package org.springframework.security.saml2.provider.service.authentication;

import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.validation.Schema;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.xml.BasicParserPool;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.config.InitializationService;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.config.XMLObjectProviderRegistry;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.UnmarshallerFactory;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.EncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureSupport;
import org.springframework.security.saml2.Saml2Exception;
import org.springframework.security.saml2.credentials.Saml2X509Credential;
import org.w3c.dom.Element;

/* loaded from: input_file:org/springframework/security/saml2/provider/service/authentication/OpenSamlImplementation.class */
final class OpenSamlImplementation {
    private static OpenSamlImplementation instance = new OpenSamlImplementation();
    private final BasicParserPool parserPool = new BasicParserPool();
    private final EncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(Arrays.asList(new InlineEncryptedKeyResolver(), new EncryptedElementTypeEncryptedKeyResolver(), new SimpleRetrievalMethodEncryptedKeyResolver()));

    private OpenSamlImplementation() {
        bootstrap();
    }

    private void bootstrap() {
        XMLObjectProviderRegistry xMLObjectProviderRegistry;
        this.parserPool.setMaxPoolSize(50);
        this.parserPool.setCoalescing(true);
        this.parserPool.setExpandEntityReferences(false);
        this.parserPool.setIgnoreComments(true);
        this.parserPool.setIgnoreElementContentWhitespace(true);
        this.parserPool.setNamespaceAware(true);
        this.parserPool.setSchema((Schema) null);
        this.parserPool.setDTDValidating(false);
        this.parserPool.setXincludeAware(false);
        this.parserPool.setBuilderAttributes(new HashMap());
        HashMap hashMap = new HashMap();
        hashMap.put("http://apache.org/xml/features/disallow-doctype-decl", Boolean.TRUE);
        hashMap.put("http://javax.xml.XMLConstants/feature/secure-processing", Boolean.TRUE);
        hashMap.put("http://xml.org/sax/features/external-general-entities", Boolean.FALSE);
        hashMap.put("http://apache.org/xml/features/validation/schema/normalized-value", Boolean.FALSE);
        hashMap.put("http://xml.org/sax/features/external-parameter-entities", Boolean.FALSE);
        hashMap.put("http://apache.org/xml/features/dom/defer-node-expansion", Boolean.FALSE);
        this.parserPool.setBuilderFeatures(hashMap);
        try {
            this.parserPool.initialize();
            try {
                InitializationService.initialize();
                synchronized (ConfigurationService.class) {
                    xMLObjectProviderRegistry = (XMLObjectProviderRegistry) ConfigurationService.get(XMLObjectProviderRegistry.class);
                    if (xMLObjectProviderRegistry == null) {
                        xMLObjectProviderRegistry = new XMLObjectProviderRegistry();
                        ConfigurationService.register(XMLObjectProviderRegistry.class, xMLObjectProviderRegistry);
                    }
                }
                xMLObjectProviderRegistry.setParserPool(this.parserPool);
            } catch (InitializationException e) {
                throw new Saml2Exception("Unable to initialize OpenSaml v3", e);
            }
        } catch (ComponentInitializationException e2) {
            throw new Saml2Exception("Unable to initialize OpenSaml v3 ParserPool", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OpenSamlImplementation getInstance() {
        return instance;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EncryptedKeyResolver getEncryptedKeyResolver() {
        return this.encryptedKeyResolver;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public <T> T buildSAMLObject(Class<T> cls) {
        try {
            QName qName = (QName) cls.getDeclaredField("DEFAULT_ELEMENT_NAME").get(null);
            return (T) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName).buildObject(qName);
        } catch (IllegalAccessException | NoSuchFieldException e) {
            throw new Saml2Exception("Could not create SAML object", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public XMLObject resolve(String str) {
        return resolve(str.getBytes(StandardCharsets.UTF_8));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String toXml(XMLObject xMLObject, List<Saml2X509Credential> list, String str) {
        if ((xMLObject instanceof SignableSAMLObject) && null != hasSigningCredential(list)) {
            signXmlObject((SignableSAMLObject) xMLObject, list, str);
        }
        try {
            return SerializeSupport.nodeToString(XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(xMLObject).marshall(xMLObject));
        } catch (MarshallingException e) {
            throw new Saml2Exception((Throwable) e);
        }
    }

    private XMLObject resolve(byte[] bArr) {
        XMLObject parse = parse(bArr);
        if (parse != null) {
            return parse;
        }
        throw new Saml2Exception("Deserialization not supported for given data set");
    }

    private XMLObject parse(byte[] bArr) {
        try {
            Element documentElement = this.parserPool.parse(new ByteArrayInputStream(bArr)).getDocumentElement();
            return getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement);
        } catch (UnmarshallingException | XMLParserException e) {
            throw new Saml2Exception((Throwable) e);
        }
    }

    private UnmarshallerFactory getUnmarshallerFactory() {
        return XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
    }

    private Saml2X509Credential hasSigningCredential(List<Saml2X509Credential> list) {
        for (Saml2X509Credential saml2X509Credential : list) {
            if (saml2X509Credential.isSigningCredential()) {
                return saml2X509Credential;
            }
        }
        return null;
    }

    private Credential getSigningCredential(List<Saml2X509Credential> list, String str) {
        Saml2X509Credential hasSigningCredential = hasSigningCredential(list);
        if (hasSigningCredential == null) {
            throw new Saml2Exception("no signing credential configured");
        }
        BasicX509Credential basicCredential = getBasicCredential(hasSigningCredential);
        basicCredential.setEntityId(str);
        basicCredential.setUsageType(UsageType.SIGNING);
        return basicCredential;
    }

    private void signXmlObject(SignableSAMLObject signableSAMLObject, List<Saml2X509Credential> list, String str) {
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(getSigningCredential(list, str));
        signatureSigningParameters.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        signatureSigningParameters.setSignatureReferenceDigestMethod("http://www.w3.org/2001/04/xmlenc#sha256");
        signatureSigningParameters.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        try {
            SignatureSupport.signObject(signableSAMLObject, signatureSigningParameters);
        } catch (MarshallingException | SignatureException | SecurityException e) {
            throw new Saml2Exception((Throwable) e);
        }
    }

    private BasicX509Credential getBasicCredential(Saml2X509Credential saml2X509Credential) {
        return CredentialSupport.getSimpleCredential(saml2X509Credential.getCertificate(), saml2X509Credential.getPrivateKey());
    }
}
