package org.keycloak.adapters.saml.descriptor.parsers;

import java.io.IOException;
import java.io.InputStream;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.saml.common.constants.JBossSAMLConstants;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.util.DocumentUtil;
import org.keycloak.saml.processing.core.parsers.saml.xmldsig.XmlDSigQNames;
import org.keycloak.saml.processing.core.util.NamespaceContext;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/keycloak-saml-adapter-core-13.0.1.jar:org/keycloak/adapters/saml/descriptor/parsers/SamlDescriptorIDPKeysExtractor.class */
public class SamlDescriptorIDPKeysExtractor {
    private static final NamespaceContext NS_CONTEXT = new NamespaceContext();
    private final KeyInfoFactory kif = KeyInfoFactory.getInstance();
    private final XPathFactory xPathfactory = XPathFactory.newInstance();
    private final XPath xpath = this.xPathfactory.newXPath();

    public SamlDescriptorIDPKeysExtractor() {
        this.xpath.setNamespaceContext(NS_CONTEXT);
    }

    public MultivaluedHashMap<String, KeyInfo> parse(InputStream inputStream) throws ParsingException {
        MultivaluedHashMap<String, KeyInfo> multivaluedHashMap = new MultivaluedHashMap<>();
        try {
            NodeList nodeList = (NodeList) this.xpath.compile("//m:EntityDescriptor/m:IDPSSODescriptor/m:KeyDescriptor").evaluate(DocumentUtil.getDocumentBuilder().parse(inputStream), XPathConstants.NODESET);
            for (int i = 0; i < nodeList.getLength(); i++) {
                Element element = (Element) nodeList.item(i);
                KeyInfo processKeyDescriptor = processKeyDescriptor(element);
                if (processKeyDescriptor != null) {
                    multivaluedHashMap.add(element.getAttribute(JBossSAMLConstants.USE.get()), processKeyDescriptor);
                }
            }
            return multivaluedHashMap;
        } catch (IOException | ParserConfigurationException | XPathExpressionException | SAXException | MarshalException e) {
            throw new ParsingException("Error parsing SAML descriptor", e);
        }
    }

    private KeyInfo processKeyDescriptor(Element element) throws MarshalException {
        Node item;
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(JBossSAMLURIConstants.XMLDSIG_NSURI.get(), XmlDSigQNames.KEY_INFO.getQName().getLocalPart());
        if (elementsByTagNameNS.getLength() == 0 || (item = elementsByTagNameNS.item(0)) == null) {
            return null;
        }
        return this.kif.unmarshalKeyInfo(new DOMStructure(item));
    }

    static {
        NS_CONTEXT.addNsUriPair("m", JBossSAMLURIConstants.METADATA_NSURI.get());
        NS_CONTEXT.addNsUriPair(XMLSecurityConstants.PREFIX_DSIG, JBossSAMLURIConstants.XMLDSIG_NSURI.get());
    }
}
