package org.picketlink.identity.federation.web.util;

import java.io.IOException;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.xml.bind.JAXBException;
import org.jboss.seam.ui.util.HTML;
import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.SignatureUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.picketlink.identity.seam.federation.SamlConstants;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/picketlink-web-1.0.3.SP1.jar:org/picketlink/identity/federation/web/util/RedirectBindingSignatureUtil.class */
public class RedirectBindingSignatureUtil {
    public static String getSAMLRequestURLWithSignature(AuthnRequestType authnRequestType, String str, PrivateKey privateKey) throws SAXException, JAXBException, IOException, GeneralSecurityException {
        SAML2Request sAML2Request = new SAML2Request();
        StringWriter stringWriter = new StringWriter();
        sAML2Request.marshall(authnRequestType, stringWriter);
        String deflateBase64URLEncode = RedirectBindingUtil.deflateBase64URLEncode(stringWriter.toString());
        String str2 = null;
        if (StringUtil.isNotNull(str)) {
            str2 = URLEncoder.encode(str, "UTF-8");
        }
        return getRequestRedirectURLWithSignature(deflateBase64URLEncode, str2, computeSignature("SAMLRequest=" + deflateBase64URLEncode, str2, privateKey), privateKey.getAlgorithm());
    }

    public static String getSAMLResponseURLWithSignature(ResponseType responseType, String str, PrivateKey privateKey) throws IOException, GeneralSecurityException, JAXBException {
        String deflateBase64URLEncode = RedirectBindingUtil.deflateBase64URLEncode(DocumentUtil.getDocumentAsString(new SAML2Response().convert(responseType)));
        String str2 = null;
        if (StringUtil.isNotNull(str)) {
            str2 = URLEncoder.encode(str, "UTF-8");
        }
        return getResponseRedirectURLWithSignature(deflateBase64URLEncode, str2, computeSignature("SAMLResponse=" + deflateBase64URLEncode, str2, privateKey), privateKey.getAlgorithm());
    }

    public static String getSAMLRequestURLWithSignature(String str, String str2, PrivateKey privateKey) throws IOException, GeneralSecurityException {
        return getRequestRedirectURLWithSignature(str, str2, computeSignature("SAMLRequest=" + str, str2, privateKey), privateKey.getAlgorithm());
    }

    public static String getSAMLResponseURLWithSignature(String str, String str2, PrivateKey privateKey) throws IOException, GeneralSecurityException {
        return getResponseRedirectURLWithSignature(str, str2, computeSignature("SAMLResponse=" + str, str2, privateKey), privateKey.getAlgorithm());
    }

    public static AuthnRequestType getRequestFromSignedURL(String str) throws JAXBException, SAXException, IOException {
        return new SAML2Request().getAuthnRequestType(RedirectBindingUtil.urlBase64DeflateDecode(getTokenValue(str, "SAMLRequest")));
    }

    public static byte[] getSignatureValueFromSignedURL(String str) throws IOException {
        String tokenValue = getTokenValue(str, "Signature");
        if (tokenValue == null) {
            throw new IllegalArgumentException("Signature Token is not present");
        }
        return RedirectBindingUtil.urlBase64Decode(tokenValue);
    }

    public static String getTokenValue(String str, String str2) {
        return getTokenValue(getToken(str, str2));
    }

    public static boolean validateSignature(String str, PublicKey publicKey, byte[] bArr) throws UnsupportedEncodingException, GeneralSecurityException {
        String tokenValue = getTokenValue(str, "SAMLRequest");
        String tokenValue2 = getTokenValue(str, "RelayState");
        String tokenValue3 = getTokenValue(str, SamlConstants.QSP_SIG_ALG);
        StringBuilder sb = new StringBuilder();
        sb.append("SAMLRequest=").append(tokenValue);
        if (StringUtil.isNotNull(tokenValue2)) {
            sb.append("&RelayState=").append(tokenValue2);
        }
        sb.append("&SigAlg=").append(tokenValue3);
        return SignatureUtil.validate(sb.toString().getBytes("UTF-8"), bArr, publicKey);
    }

    private static byte[] computeSignature(String str, String str2, PrivateKey privateKey) throws IOException, GeneralSecurityException {
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        if (StringUtil.isNotNull(str2)) {
            sb.append("&RelayState=").append(str2);
        }
        sb.append("&SigAlg=").append(URLEncoder.encode(SignatureUtil.getXMLSignatureAlgorithmURI(privateKey.getAlgorithm()), "UTF-8"));
        return SignatureUtil.sign(sb.toString(), privateKey);
    }

    private static String getRequestRedirectURLWithSignature(String str, String str2, byte[] bArr, String str3) throws IOException {
        StringBuilder sb = new StringBuilder();
        sb.append("SAMLRequest=").append(str);
        if (StringUtil.isNotNull(str2)) {
            sb.append(HTML.HREF_PARAM_SEPARATOR).append("RelayState=").append(str2);
        }
        sb.append(HTML.HREF_PARAM_SEPARATOR).append("SigAlg=").append(URLEncoder.encode(SignatureUtil.getXMLSignatureAlgorithmURI(str3), "UTF-8"));
        sb.append(HTML.HREF_PARAM_SEPARATOR).append("Signature=").append(RedirectBindingUtil.base64URLEncode(bArr));
        return sb.toString();
    }

    private static String getResponseRedirectURLWithSignature(String str, String str2, byte[] bArr, String str3) throws IOException {
        StringBuilder sb = new StringBuilder();
        sb.append("SAMLResponse=").append(str);
        if (StringUtil.isNotNull(str2)) {
            sb.append(HTML.HREF_PARAM_SEPARATOR).append("RelayState=").append(str2);
        }
        sb.append(HTML.HREF_PARAM_SEPARATOR).append("SigAlg=").append(URLEncoder.encode(SignatureUtil.getXMLSignatureAlgorithmURI(str3), "UTF-8"));
        sb.append(HTML.HREF_PARAM_SEPARATOR).append("Signature=").append(RedirectBindingUtil.base64URLEncode(bArr));
        return sb.toString();
    }

    private static String getToken(String str, String str2) {
        if (str == null) {
            throw new IllegalArgumentException("queryString is null");
        }
        int indexOf = str.indexOf(str2 + HTML.HREF_PARAM_NAME_FROM_VALUE_SEPARATOR);
        if (indexOf < 0) {
            return null;
        }
        int indexOf2 = str.indexOf(HTML.HREF_PARAM_SEPARATOR, indexOf);
        return indexOf2 == -1 ? str.substring(indexOf) : str.substring(indexOf, indexOf2);
    }

    private static String getTokenValue(String str) {
        int indexOf;
        if (str != null && (indexOf = str.indexOf(61)) != -1) {
            return str.substring(indexOf + 1);
        }
        return str;
    }
}
