package com.suncode.sso.authenticator.configuration.saml;

import com.coveo.saml.SamlException;
import com.plusmpm.security.DesEncrypter;
import com.suncode.plugin.framework.Plugin;
import com.suncode.plugin.pluginconfigurationmanager.configuration.definition.file.service.ConfigurationFileService;
import com.suncode.sso.authenticator.SsoAuthenticator;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.xml.BasicParserPool;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.input.BOMInputStream;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.metadata.resolver.impl.DOMMetadataResolver;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

@Component
/* loaded from: input_file:com/suncode/sso/authenticator/configuration/saml/SamlHelper.class */
public class SamlHelper {
    public static final String ENCRYPTED_DATA_PREFIX = "enc:";

    @Autowired
    private Plugin plugin;

    @Autowired
    private ConfigurationFileService fileConfigurationService;
    private final DesEncrypter desEncrypter = new DesEncrypter();
    private KeyStore keyStore;

    public PrivateKey getPrivateKeyFromKeyStore(KeyStoreConfigDto keyStoreConfigDto) {
        try {
            return ((KeyStore.PrivateKeyEntry) loadKeyStore(keyStoreConfigDto).getEntry(keyStoreConfigDto.getAlias(), new KeyStore.PasswordProtection(this.desEncrypter.decrypt(keyStoreConfigDto.getPrivateKeyPassword().replace(ENCRYPTED_DATA_PREFIX, "")).toCharArray()))).getPrivateKey();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public X509Certificate getX509FromKeyStore(KeyStoreConfigDto keyStoreConfigDto) {
        try {
            return (X509Certificate) loadKeyStore(keyStoreConfigDto).getCertificateChain(keyStoreConfigDto.getAlias())[0];
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private KeyStore loadKeyStore(KeyStoreConfigDto keyStoreConfigDto) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        if (this.keyStore != null) {
            return this.keyStore;
        }
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        char[] charArray = this.desEncrypter.decrypt(keyStoreConfigDto.getKeyStorePassword().replace(ENCRYPTED_DATA_PREFIX, "")).toCharArray();
        FileInputStream fileInputStream = new FileInputStream(keyStoreConfigDto.getKeyStorePath());
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, charArray);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                this.keyStore = keyStore;
                return this.keyStore;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    public Reader getIdPCertificateReader() {
        try {
            return new StringReader(IOUtils.toString(this.fileConfigurationService.readFile(this.plugin.getKey(), SsoAuthenticator.ENTITY_DESCRIPTOR_FILE_ID), StandardCharsets.UTF_8));
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public EntityDescriptor getEntityDescriptorForIdP() throws SamlException {
        return getEntityDesc(createMetadataResolver(skipBom(getIdPCertificateReader())));
    }

    public String getIdPSingleLogInUrl() throws SamlException {
        IDPSSODescriptor iDPSSODescriptor = getEntityDescriptorForIdP().getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
        if (iDPSSODescriptor == null) {
            System.out.println("No IDPSSODescriptor found");
            return null;
        }
        for (SingleSignOnService singleSignOnService : iDPSSODescriptor.getSingleSignOnServices()) {
            if (singleSignOnService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
                return singleSignOnService.getLocation();
            }
        }
        return null;
    }

    public String getIdPSingleLogOutUrl() throws SamlException {
        IDPSSODescriptor iDPSSODescriptor = getEntityDescriptorForIdP().getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
        if (iDPSSODescriptor == null) {
            System.out.println("No IDPSSODescriptor found");
            return null;
        }
        for (SingleLogoutService singleLogoutService : iDPSSODescriptor.getSingleLogoutServices()) {
            if (singleLogoutService.getBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
                return singleLogoutService.getLocation();
            }
        }
        return null;
    }

    public String getRequestIdParameter(String str) throws ParserConfigurationException, IOException, SAXException, UnmarshallingException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Element documentElement = newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(Base64.decodeBase64(str.getBytes(StandardCharsets.UTF_8)))).getDocumentElement();
        return XMLObjectSupport.getUnmarshaller(documentElement).unmarshall(documentElement).getID();
    }

    private static EntityDescriptor getEntityDesc(DOMMetadataResolver dOMMetadataResolver) throws SamlException {
        ArrayList arrayList = new ArrayList();
        arrayList.getClass();
        dOMMetadataResolver.forEach((v1) -> {
            r1.add(v1);
        });
        if (arrayList.size() != 1) {
            throw new SamlException("Bad entity descriptor count: " + arrayList.size());
        }
        return (EntityDescriptor) arrayList.get(0);
    }

    private static DOMMetadataResolver createMetadataResolver(InputStream inputStream) throws SamlException {
        try {
            DOMMetadataResolver dOMMetadataResolver = new DOMMetadataResolver(createDOMParser().parse(inputStream).getDocumentElement());
            dOMMetadataResolver.setId("componentId");
            dOMMetadataResolver.initialize();
            return dOMMetadataResolver;
        } catch (ComponentInitializationException | XMLParserException e) {
            throw new SamlException("Cannot load identity provider metadata", e);
        }
    }

    private static InputStream skipBom(Reader reader) throws SamlException {
        try {
            return new BOMInputStream(IOUtils.toInputStream(IOUtils.toString(reader), StandardCharsets.UTF_8), false);
        } catch (IOException e) {
            throw new SamlException("Couldn't read metadata", e);
        }
    }

    private static BasicParserPool createDOMParser() throws SamlException {
        BasicParserPool basicParserPool = new BasicParserPool();
        try {
            basicParserPool.initialize();
            return basicParserPool;
        } catch (ComponentInitializationException e) {
            throw new SamlException("Failed to create an XML parser");
        }
    }
}
