package io.fusionauth.samlv2.util;

import io.fusionauth.der.Tag;
import io.fusionauth.samlv2.domain.NameID;
import io.fusionauth.samlv2.domain.SAMLException;
import io.fusionauth.samlv2.domain.jaxb.oasis.assertion.NameIDType;
import io.fusionauth.samlv2.domain.jaxb.oasis.metadata.KeyDescriptorType;
import io.fusionauth.samlv2.domain.jaxb.w3c.xmldsig.X509DataType;
import jakarta.xml.bind.JAXBContext;
import jakarta.xml.bind.JAXBElement;
import jakarta.xml.bind.JAXBException;
import jakarta.xml.bind.Marshaller;
import jakarta.xml.bind.Unmarshaller;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.zip.DataFormatException;
import java.util.zip.Deflater;
import java.util.zip.Inflater;
import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.DatatypeFactory;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.validation.SchemaFactory;
import javax.xml.validation.Validator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.ErrorHandler;
import org.xml.sax.SAXException;
import org.xml.sax.SAXNotRecognizedException;
import org.xml.sax.SAXNotSupportedException;
import org.xml.sax.SAXParseException;

/* loaded from: input_file:io/fusionauth/samlv2/util/SAMLTools.class */
public class SAMLTools {
    private static final Map<String, Boolean> FactoryFeatures = new HashMap();
    private static final Map<Class<?>, Unmarshaller> UnmarshallerCache = new ConcurrentHashMap();
    private static final Logger logger = LoggerFactory.getLogger(SAMLTools.class);

    /* loaded from: input_file:io/fusionauth/samlv2/util/SAMLTools$SchemaValidationErrors.class */
    public static class SchemaValidationErrors implements ErrorHandler {
        public final List<SAXParseException> error = new ArrayList();
        public final List<SAXParseException> fatal = new ArrayList();
        public final List<SAXParseException> warning = new ArrayList();

        @Override // org.xml.sax.ErrorHandler
        public void error(SAXParseException sAXParseException) {
            this.error.add(sAXParseException);
        }

        @Override // org.xml.sax.ErrorHandler
        public void fatalError(SAXParseException sAXParseException) {
            this.fatal.add(sAXParseException);
        }

        @Override // org.xml.sax.ErrorHandler
        public void warning(SAXParseException sAXParseException) {
            this.warning.add(sAXParseException);
        }
    }

    public static String attributeToString(Object obj) {
        if (obj == null) {
            return null;
        }
        if (obj instanceof Number) {
            return obj.toString();
        }
        if (obj instanceof String) {
            return (String) obj;
        }
        if (obj instanceof Element) {
            return ((Element) obj).getTextContent();
        }
        logger.warn("This library currently doesn't handle attributes of type [" + obj.getClass() + "]");
        return null;
    }

    public static ZonedDateTime convertToZonedDateTime(XMLGregorianCalendar xMLGregorianCalendar) {
        if (xMLGregorianCalendar != null) {
            return xMLGregorianCalendar.toGregorianCalendar().toZonedDateTime();
        }
        return null;
    }

    public static byte[] decode(String str) {
        return Base64.getMimeDecoder().decode(str);
    }

    public static byte[] decodeAndInflate(String str) throws SAMLException {
        int inflate;
        byte[] decode = Base64.getMimeDecoder().decode(str);
        Inflater inflater = new Inflater(true);
        inflater.setInput(decode);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[1024];
            while (inflater.getRemaining() > 0 && (inflate = inflater.inflate(bArr)) > 0) {
                byteArrayOutputStream.write(bArr, 0, inflate);
            }
            return byteArrayOutputStream.toByteArray();
        } catch (DataFormatException e) {
            throw new SAMLException("Invalid AuthnRequest. Inflating the bytes failed.", e);
        }
    }

    public static String decodeToString(String str) {
        return new String(Base64.getMimeDecoder().decode(str), StandardCharsets.UTF_8);
    }

    public static String deflateAndEncode(byte[] bArr) {
        Deflater deflater = new Deflater(8, true);
        deflater.setInput(bArr);
        deflater.finish();
        byte[] bArr2 = new byte[bArr.length];
        int deflate = deflater.deflate(bArr2);
        deflater.end();
        return new String(Base64.getEncoder().encode(Arrays.copyOf(bArr2, deflate)), StandardCharsets.UTF_8);
    }

    public static String encode(byte[] bArr) {
        return new String(Base64.getEncoder().encode(bArr), StandardCharsets.UTF_8);
    }

    public static <T> byte[] marshallToBytes(JAXBElement<T> jAXBElement, Class<T> cls) throws SAMLException {
        try {
            Marshaller createMarshaller = JAXBContext.newInstance(new Class[]{cls}).createMarshaller();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            createMarshaller.marshal(jAXBElement, byteArrayOutputStream);
            return byteArrayOutputStream.toByteArray();
        } catch (JAXBException e) {
            throw new SAMLException("Unable to marshallRequest JAXB SAML object to bytes.", (Throwable) e);
        }
    }

    public static <T> Document marshallToDocument(JAXBElement<T> jAXBElement, Class<T> cls) throws SAMLException {
        try {
            Marshaller createMarshaller = JAXBContext.newInstance(new Class[]{cls}).createMarshaller();
            Document newDocument = newDocumentBuilder().newDocument();
            createMarshaller.marshal(jAXBElement, newDocument);
            return newDocument;
        } catch (JAXBException | SAMLException e) {
            throw new SAMLException("Unable to marshallRequest JAXB SAML object to DOM.", (Throwable) e);
        }
    }

    public static String marshallToString(Document document) throws TransformerException {
        return marshallNodeToString(document, false);
    }

    public static String marshallToString(Element element) throws TransformerException {
        return marshallNodeToString(element, true);
    }

    public static DocumentBuilder newDocumentBuilder() throws SAMLException {
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            newInstance.setExpandEntityReferences(false);
            for (String str : FactoryFeatures.keySet()) {
                try {
                    newInstance.setFeature(str, FactoryFeatures.get(str).booleanValue());
                } catch (IllegalArgumentException e) {
                    logger.debug("Failed to set feature [" + str + "=" + FactoryFeatures.get(str) + "]. This may be expected if the parser does not recognize this feature.", e);
                }
            }
            newInstance.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
            return newInstance.newDocumentBuilder();
        } catch (ParserConfigurationException e2) {
            throw new SAMLException("Unable to configure the DocumentBuilderFactory with feature [http://javax.xml.XMLConstants/feature/secure-processing].", e2);
        }
    }

    public static Document newDocumentFromBytes(byte[] bArr) throws SAMLException {
        try {
            return newDocumentBuilder().parse(new ByteArrayInputStream(bArr));
        } catch (IOException | SAXException e) {
            throw new SAMLException("Unable to parse SAML v2.0 document.", e);
        }
    }

    public static NameID parseNameId(NameIDType nameIDType) {
        NameID nameID = new NameID();
        nameID.format = nameIDType.getFormat();
        nameID.id = nameIDType.getValue();
        return nameID;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:12:0x004b. Please report as an issue. */
    public static SAMLRequestParameters parseQueryString(String str) {
        SAMLRequestParameters sAMLRequestParameters = new SAMLRequestParameters();
        if (str == null) {
            return sAMLRequestParameters;
        }
        for (String str2 : str.split("&")) {
            String[] split = str2.split("=");
            if (split.length == 2) {
                String str3 = split[0];
                boolean z = -1;
                switch (str3.hashCode()) {
                    case -1818643669:
                        if (str3.equals("SigAlg")) {
                            z = 2;
                            break;
                        }
                        break;
                    case -1217415016:
                        if (str3.equals("Signature")) {
                            z = 3;
                            break;
                        }
                        break;
                    case 1623321954:
                        if (str3.equals("SAMLRequest")) {
                            z = true;
                            break;
                        }
                        break;
                    case 1879285920:
                        if (str3.equals("RelayState")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        sAMLRequestParameters.RelayState = split[1];
                        break;
                    case true:
                        sAMLRequestParameters.SAMLRequest = split[1];
                        break;
                    case Tag.Integer /* 2 */:
                        sAMLRequestParameters.SigAlg = split[1];
                        break;
                    case Tag.BitString /* 3 */:
                        sAMLRequestParameters.Signature = split[1];
                        break;
                }
            }
        }
        return sAMLRequestParameters;
    }

    public static Certificate toCertificate(KeyDescriptorType keyDescriptorType) {
        try {
            for (Object obj : keyDescriptorType.getKeyInfo().getContent()) {
                if (obj instanceof JAXBElement) {
                    JAXBElement jAXBElement = (JAXBElement) obj;
                    if (jAXBElement.getDeclaredType() == X509DataType.class) {
                        Iterator<Object> it = ((X509DataType) jAXBElement.getValue()).getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator();
                        while (it.hasNext()) {
                            JAXBElement jAXBElement2 = (JAXBElement) it.next();
                            if (jAXBElement2.getName().getLocalPart().equals("X509Certificate")) {
                                return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream((byte[]) jAXBElement2.getValue()));
                            }
                        }
                    } else {
                        continue;
                    }
                }
            }
            return null;
        } catch (CertificateException e) {
            throw new IllegalArgumentException(e);
        }
    }

    public static XMLGregorianCalendar toXMLGregorianCalendar(ZonedDateTime zonedDateTime) throws SAMLException {
        if (zonedDateTime == null) {
            return null;
        }
        try {
            return DatatypeFactory.newInstance().newXMLGregorianCalendar(GregorianCalendar.from(zonedDateTime));
        } catch (DatatypeConfigurationException e) {
            throw new SAMLException("Unable to initiate DataTypeFactor.", e);
        }
    }

    public static ZonedDateTime toZonedDateTime(XMLGregorianCalendar xMLGregorianCalendar) {
        if (xMLGregorianCalendar == null) {
            return null;
        }
        return xMLGregorianCalendar.toGregorianCalendar().toZonedDateTime();
    }

    public static <T> T unmarshallFromDocument(Document document, Class<T> cls) throws SAMLException {
        try {
            return (T) getUnmarshaller(cls).unmarshal(document, cls).getValue();
        } catch (JAXBException e) {
            throw new SAMLException("Unable to unmarshall SAML response", (Throwable) e);
        }
    }

    public static boolean validate(Document document, URL url, SchemaValidationErrors schemaValidationErrors) throws SAMLException {
        try {
            SchemaFactory newInstance = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
            newInstance.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
            Validator newValidator = newInstance.newSchema(url).newValidator();
            newValidator.setErrorHandler(schemaValidationErrors);
            try {
                newValidator.setProperty("http://javax.xml.XMLConstants/property/accessExternalDTD", "");
            } catch (SAXNotRecognizedException | SAXNotSupportedException e) {
            }
            try {
                newValidator.setProperty("http://javax.xml.XMLConstants/property/accessExternalSchema", "");
            } catch (SAXNotRecognizedException | SAXNotSupportedException e2) {
            }
            try {
                newValidator.validate(new DOMSource(document));
                return schemaValidationErrors.error.isEmpty() && schemaValidationErrors.fatal.isEmpty() && schemaValidationErrors.warning.isEmpty();
            } catch (IOException | SAXException e3) {
                throw new SAMLException("Failed to validate the document source.", e3);
            }
        } catch (SAXException e4) {
            throw new SAMLException("An invalid schema was requested. Schema [" + url + "].", e4);
        }
    }

    private static <T> Unmarshaller getUnmarshaller(Class<T> cls) throws SAMLException {
        Unmarshaller unmarshaller = UnmarshallerCache.get(cls);
        if (unmarshaller == null) {
            try {
                unmarshaller = JAXBContext.newInstance(new Class[]{cls}).createUnmarshaller();
                UnmarshallerCache.put(cls, unmarshaller);
            } catch (Exception e) {
                throw new SAMLException(e.getCause());
            }
        }
        return unmarshaller;
    }

    private static String marshallNodeToString(Node node, boolean z) throws TransformerException {
        StringWriter stringWriter = new StringWriter();
        TransformerFactory newInstance = TransformerFactory.newInstance();
        newInstance.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
        Transformer newTransformer = newInstance.newTransformer();
        newTransformer.setOutputProperty("omit-xml-declaration", z ? "yes" : "no");
        newTransformer.transform(new DOMSource(node), new StreamResult(stringWriter));
        return stringWriter.toString();
    }

    static {
        FactoryFeatures.put("http://apache.org/xml/features/disallow-doctype-decl", true);
        FactoryFeatures.put("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
        FactoryFeatures.put("http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false);
        FactoryFeatures.put("http://xml.org/sax/features/external-general-entities", false);
        FactoryFeatures.put("http://xml.org/sax/features/external-parameter-entities", false);
    }
}
