package org.jboss.seam.security.external.saml;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import org.jboss.seam.security.external.Base64;
import org.jboss.seam.security.external.InvalidRequestException;

/* loaded from: input_file:WEB-INF/lib/seam-security-external-3.1.0.Beta2.jar:org/jboss/seam/security/external/saml/SamlSignatureUtilForRedirectBinding.class */
public class SamlSignatureUtilForRedirectBinding {
    public void sign(SamlRedirectMessage samlRedirectMessage, PrivateKey privateKey) throws IOException, GeneralSecurityException {
        samlRedirectMessage.setSignatureAlgorithm(getXMLSignatureAlgorithmURI(privateKey.getAlgorithm()));
        samlRedirectMessage.setSignature(URLEncoder.encode(Base64.encodeBytes(computeSignature(samlRedirectMessage.createQueryString(), privateKey), 8), "UTF-8"));
    }

    private byte[] computeSignature(String str, PrivateKey privateKey) throws GeneralSecurityException {
        Signature signature = getSignature(privateKey.getAlgorithm());
        signature.initSign(privateKey);
        signature.update(str.getBytes());
        return signature.sign();
    }

    public void validateSignature(SamlRedirectMessage samlRedirectMessage, PublicKey publicKey) throws InvalidRequestException {
        if (samlRedirectMessage.getSignature() == null) {
            throw new InvalidRequestException("Signature parameter is not present.");
        }
        try {
            byte[] decode = Base64.decode(URLDecoder.decode(samlRedirectMessage.getSignature(), "UTF-8"));
            SamlRedirectMessage samlRedirectMessage2 = new SamlRedirectMessage();
            samlRedirectMessage2.setRequestOrResponse(samlRedirectMessage.getRequestOrResponse());
            samlRedirectMessage2.setSamlMessage(samlRedirectMessage.getSamlMessage());
            samlRedirectMessage2.setRelayState(samlRedirectMessage.getRelayState());
            samlRedirectMessage2.setSignatureAlgorithm(samlRedirectMessage.getSignatureAlgorithm());
            samlRedirectMessage2.setUrlEncoded(true);
            try {
                if (!validate(samlRedirectMessage2.createQueryString().getBytes("UTF-8"), decode, publicKey)) {
                    throw new InvalidRequestException("Invalid signature.");
                }
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException(e);
            } catch (GeneralSecurityException e2) {
                throw new RuntimeException(e2);
            }
        } catch (UnsupportedEncodingException e3) {
            throw new RuntimeException(e3);
        }
    }

    private boolean validate(byte[] bArr, byte[] bArr2, PublicKey publicKey) throws GeneralSecurityException {
        Signature signature = getSignature(publicKey.getAlgorithm());
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    private Signature getSignature(String str) throws GeneralSecurityException {
        Signature signature;
        if ("DSA".equalsIgnoreCase(str)) {
            signature = Signature.getInstance(SamlConstants.DSA_SIGNATURE_ALGORITHM);
        } else {
            if (!"RSA".equalsIgnoreCase(str)) {
                throw new RuntimeException("Unknown signature algorithm:" + str);
            }
            signature = Signature.getInstance(SamlConstants.RSA_SIGNATURE_ALGORITHM);
        }
        return signature;
    }

    private String getXMLSignatureAlgorithmURI(String str) {
        String str2 = null;
        if ("DSA".equalsIgnoreCase(str)) {
            str2 = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
        } else if ("RSA".equalsIgnoreCase(str)) {
            str2 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
        }
        return str2;
    }
}
