package org.wso2.carbon.identity.tools.saml.validator;

import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Response;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
import org.wso2.carbon.identity.tools.saml.validator.dto.GeneratedResponseDTO;
import org.wso2.carbon.identity.tools.saml.validator.dto.ValidatedItemDTO;
import org.wso2.carbon.identity.tools.saml.validator.processors.SAMLAuthnRequestValidator;
import org.wso2.carbon.identity.tools.saml.validator.processors.SAMLResponseBuilder;
import org.wso2.carbon.identity.tools.saml.validator.util.SAMLValidatorConstants;
import org.wso2.carbon.identity.tools.saml.validator.util.SAMLValidatorUtil;

/* loaded from: input_file:org/wso2/carbon/identity/tools/saml/validator/SAMLValidatorService.class */
public class SAMLValidatorService {
    private static Log log = LogFactory.getLog(SAMLValidatorService.class);

    public ValidatedItemDTO[] validateAuthnRequest(String str, boolean z) {
        ArrayList arrayList = new ArrayList();
        String str2 = null;
        String str3 = null;
        if (z) {
            try {
                str2 = SAMLSSOUtil.decodeForPost(str);
                arrayList.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_DECODE, true, SAMLValidatorConstants.ValidationMessage.VAL_DECODE_SUCCESS));
            } catch (IdentityException e) {
                if (log.isDebugEnabled()) {
                    log.debug(e.getMessage());
                }
                arrayList.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_DECODE, false, SAMLValidatorConstants.ValidationMessage.VAL_DECODE_FAIL));
            }
        } else {
            boolean z2 = false;
            str3 = SAMLValidatorUtil.getQueryString(str);
            if (str3 == null || str3.isEmpty()) {
                arrayList.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_DECODE, false, SAMLValidatorConstants.ValidationMessage.VAL_EXTRACT_SAML_REQ_FAIL));
            } else {
                try {
                    str = SAMLValidatorUtil.getSAMLRequestFromURL(str);
                    z2 = str != null;
                } catch (UnsupportedEncodingException e2) {
                    if (log.isDebugEnabled()) {
                        log.debug(e2.getMessage());
                    }
                    arrayList.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_DECODE, false, SAMLValidatorConstants.ValidationMessage.VAL_DECODE_QUERY_STRING_FAIL));
                }
            }
            if (!z2 || str == null) {
                arrayList.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_DECODE, false, SAMLValidatorConstants.ValidationMessage.VAL_DECODE_FAIL));
            } else {
                try {
                    str2 = SAMLSSOUtil.decode(str);
                    arrayList.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_DECODE, true, SAMLValidatorConstants.ValidationMessage.VAL_DECODE_SUCCESS));
                } catch (IdentityException e3) {
                    if (log.isDebugEnabled()) {
                        log.debug(e3.getMessage());
                    }
                    arrayList.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_DECODE, false, SAMLValidatorConstants.ValidationMessage.VAL_DECODE_FAIL));
                }
            }
        }
        if (str2 == null) {
            return (ValidatedItemDTO[]) arrayList.toArray(new ValidatedItemDTO[arrayList.size()]);
        }
        try {
            AuthnRequest unmarshall = SAMLSSOUtil.unmarshall(str2);
            arrayList.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_UNMARSHAL, true, SAMLValidatorConstants.ValidationMessage.VAL_UNMARSHAL_SUCCESS));
            if (!(unmarshall instanceof AuthnRequest)) {
                arrayList.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_UNMARSHAL, false, SAMLValidatorConstants.ValidationMessage.VAL_AUTHN_REQUEST_FAIL));
                return (ValidatedItemDTO[]) arrayList.toArray(new ValidatedItemDTO[arrayList.size()]);
            }
            SAMLAuthnRequestValidator sAMLAuthnRequestValidator = new SAMLAuthnRequestValidator(unmarshall);
            sAMLAuthnRequestValidator.setPost(z);
            sAMLAuthnRequestValidator.setQueryString(str3);
            try {
                sAMLAuthnRequestValidator.validate(arrayList);
                return (ValidatedItemDTO[]) arrayList.toArray(new ValidatedItemDTO[arrayList.size()]);
            } catch (IdentityException e4) {
                if (log.isDebugEnabled()) {
                    log.debug(e4.getMessage());
                }
                return (ValidatedItemDTO[]) arrayList.toArray(new ValidatedItemDTO[arrayList.size()]);
            }
        } catch (IdentityException e5) {
            if (log.isDebugEnabled()) {
                log.debug(e5.getMessage());
            }
            arrayList.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_UNMARSHAL, false, SAMLValidatorConstants.ValidationMessage.VAL_UNMARSHAL_FAIL));
            if (z && isDecodeableAsRedirect(str)) {
                arrayList.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_WRONG_BINDING, false, SAMLValidatorConstants.ValidationMessage.VAL_WRONG_BINDING_MSG));
            }
            return (ValidatedItemDTO[]) arrayList.toArray(new ValidatedItemDTO[arrayList.size()]);
        }
    }

    public GeneratedResponseDTO buildResponse(String str, String str2) {
        if (str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            return new GeneratedResponseDTO(false, SAMLValidatorConstants.ErrorMessage.ERROR_INCOMPLETE_DATA);
        }
        String str3 = null;
        String str4 = null;
        try {
            try {
                Response buildSAMLResponse = new SAMLResponseBuilder().buildSAMLResponse(SAMLValidatorUtil.getServiceProviderConfig(str), str2);
                if (buildSAMLResponse != null) {
                    str3 = SAMLSSOUtil.marshall(buildSAMLResponse);
                    str4 = SAMLSSOUtil.encode(str3);
                }
                return new GeneratedResponseDTO(true, null, str3, str4);
            } catch (IdentityException e) {
                if (log.isDebugEnabled()) {
                    log.debug(e.getMessage());
                }
                return new GeneratedResponseDTO(false, String.format(SAMLValidatorConstants.ErrorMessage.ERROR_BUILD_FAIL, e.getMessage()));
            }
        } catch (IdentityException e2) {
            if (log.isDebugEnabled()) {
                log.debug(e2.getMessage());
            }
            return new GeneratedResponseDTO(false, String.format("A Service Provider with the Issuer '%s' is not registered.", str));
        }
    }

    public String[] getIssuersOfSAMLServiceProviders() {
        try {
            return SAMLValidatorUtil.getIssuersOfSAMLServiceProviders();
        } catch (IdentityException e) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug(e.getMessage());
            return null;
        }
    }

    private boolean isDecodeableAsRedirect(String str) {
        try {
            String decode = SAMLSSOUtil.decode(str);
            if (decode == null || decode.isEmpty()) {
                return false;
            }
            try {
                SAMLSSOUtil.unmarshall(decode);
                return true;
            } catch (IdentityException e) {
                return false;
            }
        } catch (IdentityException e2) {
            return false;
        }
    }
}
