package org.opensaml;

import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.StringTokenizer;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.axis.Constants;
import org.apache.log4j.Logger;
import org.apache.log4j.NDC;
import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.mule.providers.soap.SoapConstants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;
import org.xml.sax.SAXException;

/* loaded from: input_file:opensaml-1.0.1.jar:org/opensaml/SAMLSOAPBinding.class */
public class SAMLSOAPBinding implements SAMLBinding {
    private static Logger log;
    protected SAMLConfig config = SAMLConfig.instance();
    static Class class$org$opensaml$SAMLSOAPBinding;

    @Override // org.opensaml.SAMLBinding
    public SAMLResponse send(SAMLAuthorityBinding sAMLAuthorityBinding, SAMLRequest sAMLRequest) throws SAMLException {
        Element firstChildElement;
        String property;
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    NDC.push("send");
                                    Document ownerDocument = sAMLRequest.toDOM().getOwnerDocument();
                                    Element createElementNS = ownerDocument.createElementNS("http://schemas.xmlsoap.org/soap/envelope/", "Envelope");
                                    createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://schemas.xmlsoap.org/soap/envelope/");
                                    Element createElementNS2 = ownerDocument.createElementNS("http://schemas.xmlsoap.org/soap/envelope/", "Body");
                                    createElementNS.appendChild(createElementNS2);
                                    createElementNS2.appendChild(sAMLRequest.toDOM());
                                    if (ownerDocument.getDocumentElement() == null) {
                                        ownerDocument.appendChild(createElementNS);
                                    } else {
                                        ownerDocument.replaceChild(createElementNS, ownerDocument.getDocumentElement());
                                    }
                                    log.debug(new StringBuffer().append("connecting to SAML authority at ").append(sAMLAuthorityBinding.getLocation()).toString());
                                    URLConnection openConnection = new URL(sAMLAuthorityBinding.getLocation()).openConnection();
                                    openConnection.setAllowUserInteraction(false);
                                    openConnection.setDoOutput(true);
                                    ((HttpURLConnection) openConnection).setInstanceFollowRedirects(false);
                                    ((HttpURLConnection) openConnection).setRequestMethod("POST");
                                    ((HttpURLConnection) openConnection).setRequestProperty("Content-Type", "text/xml; charset=UTF-8");
                                    ((HttpURLConnection) openConnection).setRequestProperty("SOAPAction", "http://www.oasis-open.org/committees/security");
                                    if ((openConnection instanceof HttpsURLConnection) && (property = this.config.getProperty("ssl-keystore")) != null) {
                                        this.config.getProperty("ssl-alias");
                                        String property2 = this.config.getProperty("ssl-keystore-pwd");
                                        String property3 = this.config.getProperty("ssl-key-pwd");
                                        KeyStore keyStore = KeyStore.getInstance("JKS");
                                        keyStore.load(new FileInputStream(property), property2 != null ? property2.toCharArray() : null);
                                        SSLContext sSLContext = SSLContext.getInstance("TLS");
                                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                                        keyManagerFactory.init(keyStore, property3 != null ? property3.toCharArray() : null);
                                        sSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
                                        ((HttpsURLConnection) openConnection).setSSLSocketFactory(sSLContext.getSocketFactory());
                                    }
                                    Canonicalizer canonicalizer = Canonicalizer.getInstance("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
                                    openConnection.connect();
                                    openConnection.getOutputStream().write(canonicalizer.canonicalizeSubtree(createElementNS));
                                    String contentType = ((HttpURLConnection) openConnection).getContentType();
                                    if (!contentType.startsWith("text/xml")) {
                                        log.error(new StringBuffer().append("send() received an invalid content type in the response (").append(contentType).append("), with the following content:").toString());
                                        log.error(new BufferedReader(new InputStreamReader(openConnection.getInputStream())).readLine());
                                        throw new BindingException(SAMLException.RESPONDER, new StringBuffer().append("send() detected an invalid content type in the response: ").append(contentType).toString());
                                    }
                                    Element documentElement = XML.parserPool.parse(openConnection.getInputStream()).getDocumentElement();
                                    if (!XML.isElementNamed(documentElement, "http://schemas.xmlsoap.org/soap/envelope/", "Envelope")) {
                                        throw new MalformedException(SAMLException.RESPONDER, "SAMLSOAPBinding::send() detected an incompatible or missing SOAP envelope");
                                    }
                                    Element firstChildElement2 = XML.getFirstChildElement(documentElement);
                                    if (XML.isElementNamed(firstChildElement2, "http://schemas.xmlsoap.org/soap/envelope/", "Header")) {
                                        for (Node firstChild = firstChildElement2.getFirstChild(); firstChild != null; firstChild = firstChild.getNextSibling()) {
                                            if (firstChild.getNodeType() == 1 && ((Element) firstChild).getAttributeNS("http://schemas.xmlsoap.org/soap/envelope/", "mustUnderstand") != null && ((Element) firstChild).getAttributeNS("http://schemas.xmlsoap.org/soap/envelope/", "mustUnderstand").equals("1")) {
                                                throw new SOAPException(SAMLException.RESPONDER, "SAMLSOAPBinding::send() detected a mandatory SOAP header");
                                            }
                                        }
                                        firstChildElement2 = XML.getNextSiblingElement(firstChildElement2);
                                    }
                                    if (firstChildElement2 == null || (firstChildElement = XML.getFirstChildElement(firstChildElement2)) == null) {
                                        throw new SOAPException(SOAPException.SERVER, "SAMLSOAPBinding::send() unable to find a SAML response or fault in SOAP body");
                                    }
                                    if (firstChildElement.getNodeType() != 1 || !XML.isElementNamed(firstChildElement, "http://schemas.xmlsoap.org/soap/envelope/", Constants.ELEM_FAULT)) {
                                        SAMLResponse sAMLResponse = new SAMLResponse(firstChildElement);
                                        if (!sAMLResponse.getInResponseTo().equals(sAMLRequest.getId())) {
                                            throw new BindingException("SAMLSOAPBinding.send() unable to match SAML InResponseTo value to request");
                                        }
                                        NDC.pop();
                                        return sAMLResponse;
                                    }
                                    NodeList elementsByTagNameNS = firstChildElement.getElementsByTagNameNS(null, Constants.ELEM_FAULT_STRING);
                                    String nodeValue = (elementsByTagNameNS == null || elementsByTagNameNS.getLength() <= 0) ? "SAMLSOAPBinding::send() detected a SOAP fault" : elementsByTagNameNS.item(0).getFirstChild().getNodeValue();
                                    NodeList elementsByTagNameNS2 = firstChildElement.getElementsByTagNameNS(null, Constants.ELEM_FAULT_STRING);
                                    if (elementsByTagNameNS2 == null || elementsByTagNameNS2.getLength() <= 0) {
                                        throw new SOAPException(SOAPException.SERVER, nodeValue);
                                    }
                                    throw new SOAPException(QName.getQNameTextNode((Text) elementsByTagNameNS2.item(0).getFirstChild()), nodeValue);
                                } catch (UnrecoverableKeyException e) {
                                    throw new SAMLException("SAMLSOAPBinding.send() caught a key exception", e);
                                }
                            } catch (MalformedURLException e2) {
                                throw new SAMLException("SAMLSOAPBinding.send() detected a malformed URL in the binding provided", e2);
                            }
                        } catch (KeyStoreException e3) {
                            throw new SAMLException("SAMLSOAPBinding.send() caught a keystore exception", e3);
                        } catch (InvalidCanonicalizerException e4) {
                            throw new SAMLException("SAMLSOAPBinding.send() caught a C14N exception while serializing the request", e4);
                        }
                    } catch (KeyManagementException e5) {
                        throw new SAMLException("SAMLSOAPBinding.send() caught a key mgmt exception", e5);
                    } catch (CertificateException e6) {
                        throw new SAMLException("SAMLSOAPBinding.send() caught a certificate exception", e6);
                    }
                } catch (IOException e7) {
                    throw new SAMLException("SAMLSOAPBinding.send() caught an I/O exception", e7);
                } catch (CanonicalizationException e8) {
                    throw new SAMLException("SAMLSOAPBinding.send() caught a C14N exception while serializing the request", e8);
                }
            } catch (NoSuchAlgorithmException e9) {
                throw new SAMLException("SAMLSOAPBinding.send() caught a JCE exception", e9);
            } catch (SAXException e10) {
                throw new SAMLException("SAMLSOAPBinding.send() caught an XML exception while parsing the response", e10);
            }
        } catch (Throwable th) {
            NDC.pop();
            throw th;
        }
    }

    @Override // org.opensaml.SAMLBinding
    public SAMLRequest receive(Object obj, StringBuffer stringBuffer) throws SAMLException {
        stringBuffer.setLength(0);
        X509Certificate[] x509CertificateArr = (X509Certificate[]) ((HttpServletRequest) obj).getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            log.debug("No Requester name available.");
        } else {
            StringTokenizer stringTokenizer = new StringTokenizer(x509CertificateArr[0].getSubjectDN().getName(), ", ");
            while (true) {
                if (!stringTokenizer.hasMoreTokens()) {
                    break;
                }
                String nextToken = stringTokenizer.nextToken();
                if (nextToken.startsWith("CN=")) {
                    stringBuffer.append(nextToken.substring(3));
                    break;
                }
            }
            log.debug(new StringBuffer().append("Requester name: ").append((Object) stringBuffer).toString());
        }
        return receive(obj);
    }

    @Override // org.opensaml.SAMLBinding
    public SAMLRequest receive(Object obj) throws SAMLException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) obj;
        if (!httpServletRequest.getMethod().equals("POST") || !httpServletRequest.getContentType().startsWith("text/xml")) {
            throw new BindingException(SAMLException.REQUESTER, "SAMLSOAPBinding.receive() found a bad HTTP method or content type");
        }
        try {
            Element documentElement = XML.parserPool.parse(httpServletRequest.getInputStream()).getDocumentElement();
            if (!XML.isElementNamed(documentElement, "http://schemas.xmlsoap.org/soap/envelope/", "Envelope")) {
                throw new SOAPException(SOAPException.VERSION, "SAMLSOAPBinding.receive() detected an incompatible or missing SOAP envelope");
            }
            Node firstChild = documentElement.getFirstChild();
            while (firstChild != null && firstChild.getNodeType() != 1) {
                firstChild = firstChild.getNextSibling();
            }
            if (XML.isElementNamed((Element) firstChild, "http://schemas.xmlsoap.org/soap/envelope/", "Header")) {
                for (Node firstChild2 = firstChild.getFirstChild(); firstChild2 != null; firstChild2 = firstChild2.getNextSibling()) {
                    if (firstChild2.getNodeType() == 1 && ((Element) firstChild2).getAttributeNS("http://schemas.xmlsoap.org/soap/envelope/", "mustUnderstand").equals("1")) {
                        throw new SOAPException(SOAPException.MUSTUNDERSTAND, "SAMLSOAPBinding.receive() detected a mandatory SOAP header");
                    }
                }
                firstChild = firstChild.getNextSibling();
                while (firstChild != null && firstChild.getNodeType() != 1) {
                    firstChild = firstChild.getNextSibling();
                }
            }
            if (firstChild != null) {
                firstChild = firstChild.getFirstChild();
                while (firstChild != null && firstChild.getNodeType() != 1) {
                    firstChild = firstChild.getNextSibling();
                }
            }
            return new SAMLRequest((Element) firstChild);
        } catch (IOException e) {
            throw new SOAPException(SOAPException.SERVER, new StringBuffer().append("SAMLSOAPBinding.receive() detected an I/O error: ").append(e.getMessage()).toString());
        } catch (SAXException e2) {
            throw new SOAPException(SOAPException.CLIENT, new StringBuffer().append("SAMLSOAPBinding.receive() detected an XML parsing error: ").append(e2.getMessage()).toString());
        }
    }

    @Override // org.opensaml.SAMLBinding
    public void respond(Object obj, SAMLResponse sAMLResponse, SAMLException sAMLException) throws IOException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) obj;
        try {
            Document ownerDocument = sAMLException == null ? sAMLResponse.toDOM().getOwnerDocument() : XML.parserPool.newDocument();
            Element createElementNS = ownerDocument.createElementNS("http://schemas.xmlsoap.org/soap/envelope/", "soap:Envelope");
            createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:soap", "http://schemas.xmlsoap.org/soap/envelope/");
            createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:xsd", "http://www.w3.org/2001/XMLSchema");
            createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance");
            if (ownerDocument.getDocumentElement() == null) {
                ownerDocument.appendChild(createElementNS);
            } else {
                ownerDocument.replaceChild(createElementNS, ownerDocument.getDocumentElement());
            }
            Element createElementNS2 = ownerDocument.createElementNS("http://schemas.xmlsoap.org/soap/envelope/", "soap:Body");
            createElementNS.appendChild(createElementNS2);
            if (sAMLException == null) {
                createElementNS2.appendChild(sAMLResponse.toDOM());
                Canonicalizer canonicalizer = Canonicalizer.getInstance("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
                httpServletResponse.setContentType("text/xml; charset=UTF-8");
                httpServletResponse.getOutputStream().write(canonicalizer.canonicalizeSubtree(createElementNS));
                return;
            }
            Element createElementNS3 = ownerDocument.createElementNS("http://schemas.xmlsoap.org/soap/envelope/", "soap:Fault");
            createElementNS2.appendChild(createElementNS3);
            Element createElementNS4 = ownerDocument.createElementNS(null, Constants.ELEM_FAULT_CODE);
            if (sAMLException instanceof SOAPException) {
                Iterator codes = sAMLException.getCodes();
                if (codes.hasNext()) {
                    createElementNS4.appendChild(ownerDocument.createTextNode(new StringBuffer().append(SoapConstants.SOAP_ENDPOINT_PREFIX).append(((QName) codes.next()).getLocalName()).toString()));
                } else {
                    createElementNS4.appendChild(ownerDocument.createTextNode(new StringBuffer().append(SoapConstants.SOAP_ENDPOINT_PREFIX).append(SOAPException.SERVER.getLocalName()).toString()));
                }
            } else {
                createElementNS4.appendChild(ownerDocument.createTextNode(new StringBuffer().append(SoapConstants.SOAP_ENDPOINT_PREFIX).append(SOAPException.SERVER.getLocalName()).toString()));
            }
            createElementNS3.appendChild(createElementNS4);
            createElementNS3.appendChild(ownerDocument.createElementNS(null, Constants.ELEM_FAULT_STRING)).appendChild(ownerDocument.createTextNode(sAMLException.getMessage()));
            httpServletResponse.setStatus(500);
            httpServletResponse.getOutputStream().write(Canonicalizer.getInstance("http://www.w3.org/TR/2001/REC-xml-c14n-20010315").canonicalizeSubtree(createElementNS));
        } catch (CanonicalizationException e) {
            e.printStackTrace();
            httpServletResponse.sendError(500, "SAMLSOAPBinding.respond() unable to serialize XML document instance");
        } catch (InvalidCanonicalizerException e2) {
            e2.printStackTrace();
            httpServletResponse.sendError(500, "SAMLSOAPBinding.respond() unable to serialize XML document instance");
        } catch (Exception e3) {
            e3.printStackTrace();
            httpServletResponse.sendError(500, new StringBuffer().append("SAMLSOAPBinding.respond() caught an unexpected exception: ").append(e3.getClass().getName()).append(" ").append(e3.getMessage()).toString());
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$opensaml$SAMLSOAPBinding == null) {
            cls = class$("org.opensaml.SAMLSOAPBinding");
            class$org$opensaml$SAMLSOAPBinding = cls;
        } else {
            cls = class$org$opensaml$SAMLSOAPBinding;
        }
        log = Logger.getLogger(cls.getName());
    }
}
