package org.forgerock.openam.sts.token;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.inject.Inject;
import javax.xml.bind.DatatypeConverter;
import org.forgerock.openam.sts.TokenIdGenerationException;
import org.forgerock.openam.sts.TokenType;
import org.forgerock.openam.sts.XMLUtilities;
import org.forgerock.openam.utils.StringUtils;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/forgerock/openam/sts/token/CTSTokenIdGeneratorImpl.class */
public class CTSTokenIdGeneratorImpl implements CTSTokenIdGenerator {
    private static final String SHA1 = "SHA-1";
    private static final String ID_ATTRIBUTE = "ID";
    private static final String ASSERTION_LOCAL_NAME = "Assertion";
    private static final String ENCRYPTED_ASSERTION_LOCAL_NAME = "EncryptedAssertion";
    private static final String ENCRYPTED_DATA = "EncryptedData";
    private static final String CIPHER_DATA = "CipherData";
    private static final String CIPHER_VALUE = "CipherValue";
    private final XMLUtilities xmlUtilities;

    @Inject
    CTSTokenIdGeneratorImpl(XMLUtilities xMLUtilities) {
        this.xmlUtilities = xMLUtilities;
    }

    @Override // org.forgerock.openam.sts.token.CTSTokenIdGenerator
    public String generateTokenId(TokenType tokenType, String str) throws TokenIdGenerationException {
        if (TokenType.SAML2.equals(tokenType)) {
            return generateSAML2AssertionId(str);
        }
        if (TokenType.OPENIDCONNECT.equals(tokenType)) {
            return generateOpenIdConnectTokenId(str);
        }
        throw new TokenIdGenerationException(500, "Illegal state: an id for tokens of type " + tokenType + " cannot be generated. The token string: " + str);
    }

    private String generateOpenIdConnectTokenId(String str) throws TokenIdGenerationException {
        try {
            return DatatypeConverter.printHexBinary(MessageDigest.getInstance(SHA1).digest(str.getBytes("UTF-8")));
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) {
            throw new TokenIdGenerationException(500, "Unexpected error: no SHA-1 hash algorithm available while generating token id for OIDC token: " + e.getMessage(), e);
        }
    }

    private String generateSAML2AssertionId(String str) throws TokenIdGenerationException {
        Element documentElement = this.xmlUtilities.stringToDocumentConversion(str).getDocumentElement();
        String localName = documentElement.getLocalName();
        if (ASSERTION_LOCAL_NAME.equals(localName)) {
            return generateIdentifierFromUnencryptedSAML2Assertion(documentElement);
        }
        if (ENCRYPTED_ASSERTION_LOCAL_NAME.equals(localName)) {
            return generateIdentifierFromEncryptedSAML2Assertion(documentElement);
        }
        throw new TokenIdGenerationException(400, "Unexpected local name in to-be-validated SAML2 assertion: " + localName);
    }

    private String generateIdentifierFromUnencryptedSAML2Assertion(Element element) throws TokenIdGenerationException {
        String attribute = element.getAttribute(ID_ATTRIBUTE);
        if (StringUtils.isEmpty(attribute)) {
            throw new TokenIdGenerationException(500, "ID attribute in to-be-validated SAML2 assertion null or empty.");
        }
        return attribute;
    }

    private String generateIdentifierFromEncryptedSAML2Assertion(Element element) throws TokenIdGenerationException {
        try {
            return DatatypeConverter.printHexBinary(MessageDigest.getInstance(SHA1).digest(getCipherValueElement(element).getBytes("UTF-8")));
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) {
            throw new TokenIdGenerationException(500, "Unexpected error: no SHA-1 hash algorithm available while generating token id for encrypted SAML2 assertion: " + e.getMessage(), e);
        }
    }

    private String getCipherValueElement(Element element) throws TokenIdGenerationException {
        return getChildElement(getChildElement(getChildElement(element, ENCRYPTED_DATA), CIPHER_DATA), CIPHER_VALUE).getTextContent();
    }

    private Element getChildElement(Element element, String str) throws TokenIdGenerationException {
        NodeList childNodes = element.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if ((item instanceof Element) && str.equals(item.getLocalName())) {
                return (Element) item;
            }
        }
        throw new TokenIdGenerationException(500, "In CTSTokenIdGeneratorImpl, generating a CTS token id for an encrypted SAML2 assertion, could not find child element with local name: " + str);
    }
}
