package com.centrify.directcontrol.sso;

import android.util.Base64;
import android.util.Log;
import com.centrify.android.sso.aidl.SecurityTokenDetailsResponse;
import com.centrify.directcontrol.utilities.IOUtils;
import java.io.ByteArrayInputStream;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.TimeZone;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.xml.security.Init;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: classes.dex */
final class SecurityTokenManager {
    private static final String ATTR1_ATTRIBUTE_NAME = "AttributeName";
    private static final String ATTR1_AUTHENTICATION_METHOD = "AuthenticationMethod";
    private static final String ATTR_FORMAT = "Format";
    private static final String ATTR_ISSUER = "Issuer";
    private static final String ATTR_METHOD = "Method";
    private static final String ATTR_NAME = "Name";
    private static final String ATTR_NOT_ON_OR_AFTER = "NotOnOrAfter";
    private static final String ATTR_RECIPIENT = "Recipient";
    private static final String NS_SAML1 = "urn:oasis:names:tc:SAML:1.0:protocol";
    private static final String NS_SAML2 = "urn:oasis:names:tc:SAML:2.0:protocol";
    private static final String SIGNATURE_TYPE_ASSERTION = "Assertion";
    private static final String SIGNATURE_TYPE_RESPONSE = "Response";
    private static final String TAG = "SecurityTokenManager";
    private static final String TAG1_AUTHENTICATION_STATEMENT = "AuthenticationStatement";
    private static final String TAG1_CONFIRMATION_METHOD = "ConfirmationMethod";
    private static final String TAG1_NAME_IDENTIFIER = "NameIdentifier";
    private static final String TAG_ASSERTION = "Assertion";
    private static final String TAG_ATTRIBUTE = "Attribute";
    private static final String TAG_ATTRIBUTE_VALUE = "AttributeValue";
    private static final String TAG_AUDIENCE = "Audience";
    private static final String TAG_AUTHN_CONTEXT_CLASS_REF = "AuthnContextClassRef";
    private static final String TAG_CONDITIONS = "Conditions";
    private static final String TAG_ISSUER = "Issuer";
    private static final String TAG_NAME_ID = "NameID";
    private static final String TAG_RESPONSE = "Response";
    private static final String TAG_SIGNATURE = "Signature";
    private static final String TAG_SUBJECT_CONFIRMATION = "SubjectConfirmation";
    private static final String TAG_SUBJECT_CONFIRMATION_DATA = "SubjectConfirmationData";
    private static SecurityTokenManager sInstance;
    private Document mDoc;
    private String mToken;

    static {
        Init.init();
    }

    private SecurityTokenManager(String str) {
        this.mToken = str;
    }

    public static SecurityTokenManager getInstance(String str) {
        if (sInstance == null) {
            sInstance = new SecurityTokenManager(str);
        } else if (!sInstance.mToken.equals(str)) {
            sInstance = new SecurityTokenManager(str);
        }
        return sInstance;
    }

    private Document getXmlDocument() {
        ByteArrayInputStream byteArrayInputStream;
        if (this.mDoc == null) {
            ByteArrayInputStream byteArrayInputStream2 = null;
            try {
                try {
                    byteArrayInputStream = new ByteArrayInputStream(Base64.decode(this.mToken, 0));
                } catch (Throwable th) {
                    th = th;
                }
            } catch (Exception e) {
                e = e;
            }
            try {
                DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
                newInstance.setNamespaceAware(true);
                this.mDoc = newInstance.newDocumentBuilder().parse(byteArrayInputStream);
                IOUtils.closeSilently(byteArrayInputStream);
            } catch (Exception e2) {
                e = e2;
                byteArrayInputStream2 = byteArrayInputStream;
                Log.w(TAG, e);
                IOUtils.closeSilently(byteArrayInputStream2);
                return this.mDoc;
            } catch (Throwable th2) {
                th = th2;
                byteArrayInputStream2 = byteArrayInputStream;
                IOUtils.closeSilently(byteArrayInputStream2);
                throw th;
            }
        }
        return this.mDoc;
    }

    private void parseSAML1(Document document, SecurityTokenDetailsResponse securityTokenDetailsResponse) {
        securityTokenDetailsResponse.setSignatureType("Response");
        NodeList elementsByTagName = document.getElementsByTagName("Assertion");
        if (elementsByTagName.getLength() == 1) {
            securityTokenDetailsResponse.setIssuer(elementsByTagName.item(0).getAttributes().getNamedItem("Issuer").getTextContent());
        }
        NodeList elementsByTagName2 = document.getElementsByTagName(TAG1_AUTHENTICATION_STATEMENT);
        if (elementsByTagName2.getLength() == 1) {
            securityTokenDetailsResponse.setAuthenticationMethod(elementsByTagName2.item(0).getAttributes().getNamedItem(ATTR1_AUTHENTICATION_METHOD).getTextContent());
        }
        NodeList elementsByTagName3 = document.getElementsByTagName(TAG1_NAME_IDENTIFIER);
        if (elementsByTagName3.getLength() == 1) {
            securityTokenDetailsResponse.setSubjectName(elementsByTagName3.item(0).getTextContent());
        }
        NodeList elementsByTagName4 = document.getElementsByTagName(TAG1_CONFIRMATION_METHOD);
        if (elementsByTagName4.getLength() == 1) {
            securityTokenDetailsResponse.setSubjectConfirmationMethod(elementsByTagName4.item(0).getTextContent());
        }
        NodeList elementsByTagName5 = document.getElementsByTagName(TAG_CONDITIONS);
        if (elementsByTagName5.getLength() == 1) {
            String textContent = elementsByTagName5.item(0).getAttributes().getNamedItem(ATTR_NOT_ON_OR_AFTER).getTextContent();
            Log.i(TAG, "Get token attributes: NotOnOrAfter=" + textContent);
            securityTokenDetailsResponse.setExpiredTime(parseTokenTime(textContent));
        }
        NodeList elementsByTagName6 = document.getElementsByTagName(TAG_AUDIENCE);
        if (elementsByTagName6.getLength() == 1) {
            securityTokenDetailsResponse.setAudience(elementsByTagName6.item(0).getTextContent());
        }
        NodeList elementsByTagName7 = document.getElementsByTagName(TAG_ATTRIBUTE);
        for (int i = 0; i < elementsByTagName7.getLength(); i++) {
            Node item = elementsByTagName7.item(i);
            String textContent2 = item.getAttributes().getNamedItem(ATTR1_ATTRIBUTE_NAME).getTextContent();
            NodeList childNodes = item.getChildNodes();
            int i2 = 0;
            while (true) {
                if (i2 >= childNodes.getLength()) {
                    break;
                }
                if (childNodes.item(i2).getNodeName().equals(TAG_ATTRIBUTE_VALUE)) {
                    securityTokenDetailsResponse.getAttributes().put(textContent2, childNodes.item(i2).getTextContent());
                    break;
                }
                i2++;
            }
        }
    }

    private void parseSAML2(Document document, SecurityTokenDetailsResponse securityTokenDetailsResponse) {
        NodeList elementsByTagName = document.getElementsByTagName("Signature");
        if (elementsByTagName.getLength() == 1) {
            if (elementsByTagName.item(0).getParentNode().getNodeName().equals("Assertion")) {
                securityTokenDetailsResponse.setSignatureType("Assertion");
            } else {
                securityTokenDetailsResponse.setSignatureType("Response");
            }
        }
        NodeList elementsByTagName2 = document.getElementsByTagName("Issuer");
        for (int i = 0; i < elementsByTagName2.getLength(); i++) {
            if (elementsByTagName2.item(i).getParentNode().getNodeName().equals("Assertion")) {
                securityTokenDetailsResponse.setIssuer(elementsByTagName2.item(i).getTextContent());
            }
        }
        NodeList elementsByTagName3 = document.getElementsByTagName(TAG_NAME_ID);
        if (elementsByTagName3.getLength() == 1) {
            securityTokenDetailsResponse.setNameFormat(elementsByTagName3.item(0).getAttributes().getNamedItem(ATTR_FORMAT).getTextContent());
            securityTokenDetailsResponse.setSubjectName(elementsByTagName3.item(0).getTextContent());
        }
        NodeList elementsByTagName4 = document.getElementsByTagName(TAG_SUBJECT_CONFIRMATION);
        if (elementsByTagName4.getLength() == 1) {
            securityTokenDetailsResponse.setSubjectConfirmationMethod(elementsByTagName4.item(0).getAttributes().getNamedItem(ATTR_METHOD).getTextContent());
        }
        NodeList elementsByTagName5 = document.getElementsByTagName(TAG_SUBJECT_CONFIRMATION_DATA);
        if (elementsByTagName5.getLength() == 1) {
            securityTokenDetailsResponse.setRecipient(elementsByTagName5.item(0).getAttributes().getNamedItem("Recipient").getTextContent());
        }
        NodeList elementsByTagName6 = document.getElementsByTagName(TAG_CONDITIONS);
        if (elementsByTagName6.getLength() == 1) {
            String textContent = elementsByTagName6.item(0).getAttributes().getNamedItem(ATTR_NOT_ON_OR_AFTER).getTextContent();
            Log.i(TAG, "Get token attributes: NotOnOrAfter=" + textContent);
            securityTokenDetailsResponse.setExpiredTime(parseTokenTime(textContent));
        }
        NodeList elementsByTagName7 = document.getElementsByTagName(TAG_AUDIENCE);
        if (elementsByTagName7.getLength() == 1) {
            securityTokenDetailsResponse.setAudience(elementsByTagName7.item(0).getTextContent());
        }
        NodeList elementsByTagName8 = document.getElementsByTagName(TAG_AUTHN_CONTEXT_CLASS_REF);
        if (elementsByTagName8.getLength() == 1) {
            securityTokenDetailsResponse.setAuthenticationMethod(elementsByTagName8.item(0).getTextContent());
        }
        NodeList elementsByTagName9 = document.getElementsByTagName(TAG_ATTRIBUTE);
        for (int i2 = 0; i2 < elementsByTagName9.getLength(); i2++) {
            Node item = elementsByTagName9.item(i2);
            String textContent2 = item.getAttributes().getNamedItem("Name").getTextContent();
            NodeList childNodes = item.getChildNodes();
            int i3 = 0;
            while (true) {
                if (i3 >= childNodes.getLength()) {
                    break;
                }
                if (childNodes.item(i3).getNodeName().equals(TAG_ATTRIBUTE_VALUE)) {
                    securityTokenDetailsResponse.getAttributes().put(textContent2, childNodes.item(i3).getTextContent());
                    break;
                }
                i3++;
            }
        }
    }

    private Date parseTokenTime(String str) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("Etc/UTC"));
        try {
            return simpleDateFormat.parse(str);
        } catch (ParseException e) {
            Log.w(TAG, e);
            return null;
        }
    }

    public boolean checkSignature() {
        NodeList elementsByTagNameNS;
        try {
            elementsByTagNameNS = getXmlDocument().getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        } catch (Exception e) {
            Log.w(TAG, e);
        }
        if (elementsByTagNameNS.getLength() == 0) {
            Log.w(TAG, "Signature is not found.");
            return false;
        }
        XMLSignature xMLSignature = new XMLSignature((Element) elementsByTagNameNS.item(0), "");
        KeyInfo keyInfo = xMLSignature.getKeyInfo();
        if (keyInfo == null) {
            Log.w(TAG, "Did not find KeyInfo");
            return false;
        }
        X509Certificate x509Certificate = keyInfo.getX509Certificate();
        if (x509Certificate == null) {
            PublicKey publicKey = keyInfo.getPublicKey();
            if (publicKey == null) {
                Log.w(TAG, "Did not find Certificate or Public Key");
                return false;
            }
            xMLSignature.checkSignatureValue(publicKey);
        } else {
            xMLSignature.checkSignatureValue(x509Certificate);
        }
        Log.w(TAG, "Token checking is always passed. Remove it!!!");
        return true;
    }

    public SecurityTokenDetailsResponse parse() {
        Document xmlDocument = getXmlDocument();
        SecurityTokenDetailsResponse securityTokenDetailsResponse = new SecurityTokenDetailsResponse();
        NodeList elementsByTagNameNS = xmlDocument.getElementsByTagNameNS("*", "Response");
        if (elementsByTagNameNS.getLength() == 1) {
            String namespaceURI = elementsByTagNameNS.item(0).getNamespaceURI();
            if (namespaceURI.equals(NS_SAML2)) {
                securityTokenDetailsResponse.setVersion(2);
                parseSAML2(xmlDocument, securityTokenDetailsResponse);
            } else {
                if (!namespaceURI.equals(NS_SAML1)) {
                    throw new RuntimeException("Unsupported SAML version.");
                }
                securityTokenDetailsResponse.setVersion(1);
                parseSAML1(xmlDocument, securityTokenDetailsResponse);
            }
        }
        return securityTokenDetailsResponse;
    }
}
