package com.coveo.saml;

import com.mashape.unirest.http.options.Options;
import com.sun.org.apache.xerces.internal.parsers.DOMParser;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.Reader;
import java.io.StringReader;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import java.util.zip.Deflater;
import javax.crypto.SecretKey;
import javax.xml.namespace.QName;
import javax.xml.validation.Schema;
import org.apache.batik.util.SVGConstants;
import org.joda.time.DateTime;
import org.opensaml.DefaultBootstrap;
import org.opensaml.common.SAMLVersion;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml2.common.Extensions;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Conditions;
import org.opensaml.saml2.core.EncryptedAssertion;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.SessionIndex;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.impl.IssuerBuilder;
import org.opensaml.saml2.core.impl.LogoutRequestBuilder;
import org.opensaml.saml2.core.impl.NameIDBuilder;
import org.opensaml.saml2.core.impl.SessionIndexBuilder;
import org.opensaml.saml2.core.validator.ResponseSchemaValidator;
import org.opensaml.saml2.encryption.Decrypter;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.provider.DOMMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.io.Unmarshaller;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.BasicSecurityConfiguration;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.BasicCredential;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.security.x509.X509Util;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureException;
import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.signature.X509Data;
import org.opensaml.xml.signature.impl.SignatureBuilder;
import org.opensaml.xml.signature.impl.SignatureImpl;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.XMLHelper;
import org.opensaml.xml.validation.ValidationException;
import org.w3c.dom.Element;
import org.xml.sax.InputSource;

/* loaded from: input_file:WEB-INF/lib/saml-client-1.0.1.jar:com/coveo/saml/SamlClient.class */
public class SamlClient {
    private static boolean initializedOpenSaml = false;
    public static final String LOGOUT_USER = "urn:oasis:names:tc:SAML:2.0:logout:user";
    private String assertionConsumerServiceUrl;
    private Credential credential;
    private String identityProviderLoginUrl;
    private String identityProviderLogoutUrl;
    private String loginMethod;
    private String logoutMethod;
    private String nameIDPolicy;
    private long notBeforeSkew = Options.CONNECTION_TIMEOUT;
    private DateTime now;
    private String relyingPartyIdentifier;
    private String responseIssuer;

    private static XMLObject buildSamlObject(QName qName) {
        return Configuration.getBuilderFactory().getBuilder(qName).buildObject(qName);
    }

    private static MetadataProvider createMetadataProvider(Reader reader) throws SamlException {
        try {
            DOMParser dOMParser = new DOMParser();
            dOMParser.parse(new InputSource(reader));
            DOMMetadataProvider dOMMetadataProvider = new DOMMetadataProvider(dOMParser.getDocument().getDocumentElement());
            dOMMetadataProvider.initialize();
            return dOMMetadataProvider;
        } catch (Exception e) {
            throw new SamlException("Cannot load identity provider metadata", e);
        }
    }

    private static synchronized void ensureOpenSamlIsInitialized() throws SamlException {
        if (initializedOpenSaml) {
            return;
        }
        try {
            DefaultBootstrap.bootstrap();
            initializedOpenSaml = true;
        } catch (Throwable th) {
            throw new SamlException("Error while initializing the Open SAML library", th);
        }
    }

    public static SamlClient fromMetadata(String str, String str2, Reader reader) throws SamlException {
        return fromMetadata(str, str2, reader, null, null, null, null, null);
    }

    public static SamlClient fromMetadata(String str, String str2, Reader reader, String str3, String str4, String str5, String str6, String str7) throws SamlException {
        ensureOpenSamlIsInitialized();
        EntityDescriptor entityDescriptor = getEntityDescriptor(createMetadataProvider(reader));
        IDPSSODescriptor iDPSSODescriptor = getIDPSSODescriptor(entityDescriptor);
        SingleSignOnService redirectBinding = getRedirectBinding(iDPSSODescriptor);
        SingleSignOnService postBinding = getPostBinding(iDPSSODescriptor);
        SingleLogoutService logoutRedirectBinding = getLogoutRedirectBinding(iDPSSODescriptor);
        SingleLogoutService logoutPostBinding = getLogoutPostBinding(iDPSSODescriptor);
        X509Certificate certificate = getCertificate(iDPSSODescriptor);
        boolean contains = entityDescriptor.getEntityID().contains(".okta.com");
        if (redirectBinding == null && postBinding == null) {
            throw new SamlException("Cannot find HTTP-Redirect or HTTP-POST SSO binding in metadata");
        }
        if (str == null) {
            if (!contains) {
                throw new IllegalArgumentException("relyingPartyIdentifier");
            }
            str = entityDescriptor.getEntityID();
        }
        if (str2 == null && contains) {
            str2 = postBinding.getLocation();
        }
        String str8 = null;
        String str9 = null;
        if (postBinding != null) {
            str8 = postBinding.getLocation();
            str9 = "POST";
        } else if (redirectBinding != null) {
            str8 = redirectBinding.getLocation();
            str9 = "GET";
        }
        String str10 = null;
        String str11 = null;
        if (logoutPostBinding != null) {
            str10 = logoutPostBinding.getLocation();
            str11 = "POST";
        } else if (logoutRedirectBinding != null) {
            str10 = logoutRedirectBinding.getLocation();
            str11 = "GET";
        }
        return new SamlClient(str, str2, str8, str9, entityDescriptor.getEntityID(), certificate, str10, str11, str3, str4, str5, str6, str7);
    }

    private static X509Certificate getCertificate(IDPSSODescriptor iDPSSODescriptor) throws SamlException {
        X509Certificate x509Certificate = null;
        KeyDescriptor keyDescriptor = null;
        for (KeyDescriptor keyDescriptor2 : iDPSSODescriptor.getKeyDescriptors()) {
            if (keyDescriptor2.getUse() == UsageType.SIGNING || keyDescriptor2.getUse() == UsageType.UNSPECIFIED) {
                keyDescriptor = keyDescriptor2;
                break;
            }
        }
        if (keyDescriptor != null) {
            Iterator<X509Data> it = keyDescriptor.getKeyInfo().getX509Datas().iterator();
            X509Data next = it.hasNext() ? it.next() : null;
            if (next == null) {
                throw new SamlException("Cannot find X509 data");
            }
            Iterator<org.opensaml.xml.signature.X509Certificate> it2 = next.getX509Certificates().iterator();
            org.opensaml.xml.signature.X509Certificate next2 = it2.hasNext() ? it2.next() : null;
            if (next2 == null) {
                throw new SamlException("Cannot find X509 certificate");
            }
            try {
                x509Certificate = KeyInfoHelper.getCertificate(next2);
            } catch (CertificateException e) {
                throw new SamlException("Cannot load signing certificate", e);
            }
        }
        return x509Certificate;
    }

    public static X509Certificate getCertificate(String str) throws SamlException {
        try {
            Iterator<X509Certificate> it = X509Util.decodeCertificate(Base64.decode(str)).iterator();
            if (it.hasNext()) {
                return it.next();
            }
            throw new SamlException("Cannot load certificate");
        } catch (CertificateException e) {
            throw new SamlException("Cannot load certificate", e);
        }
    }

    private static Credential getCredential(X509Certificate x509Certificate, String str, String str2, String str3, String str4) throws SamlException {
        BasicX509Credential basicX509Credential = new BasicX509Credential();
        basicX509Credential.setEntityCertificate(x509Certificate);
        if (x509Certificate != null) {
            basicX509Credential.setPublicKey(x509Certificate.getPublicKey());
        }
        basicX509Credential.setCRLs(Collections.emptyList());
        if (str != null && str2 != null && str3 != null && str4 != null) {
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(fileInputStream, str2.toCharArray());
                basicX509Credential.setPrivateKey((PrivateKey) keyStore.getKey(str3, str4.toCharArray()));
                Certificate certificate = keyStore.getCertificate(str3);
                if (certificate != null) {
                    basicX509Credential.setEntityCertificate((X509Certificate) certificate);
                    basicX509Credential.setPublicKey(certificate.getPublicKey());
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        return basicX509Credential;
    }

    private static EntityDescriptor getEntityDescriptor(MetadataProvider metadataProvider) throws SamlException {
        try {
            EntityDescriptor entityDescriptor = (EntityDescriptor) metadataProvider.getMetadata();
            if (entityDescriptor == null) {
                throw new SamlException("Cannot retrieve the entity descriptor");
            }
            return entityDescriptor;
        } catch (MetadataProviderException e) {
            throw new SamlException("Cannot retrieve the entity descriptor", e);
        }
    }

    private static IDPSSODescriptor getIDPSSODescriptor(EntityDescriptor entityDescriptor) throws SamlException {
        IDPSSODescriptor iDPSSODescriptor = entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
        if (iDPSSODescriptor == null) {
            throw new SamlException("Cannot retrieve IDP SSO descriptor");
        }
        return iDPSSODescriptor;
    }

    private static SingleLogoutService getLogoutPostBinding(IDPSSODescriptor iDPSSODescriptor) throws SamlException {
        SingleLogoutService singleLogoutService = null;
        for (SingleLogoutService singleLogoutService2 : iDPSSODescriptor.getSingleLogoutServices()) {
            if (singleLogoutService2.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
                singleLogoutService = singleLogoutService2;
            }
        }
        return singleLogoutService;
    }

    private static SingleLogoutService getLogoutRedirectBinding(IDPSSODescriptor iDPSSODescriptor) throws SamlException {
        SingleLogoutService singleLogoutService = null;
        for (SingleLogoutService singleLogoutService2 : iDPSSODescriptor.getSingleLogoutServices()) {
            if (singleLogoutService2.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
                singleLogoutService = singleLogoutService2;
            }
        }
        return singleLogoutService;
    }

    private static SingleSignOnService getPostBinding(IDPSSODescriptor iDPSSODescriptor) throws SamlException {
        SingleSignOnService singleSignOnService = null;
        for (SingleSignOnService singleSignOnService2 : iDPSSODescriptor.getSingleSignOnServices()) {
            if (singleSignOnService2.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
                singleSignOnService = singleSignOnService2;
            }
        }
        return singleSignOnService;
    }

    private static SingleSignOnService getRedirectBinding(IDPSSODescriptor iDPSSODescriptor) throws SamlException {
        SingleSignOnService singleSignOnService = null;
        for (SingleSignOnService singleSignOnService2 : iDPSSODescriptor.getSingleSignOnServices()) {
            if (singleSignOnService2.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
                singleSignOnService = singleSignOnService2;
            }
        }
        return singleSignOnService;
    }

    public SamlClient(String str, String str2, String str3, String str4, String str5, X509Certificate x509Certificate, String str6, String str7, String str8, String str9, String str10, String str11, String str12) throws SamlException {
        ensureOpenSamlIsInitialized();
        if (str == null) {
            throw new IllegalArgumentException("relyingPartyIdentifier");
        }
        if (str3 == null) {
            throw new IllegalArgumentException("identityProviderUrl");
        }
        if (str5 == null) {
            throw new IllegalArgumentException("responseIssuer");
        }
        this.relyingPartyIdentifier = str;
        this.assertionConsumerServiceUrl = str2;
        this.identityProviderLoginUrl = str3;
        this.responseIssuer = str5;
        this.identityProviderLogoutUrl = str6;
        this.loginMethod = str4;
        this.logoutMethod = str7;
        this.nameIDPolicy = str12;
        if (this.nameIDPolicy == null) {
            this.nameIDPolicy = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
        }
        this.credential = getCredential(x509Certificate, str8, str9, str10, str11);
    }

    public SamlResponse decodeAndValidateSamlResponse(String str) throws SamlException {
        try {
            String str2 = new String(Base64.decode(str), "UTF-8");
            try {
                DOMParser dOMParser = new DOMParser();
                dOMParser.parse(new InputSource(new StringReader(str2)));
                Response response = (Response) Configuration.getUnmarshallerFactory().getUnmarshaller(dOMParser.getDocument().getDocumentElement()).unmarshall(dOMParser.getDocument().getDocumentElement());
                validateResponse(response);
                Assertion validateAssertion = validateAssertion(response);
                validateSignature(response, validateAssertion);
                return new SamlResponse(validateAssertion);
            } catch (Exception e) {
                throw new SamlException("Cannot decode xml encoded response", e);
            }
        } catch (UnsupportedEncodingException e2) {
            throw new SamlException("Cannot decode base64 encoded response", e2);
        }
    }

    private byte[] deflate(byte[] bArr) throws IOException {
        Deflater deflater = new Deflater(-1, true);
        deflater.setInput(bArr);
        deflater.finish();
        byte[] bArr2 = new byte[8192];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        while (!deflater.finished()) {
            byteArrayOutputStream.write(bArr2, 0, deflater.deflate(bArr2));
        }
        byteArrayOutputStream.close();
        deflater.end();
        return byteArrayOutputStream.toByteArray();
    }

    private void enforceConditions(Conditions conditions) throws SamlException {
        DateTime now = this.now != null ? this.now : DateTime.now();
        DateTime notBefore = conditions.getNotBefore();
        if (now.isBefore(notBefore.minus(this.notBeforeSkew))) {
            throw new SamlException("The assertion cannot be used before " + notBefore.toString());
        }
        DateTime notOnOrAfter = conditions.getNotOnOrAfter();
        if (now.isAfter(notOnOrAfter)) {
            throw new SamlException("The assertion cannot be used after  " + notOnOrAfter.toString());
        }
    }

    private Assertion getDecryptedAssertion(EncryptedAssertion encryptedAssertion) throws SamlException {
        try {
            StaticKeyInfoCredentialResolver staticKeyInfoCredentialResolver = new StaticKeyInfoCredentialResolver(this.credential);
            Decrypter decrypter = new Decrypter(new StaticKeyInfoCredentialResolver(SecurityHelper.getSimpleCredential((SecretKey) new Decrypter(null, staticKeyInfoCredentialResolver, null).decryptKey(encryptedAssertion.getEncryptedData().getKeyInfo().getEncryptedKeys().get(0), encryptedAssertion.getEncryptedData().getEncryptionMethod().getAlgorithm()))), null, null);
            decrypter.setRootInNewDocument(true);
            return decrypter.decrypt(encryptedAssertion);
        } catch (Exception e) {
            throw new SamlException("Decrypted assertion error", e);
        }
    }

    public String getIdentityProviderLoginUrl() {
        return this.identityProviderLoginUrl;
    }

    public String getIdentityProviderLogoutUrl() {
        return this.identityProviderLogoutUrl;
    }

    public String getSamlLoginRequest() throws SamlException {
        return getSamlLoginRequest(null);
    }

    public String getSamlLoginRequest(Extensions extensions) throws SamlException {
        AuthnRequest authnRequest = (AuthnRequest) buildSamlObject(AuthnRequest.DEFAULT_ELEMENT_NAME);
        authnRequest.setID(SVGConstants.SVG_Z_ATTRIBUTE + UUID.randomUUID().toString());
        authnRequest.setVersion(SAMLVersion.VERSION_20);
        authnRequest.setIssueInstant(new DateTime());
        authnRequest.setProtocolBinding(SAMLConstants.SAML2_POST_BINDING_URI);
        authnRequest.setAssertionConsumerServiceURL(this.assertionConsumerServiceUrl);
        authnRequest.setDestination(this.identityProviderLoginUrl);
        Issuer issuer = (Issuer) buildSamlObject(Issuer.DEFAULT_ELEMENT_NAME);
        issuer.setValue(this.relyingPartyIdentifier);
        authnRequest.setIssuer(issuer);
        NameIDPolicy nameIDPolicy = (NameIDPolicy) buildSamlObject(NameIDPolicy.DEFAULT_ELEMENT_NAME);
        nameIDPolicy.setFormat(this.nameIDPolicy);
        authnRequest.setNameIDPolicy(nameIDPolicy);
        if (extensions != null) {
            authnRequest.setExtensions(extensions);
        }
        StringWriter stringWriter = new StringWriter();
        try {
            if (this.credential.getPrivateKey() != null) {
                SignatureImpl buildObject = new SignatureBuilder().buildObject(Signature.DEFAULT_ELEMENT_NAME);
                BasicCredential basicCredential = new BasicCredential();
                basicCredential.setPrivateKey(this.credential.getPrivateKey());
                buildObject.setSigningCredential(basicCredential);
                buildObject.setCanonicalizationAlgorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
                buildObject.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
                SecurityHelper.prepareSignatureParams(buildObject, this.credential, (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration(), null);
                authnRequest.setSignature(buildObject);
                Element marshall = Configuration.getMarshallerFactory().getMarshaller(authnRequest).marshall(authnRequest);
                Signer.signObject(buildObject);
                XMLHelper.writeNode(marshall, stringWriter);
            } else {
                XMLHelper.writeNode(Configuration.getMarshallerFactory().getMarshaller(authnRequest).marshall(authnRequest), stringWriter);
            }
            try {
                return processURL(stringWriter, !isLoginMethodPost());
            } catch (Exception e) {
                throw new SamlException("Error while encoding SAML request", e);
            }
        } catch (SecurityException e2) {
            throw new SamlException("Error while prepare Signature Params SAML request to XML", e2);
        } catch (MarshallingException e3) {
            throw new SamlException("Error while marshalling SAML request to XML", e3);
        } catch (SecurityException e4) {
            throw new SamlException("Error while prepare Signature Params SAML request to XML", e4);
        } catch (SignatureException e5) {
            throw new SamlException("Error while signing SAML request to XML", e5);
        }
    }

    public String getSamlLogoutRequest(String str, String str2, String str3, Extensions extensions) throws SamlException {
        LogoutRequest mo6478buildObject = new LogoutRequestBuilder().mo6478buildObject();
        mo6478buildObject.setID(SVGConstants.SVG_Z_ATTRIBUTE + UUID.randomUUID().toString());
        DateTime dateTime = new DateTime();
        mo6478buildObject.setIssueInstant(dateTime);
        mo6478buildObject.setNotOnOrAfter(new DateTime(dateTime.getMillis() + 300000));
        Issuer mo6478buildObject2 = new IssuerBuilder().mo6478buildObject();
        mo6478buildObject2.setValue(this.relyingPartyIdentifier);
        mo6478buildObject.setIssuer(mo6478buildObject2);
        NameID mo6478buildObject3 = new NameIDBuilder().mo6478buildObject();
        mo6478buildObject3.setFormat(this.nameIDPolicy);
        mo6478buildObject3.setValue("urn:oasis:names:tc:SAML:2.0:consent:unspecified");
        mo6478buildObject.setNameID(mo6478buildObject3);
        SessionIndex mo6478buildObject4 = new SessionIndexBuilder().mo6478buildObject();
        mo6478buildObject4.setSessionIndex(str2);
        mo6478buildObject.getSessionIndexes().add(mo6478buildObject4);
        mo6478buildObject.setDestination(this.identityProviderLogoutUrl);
        mo6478buildObject.setReason(str3);
        if (extensions != null) {
            mo6478buildObject.setExtensions(extensions);
        }
        StringWriter stringWriter = new StringWriter();
        try {
            if (this.credential.getPrivateKey() != null) {
                SignatureImpl buildObject = new SignatureBuilder().buildObject(Signature.DEFAULT_ELEMENT_NAME);
                BasicCredential basicCredential = new BasicCredential();
                basicCredential.setPrivateKey(this.credential.getPrivateKey());
                buildObject.setSigningCredential(basicCredential);
                buildObject.setCanonicalizationAlgorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
                buildObject.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
                SecurityHelper.prepareSignatureParams(buildObject, this.credential, (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration(), null);
                mo6478buildObject.setSignature(buildObject);
                Element marshall = Configuration.getMarshallerFactory().getMarshaller(mo6478buildObject).marshall(mo6478buildObject);
                Signer.signObject(buildObject);
                XMLHelper.writeNode(marshall, stringWriter);
            } else {
                XMLHelper.writeNode(Configuration.getMarshallerFactory().getMarshaller(mo6478buildObject).marshall(mo6478buildObject), stringWriter);
            }
            try {
                String processURL = processURL(stringWriter, !isLogoutMethodPost());
                if (this.credential.getPrivateKey() != null && this.logoutMethod.toLowerCase().contains("simplesign")) {
                    try {
                        String encode = URLEncoder.encode("http://www.w3.org/2000/09/xmldsig#rsa-sha1", "UTF-8");
                        String str4 = ("SAMLRequest=" + processURL) + "&SigAlg=" + encode;
                        java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
                        signature.initSign(this.credential.getPrivateKey());
                        signature.update(str4.getBytes("UTF-8"));
                        processURL = processURL + "&SigAlg=" + encode + "&Signature=" + URLEncoder.encode(Base64.encodeBytes(signature.sign()), "UTF-8");
                    } catch (UnsupportedEncodingException e) {
                        throw new SamlException("Error while encoding SAML request", e);
                    } catch (InvalidKeyException e2) {
                        throw new SamlException("Error while encoding SAML request", e2);
                    } catch (NoSuchAlgorithmException e3) {
                        throw new SamlException("Error while encoding SAML request", e3);
                    } catch (java.security.SignatureException e4) {
                        throw new SamlException("Error while encoding SAML request", e4);
                    }
                }
                return processURL;
            } catch (Exception e5) {
                throw new SamlException("Error while encoding SAML request", e5);
            }
        } catch (MarshallingException e6) {
            throw new SamlException("Error while marshalling SAML request to XML", e6);
        } catch (SecurityException e7) {
            throw new SamlException("Error while marshalling SAML request to XML", e7);
        } catch (SignatureException e8) {
            throw new SamlException("Error while signing SAML request to XML", e8);
        }
    }

    public String getSessionIndexFromResponse(SamlResponse samlResponse) {
        List<AuthnStatement> authnStatements;
        Assertion assertion = samlResponse.getAssertion();
        String str = null;
        if (assertion != null && (authnStatements = assertion.getAuthnStatements()) != null && authnStatements.size() > 0) {
            str = authnStatements.get(0).getSessionIndex();
        }
        return str;
    }

    public boolean isLoginMethodPost() {
        return "POST".equalsIgnoreCase(this.loginMethod);
    }

    public boolean isLogoutMethodPost() {
        return "POST".equalsIgnoreCase(this.logoutMethod);
    }

    private String processURL(StringWriter stringWriter, boolean z) throws IOException {
        byte[] bytes = stringWriter.toString().getBytes("UTF-8");
        if (z) {
            bytes = deflate(bytes);
        }
        return Base64.encodeBytes(bytes);
    }

    public void setDateTimeNow(DateTime dateTime) {
        this.now = dateTime;
    }

    public void setIdentityProviderLoginUrl(String str) {
        this.identityProviderLoginUrl = str;
    }

    public void setIdentityProviderLogoutUrl(String str) {
        this.identityProviderLogoutUrl = str;
    }

    public void setNotBeforeSkew(long j) {
        if (j < 0) {
            throw new IllegalArgumentException("Skew must be non-negative");
        }
        this.notBeforeSkew = j;
    }

    public boolean supportSingleLogout() {
        return this.identityProviderLogoutUrl != null;
    }

    private Assertion validateAssertion(Response response) throws SamlException {
        Assertion assertion;
        if (response.getAssertions().size() == 1) {
            assertion = response.getAssertions().get(0);
        } else {
            if (response.getEncryptedAssertions().size() != 1) {
                throw new SamlException("The response doesn't contain exactly 1 assertion");
            }
            assertion = getDecryptedAssertion(response.getEncryptedAssertions().get(0));
        }
        if (assertion == null) {
            throw new SamlException("No assertion found");
        }
        if (!assertion.getIssuer().getValue().equals(this.responseIssuer)) {
            throw new SamlException("The assertion issuer didn't match the expected value");
        }
        if (assertion.getSubject().getNameID() == null) {
            throw new SamlException("The NameID value is missing from the SAML response; this is likely an IDP configuration issue");
        }
        enforceConditions(assertion.getConditions());
        return assertion;
    }

    private boolean validateAssertionSignature(Assertion assertion) throws SamlException {
        Signature signature = assertion.getSignature();
        if (signature == null) {
            return false;
        }
        try {
            new SignatureValidator(this.credential).validate(signature);
            return true;
        } catch (ValidationException e) {
            throw new SamlException("Invalid assertion signature", e);
        }
    }

    private void validateResponse(Response response) throws SamlException {
        try {
            new ResponseSchemaValidator().validate(response);
            if (!response.getIssuer().getValue().equals(this.responseIssuer)) {
                throw new SamlException("The response issuer didn't match the expected value");
            }
            String value = response.getStatus().getStatusCode().getValue();
            if (value.equals(StatusCode.SUCCESS_URI)) {
            } else {
                throw new SamlException("Invalid status code: " + value + " - " + (response.getStatus().getStatusMessage() != null ? response.getStatus().getStatusMessage().getMessage() : ""));
            }
        } catch (ValidationException e) {
            throw new SamlException("The response schema validation failed", e);
        }
    }

    private boolean validateResponseSignature(Response response) throws SamlException {
        Signature signature = response.getSignature();
        if (signature == null) {
            return false;
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(Base64.decode(signature.getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0).getValue())));
            BasicX509Credential basicX509Credential = new BasicX509Credential();
            basicX509Credential.setPublicKey(x509Certificate.getPublicKey());
            new SignatureValidator(basicX509Credential).validate(signature);
            return true;
        } catch (CertificateException e) {
            throw new SamlException("Invalid response signature", e);
        } catch (ValidationException e2) {
            throw new SamlException("Invalid response signature", e2);
        }
    }

    private void validateSignature(Response response, Assertion assertion) throws SamlException {
        if (!validateResponseSignature(response) && !validateAssertionSignature(assertion)) {
            throw new SamlException("No signature is present in either response or assertion");
        }
    }

    protected boolean validateSignature(StringWriter stringWriter, Element element) {
        boolean z = false;
        try {
            Schema sAML11Schema = SAMLSchemaBuilder.getSAML11Schema();
            BasicParserPool basicParserPool = new BasicParserPool();
            basicParserPool.setNamespaceAware(false);
            basicParserPool.setIgnoreElementContentWhitespace(true);
            basicParserPool.setSchema(sAML11Schema);
            Element documentElement = basicParserPool.parse(new ByteArrayInputStream(stringWriter.toString().getBytes("UTF-8"))).getDocumentElement();
            Unmarshaller unmarshaller = Configuration.getUnmarshallerFactory().getUnmarshaller(null != documentElement.getPrefix() ? new QName(documentElement.getNamespaceURI(), documentElement.getLocalName(), documentElement.getPrefix()) : new QName(documentElement.getNamespaceURI(), documentElement.getLocalName()));
            AuthnRequest authnRequest = (AuthnRequest) unmarshaller.unmarshall(documentElement);
            StringWriter stringWriter2 = new StringWriter();
            XMLHelper.writeNode(documentElement, stringWriter2);
            System.out.println(stringWriter.toString().equals(stringWriter2.toString()));
            AuthnRequest authnRequest2 = (AuthnRequest) unmarshaller.unmarshall(element);
            System.out.println(authnRequest.equals(authnRequest2));
            System.out.println("AuthnRequest object created");
            System.out.println("Issue Instant: " + authnRequest.getIssueInstant().toString());
            System.out.println("Signature Reference ID: " + authnRequest.getSignatureReferenceID());
            BasicX509Credential basicX509Credential = new BasicX509Credential();
            org.opensaml.xml.signature.X509Certificate x509Certificate = authnRequest.getSignature().getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0);
            org.opensaml.xml.signature.X509Certificate x509Certificate2 = authnRequest2.getSignature().getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0);
            X509Certificate x509Certificate3 = null;
            X509Certificate x509Certificate4 = null;
            try {
                x509Certificate3 = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(Base64.decode(x509Certificate.getValue())));
                x509Certificate4 = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(Base64.decode(x509Certificate2.getValue())));
            } catch (CertificateException e) {
                e.printStackTrace();
            }
            System.out.println(x509Certificate3.getPublicKey().equals(x509Certificate4.getPublicKey()));
            basicX509Credential.setPublicKey(x509Certificate3.getPublicKey());
            SignatureValidator signatureValidator = new SignatureValidator(basicX509Credential);
            Signature signature = authnRequest.getSignature();
            Signature signature2 = authnRequest2.getSignature();
            try {
                System.out.println("Assinaturas iguais:" + signature.equals(signature2));
                System.out.println(signature2.getDOM().getChildNodes().item(1).getTextContent());
                signatureValidator.validate(signature2);
                System.out.println("Assinatura valida");
                System.out.println(signature.getDOM().getChildNodes().item(1).getTextContent());
                signatureValidator.validate(signature);
                System.out.println("Assinatura valida.");
                z = true;
            } catch (ValidationException e2) {
                System.out.println("Assinatura invÃ¡lida.");
                System.out.println(e2.getMessage());
                System.out.println("--->" + Arrays.toString(e2.getStackTrace()));
            }
        } catch (Exception e3) {
            e3.printStackTrace();
        }
        return z;
    }
}
