package org.owasp.webscarab.plugin.wsfed;

import flex.messaging.io.amf.client.AMFConnection;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.apache.xpath.XPathAPI;
import org.htmlparser.tags.FormTag;
import org.owasp.webscarab.model.ConversationID;
import org.owasp.webscarab.model.ConversationModel;
import org.owasp.webscarab.model.FilteredConversationModel;
import org.owasp.webscarab.model.FrameworkModel;
import org.owasp.webscarab.model.NamedValue;
import org.owasp.webscarab.model.Request;
import org.owasp.webscarab.plugin.AbstractPluginModel;
import org.owasp.webscarab.util.Encoding;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:main/WebScarab-1.0.0-SNAPSHOT.jar:org/owasp/webscarab/plugin/wsfed/WSFederationModel.class */
public class WSFederationModel extends AbstractPluginModel {
    private final FrameworkModel model;
    private final ConversationModel wsfedConversationModel;

    public WSFederationModel(FrameworkModel frameworkModel) {
        this.model = frameworkModel;
        this.wsfedConversationModel = new FilteredConversationModel(frameworkModel, frameworkModel.getConversationModel()) { // from class: org.owasp.webscarab.plugin.wsfed.WSFederationModel.1
            @Override // org.owasp.webscarab.model.FilteredConversationModel
            public boolean shouldFilter(ConversationID conversationID) {
                return !WSFederationModel.this.isWSFederationMessage(conversationID);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isWSFederationMessage(ConversationID conversationID) {
        return (null == this.model.getConversationProperty(conversationID, "WTREALM") && null == this.model.getConversationProperty(conversationID, "WRESULT")) ? false : true;
    }

    public ConversationModel getConversationModel() {
        return this.wsfedConversationModel;
    }

    public void setSignInRequestMessage(ConversationID conversationID, String str) {
        this.model.setConversationProperty(conversationID, "WTREALM", str);
    }

    public void setSignInResponseMessage(ConversationID conversationID, String str) {
        this.model.setConversationProperty(conversationID, "WRESULT", str);
    }

    public String getReadableMessageType(ConversationID conversationID) {
        return null != this.model.getConversationProperty(conversationID, "WTREALM") ? "Sign-In Request" : null != this.model.getConversationProperty(conversationID, "WRESULT") ? "Sign-In Response" : "Unknown";
    }

    public List getParameters(ConversationID conversationID) {
        byte[] content;
        NamedValue[] namedValueArr = null;
        Request request = this.model.getRequest(conversationID);
        String method = request.getMethod();
        if (method.equals(FormTag.GET)) {
            String query = request.getURL().getQuery();
            if (null != query) {
                namedValueArr = NamedValue.splitNamedValues(query, "&", AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
            }
        } else if (method.equals("POST") && (content = request.getContent()) != null && content.length > 0) {
            namedValueArr = NamedValue.splitNamedValues(new String(content), "&", AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
        }
        if (null == namedValueArr) {
            return Collections.emptyList();
        }
        for (int i = 0; i < namedValueArr.length; i++) {
            NamedValue namedValue = namedValueArr[i];
            namedValueArr[i] = new NamedValue(namedValue.getName(), Encoding.urlDecode(namedValue.getValue()));
        }
        return Arrays.asList(namedValueArr);
    }

    public byte[] findSAMLAssertion(byte[] bArr) throws ParserConfigurationException, SAXException, IOException, TransformerException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Document parse = newInstance.newDocumentBuilder().parse(byteArrayInputStream);
        Element createElement = parse.createElement("nsElement");
        createElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:saml2", "urn:oasis:names:tc:SAML:2.0:assertion");
        Node selectSingleNode = XPathAPI.selectSingleNode(parse, "//saml2:Assertion", createElement);
        if (null == selectSingleNode) {
            return null;
        }
        DOMSource dOMSource = new DOMSource(selectSingleNode);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TransformerFactory.newInstance().newTransformer().transform(dOMSource, new StreamResult(byteArrayOutputStream));
        return byteArrayOutputStream.toByteArray();
    }

    public List getSAMLAttributes(byte[] bArr) throws ParserConfigurationException, SAXException, IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Document parse = newInstance.newDocumentBuilder().parse(byteArrayInputStream);
        ArrayList arrayList = new ArrayList();
        NodeList elementsByTagNameNS = parse.getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:assertion", "Attribute");
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            Element element = (Element) elementsByTagNameNS.item(i);
            String attribute = element.getAttribute(SchemaSymbols.ATTVAL_NAME);
            NodeList elementsByTagNameNS2 = element.getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:assertion", "AttributeValue");
            if (0 != elementsByTagNameNS2.getLength()) {
                arrayList.add(new NamedValue(attribute, ((Element) elementsByTagNameNS2.item(0)).getChildNodes().item(0).getNodeValue()));
            }
        }
        return arrayList;
    }
}
