package eu.unicore.samly2.trust;

import eu.unicore.samly2.exceptions.SAMLValidationException;
import eu.unicore.security.dsig.DSigException;
import eu.unicore.security.dsig.DigSignatureUtil;
import eu.unicore.security.dsig.IdAttribute;
import java.security.PublicKey;
import java.util.Collections;
import java.util.List;
import org.apache.xmlbeans.XmlObject;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import xmlbeans.org.oasis.saml2.assertion.AssertionDocument;
import xmlbeans.org.oasis.saml2.assertion.AssertionType;
import xmlbeans.org.oasis.saml2.assertion.NameIDType;
import xmlbeans.org.oasis.saml2.protocol.RequestAbstractType;
import xmlbeans.org.oasis.saml2.protocol.StatusResponseType;
import xmlbeans.org.w3.x2000.x09.xmldsig.SignatureType;

/* loaded from: input_file:eu/unicore/samly2/trust/DsigSamlTrustCheckerBase.class */
public abstract class DsigSamlTrustCheckerBase implements SamlTrustChecker {
    @Override // eu.unicore.samly2.trust.SamlTrustChecker
    public boolean isSignatureRequired() {
        return true;
    }

    @Override // eu.unicore.samly2.trust.SamlTrustChecker
    public void checkTrust(AssertionDocument assertionDocument) throws SAMLValidationException {
        AssertionType assertion = assertionDocument.getAssertion();
        checkCommon(assertionDocument, assertion.getIssuer(), assertion.getSignature(), ASSERTION_ID_QNAME);
    }

    @Override // eu.unicore.samly2.trust.SamlTrustChecker
    public void checkTrust(XmlObject xmlObject, StatusResponseType statusResponseType) throws SAMLValidationException {
        checkCommon(xmlObject, statusResponseType.getIssuer(), statusResponseType.getSignature(), PROTOCOL_ID_QNAME);
    }

    @Override // eu.unicore.samly2.trust.SamlTrustChecker
    public void checkTrust(XmlObject xmlObject, RequestAbstractType requestAbstractType) throws SAMLValidationException {
        checkCommon(xmlObject, requestAbstractType.getIssuer(), requestAbstractType.getSignature(), PROTOCOL_ID_QNAME);
    }

    protected void checkCommon(XmlObject xmlObject, NameIDType nameIDType, SignatureType signatureType, IdAttribute idAttribute) throws SAMLValidationException {
        PublicKey establishKey = establishKey(nameIDType, signatureType);
        Document document = (Document) xmlObject.getDomNode();
        isCorrectlySigned(document, establishKey, signatureType, Collections.singletonList(document.getDocumentElement()), idAttribute);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void isCorrectlySigned(Document document, PublicKey publicKey, SignatureType signatureType, List<Element> list, IdAttribute idAttribute) throws SAMLValidationException {
        if (signatureType == null || signatureType.isNil()) {
            throw new SAMLValidationException("XML document is not signed");
        }
        try {
            if (new DigSignatureUtil().verifyEnvelopedSignature(document, list, idAttribute, publicKey)) {
            } else {
                throw new SAMLValidationException("Signature is incorrect");
            }
        } catch (DSigException e) {
            throw new SAMLValidationException("Signature verification failed", e);
        }
    }

    protected abstract PublicKey establishKey(NameIDType nameIDType, SignatureType signatureType) throws SAMLValidationException;
}
