package com.ibm.ws.security.web.inbound.saml.util;

import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory;
import com.ibm.ws.wssecurity.saml.assertion.wssapi.SAMLAssertionParser;
import com.ibm.ws.wssecurity.saml.common.SAMLAssertion;
import com.ibm.ws.wssecurity.saml.saml20.assertion.utils.SAMLTokenBuilder;
import com.ibm.ws.wssecurity.saml.security.impl.EncryptedDataConsumer;
import com.ibm.ws.wssecurity.util.CommonLogUtils;
import com.ibm.ws.wssecurity.util.ConfigConstants;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.OMStructure;
import com.ibm.ws.wssecurity.wssapi.token.impl.SAML20TokenImpl;
import com.ibm.ws.wssecurity.wssapi.token.impl.SAMLTokenImpl;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.Base64;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.saml.config.ConsumerConfig;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.zip.GZIPInputStream;
import javax.xml.stream.XMLStreamReader;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.builder.StAXBuilder;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.util.StAXUtils;

/* loaded from: input_file:com/ibm/ws/security/web/inbound/saml/util/Decoder.class */
public class Decoder {
    private static final TraceComponent tc = Tr.register(Decoder.class, MessageHelper._TR_GROUP, MessageHelper._MSG_FILE);

    public static OMElement decode(String str) throws WebTrustAssociationFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "decode(encodedXml[" + str + "])");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The original SAML Response to be decoded: " + str);
        }
        OMElement decodeUTF8Token = decodeUTF8Token(str);
        if (decodeUTF8Token != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "decode");
            }
            return decodeUTF8Token;
        }
        if (str == null) {
            String message = MessageHelper.getMessage("security.webinbound.saml.decodefailed", "The string to be decoded is null");
            Tr.error(tc, message);
            throw new WebTrustAssociationFailedException(message);
        }
        byte[] decode = Base64.decode(str);
        boolean z = false;
        if (35615 == ((decode[0] & 255) | ((decode[1] << 8) & 65280))) {
            z = true;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isGzip[" + z + "]");
        }
        if (z) {
            try {
                decode = decompressHeader(decode);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Decompressed SAML token: " + new String(decode));
                }
            } catch (Exception e) {
                String message2 = MessageHelper.getMessage("security.webinbound.saml.decodefailed", e.getMessage());
                Tr.error(tc, message2);
                throw new WebTrustAssociationFailedException(message2);
            }
        }
        XMLStreamReader createXMLStreamReader = StAXUtils.createXMLStreamReader(new ByteArrayInputStream(decode));
        StAXOMBuilder stAXOMBuilder = new StAXOMBuilder(OMAbstractFactory.getOMFactory(), createXMLStreamReader);
        OMElement documentElement = stAXOMBuilder.getDocumentElement();
        while (!stAXOMBuilder.isCompleted()) {
            stAXOMBuilder.next();
        }
        createXMLStreamReader.close();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "The original SAML Response after decoded:");
            CommonLogUtils.logDebug(documentElement, tc);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "decode");
        }
        return documentElement;
    }

    protected static OMElement decodeUTF8Token(String str) throws WebTrustAssociationFailedException {
        OMElement oMElement = null;
        if (str != null && str.startsWith("<")) {
            try {
                StAXOMBuilder stAXOMBuilder = new StAXOMBuilder(new ByteArrayInputStream(str.getBytes("UTF-8")));
                if (stAXOMBuilder != null) {
                    oMElement = stAXOMBuilder.getDocumentElement();
                }
            } catch (Exception e) {
                String message = MessageHelper.getMessage("security.webinbound.saml.decodefailed", e.getMessage());
                Tr.error(tc, message);
                throw new WebTrustAssociationFailedException(message);
            }
        }
        return oMElement;
    }

    protected static SAMLAssertion parseSAMLElement(final OMElement oMElement, final ConsumerConfig consumerConfig) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "parseSAMLElement(samlXML[" + ConfigUtil.getObjType(oMElement) + "], consumer[" + consumerConfig + "])");
        }
        try {
            SAMLAssertion sAMLAssertion = (SAMLAssertion) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.security.web.inbound.saml.util.Decoder.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws SoapSecurityException {
                    return SAMLAssertionParser.parseSAML(oMElement, consumerConfig);
                }
            });
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "parseSAMLElement returns [" + ConfigUtil.getObjState(sAMLAssertion) + "]");
            }
            return sAMLAssertion;
        } catch (PrivilegedActionException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "caught exception calling doPrivileged method: " + e.getException().getMessage());
            }
            throw new SoapSecurityException(e.getException().getMessage(), e.getException().getCause());
        }
    }

    public static SAMLToken getSAMLToken(OMElement oMElement, ConsumerConfig consumerConfig) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSAMLToken(samlXML[" + ConfigUtil.getObjType(oMElement) + "], consumerConfig[" + consumerConfig + "])");
        }
        try {
            SAMLTokenFactory sAMLTokenFactory = SAMLTokenFactory.getInstance(SAMLTokenImpl.saml20ValueType.getLocalPart());
            if (consumerConfig == null) {
                consumerConfig = sAMLTokenFactory.newConsumerConfig();
            }
            OMElement cloneOMElement = oMElement.cloneOMElement();
            if (cloneOMElement.getParent() != null) {
                cloneOMElement.detach();
                StAXBuilder builder = cloneOMElement.getBuilder();
                if (builder != null) {
                    builder.releaseParserOnClose(true);
                }
            }
            SAML20TokenImpl createSAMLToken = SAMLTokenBuilder.createSAMLToken(parseSAMLElement(oMElement, consumerConfig));
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getSAMLToken returns [" + ConfigUtil.getObjState(createSAMLToken) + "]");
            }
            return createSAMLToken;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Could not parse SAML:", e.getMessage());
            }
            throw new SoapSecurityException(e.getMessage(), e.getCause());
        }
    }

    public static SAMLToken createSAMLToken(OMElement oMElement, ConsumerConfig consumerConfig) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSAMLToken(samlXML[" + ConfigUtil.getObjType(oMElement) + "], consumerCfg[" + consumerConfig + "])");
        }
        try {
            SAMLTokenFactory sAMLTokenFactory = SAMLTokenFactory.getInstance(SAMLTokenImpl.saml20ValueType.getLocalPart());
            if (consumerConfig == null) {
                consumerConfig = sAMLTokenFactory.newConsumerConfig();
            }
            if ("EncryptedAssertion".equals(oMElement.getLocalName())) {
                oMElement = EncryptedDataConsumer.DecryptEncryptedData(oMElement, consumerConfig);
            }
            OMStructure oMStructure = new OMStructure();
            oMStructure.setNode(oMElement);
            SAMLToken newSAMLToken = sAMLTokenFactory.newSAMLToken(consumerConfig, oMStructure);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createSAMLToken(OMElement) returns [" + ConfigUtil.getObjState(newSAMLToken) + "]");
            }
            return newSAMLToken;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Could not parse SAML:", e.getMessage());
            }
            throw new SoapSecurityException(e.getMessage(), e.getCause());
        }
    }

    public static SAMLToken createSAMLToken(InputStream inputStream, ConsumerConfig consumerConfig) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSAMLToken(samlXML[" + ConfigUtil.getObjState(inputStream) + "], consumerCfg[" + consumerConfig + "])");
        }
        try {
            SAMLTokenFactory sAMLTokenFactory = SAMLTokenFactory.getInstance(SAMLTokenImpl.saml20ValueType.getLocalPart());
            if (consumerConfig == null) {
                consumerConfig = sAMLTokenFactory.newConsumerConfig();
            }
            SAMLToken newSAMLToken = sAMLTokenFactory.newSAMLToken(consumerConfig, inputStream);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createSAMLToken(InputStream) returns [" + ConfigUtil.getObjState(newSAMLToken) + "]");
            }
            return newSAMLToken;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Could not parse SAML:", e.getMessage());
            }
            throw new SoapSecurityException(e.getMessage(), e.getCause());
        }
    }

    private static byte[] decompressHeader(byte[] bArr) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "decompressHeader(cb)");
        }
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new GZIPInputStream(new ByteArrayInputStream(bArr))));
        StringBuffer stringBuffer = new StringBuffer(ConfigConstants.DEFAULT_NONCE_CACHESIZE);
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                break;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, " mdecompressHeader readLine: ", readLine);
            }
            stringBuffer.append(readLine);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "decompressHeader");
        }
        return stringBuffer.toString().getBytes();
    }
}
