package org.opensaml.saml.saml2.binding.security.impl;

import com.google.common.base.Strings;
import java.io.ByteArrayInputStream;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.codec.Base64Support;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import net.shibboleth.utilities.java.support.xml.ParserPool;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.Unmarshaller;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler;
import org.opensaml.saml.saml2.ecp.RelayState;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoCriterion;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:plugins/opensaml-3.3.1.wso2v4.jar:org/opensaml/saml/saml2/binding/security/impl/SAML2HTTPPostSimpleSignSecurityHandler.class */
public class SAML2HTTPPostSimpleSignSecurityHandler extends BaseSAMLSimpleSignatureSecurityHandler {

    @Nonnull
    private Logger log = LoggerFactory.getLogger(SAML2HTTPPostSimpleSignSecurityHandler.class);

    @NonnullAfterInit
    private ParserPool parserPool;

    @NonnullAfterInit
    private KeyInfoCredentialResolver keyInfoResolver;

    @NonnullAfterInit
    public ParserPool getParserPool() {
        return this.parserPool;
    }

    public void setParser(@Nonnull ParserPool parserPool) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.parserPool = (ParserPool) Constraint.isNotNull(parserPool, "ParserPool cannot be null");
    }

    @NonnullAfterInit
    public KeyInfoCredentialResolver getKeyInfoResolver() {
        return this.keyInfoResolver;
    }

    public void setKeyInfoResolver(@Nonnull KeyInfoCredentialResolver keyInfoCredentialResolver) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.keyInfoResolver = (KeyInfoCredentialResolver) Constraint.isNotNull(keyInfoCredentialResolver, "KeyInfoCredentialResolver cannot be null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler, net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        Constraint.isNotNull(this.parserPool, "ParserPool cannot be null");
        Constraint.isNotNull(this.keyInfoResolver, "KeyInfoCredentialResolver cannot be null");
    }

    @Override // org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler
    protected boolean ruleHandles(@Nonnull MessageContext messageContext) {
        return "POST".equals(getHttpServletRequest().getMethod());
    }

    @Override // org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler
    @Nullable
    protected byte[] getSignedContent() throws MessageHandlerException {
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        StringBuilder sb = new StringBuilder();
        try {
            if (httpServletRequest.getParameter("SAMLRequest") != null) {
                sb.append("SAMLRequest=" + new String(Base64Support.decode(httpServletRequest.getParameter("SAMLRequest")), "UTF-8"));
            } else {
                if (httpServletRequest.getParameter("SAMLResponse") == null) {
                    this.log.warn("Could not extract either a SAMLRequest or a SAMLResponse from the form control data");
                    throw new MessageHandlerException("Extract of SAMLRequest or SAMLResponse from form control data");
                }
                sb.append("SAMLResponse=" + new String(Base64Support.decode(httpServletRequest.getParameter("SAMLResponse")), "UTF-8"));
            }
        } catch (UnsupportedEncodingException e) {
        }
        if (httpServletRequest.getParameter(RelayState.DEFAULT_ELEMENT_LOCAL_NAME) != null) {
            sb.append("&RelayState=" + httpServletRequest.getParameter(RelayState.DEFAULT_ELEMENT_LOCAL_NAME));
        }
        sb.append("&SigAlg=" + httpServletRequest.getParameter("SigAlg"));
        String sb2 = sb.toString();
        if (Strings.isNullOrEmpty(sb2)) {
            this.log.warn("Could not construct signed content string from form control data");
            return null;
        }
        this.log.debug("Constructed signed content string for HTTP-Post-SimpleSign {}", sb2);
        try {
            return sb2.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e2) {
            return null;
        }
    }

    @Override // org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler
    @NonnullElements
    @Nonnull
    protected List<Credential> getRequestCredentials(@Nonnull MessageContext messageContext) throws MessageHandlerException {
        String parameter = getHttpServletRequest().getParameter(KeyInfo.DEFAULT_ELEMENT_LOCAL_NAME);
        if (Strings.isNullOrEmpty(parameter)) {
            this.log.debug("Form control data did not contain a KeyInfo");
            return Collections.emptyList();
        }
        this.log.debug("Found a KeyInfo in form control data, extracting validation credentials");
        Unmarshaller unmarshaller = XMLObjectProviderRegistrySupport.getUnmarshallerFactory().getUnmarshaller(KeyInfo.DEFAULT_ELEMENT_NAME);
        if (unmarshaller == null) {
            throw new MessageHandlerException("Could not obtain a KeyInfo unmarshaller");
        }
        try {
            KeyInfo keyInfo = (KeyInfo) unmarshaller.unmarshall(getParserPool().parse(new ByteArrayInputStream(Base64Support.decode(parameter))).getDocumentElement());
            if (keyInfo == null) {
                this.log.warn("Could not successfully extract KeyInfo object from the form control data");
                return Collections.emptyList();
            }
            ArrayList arrayList = new ArrayList();
            try {
                Iterator<Credential> it = this.keyInfoResolver.resolve(new CriteriaSet(new KeyInfoCriterion(keyInfo))).iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next());
                }
                return arrayList;
            } catch (ResolverException e) {
                this.log.warn("Error resolving credentials from KeyInfo", e);
                throw new MessageHandlerException("Error resolving credentials from KeyInfo", e);
            }
        } catch (XMLParserException e2) {
            this.log.warn("Error parsing KeyInfo data", e2);
            throw new MessageHandlerException("Error parsing KeyInfo data", e2);
        } catch (UnmarshallingException e3) {
            this.log.warn("Error unmarshalling KeyInfo data", e3);
            throw new MessageHandlerException("Error unmarshalling KeyInfo data", e3);
        }
    }
}
