package com.sun.identity.federation.services.util;

import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.shared.encode.Base64;
import com.sun.identity.shared.encode.URLEncDec;
import java.security.cert.X509Certificate;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/sun/identity/federation/services/util/FSSignatureUtil.class */
public class FSSignatureUtil {
    public static String signAndReturnQueryString(String str, String str2) {
        String str3;
        String str4;
        FSUtils.debug.message("FSSignatureUtil.signAndReturnQueryString: Called");
        if (str == null || str.length() == 0) {
            FSUtils.debug.error("FSSignatureUtil.signAndReturnQueryString: " + FSUtils.bundle.getString("nullInput"));
            return null;
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSignatureUtil.signAndReturnQueryString: queryString: " + str);
        }
        if (str2 == null || str2.length() == 0) {
            FSUtils.debug.error("FSSignatureUtil.signAndReturnQueryString: " + FSUtils.bundle.getString("nullInput"));
            return null;
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSignatureUtil.signAndReturnQueryString: certAlias: " + str2);
        }
        FSSignatureManager fSSignatureManager = FSSignatureManager.getInstance();
        if (fSSignatureManager.getKeyProvider().getPrivateKey(str2).getAlgorithm().equals("RSA")) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSignatureUtil.signAndReturnQueryString: private key algorithm is: RSA");
            }
            str3 = "SHA1withRSA";
            str4 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
        } else {
            if (!fSSignatureManager.getKeyProvider().getPrivateKey(str2).getAlgorithm().equals("DSA")) {
                FSUtils.debug.error("FSSignatureUtil.signAndReturnQueryString: private key algorithm is not supported");
                return null;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSignatureUtil.signAndReturnQueryString: private key algorithm is: DSA");
            }
            str3 = "SHA1withDSA";
            str4 = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
        }
        if (str.charAt(str.length() - 1) != '&') {
            str = str + "&";
        }
        String str5 = str + "SigAlg=" + URLEncDec.encode(str4);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSignatureUtil.signAndReturnQueryString: Querystring to be signed: " + str5);
        }
        try {
            byte[] signBuffer = fSSignatureManager.signBuffer(str5, str2, str3);
            if (signBuffer == null) {
                FSUtils.debug.error("FSSignatureUtil.signAndReturnQueryString: Signature generated is null");
                return null;
            }
            String str6 = str5 + "&Signature=" + URLEncDec.encode(Base64.encode(signBuffer));
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSignatureUtil.signAndReturnQueryString:Signed Querystring: " + str6);
            }
            return str6;
        } catch (FSSignatureException e) {
            FSUtils.debug.error("FSSignatureUtil.signAndReturnQueryString: FSSignatureException occured while signing query string: ", e);
            return null;
        }
    }

    public static boolean verifyRequestSignature(HttpServletRequest httpServletRequest, X509Certificate x509Certificate) {
        String str;
        FSUtils.debug.message("FSSignatureUtil.verifyRequestSignature: Called");
        try {
            if (x509Certificate == null) {
                if (!FSUtils.debug.messageEnabled()) {
                    return false;
                }
                FSUtils.debug.message("FSSignatureUtil.verifyRequestSignature: couldn't obtain this site's cert.");
                return false;
            }
            String parameter = httpServletRequest.getParameter(SAML2Constants.SIG_ALG);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("sigAlg : " + parameter);
            }
            String parameter2 = httpServletRequest.getParameter("Signature");
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("encSig : " + parameter2);
            }
            if (parameter == null || parameter.length() == 0 || parameter2 == null || parameter2.length() == 0) {
                return false;
            }
            if (parameter.equals("http://www.w3.org/2000/09/xmldsig#dsa-sha1")) {
                str = "SHA1withDSA";
            } else {
                if (!parameter.equals("http://www.w3.org/2000/09/xmldsig#rsa-sha1")) {
                    FSUtils.debug.error("FSSignatureUtil.signAndReturnQueryString: Invalid signature algorithim");
                    return false;
                }
                str = "SHA1withRSA";
            }
            String queryString = httpServletRequest.getQueryString();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSignatureUtil.verifyRequestSignature:queryString to be verifed:" + queryString);
            }
            String substring = queryString.substring(0, queryString.indexOf("&Signature"));
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSignatureUtil.verifyRequestSignature: Signature: " + parameter2);
            }
            byte[] decode = Base64.decode(parameter2);
            FSSignatureManager fSSignatureManager = FSSignatureManager.getInstance();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSignatureUtil.verifyRequestSignature: String to be verified: " + substring);
            }
            return fSSignatureManager.verifySignature(substring, decode, str, x509Certificate);
        } catch (Exception e) {
            FSUtils.debug.error("FSSignatureUtil.verifyRequestSignature: Exception occured while verifying SP's signature:", e);
            return false;
        }
    }
}
