package com.microsoft.aad.msal4j;

import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:payload/TIB_bwpluginamqp_6.4.0_common.zip:assemblies/assembly_tibco_com_tibco_bw_ms_asb_sdk_tpcl_feature_1.5.0.005.zip:source/plugins/com.tibco.bw.ms.asb.sdk.tpcl_1.5.0.004.jar:lib/msal4j-1.13.7.jar:com/microsoft/aad/msal4j/MexParser.class */
class MexParser {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) MexParser.class);
    private static final String TRANSPORT_BINDING_XPATH = "wsp:ExactlyOne/wsp:All/sp:TransportBinding";
    private static final String TRANSPORT_BINDING_2005_XPATH = "wsp:ExactlyOne/wsp:All/sp2005:TransportBinding";
    private static final String PORT_XPATH = "//wsdl:definitions/wsdl:service/wsdl:port";
    private static final String ADDRESS_XPATH = "wsa10:EndpointReference/wsa10:Address";
    private static final String SOAP_ACTION_XPATH = "wsdl:operation/soap12:operation/@soapAction";
    private static final String RST_SOAP_ACTION = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue";
    private static final String RST_SOAP_ACTION_2005 = "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue";
    private static final String SOAP_TRANSPORT_XPATH = "soap12:binding/@transport";
    private static final String SOAP_HTTP_TRANSPORT_VALUE = "http://schemas.xmlsoap.org/soap/http";

    /* loaded from: input_file:payload/TIB_bwpluginamqp_6.4.0_common.zip:assemblies/assembly_tibco_com_tibco_bw_ms_asb_sdk_tpcl_feature_1.5.0.005.zip:source/plugins/com.tibco.bw.ms.asb.sdk.tpcl_1.5.0.004.jar:lib/msal4j-1.13.7.jar:com/microsoft/aad/msal4j/MexParser$NegotiateAuthenticationPolicySelector.class */
    private static class NegotiateAuthenticationPolicySelector implements PolicySelector {
        private NegotiateAuthenticationPolicySelector() {
        }

        @Override // com.microsoft.aad.msal4j.MexParser.PolicySelector
        public Map<String, BindingPolicy> selectPolicies(Document document, XPath xPath, boolean z) throws XPathExpressionException {
            return MexParser.selectIntegratedPoliciesWithExpression(document, xPath, "//wsdl:definitions/wsp:Policy/wsp:ExactlyOne/wsp:All/http:NegotiateAuthentication");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:payload/TIB_bwpluginamqp_6.4.0_common.zip:assemblies/assembly_tibco_com_tibco_bw_ms_asb_sdk_tpcl_feature_1.5.0.005.zip:source/plugins/com.tibco.bw.ms.asb.sdk.tpcl_1.5.0.004.jar:lib/msal4j-1.13.7.jar:com/microsoft/aad/msal4j/MexParser$PolicySelector.class */
    public interface PolicySelector {
        Map<String, BindingPolicy> selectPolicies(Document document, XPath xPath, boolean z) throws XPathExpressionException;
    }

    /* loaded from: input_file:payload/TIB_bwpluginamqp_6.4.0_common.zip:assemblies/assembly_tibco_com_tibco_bw_ms_asb_sdk_tpcl_feature_1.5.0.005.zip:source/plugins/com.tibco.bw.ms.asb.sdk.tpcl_1.5.0.004.jar:lib/msal4j-1.13.7.jar:com/microsoft/aad/msal4j/MexParser$WsTrustEndpointPolicySelector.class */
    private static class WsTrustEndpointPolicySelector implements PolicySelector {
        private WsTrustEndpointPolicySelector() {
        }

        @Override // com.microsoft.aad.msal4j.MexParser.PolicySelector
        public Map<String, BindingPolicy> selectPolicies(Document document, XPath xPath, boolean z) throws XPathExpressionException {
            Map<String, BindingPolicy> selectUsernamePasswordPoliciesWithExpression = MexParser.selectUsernamePasswordPoliciesWithExpression(document, xPath, "//wsdl:definitions/wsp:Policy/wsp:ExactlyOne/wsp:All/sp:SignedEncryptedSupportingTokens/wsp:Policy/sp:UsernameToken/wsp:Policy/sp:WssUsernameToken10", z);
            ((NamespaceContextImpl) xPath.getNamespaceContext()).modifyNameSpace("sp", "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy");
            selectUsernamePasswordPoliciesWithExpression.putAll(MexParser.selectUsernamePasswordPoliciesWithExpression(document, xPath, "//wsdl:definitions/wsp:Policy/wsp:ExactlyOne/wsp:All/sp:SignedSupportingTokens/wsp:Policy/sp:UsernameToken/wsp:Policy/sp:WssUsernameToken10", z));
            return selectUsernamePasswordPoliciesWithExpression;
        }
    }

    MexParser() {
    }

    static BindingPolicy getPolicy(String str, PolicySelector policySelector, boolean z) throws Exception {
        DocumentBuilderFactory createInstance = SafeDocumentBuilderFactory.createInstance();
        createInstance.setNamespaceAware(true);
        Document parse = createInstance.newDocumentBuilder().parse(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)));
        XPath newXPath = XPathFactory.newInstance().newXPath();
        newXPath.setNamespaceContext(new NamespaceContextImpl());
        Map<String, BindingPolicy> selectPolicies = policySelector.selectPolicies(parse, newXPath, z);
        if (selectPolicies.isEmpty()) {
            log.debug("No matching policies");
            return null;
        }
        Map<String, BindingPolicy> matchingBindings = getMatchingBindings(parse, newXPath, selectPolicies, z);
        if (matchingBindings.isEmpty()) {
            log.debug("No matching bindings");
            return null;
        }
        getPortsForPolicyBindings(parse, newXPath, matchingBindings, selectPolicies, z);
        return selectSingleMatchingPolicy(selectPolicies);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static BindingPolicy getPolicyFromMexResponseForIntegrated(String str, boolean z) throws Exception {
        return getPolicy(str, new NegotiateAuthenticationPolicySelector(), z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static BindingPolicy getWsTrustEndpointFromMexResponse(String str, boolean z) throws Exception {
        return getPolicy(str, new WsTrustEndpointPolicySelector(), z);
    }

    private static BindingPolicy selectSingleMatchingPolicy(Map<String, BindingPolicy> map) {
        BindingPolicy bindingPolicy = null;
        BindingPolicy bindingPolicy2 = null;
        for (Map.Entry<String, BindingPolicy> entry : map.entrySet()) {
            if (entry.getValue().getUrl() != null) {
                if (entry.getValue().getVersion() == WSTrustVersion.WSTRUST13) {
                    bindingPolicy = entry.getValue();
                } else if (entry.getValue().getVersion() == WSTrustVersion.WSTRUST2005) {
                    bindingPolicy2 = entry.getValue();
                }
            }
        }
        if (bindingPolicy != null || bindingPolicy2 != null) {
            return bindingPolicy != null ? bindingPolicy : bindingPolicy2;
        }
        log.warn("No policies found with the url");
        return null;
    }

    private static void getPortsForPolicyBindings(Document document, XPath xPath, Map<String, BindingPolicy> map, Map<String, BindingPolicy> map2, boolean z) throws Exception {
        BindingPolicy bindingPolicy;
        NodeList nodeList = (NodeList) xPath.compile(PORT_XPATH).evaluate(document, XPathConstants.NODESET);
        if (nodeList.getLength() == 0) {
            log.warn("No ports found");
            return;
        }
        for (int i = 0; i < nodeList.getLength(); i++) {
            Node item = nodeList.item(i);
            String[] split = item.getAttributes().getNamedItem("binding").getNodeValue().split(":");
            BindingPolicy bindingPolicy2 = map.get(split[split.length - 1]);
            if (bindingPolicy2 != null && (bindingPolicy = map2.get(bindingPolicy2.getUrl())) != null && StringHelper.isBlank(bindingPolicy.getUrl())) {
                bindingPolicy.setVersion(bindingPolicy2.getVersion());
                NodeList nodeList2 = (NodeList) xPath.compile(ADDRESS_XPATH).evaluate(item, XPathConstants.NODESET);
                if (nodeList2.getLength() <= 0) {
                    throw new MsalClientException("Error parsing WSTrustResponse: No address nodes on port", AuthenticationErrorCode.WSTRUST_INVALID_RESPONSE);
                }
                String textContent = nodeList2.item(0).getTextContent();
                if (textContent != null && textContent.toLowerCase().startsWith("https://")) {
                    bindingPolicy.setUrl(textContent.trim());
                } else if (z) {
                    log.warn("Skipping insecure endpoint: " + textContent);
                } else {
                    log.warn("Skipping insecure endpoint");
                }
            }
        }
    }

    private static Map<String, BindingPolicy> getMatchingBindings(Document document, XPath xPath, Map<String, BindingPolicy> map, boolean z) throws XPathExpressionException {
        HashMap hashMap = new HashMap();
        NodeList nodeList = (NodeList) xPath.compile("//wsdl:definitions/wsdl:binding/wsp:PolicyReference").evaluate(document, XPathConstants.NODESET);
        for (int i = 0; i < nodeList.getLength(); i++) {
            Node item = nodeList.item(i);
            String nodeValue = item.getAttributes().getNamedItem("URI").getNodeValue();
            if (map.containsKey(nodeValue)) {
                Node parentNode = item.getParentNode();
                String nodeValue2 = parentNode.getAttributes().getNamedItem("name").getNodeValue();
                WSTrustVersion checkSoapActionAndTransport = checkSoapActionAndTransport(xPath, parentNode, z);
                if (checkSoapActionAndTransport != WSTrustVersion.UNDEFINED) {
                    BindingPolicy bindingPolicy = new BindingPolicy("");
                    bindingPolicy.setUrl(nodeValue);
                    bindingPolicy.setVersion(checkSoapActionAndTransport);
                    hashMap.put(nodeValue2, bindingPolicy);
                }
            }
        }
        return hashMap;
    }

    private static WSTrustVersion checkSoapActionAndTransport(XPath xPath, Node node, boolean z) throws XPathExpressionException {
        String nodeValue = node.getAttributes().getNamedItem("name").getNodeValue();
        NodeList nodeList = (NodeList) xPath.compile(SOAP_ACTION_XPATH).evaluate(node, XPathConstants.NODESET);
        if (nodeList.getLength() > 0) {
            String nodeValue2 = nodeList.item(0).getNodeValue();
            NodeList nodeList2 = (NodeList) xPath.compile(SOAP_TRANSPORT_XPATH).evaluate(node, XPathConstants.NODESET);
            if (nodeList2 != null && nodeList2.getLength() > 0 && nodeList2.item(0).getNodeValue().equalsIgnoreCase(SOAP_HTTP_TRANSPORT_VALUE)) {
                if (nodeValue2.equalsIgnoreCase(RST_SOAP_ACTION)) {
                    if (z) {
                        log.debug("Found binding matching Action and Transport: " + nodeValue);
                    } else {
                        log.debug("Found binding matching Action and Transport");
                    }
                    return WSTrustVersion.WSTRUST13;
                }
                if (nodeValue2.equalsIgnoreCase(RST_SOAP_ACTION_2005)) {
                    if (z) {
                        log.debug("Binding node did not match soap Action or Transport: " + nodeValue);
                    } else {
                        log.debug("Binding node did not match soap Action or Transport");
                    }
                    return WSTrustVersion.WSTRUST2005;
                }
            }
        }
        return WSTrustVersion.UNDEFINED;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Map<String, BindingPolicy> selectUsernamePasswordPoliciesWithExpression(Document document, XPath xPath, String str, boolean z) throws XPathExpressionException {
        HashMap hashMap = new HashMap();
        NodeList nodeList = (NodeList) xPath.compile(str).evaluate(document, XPathConstants.NODESET);
        for (int i = 0; i < nodeList.getLength(); i++) {
            String checkPolicy = checkPolicy(xPath, nodeList.item(i).getParentNode().getParentNode().getParentNode().getParentNode().getParentNode().getParentNode().getParentNode(), z);
            hashMap.put("#" + checkPolicy, new BindingPolicy("#" + checkPolicy));
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Map<String, BindingPolicy> selectIntegratedPoliciesWithExpression(Document document, XPath xPath, String str) throws XPathExpressionException {
        HashMap hashMap = new HashMap();
        NodeList nodeList = (NodeList) xPath.compile(str).evaluate(document, XPathConstants.NODESET);
        for (int i = 0; i < nodeList.getLength(); i++) {
            String checkPolicyIntegrated = checkPolicyIntegrated(xPath, nodeList.item(i).getParentNode().getParentNode().getParentNode());
            hashMap.put("#" + checkPolicyIntegrated, new BindingPolicy("#" + checkPolicyIntegrated));
        }
        return hashMap;
    }

    private static String checkPolicy(XPath xPath, Node node, boolean z) throws XPathExpressionException {
        String str = null;
        Node namedItem = node.getAttributes().getNamedItem("wsu:Id");
        NodeList nodeList = (NodeList) xPath.compile(TRANSPORT_BINDING_XPATH).evaluate(node, XPathConstants.NODESET);
        if (nodeList.getLength() == 0) {
            nodeList = (NodeList) xPath.compile(TRANSPORT_BINDING_2005_XPATH).evaluate(node, XPathConstants.NODESET);
        }
        if (nodeList.getLength() <= 0 || namedItem == null) {
            String nodeValue = namedItem != null ? namedItem.getNodeValue() : "none";
            if (z) {
                log.debug("potential policy did not match required transport binding: " + nodeValue);
            } else {
                log.debug("potential policy did not match required transport binding");
            }
        } else {
            str = namedItem.getNodeValue();
            if (z) {
                log.debug("found matching policy id: " + str);
            } else {
                log.debug("found matching policy");
            }
        }
        return str;
    }

    private static String checkPolicyIntegrated(XPath xPath, Node node) throws XPathExpressionException {
        return node.getAttributes().getNamedItem("wsu:Id").getNodeValue();
    }
}
