));
    }

    public String generateSecureRandomId() {
        return "_" + new HexRandomStringGenerator(16).getNewString();
    }

    protected XMLObject newAttributeValue(Object obj, String str, QName qName) {
        LOGGER.trace("Creating new attribute value XMLObject for value: [{}], value type: [{}], QName: [{}]", obj, str, qName);
        if (obj instanceof NameIDType) {
            LOGGER.trace(LOG_MESSAGE_ATTR_CREATED, obj);
            ((NameIDType) obj).detach();
            return (NameIDType) obj;
        }
        if (XSString.class.getSimpleName().equalsIgnoreCase(str)) {
            XSString buildObject = new XSStringBuilder().buildObject(qName, XSString.TYPE_NAME);
            buildObject.setValue(obj.toString());
            LOGGER.trace(LOG_MESSAGE_ATTR_CREATED, buildObject);
            return buildObject;
        }
        if (XSURI.class.getSimpleName().equalsIgnoreCase(str)) {
            XSURI buildObject2 = new XSURIBuilder().buildObject(qName, XSURI.TYPE_NAME);
            buildObject2.setURI(obj.toString());
            LOGGER.trace(LOG_MESSAGE_ATTR_CREATED, buildObject2);
            return buildObject2;
        }
        if (XSBoolean.class.getSimpleName().equalsIgnoreCase(str)) {
            XSBoolean buildObject3 = new XSBooleanBuilder().buildObject(qName, XSBoolean.TYPE_NAME);
            buildObject3.setValue(XSBooleanValue.valueOf(obj.toString().toLowerCase()));
            LOGGER.trace(LOG_MESSAGE_ATTR_CREATED, buildObject3);
            return buildObject3;
        }
        if (XSInteger.class.getSimpleName().equalsIgnoreCase(str)) {
            XSInteger buildObject4 = new XSIntegerBuilder().buildObject(qName, XSInteger.TYPE_NAME);
            buildObject4.setValue(Integer.valueOf(obj.toString()));
            LOGGER.trace(LOG_MESSAGE_ATTR_CREATED, buildObject4);
            return buildObject4;
        }
        if (XSDateTime.class.getSimpleName().equalsIgnoreCase(str)) {
            XSDateTime buildObject5 = new XSDateTimeBuilder().buildObject(qName, XSDateTime.TYPE_NAME);
            buildObject5.setValue(ZonedDateTime.parse(obj.toString()).toInstant());
            LOGGER.trace(LOG_MESSAGE_ATTR_CREATED, buildObject5);
            return buildObject5;
        }
        if (XSBase64Binary.class.getSimpleName().equalsIgnoreCase(str)) {
            XSBase64Binary buildObject6 = new XSBase64BinaryBuilder().buildObject(qName, XSBase64Binary.TYPE_NAME);
            buildObject6.setValue(obj.toString());
            LOGGER.trace(LOG_MESSAGE_ATTR_CREATED, buildObject6);
            return buildObject6;
        }
        if (!XSObject.class.getSimpleName().equalsIgnoreCase(str)) {
            XSAny buildObject7 = new XSAnyBuilder().buildObject(qName);
            buildObject7.setTextContent(obj.toString());
            LOGGER.trace(LOG_MESSAGE_ATTR_CREATED, buildObject7);
            return buildObject7;
        }
        JacksonXmlSerializer jacksonXmlSerializer = new JacksonXmlSerializer();
        XSAny buildObject8 = new XSAnyBuilder().buildObject(qName);
        buildObject8.setTextContent(jacksonXmlSerializer.writeValueAsString(obj));
        LOGGER.trace(LOG_MESSAGE_ATTR_CREATED, buildObject8);
        return buildObject8;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addAttributeValuesToSamlAttribute(String str, Object obj, String str2, List<XMLObject> list, QName qName) {
        Set<Object> collection = CollectionUtils.toCollection(obj);
        if (collection == null || collection.isEmpty()) {
            LOGGER.trace("Skipping over SAML attribute [{}] since it has no value", str);
            return;
        }
        LOGGER.trace("Attempting to generate SAML attribute [{}] with value(s) [{}]", str, collection);
        LOGGER.debug("Generating multi-valued SAML attribute [{}] with values [{}]", str, collection);
        Stream<R> map = collection.stream().map(obj2 -> {
            return newAttributeValue(obj2, str2, qName);
        });
        Objects.requireNonNull(list);
        map.forEach((v1) -> {
            r1.add(v1);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Generated
    public AbstractSamlObjectBuilder(OpenSamlConfigBean openSamlConfigBean) {
        this.openSamlConfigBean = openSamlConfigBean;
    }

    @Generated
    public OpenSamlConfigBean getOpenSamlConfigBean() {
        return this.openSamlConfigBean;
    }
}
