package com.sun.identity.saml2.common;

import com.iplanet.am.util.AMURLEncDec;
import com.iplanet.services.util.Base64;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.StringTokenizer;

/* loaded from: input_file:122984-01/SUNWsaml2/reloc/SUNWam/saml2/lib/saml2.jar:com/sun/identity/saml2/common/QuerySignatureUtil.class */
public class QuerySignatureUtil {
    private QuerySignatureUtil() {
    }

    public static String sign(String str, PrivateKey privateKey) throws SAML2Exception {
        Signature signature;
        String str2;
        if (str == null || str.length() == 0 || privateKey == null) {
            SAML2Utils.debug.error(new StringBuffer().append("QuerySignatureUtil.sign: ").append("Either input query string or private key is null.").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullInput"));
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("QuerySignatureUtil.sign: ").append("Input query string:\n").append(str).toString());
        }
        String algorithm = privateKey.getAlgorithm();
        if (algorithm.equals(SAML2Constants.RSA)) {
            try {
                signature = Signature.getInstance(SAML2Constants.SHA1_WITH_RSA);
                str2 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
            } catch (NoSuchAlgorithmException e) {
                throw new SAML2Exception(e);
            }
        } else {
            if (!algorithm.equals(SAML2Constants.DSA)) {
                SAML2Utils.debug.error(new StringBuffer().append("QuerySignatureUtil.sign: ").append("Algorithm not supported: ").append(algorithm).toString());
                throw new SAML2Exception(SAML2Utils.bundle.getString("algorithmNotSupported"));
            }
            try {
                signature = Signature.getInstance(SAML2Constants.SHA1_WITH_DSA);
                str2 = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
            } catch (NoSuchAlgorithmException e2) {
                throw new SAML2Exception(e2);
            }
        }
        if (str.charAt(str.length() - 1) != '&') {
            str = new StringBuffer().append(str).append("&").toString();
        }
        String stringBuffer = new StringBuffer().append(str).append("SigAlg=").append(AMURLEncDec.encode(str2)).toString();
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("QuerySignatureUtil.sign: ").append("Final string to be signed:\n").append(stringBuffer).toString());
        }
        try {
            signature.initSign(privateKey);
            try {
                signature.update(stringBuffer.getBytes());
                try {
                    byte[] sign = signature.sign();
                    if (sign == null || sign.length == 0) {
                        SAML2Utils.debug.error(new StringBuffer().append("QuerySignatureUtil.sign: ").append("Generated signature is null").toString());
                        throw new SAML2Exception(SAML2Utils.bundle.getString("nullSigGenerated"));
                    }
                    new Base64();
                    String stringBuffer2 = new StringBuffer().append(stringBuffer).append("&Signature=").append(AMURLEncDec.encode(Base64.encode(sign))).toString();
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message(new StringBuffer().append("QuerySignatureUtil.sign: ").append("Signed query string:\n").append(stringBuffer2).toString());
                    }
                    return stringBuffer2;
                } catch (SignatureException e3) {
                    throw new SAML2Exception(e3);
                }
            } catch (SignatureException e4) {
                throw new SAML2Exception(e4);
            }
        } catch (InvalidKeyException e5) {
            throw new SAML2Exception(e5);
        }
    }

    public static boolean verify(String str, X509Certificate x509Certificate) throws SAML2Exception {
        Signature signature;
        if (str == null || str.length() == 0 || x509Certificate == null) {
            SAML2Utils.debug.error(new StringBuffer().append("QuerySignatureUtil.verify: ").append("Input query string or certificate is null").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullInput"));
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("QuerySignatureUtil.verify: ").append("Query string to be verifed:\n").append(str).toString());
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, "&");
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String str5 = null;
        String str6 = null;
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.startsWith(SAML2Constants.SAML_REQUEST)) {
                str2 = nextToken;
            } else if (nextToken.startsWith(SAML2Constants.SAML_RESPONSE)) {
                str3 = nextToken;
            } else if (nextToken.startsWith("RelayState")) {
                str4 = nextToken;
            } else if (nextToken.startsWith(SAML2Constants.SIG_ALG)) {
                str5 = nextToken;
            } else if (nextToken.startsWith(SAML2Constants.SIGNATURE)) {
                str6 = nextToken;
            }
        }
        if (str5 == null || str5.equals("")) {
            SAML2Utils.debug.error(new StringBuffer().append("QuerySignatureUtil.verify: ").append("Null SigAlg query parameter.").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullSigAlg"));
        }
        if (str6 == null || str6.equals("")) {
            SAML2Utils.debug.error(new StringBuffer().append("QuerySignatureUtil.verify: ").append("Null Signature query parameter.").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullSig"));
        }
        String str7 = str2 != null ? str2 : str3;
        if (str4 != null) {
            str7 = new StringBuffer().append(str7).append("&").append(str4).toString();
        }
        String stringBuffer = new StringBuffer().append(str7).append("&").append(str5).toString();
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("QuerySignatureUtil.verify: ").append("Query string to be verifed (re-arranged):\n").append(stringBuffer).toString());
        }
        String substring = str5.substring(str5.indexOf(61) + 1);
        if (substring == null || substring.equals("")) {
            SAML2Utils.debug.error(new StringBuffer().append("QuerySignatureUtil.verify: ").append("Null SigAlg query parameter value.").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullSigAlg"));
        }
        String decode = AMURLEncDec.decode(substring);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("QuerySignatureUtil.verify: ").append("SigAlg query parameter value: ").append(decode).toString());
        }
        String substring2 = str6.substring(str6.indexOf(61) + 1);
        if (substring2 == null || substring2.equals("")) {
            SAML2Utils.debug.message(new StringBuffer().append("QuerySignatureUtil.verify: ").append("Null Signature query parameter value.").toString());
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullSig"));
        }
        String decode2 = AMURLEncDec.decode(substring2);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("QuerySignatureUtil.verify: ").append("Signature query parameter value:\n").append(decode2).toString());
        }
        new Base64();
        byte[] decode3 = Base64.decode(decode2);
        if (decode.equals("http://www.w3.org/2000/09/xmldsig#dsa-sha1")) {
            try {
                signature = Signature.getInstance(SAML2Constants.SHA1_WITH_DSA);
            } catch (NoSuchAlgorithmException e) {
                throw new SAML2Exception(e);
            }
        } else {
            if (!decode.equals("http://www.w3.org/2000/09/xmldsig#rsa-sha1")) {
                SAML2Utils.debug.error(new StringBuffer().append("QuerySignatureUtil.verify: ").append("Signature algorithm not supported.").toString());
                throw new SAML2Exception(SAML2Utils.bundle.getString("algNotSupported"));
            }
            try {
                signature = Signature.getInstance(SAML2Constants.SHA1_WITH_RSA);
            } catch (NoSuchAlgorithmException e2) {
                throw new SAML2Exception(e2);
            }
        }
        try {
            signature.initVerify(x509Certificate);
            try {
                signature.update(stringBuffer.getBytes());
                try {
                    return signature.verify(decode3);
                } catch (SignatureException e3) {
                    throw new SAML2Exception(e3);
                }
            } catch (SignatureException e4) {
                throw new SAML2Exception(e4);
            }
        } catch (InvalidKeyException e5) {
            throw new SAML2Exception(e5);
        }
    }
}
