package com.sun.identity.federation.services.util;

import com.iplanet.dpro.session.share.SessionEncodeURL;
import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import java.io.ByteArrayInputStream;
import java.net.URLEncoder;
import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:115766-08/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/federation/services/util/FSSignatureUtil.class */
public class FSSignatureUtil {
    public static String signAndReturnQueryString(String str, String str2) {
        String str3;
        String str4;
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSignatureUtil.signAndReturnQueryString: Called");
        }
        if (str == null || str.equals("")) {
            FSUtils.debug.error(new StringBuffer().append("FSSignatureUtil.signAndReturnQueryString: ").append(FSUtils.bundle.getString("nullInput")).toString());
            return null;
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("FSSignatureUtil.signAndReturnQueryString: certAlias: ").append(str2).toString());
        }
        if (str == null || str.equals("")) {
            FSUtils.debug.error(new StringBuffer().append("FSSignatureUtil.signAndReturnQueryString: ").append(FSUtils.bundle.getString("nullInput")).toString());
            return null;
        }
        FSSignatureManager fSSignatureManager = FSSignatureManager.getInstance();
        if (fSSignatureManager.getKeyProvider().getPrivateKey(str2).getAlgorithm().equals(IFSConstants.KEY_ALG_RSA)) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSignatureUtil.signAndReturnQueryString: private key algorithm is: RSA");
            }
            str3 = "SHA1withRSA";
        } else {
            if (!fSSignatureManager.getKeyProvider().getPrivateKey(str2).getAlgorithm().equals(IFSConstants.KEY_ALG_DSA)) {
                FSUtils.debug.error("FSSignatureUtil.signAndReturnQueryString: private key algorithm is not supported");
                return null;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSignatureUtil.signAndReturnQueryString: private key algorithm is: DSA");
            }
            str3 = IFSConstants.ALGO_ID_SIGNATURE_DSA_JCA;
        }
        FSServiceUtils.getAllianceInstance();
        if (str3 == null || str3.equals("")) {
            str3 = "SHA1withRSA";
        }
        if (str.charAt(str.length() - 1) != '&') {
            str = new StringBuffer().append(str).append(SessionEncodeURL.AMPERSAND).toString();
        }
        if (str3.equals(IFSConstants.ALGO_ID_SIGNATURE_DSA_JCA)) {
            str4 = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
        } else {
            if (!str3.equals("SHA1withRSA")) {
                FSUtils.debug.error("FSSignatureUtil.signAndReturnQueryString: Invalid signature algorithim");
                return null;
            }
            str4 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
        }
        String stringBuffer = new StringBuffer().append(str).append("SigAlg=").append(URLEncoder.encode(str4)).toString();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("FSSignatureUtil.signAndReturnQueryString: Querystring to be signed: ").append(stringBuffer).toString());
        }
        try {
            byte[] signBuffer = fSSignatureManager.signBuffer(stringBuffer, str2, str3);
            if (signBuffer == null) {
                FSUtils.debug.error("FSSignatureUtil.signAndReturnQueryString: Signature generated is null");
                return null;
            }
            String stringBuffer2 = new StringBuffer().append(stringBuffer).append(SessionEncodeURL.AMPERSAND).append("Signature=").append(URLEncoder.encode(new BASE64Encoder().encode(signBuffer))).toString();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSignatureUtil.signAndReturnQueryString:Signed Querystring: ").append(stringBuffer2).toString());
            }
            return stringBuffer2;
        } catch (FSSignatureException e) {
            FSUtils.debug.error(new StringBuffer().append("FSSignatureUtil.signAndReturnQueryString: FSSignatureException occured while signing query string: ").append(e.getMessage()).toString());
            FSUtils.error("FSSignatureUtil", new StringBuffer().append(FSUtils.bundle.getString("Exception: ")).append(e.getMessage()).toString());
            return null;
        }
    }

    public static boolean verifyRequestSignature(HttpServletRequest httpServletRequest, String str) {
        String str2;
        FSUtils.debug.message("FSSignatureUtil.verifyRequestSignature: Called");
        try {
            FSServiceUtils.getAllianceInstance();
            if (str == null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSignatureUtil.verifyRequestSignature: couldn't obtain this site's cert alias.");
                }
                throw new FSException(FSUtils.bundle.getString("cannotFindCertAlias"));
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSignatureUtil.verifyRequestSignature: Provider's certAlias is found: ").append(str).toString());
            }
            String parameter = httpServletRequest.getParameter("SigAlg");
            FSUtils.debug.message(new StringBuffer().append("sigAlg : ").append(parameter).toString());
            String parameter2 = httpServletRequest.getParameter("Signature");
            FSUtils.debug.message(new StringBuffer().append("encSig : ").append(parameter2).toString());
            if (parameter == null || parameter.equals("") || parameter2 == null || parameter2.equals("")) {
                return false;
            }
            if (parameter.equals("http://www.w3.org/2000/09/xmldsig#dsa-sha1")) {
                str2 = IFSConstants.ALGO_ID_SIGNATURE_DSA_JCA;
            } else {
                if (!parameter.equals("http://www.w3.org/2000/09/xmldsig#rsa-sha1")) {
                    FSUtils.debug.error("FSSignatureUtil.signAndReturnQueryString: Invalid signature algorithim");
                    return false;
                }
                str2 = "SHA1withRSA";
            }
            String queryString = httpServletRequest.getQueryString();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSignatureUtil.verifyRequestSignature:queryString to be verifed:").append(queryString).toString());
            }
            String substring = queryString.substring(0, queryString.indexOf("&Signature"));
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSignatureUtil.verifyRequestSignature: Signature: ").append(parameter2).toString());
            }
            byte[] decodeBuffer = new BASE64Decoder().decodeBuffer(new ByteArrayInputStream(parameter2.getBytes()));
            FSSignatureManager fSSignatureManager = FSSignatureManager.getInstance();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSSignatureUtil.verifyRequestSignature: String to be verified: ").append(substring).toString());
            }
            return fSSignatureManager.verifySignature(substring, decodeBuffer, str2, str);
        } catch (Exception e) {
            FSUtils.debug.error(new StringBuffer().append("FSSignatureUtil.verifyRequestSignature: Exception occured while verifying SP's signature:").append(e.getMessage()).toString());
            return false;
        }
    }

    private static String cleanMetaAlias(HttpServletRequest httpServletRequest) {
        FSUtils.debug.message("FSSignatureUtil.cleanMetaAlias: Called");
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        String str = new String();
        while (parameterNames.hasMoreElements()) {
            String str2 = (String) parameterNames.nextElement();
            if (!str2.equalsIgnoreCase(IFSConstants.META_ALIAS)) {
                String parameter = httpServletRequest.getParameter(str2);
                str = (str == null || str.length() < 1) ? new StringBuffer().append(str2).append("=").append(URLEncoder.encode(parameter)).toString() : new StringBuffer().append(str).append(SessionEncodeURL.AMPERSAND).append(str2).append("=").append(URLEncoder.encode(parameter)).toString();
            } else if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSignatureUtil.cleanMetaAlias: found metaAlias");
            }
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("FSSignatureUtil.cleanMetaAlias:  returning with ").append(str).toString());
        }
        return str;
    }
}
