package com.sun.identity.federation.meta;

import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.jaxb.entityconfig.AttributeType;
import com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement;
import com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement;
import com.sun.identity.federation.jaxb.entityconfig.ObjectFactory;
import com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement;
import com.sun.identity.federation.key.KeyUtil;
import com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement;
import com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType;
import com.sun.identity.liberty.ws.meta.jaxb.KeyDescriptorElement;
import com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType;
import com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.encode.Base64;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.xml.bind.JAXBException;
import org.forgerock.openam.sdk.com.fasterxml.jackson.databind.ser.SerializerCache;
import org.forgerock.openam.sdk.org.apache.xml.security.Init;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:com/sun/identity/federation/meta/IDFFMetaSecurityUtils.class */
public final class IDFFMetaSecurityUtils {
    public static final String NS_XMLSIG = "http://www.w3.org/2000/09/xmldsig#";
    public static final String NS_XMLENC = "http://www.w3.org/2001/04/xmlenc#";
    public static final String NS_META = "urn:liberty:metadata:2003-08";
    private static Debug debug = IDFFMetaUtils.debug;
    private static KeyProvider keyProvider = null;
    private static KeyStore keyStore = null;
    private static boolean keyProviderInitialized = false;

    private IDFFMetaSecurityUtils() {
    }

    private static synchronized void initializeKeyStore() {
        if (keyProviderInitialized) {
            return;
        }
        Init.init();
        keyProvider = KeyUtil.getKeyProviderInstance();
        if (keyProvider != null) {
            keyStore = keyProvider.getKeyStore();
        }
        keyProviderInitialized = true;
    }

    public static String buildX509Certificate(String str) throws IDFFMetaException {
        if (str == null || str.trim().length() == 0) {
            return null;
        }
        if (!keyProviderInitialized) {
            initializeKeyStore();
        }
        X509Certificate x509Certificate = keyProvider.getX509Certificate(str);
        if (x509Certificate != null) {
            try {
                return Base64.encode(x509Certificate.getEncoded(), true);
            } catch (Exception e) {
                if (debug.messageEnabled()) {
                    debug.message("IDFFMetaSecurityUtils.buildX509Certificate:", e);
                }
            }
        }
        throw new IDFFMetaException("invalid_cert_alias", new Object[]{str});
    }

    public static void updateProviderKeyInfo(String str, String str2, String str3, boolean z, boolean z2, String str4, int i) throws IDFFMetaException {
        IDFFMetaManager iDFFMetaManager = FSUtils.getIDFFMetaManager();
        EntityConfigElement entityConfig = iDFFMetaManager.getEntityConfig(str, str2);
        if (!entityConfig.isHosted()) {
            throw new IDFFMetaException("entityNotHosted", new String[]{str2, str});
        }
        EntityDescriptorElement entityDescriptor = iDFFMetaManager.getEntityDescriptor(str, str2);
        if (z2) {
            IDPDescriptorConfigElement iDPDescriptorConfig = IDFFMetaUtils.getIDPDescriptorConfig(entityConfig);
            IDPDescriptorType iDPDescriptor = IDFFMetaUtils.getIDPDescriptor(entityDescriptor);
            if (iDPDescriptorConfig == null || iDPDescriptor == null) {
                throw new IDFFMetaException("entityNotIDP", new String[]{str2, str});
            }
            if (str3 == null || str3.length() == 0) {
                removeKeyDescriptor(iDPDescriptor, z);
                if (z) {
                    setExtendedAttributeValue(iDPDescriptorConfig, "signingCertAlias", null);
                } else {
                    setExtendedAttributeValue(iDPDescriptorConfig, "encryptionCertAlias", null);
                }
            } else {
                updateKeyDescriptor(iDPDescriptor, getKeyDescriptor(str3, z, str4, i));
                HashSet hashSet = new HashSet();
                hashSet.add(str3);
                if (z) {
                    setExtendedAttributeValue(iDPDescriptorConfig, "signingCertAlias", hashSet);
                } else {
                    setExtendedAttributeValue(iDPDescriptorConfig, "encryptionCertAlias", hashSet);
                }
            }
            iDFFMetaManager.setEntityDescriptor(str, entityDescriptor);
            iDFFMetaManager.setEntityConfig(str, entityConfig);
            return;
        }
        SPDescriptorConfigElement sPDescriptorConfig = IDFFMetaUtils.getSPDescriptorConfig(entityConfig);
        SPDescriptorType sPDescriptor = IDFFMetaUtils.getSPDescriptor(entityDescriptor);
        if (sPDescriptorConfig == null || sPDescriptor == null) {
            throw new IDFFMetaException("entityNotSP", new String[]{str2, str});
        }
        if (str3 == null || str3.length() == 0) {
            removeKeyDescriptor(sPDescriptor, z);
            if (z) {
                setExtendedAttributeValue(sPDescriptorConfig, "signingCertAlias", null);
            } else {
                setExtendedAttributeValue(sPDescriptorConfig, "encryptionCertAlias", null);
            }
        } else {
            updateKeyDescriptor(sPDescriptor, getKeyDescriptor(str3, z, str4, i));
            HashSet hashSet2 = new HashSet();
            hashSet2.add(str3);
            if (z) {
                setExtendedAttributeValue(sPDescriptorConfig, "signingCertAlias", hashSet2);
            } else {
                setExtendedAttributeValue(sPDescriptorConfig, "encryptionCertAlias", hashSet2);
            }
        }
        iDFFMetaManager.setEntityDescriptor(str, entityDescriptor);
        iDFFMetaManager.setEntityConfig(str, entityConfig);
    }

    private static void updateKeyDescriptor(ProviderDescriptorType providerDescriptorType, KeyDescriptorElement keyDescriptorElement) {
        Iterator it = providerDescriptorType.getKeyDescriptor().iterator();
        while (it.hasNext()) {
            if (((KeyDescriptorElement) it.next()).getUse().equalsIgnoreCase(keyDescriptorElement.getUse())) {
                it.remove();
            }
        }
        providerDescriptorType.getKeyDescriptor().add(keyDescriptorElement);
    }

    private static void removeKeyDescriptor(ProviderDescriptorType providerDescriptorType, boolean z) {
        List keyDescriptor = providerDescriptorType.getKeyDescriptor();
        String str = z ? "signing" : "encryption";
        Iterator it = keyDescriptor.iterator();
        while (it.hasNext()) {
            if (((KeyDescriptorElement) it.next()).getUse().equalsIgnoreCase(str)) {
                it.remove();
            }
        }
    }

    private static void setExtendedAttributeValue(BaseConfigType baseConfigType, String str, Set set) throws IDFFMetaException {
        try {
            Iterator it = baseConfigType.getAttribute().iterator();
            while (it.hasNext()) {
                if (((AttributeType) it.next()).getName().trim().equalsIgnoreCase(str)) {
                    it.remove();
                }
            }
            if (set != null) {
                AttributeType createAttributeType = new ObjectFactory().createAttributeType();
                createAttributeType.setName(str);
                createAttributeType.getValue().addAll(set);
                baseConfigType.getAttribute().add(createAttributeType);
            }
        } catch (JAXBException e) {
            throw new IDFFMetaException((Exception) e);
        }
    }

    private static KeyDescriptorElement getKeyDescriptor(String str, boolean z, String str2, int i) throws IDFFMetaException {
        try {
            String buildX509Certificate = buildX509Certificate(str);
            StringBuffer stringBuffer = new StringBuffer(SerializerCache.DEFAULT_MAX_CACHED);
            stringBuffer.append("<KeyDescriptor xmlns=\"").append(NS_META).append("\" use=\"");
            if (z) {
                stringBuffer.append("signing");
            } else {
                stringBuffer.append("encryption");
            }
            stringBuffer.append("\">\n");
            if (!z && str2 != null) {
                stringBuffer.append("<EncryptionMethod>").append(str2).append("</EncryptionMethod>\n");
                stringBuffer.append("<KeySize>").append(i).append("</KeySize>\n");
            }
            stringBuffer.append("<KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n").append("<X509Data>\n").append("<X509Certificate>\n").append(buildX509Certificate).append("</X509Certificate>\n").append("</X509Data>\n").append("</KeyInfo>\n");
            stringBuffer.append("</KeyDescriptor>\n");
            return (KeyDescriptorElement) IDFFMetaUtils.convertStringToJAXB(stringBuffer.toString());
        } catch (JAXBException e) {
            throw new IDFFMetaException((Exception) e);
        }
    }
}
