package edu.internet2.middleware.shibboleth.aa.attrresolv.provider;

import edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeDefinitionPlugIn;
import edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver;
import edu.internet2.middleware.shibboleth.aa.attrresolv.Dependencies;
import edu.internet2.middleware.shibboleth.aa.attrresolv.ResolutionPlugInException;
import edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttribute;
import edu.internet2.middleware.shibboleth.common.ShibResource;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Iterator;
import javax.crypto.SecretKey;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import org.apache.log4j.Logger;
import org.bouncycastle.util.encoders.Base64;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/aa/attrresolv/provider/PersistentIDAttributeDefinition.class */
public class PersistentIDAttributeDefinition extends BaseAttributeDefinition implements AttributeDefinitionPlugIn {
    private static Logger log;
    protected byte[] salt;
    protected String localPersistentId;
    protected String scope;
    static Class class$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("edu.internet2.middleware.shibboleth.aa.attrresolv.provider.PersistentIDAttributeDefinition");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        log = Logger.getLogger(cls.getName());
    }

    public PersistentIDAttributeDefinition(Element element) throws ResolutionPlugInException {
        super(element);
        this.localPersistentId = null;
        this.localPersistentId = element.getAttributeNS(null, "sourceName");
        if (this.localPersistentId == null || this.localPersistentId.length() <= 0) {
            if (!this.connectorDependencyIds.isEmpty()) {
                log.error("Can't specify a connector dependency without supplying the sourceName attribute.");
                throw new ResolutionPlugInException("Failed to initialize Attribute Definition PlugIn.");
            }
            if (this.attributeDependencyIds.size() > 1) {
                log.error("Can't specify more than one attribute dependency, this is ambiguous.");
                throw new ResolutionPlugInException("Failed to initialize Attribute Definition PlugIn.");
            }
        } else if (this.connectorDependencyIds.size() != 1 || !this.attributeDependencyIds.isEmpty()) {
            log.error("Can't specify the sourceName attribute without a single connector dependency.");
            throw new ResolutionPlugInException("Failed to initialize Attribute Definition PlugIn.");
        }
        this.scope = element.getAttribute("scope");
        if (this.scope == null || this.scope.equals("")) {
            log.error("Attribute \"scope\" required to configure plugin.");
            throw new ResolutionPlugInException("Failed to initialize Attribute Definition PlugIn.");
        }
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(AttributeResolver.resolverNamespace, "Salt");
        if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() != 1) {
            log.error("Missing <Salt> from attribute definition configuration.");
            throw new ResolutionPlugInException("Failed to initialize Attribute Definition PlugIn.");
        }
        Element element2 = (Element) elementsByTagNameNS.item(0);
        Node firstChild = element2.getFirstChild();
        if (firstChild != null && firstChild.getNodeType() == 3 && firstChild.getNodeValue() != null && firstChild.getNodeValue().length() >= 16) {
            this.salt = firstChild.getNodeValue().getBytes();
            return;
        }
        String attributeNS = element2.getAttributeNS(null, "keyStorePath");
        String attributeNS2 = element2.getAttributeNS(null, "keyStoreKeyAlias");
        String attributeNS3 = element2.getAttributeNS(null, "keyStorePassword");
        String attributeNS4 = element2.getAttributeNS(null, "keyStoreKeyPassword");
        if (attributeNS == null || attributeNS.length() == 0 || attributeNS2 == null || attributeNS2.length() == 0 || attributeNS3 == null || attributeNS3.length() == 0 || attributeNS4 == null || attributeNS4.length() == 0) {
            log.error("Missing <Salt> keyStore attributes from attribute definition configuration.");
            throw new ResolutionPlugInException("Failed to initialize Attribute Definition PlugIn.");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("JCEKS");
            keyStore.load(new ShibResource(attributeNS, getClass()).getInputStream(), attributeNS3.toCharArray());
            SecretKey secretKey = (SecretKey) keyStore.getKey(attributeNS2, attributeNS4.toCharArray());
            if (usingDefaultSecret()) {
                log.warn("You are running the PersistentIDAttributeDefinition PlugIn with the default secret key as a salt.  This is UNSAFE!  Please change this configuration and restart the IdP.");
            }
            this.salt = secretKey.getEncoded();
        } catch (IOException e) {
            log.error(new StringBuffer("An error accessing while loading the java keystore.  Unable to initialize Attribute Definition PlugIn: ").append(e).toString());
            throw new ResolutionPlugInException("An error occurred while accessing the java keystore.  Unable to initialize Attribute Definition PlugIn.");
        } catch (KeyStoreException e2) {
            log.error(new StringBuffer("An error occurred while loading the java keystore.  Unable to initialize Attribute Definition PlugIn: ").append(e2).toString());
            throw new ResolutionPlugInException("An error occurred while loading the java keystore.  Unable to initialize Attribute Definition PlugIn.");
        } catch (NoSuchAlgorithmException e3) {
            log.error(new StringBuffer("Appropriate JCE provider not found in the java environment. Unable to initialize Attribute Definition PlugIn: ").append(e3).toString());
            throw new ResolutionPlugInException("Appropriate JCE provider not found in the java environment. Unable to initialize Attribute Definition PlugIn.");
        } catch (UnrecoverableKeyException e4) {
            log.error(new StringBuffer("Secret could not be loaded from the java keystore.  Verify that the alias and password are correct: ").append(e4).toString());
            throw new ResolutionPlugInException("Secret could not be loaded from the java keystore.  Verify that the alias and password are correct. ");
        } catch (CertificateException e5) {
            log.error(new StringBuffer("The java keystore contained corrupted data.  Unable to initialize Attribute Definition PlugIn: ").append(e5).toString());
            throw new ResolutionPlugInException("The java keystore contained corrupted data.  Unable to initialize Attribute Definition PlugIn.");
        }
    }

    @Override // edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeDefinitionPlugIn
    public void resolve(ResolverAttribute resolverAttribute, Principal principal, String str, String str2, Dependencies dependencies) throws ResolutionPlugInException {
        log.debug(new StringBuffer("Resolving attribute: (").append(getId()).append(")").toString());
        if (str == null || str.equals("")) {
            log.debug("Could not create ID for unauthenticated requester.");
            resolverAttribute.setResolved();
            return;
        }
        String str3 = null;
        if (!this.attributeDependencyIds.isEmpty()) {
            ResolverAttribute attributeResolution = dependencies.getAttributeResolution((String) this.attributeDependencyIds.iterator().next());
            if (attributeResolution == null) {
                log.error(new StringBuffer("An attribute dependency of attribute (").append(getId()).append(") was not included in the dependency chain.").toString());
                return;
            }
            Iterator values = attributeResolution.getValues();
            if (!values.hasNext()) {
                log.error(new StringBuffer("An attribute dependency of attribute (").append(getId()).append(") returned no values, expecting one.").toString());
                return;
            }
            log.debug(new StringBuffer("Found persistent ID value for attribute (").append(getId()).append(").").toString());
            str3 = (String) values.next();
            if (values.hasNext()) {
                log.error(new StringBuffer("An attribute dependency of attribute (").append(getId()).append(") returned multiple values, expecting only one.").toString());
                return;
            }
        } else if (this.connectorDependencyIds.isEmpty()) {
            str3 = principal.getName();
        } else {
            Attributes connectorResolution = dependencies.getConnectorResolution((String) this.connectorDependencyIds.iterator().next());
            if (connectorResolution == null) {
                log.error(new StringBuffer("A connector dependency of attribute (").append(getId()).append(") did not return any attributes.").toString());
                return;
            }
            Attribute attribute = connectorResolution.get(this.localPersistentId);
            if (attribute != null) {
                if (attribute.size() != 1) {
                    log.error(new StringBuffer("An attribute dependency of attribute (").append(getId()).append(") returned ").append(attribute.size()).append(" values, expecting only one.").toString());
                } else {
                    try {
                        str3 = (String) attribute.get();
                        log.debug(new StringBuffer("Found persistent ID value for attribute (").append(getId()).append(").").toString());
                    } catch (NamingException e) {
                        log.error(new StringBuffer("A connector dependency of attribute (").append(getId()).append(") threw an exception: ").append(e).toString());
                        return;
                    }
                }
            }
        }
        if (str3 == null || str3.equals("")) {
            log.error("Specified source data not supplied from dependencies.  Unable to create ID.");
            resolverAttribute.setResolved();
            return;
        }
        standardProcessing(resolverAttribute);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            messageDigest.update(str.getBytes());
            messageDigest.update((byte) 33);
            messageDigest.update(str3.getBytes());
            messageDigest.update((byte) 33);
            String str4 = new String(Base64.encode(messageDigest.digest(this.salt)));
            resolverAttribute.registerValueHandler(new ScopedStringValueHandler(this.scope));
            resolverAttribute.addValue(str4.replaceAll(System.getProperty("line.separator"), ""));
            resolverAttribute.setResolved();
        } catch (NoSuchAlgorithmException e2) {
            log.error("Unable to load SHA-1 hash algorithm.");
        }
    }

    private boolean usingDefaultSecret() {
        return Arrays.equals(new byte[]{-57, 73, Byte.MIN_VALUE, -45, 2, 74, 97, -17, 37, 93, -29, 47, 87, 81, 32, 21, -57, 73, Byte.MIN_VALUE, -45, 2, 74, 97, -17}, this.salt);
    }
}
