package org.picketlink.identity.federation.core.util;

import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.servlet.ServletContext;
import org.picketlink.common.PicketLinkLogger;
import org.picketlink.common.PicketLinkLoggerFactory;
import org.picketlink.common.constants.JBossSAMLURIConstants;
import org.picketlink.common.exceptions.ConfigurationException;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.common.util.PBEUtils;
import org.picketlink.common.util.StringUtil;
import org.picketlink.config.federation.AuthPropertyType;
import org.picketlink.config.federation.ClaimsProcessorType;
import org.picketlink.config.federation.IDPType;
import org.picketlink.config.federation.KeyProviderType;
import org.picketlink.config.federation.KeyValueType;
import org.picketlink.config.federation.MetadataProviderType;
import org.picketlink.config.federation.ProviderType;
import org.picketlink.config.federation.SPType;
import org.picketlink.config.federation.TokenProviderType;
import org.picketlink.identity.federation.core.constants.PicketLinkFederationConstants;
import org.picketlink.identity.federation.core.interfaces.IMetadataProvider;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.saml.v2.metadata.EndpointType;
import org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.IndexedEndpointType;
import org.picketlink.identity.federation.saml.v2.metadata.SPSSODescriptorType;

/* loaded from: input_file:WEB-INF/lib/picketlink-federation-2.7.0.CR1.jar:org/picketlink/identity/federation/core/util/CoreConfigUtil.class */
public class CoreConfigUtil {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();

    public static TrustKeyManager getTrustKeyManager(ProviderType providerType) {
        return getTrustKeyManager(providerType.getKeyProvider());
    }

    public static TrustKeyManager getTrustKeyManager(KeyProviderType keyProviderType) {
        String className;
        TrustKeyManager trustKeyManager = null;
        try {
            className = keyProviderType.getClassName();
        } catch (Exception e) {
            logger.trustKeyManagerCreationError(e);
        }
        if (className == null) {
            throw logger.nullValueError("KeyManager class name");
        }
        Class<?> loadClass = SecurityActions.loadClass((Class<?>) CoreConfigUtil.class, className);
        if (loadClass == null) {
            throw logger.classNotLoadedError(className);
        }
        trustKeyManager = (TrustKeyManager) loadClass.newInstance();
        return trustKeyManager;
    }

    public static PublicKey getValidatingKey(ProviderType providerType, String str) throws ConfigurationException, ProcessingException {
        return getValidatingKey(getTrustKeyManager(providerType), str);
    }

    public static PublicKey getValidatingKey(TrustKeyManager trustKeyManager, String str) throws ConfigurationException, ProcessingException {
        if (trustKeyManager == null) {
            throw logger.nullValueError("Trust Key Manager");
        }
        return trustKeyManager.getValidatingKey(str);
    }

    public static List<AuthPropertyType> getKeyProviderProperties(KeyProviderType keyProviderType) throws GeneralSecurityException {
        List<AuthPropertyType> auth = keyProviderType.getAuth();
        if (decryptionNeeded(auth)) {
            auth = decryptPasswords(auth);
        }
        return auth;
    }

    public static List<KeyValueType> getProperties(TokenProviderType tokenProviderType) throws GeneralSecurityException {
        List<KeyValueType> property = tokenProviderType.getProperty();
        if (decryptionNeeded(property)) {
            property = decryptPasswords(property);
        }
        return property;
    }

    public static List<KeyValueType> getProperties(ClaimsProcessorType claimsProcessorType) throws GeneralSecurityException {
        List<KeyValueType> property = claimsProcessorType.getProperty();
        if (decryptionNeeded(property)) {
            property = decryptPasswords(property);
        }
        return property;
    }

    public static boolean decryptionNeeded(List<? extends KeyValueType> list) {
        int size = list.size();
        for (int i = 0; i < size; i++) {
            if (PicketLinkFederationConstants.SALT.equalsIgnoreCase(list.get(i).getKey())) {
                return true;
            }
        }
        return false;
    }

    private static List decryptPasswords(List list) throws GeneralSecurityException {
        String str = null;
        int i = 0;
        int size = list.size();
        for (int i2 = 0; i2 < size; i2++) {
            KeyValueType keyValueType = (KeyValueType) list.get(i2);
            String key = keyValueType.getKey();
            if (PicketLinkFederationConstants.SALT.equalsIgnoreCase(key)) {
                str = keyValueType.getValue();
            }
            if (PicketLinkFederationConstants.ITERATION_COUNT.equalsIgnoreCase(key)) {
                i = Integer.parseInt(keyValueType.getValue());
            }
        }
        if (str == null) {
            return list;
        }
        ArrayList arrayList = new ArrayList();
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBEwithMD5andDES");
        char[] charArray = "somearbitrarycrazystringthatdoesnotmatter".toCharArray();
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(str.getBytes(), i);
        SecretKey generateSecret = secretKeyFactory.generateSecret(new PBEKeySpec(charArray));
        for (int i3 = 0; i3 < size; i3++) {
            KeyValueType keyValueType2 = (KeyValueType) list.get(i3);
            String value = keyValueType2.getValue();
            if (value.startsWith("MASK-")) {
                try {
                    String decode64 = PBEUtils.decode64(value.substring("MASK-".length()), "PBEwithMD5andDES", generateSecret, pBEParameterSpec);
                    KeyValueType keyValueType3 = new KeyValueType();
                    if (list.get(0) instanceof AuthPropertyType) {
                        keyValueType3 = new AuthPropertyType();
                    }
                    keyValueType3.setKey(keyValueType2.getKey());
                    keyValueType3.setValue(decode64);
                    arrayList.add(keyValueType3);
                } catch (UnsupportedEncodingException e) {
                    throw new RuntimeException(e);
                }
            } else {
                arrayList.add(keyValueType2);
            }
        }
        return arrayList;
    }

    public static ProviderType getSPConfiguration(EntityDescriptorType entityDescriptorType, String str) {
        SPType sPType = new SPType();
        String str2 = null;
        String str3 = null;
        if (0 == 0) {
            IDPSSODescriptorType iDPDescriptor = getIDPDescriptor(entityDescriptorType);
            if (iDPDescriptor != null) {
                str2 = getIdentityURL(iDPDescriptor, str);
            }
            sPType.setIdentityURL(str2);
        }
        if (0 == 0) {
            SPSSODescriptorType sPDescriptor = getSPDescriptor(entityDescriptorType);
            if (sPDescriptor != null) {
                str3 = getServiceURL(sPDescriptor, str);
            }
            sPType.setServiceURL(str3);
        }
        return sPType;
    }

    public static SPType getSPConfiguration(EntitiesDescriptorType entitiesDescriptorType, String str) throws ConfigurationException {
        SPType sPType = new SPType();
        List<Object> entityDescriptor = entitiesDescriptorType.getEntityDescriptor();
        IDPSSODescriptorType iDPSSODescriptorType = null;
        SPSSODescriptorType sPSSODescriptorType = null;
        if (entityDescriptor != null) {
            for (Object obj : entityDescriptor) {
                if (obj instanceof EntitiesDescriptorType) {
                    sPType = getSPConfiguration((EntitiesDescriptorType) obj, str);
                } else if (obj instanceof EntityDescriptorType) {
                    if (iDPSSODescriptorType == null) {
                        iDPSSODescriptorType = getIDPDescriptor((EntityDescriptorType) obj);
                    }
                    if (sPSSODescriptorType == null) {
                        sPSSODescriptorType = getSPDescriptor((EntityDescriptorType) obj);
                    }
                }
            }
            if (iDPSSODescriptorType == null) {
                throw logger.samlMetaDataNoIdentityProviderDefined();
            }
            if (sPSSODescriptorType == null) {
                throw logger.samlMetaDataNoServiceProviderDefined();
            }
            String identityURL = getIdentityURL(iDPSSODescriptorType, str);
            if (identityURL == null) {
                throw logger.samlMetaDataNoIdentityProviderDefined();
            }
            sPType.setIdentityURL(identityURL);
            sPType.setLogoutUrl(getLogoutURL(iDPSSODescriptorType, str));
            sPType.setLogoutResponseLocation(getLogoutResponseLocation(iDPSSODescriptorType, str));
            String serviceURL = getServiceURL(sPSSODescriptorType, str);
            if (serviceURL == null) {
                throw logger.samlMetaDataNoServiceProviderDefined();
            }
            sPType.setServiceURL(serviceURL);
        }
        return sPType;
    }

    public static IDPSSODescriptorType getIDPDescriptor(EntitiesDescriptorType entitiesDescriptorType) {
        IDPSSODescriptorType iDPSSODescriptorType = null;
        for (Object obj : entitiesDescriptorType.getEntityDescriptor()) {
            if (obj instanceof EntitiesDescriptorType) {
                iDPSSODescriptorType = getIDPDescriptor((EntitiesDescriptorType) obj);
            } else if (obj instanceof EntityDescriptorType) {
                iDPSSODescriptorType = getIDPDescriptor((EntityDescriptorType) obj);
            }
            if (iDPSSODescriptorType != null) {
                break;
            }
        }
        return iDPSSODescriptorType;
    }

    public static IDPSSODescriptorType getIDPDescriptor(EntityDescriptorType entityDescriptorType) {
        Iterator<EntityDescriptorType.EDTChoiceType> it = entityDescriptorType.getChoiceType().iterator();
        while (it.hasNext()) {
            Iterator<EntityDescriptorType.EDTDescriptorChoiceType> it2 = it.next().getDescriptors().iterator();
            while (it2.hasNext()) {
                IDPSSODescriptorType idpDescriptor = it2.next().getIdpDescriptor();
                if (idpDescriptor != null) {
                    return idpDescriptor;
                }
            }
        }
        return null;
    }

    public static SPSSODescriptorType getSPDescriptor(EntityDescriptorType entityDescriptorType) {
        Iterator<EntityDescriptorType.EDTChoiceType> it = entityDescriptorType.getChoiceType().iterator();
        while (it.hasNext()) {
            Iterator<EntityDescriptorType.EDTDescriptorChoiceType> it2 = it.next().getDescriptors().iterator();
            while (it2.hasNext()) {
                SPSSODescriptorType spDescriptor = it2.next().getSpDescriptor();
                if (spDescriptor != null) {
                    return spDescriptor;
                }
            }
        }
        return null;
    }

    public static String getIdentityURL(IDPSSODescriptorType iDPSSODescriptorType, String str) {
        String str2 = null;
        Iterator<EndpointType> it = iDPSSODescriptorType.getSingleSignOnService().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            EndpointType next = it.next();
            if (next.getBinding().toString().equals(str)) {
                str2 = next.getLocation().toString();
                break;
            }
        }
        return str2;
    }

    public static String getLogoutURL(IDPSSODescriptorType iDPSSODescriptorType, String str) {
        String str2 = null;
        Iterator<EndpointType> it = iDPSSODescriptorType.getSingleLogoutService().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            EndpointType next = it.next();
            if (next.getBinding().toString().equals(str)) {
                str2 = next.getLocation().toString();
                break;
            }
        }
        return str2;
    }

    public static String getLogoutResponseLocation(IDPSSODescriptorType iDPSSODescriptorType, String str) {
        String str2 = null;
        Iterator<EndpointType> it = iDPSSODescriptorType.getSingleLogoutService().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            EndpointType next = it.next();
            if (next.getBinding().toString().equals(str)) {
                str2 = next.getResponseLocation() != null ? next.getResponseLocation().toString() : null;
            }
        }
        return str2;
    }

    public static String getServiceURL(SPSSODescriptorType sPSSODescriptorType, String str) {
        String str2 = null;
        Iterator<IndexedEndpointType> it = sPSSODescriptorType.getAssertionConsumerService().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            IndexedEndpointType next = it.next();
            if (next.getBinding().toString().equals(str)) {
                str2 = next.getLocation().toString();
                break;
            }
        }
        return str2;
    }

    public static IDPType getIDPType(IDPSSODescriptorType iDPSSODescriptorType) {
        IDPType iDPType = new IDPType();
        List<EndpointType> singleSignOnService = iDPSSODescriptorType.getSingleSignOnService();
        if (singleSignOnService != null) {
            Iterator<EndpointType> it = singleSignOnService.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                EndpointType next = it.next();
                if (next.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
                    iDPType.setIdentityURL(next.getLocation().toString());
                    break;
                }
            }
        }
        if (StringUtil.isNullOrEmpty(iDPType.getIdentityURL())) {
            throw logger.nullValueError("identity url");
        }
        return iDPType;
    }

    public static List<EntityDescriptorType> getMetadataConfiguration(ProviderType providerType, ServletContext servletContext) {
        MetadataProviderType metaDataProvider = providerType.getMetaDataProvider();
        if (metaDataProvider == null) {
            return null;
        }
        try {
            IMetadataProvider iMetadataProvider = (IMetadataProvider) SecurityActions.loadClass((Class<?>) CoreConfigUtil.class, metaDataProvider.getClassName()).newInstance();
            List<KeyValueType> option = metaDataProvider.getOption();
            HashMap hashMap = new HashMap();
            if (option != null) {
                for (KeyValueType keyValueType : option) {
                    hashMap.put(keyValueType.getKey(), keyValueType.getValue());
                }
            }
            iMetadataProvider.init(hashMap);
            String requireFileInjection = iMetadataProvider.requireFileInjection();
            if (StringUtil.isNotNull(requireFileInjection)) {
                iMetadataProvider.injectFileStream(servletContext.getResourceAsStream(requireFileInjection));
            }
            ArrayList arrayList = new ArrayList();
            if (iMetadataProvider.isMultiple()) {
                addAllEntityDescriptorsRecursively(arrayList, (EntitiesDescriptorType) iMetadataProvider.getMetaData());
            } else {
                arrayList.add((EntityDescriptorType) iMetadataProvider.getMetaData());
            }
            return arrayList;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static void addAllEntityDescriptorsRecursively(List<EntityDescriptorType> list, EntitiesDescriptorType entitiesDescriptorType) {
        for (Object obj : entitiesDescriptorType.getEntityDescriptor()) {
            if (obj instanceof EntitiesDescriptorType) {
                addAllEntityDescriptorsRecursively(list, (EntitiesDescriptorType) obj);
            } else {
                if (!(obj instanceof EntityDescriptorType)) {
                    throw new IllegalArgumentException("Wrong type: " + obj.getClass());
                }
                list.add((EntityDescriptorType) obj);
            }
        }
    }
}
