package org.keycloak.saml.processing.core.saml.v2.util;

import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import java.util.function.Function;
import org.keycloak.dom.saml.v2.metadata.EntitiesDescriptorType;
import org.keycloak.dom.saml.v2.metadata.EntityDescriptorType;
import org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType;
import org.keycloak.dom.saml.v2.metadata.KeyDescriptorType;
import org.keycloak.dom.saml.v2.metadata.KeyTypes;
import org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType;
import org.keycloak.dom.saml.v2.metadata.SSODescriptorType;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.common.util.StaxParserUtil;
import org.keycloak.saml.processing.core.parsers.saml.SAMLParser;
import org.keycloak.saml.processing.core.util.XMLSignatureUtil;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/keycloak/saml/processing/core/saml/v2/util/SAMLMetadataUtil.class */
public class SAMLMetadataUtil {
    public static X509Certificate getCertificate(KeyDescriptorType keyDescriptorType) throws ConfigurationException, ProcessingException {
        X509Certificate x509Certificate = null;
        Element keyInfo = keyDescriptorType.getKeyInfo();
        if (keyInfo != null) {
            NodeList elementsByTagName = keyInfo.getElementsByTagName("X509Data");
            if (elementsByTagName == null || elementsByTagName.getLength() == 0) {
                elementsByTagName = keyInfo.getElementsByTagNameNS(JBossSAMLURIConstants.XMLDSIG_NSURI.get(), "X509Data");
            }
            if (elementsByTagName == null || elementsByTagName.getLength() == 0) {
                elementsByTagName = keyInfo.getElementsByTagName("ds:X509Data");
            }
            if (elementsByTagName != null && elementsByTagName.getLength() > 0) {
                NodeList childNodes = elementsByTagName.item(0).getChildNodes();
                int length = childNodes != null ? childNodes.getLength() : 0;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    Node item = childNodes.item(i);
                    if (item.getNodeName().contains("X509Certificate")) {
                        x509Certificate = XMLSignatureUtil.getX509CertificateFromKeyInfoString(item.getFirstChild().getNodeValue().replaceAll("\\s", ""));
                        break;
                    }
                    i++;
                }
            }
        }
        return x509Certificate;
    }

    public static X509Certificate getCertificate(KeyTypes keyTypes, SSODescriptorType sSODescriptorType) {
        if (sSODescriptorType == null) {
            return null;
        }
        for (KeyDescriptorType keyDescriptorType : sSODescriptorType.getKeyDescriptor()) {
            KeyTypes use = keyDescriptorType.getUse();
            if (use == null || (keyTypes != null && use.value().equals(keyTypes.value()))) {
                try {
                    return getCertificate(keyDescriptorType);
                } catch (Exception e) {
                    throw new RuntimeException("Could not parse KeyDescriptor X509 certificate from metadata [" + sSODescriptorType.getID() + "].");
                }
            }
        }
        return null;
    }

    public static EntityDescriptorType parseEntityDescriptorType(String str) throws ParsingException {
        Object parse = SAMLParser.getInstance().parse(StaxParserUtil.getXMLEventReader(str));
        return EntitiesDescriptorType.class.isInstance(parse) ? (EntityDescriptorType) ((EntitiesDescriptorType) parse).getEntityDescriptor().get(0) : (EntityDescriptorType) parse;
    }

    public static IDPSSODescriptorType locateIDPSSODescriptorType(EntityDescriptorType entityDescriptorType) {
        return (IDPSSODescriptorType) locateSSODescriptorType(entityDescriptorType, SAMLMetadataUtil::getIDPSSODescriptorType);
    }

    public static SPSSODescriptorType locateSPSSODescriptorType(EntityDescriptorType entityDescriptorType) {
        return (SPSSODescriptorType) locateSSODescriptorType(entityDescriptorType, SAMLMetadataUtil::getSPSSODescriptorType);
    }

    private static IDPSSODescriptorType getIDPSSODescriptorType(EntityDescriptorType.EDTDescriptorChoiceType eDTDescriptorChoiceType) {
        return eDTDescriptorChoiceType.getIdpDescriptor();
    }

    private static SPSSODescriptorType getSPSSODescriptorType(EntityDescriptorType.EDTDescriptorChoiceType eDTDescriptorChoiceType) {
        return eDTDescriptorChoiceType.getSpDescriptor();
    }

    private static <T> T locateSSODescriptorType(EntityDescriptorType entityDescriptorType, Function<EntityDescriptorType.EDTDescriptorChoiceType, T> function) {
        T t = null;
        if (!entityDescriptorType.getChoiceType().isEmpty()) {
            Iterator it = entityDescriptorType.getChoiceType().iterator();
            while (it.hasNext()) {
                List descriptors = ((EntityDescriptorType.EDTChoiceType) it.next()).getDescriptors();
                if (!descriptors.isEmpty() && ((EntityDescriptorType.EDTDescriptorChoiceType) descriptors.get(0)).getIdpDescriptor() != null) {
                    t = function.apply((EntityDescriptorType.EDTDescriptorChoiceType) descriptors.get(0));
                }
            }
        }
        return t;
    }
}
