package org.wso2.appserver.webapp.security.saml.signature;

import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.wso2.appserver.webapp.security.utils.exception.SSOException;

/* loaded from: input_file:org/wso2/appserver/webapp/security/saml/signature/SAMLSignatureValidatorImplementation.class */
public class SAMLSignatureValidatorImplementation implements SignatureValidator {
    @Override // org.wso2.appserver.webapp.security.saml.signature.SignatureValidator
    public void validateSignature(Response response, Assertion assertion, boolean z, boolean z2) throws SSOException {
        SSOX509Credential sSOX509Credential = SSOX509Credential.getInstance();
        if (z) {
            if (response.getSignature() == null) {
                throw new SSOException("SAML 2.0 Response signing is enabled, but signature element not found in SAML 2.0 Response element");
            }
            try {
                org.opensaml.xmlsec.signature.support.SignatureValidator.validate(response.getSignature(), new X509CredentialImplementation(sSOX509Credential.getEntityCertificate()));
            } catch (SignatureException e) {
                throw new SSOException("Signature validation failed for SAML 2.0 Response", e);
            }
        }
        if (z2) {
            if (assertion.getSignature() == null) {
                throw new SSOException("SAML 2.0 Assertion signing is enabled, but signature element not found in SAML 2.0 Assertion element");
            }
            try {
                org.opensaml.xmlsec.signature.support.SignatureValidator.validate(assertion.getSignature(), new X509CredentialImplementation(sSOX509Credential.getEntityCertificate()));
            } catch (SignatureException e2) {
                throw new SSOException("Signature validation failed for SAML 2.0 Assertion", e2);
            }
        }
    }
}
