package org.opensaml.saml1.binding.decoding;

import java.util.List;
import javax.xml.namespace.QName;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.binding.artifact.SAMLArtifactMap;
import org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder;
import org.opensaml.saml1.core.Assertion;
import org.opensaml.saml1.core.AssertionArtifact;
import org.opensaml.saml1.core.AttributeQuery;
import org.opensaml.saml1.core.AuthorizationDecisionQuery;
import org.opensaml.saml1.core.Request;
import org.opensaml.saml1.core.RequestAbstractType;
import org.opensaml.saml1.core.Response;
import org.opensaml.saml1.core.ResponseAbstractType;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.MessageContext;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.xml.parse.ParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/opensaml-2.6.6.jar:org/opensaml/saml1/binding/decoding/BaseSAML1MessageDecoder.class
  input_file:WEB-INF/lib/rampart-core-1.6.1-wso2v42.jar:opensaml-2.6.6.jar:org/opensaml/saml1/binding/decoding/BaseSAML1MessageDecoder.class
  input_file:WEB-INF/lib/wss4j-1.5.11-wso2v19.jar:opensaml-2.6.1.jar:org/opensaml/saml1/binding/decoding/BaseSAML1MessageDecoder.class
 */
/* loaded from: input_file:WEB-INF/lib/org.apache.rampart.wso2-rampart-trust-1.6.1-wso2v42.jar:opensaml-2.6.6.jar:org/opensaml/saml1/binding/decoding/BaseSAML1MessageDecoder.class */
public abstract class BaseSAML1MessageDecoder extends BaseSAMLMessageDecoder {
    private final Logger log;
    private SAMLArtifactMap artifactMap;
    private boolean useQueryResourceAsEntityId;

    public BaseSAML1MessageDecoder() {
        this.log = LoggerFactory.getLogger(BaseSAML1MessageDecoder.class);
        this.useQueryResourceAsEntityId = true;
    }

    public BaseSAML1MessageDecoder(ParserPool parserPool) {
        super(parserPool);
        this.log = LoggerFactory.getLogger(BaseSAML1MessageDecoder.class);
        this.useQueryResourceAsEntityId = true;
    }

    public BaseSAML1MessageDecoder(SAMLArtifactMap sAMLArtifactMap) {
        this.log = LoggerFactory.getLogger(BaseSAML1MessageDecoder.class);
        this.artifactMap = sAMLArtifactMap;
        this.useQueryResourceAsEntityId = true;
    }

    public BaseSAML1MessageDecoder(SAMLArtifactMap sAMLArtifactMap, ParserPool parserPool) {
        super(parserPool);
        this.log = LoggerFactory.getLogger(BaseSAML1MessageDecoder.class);
        this.artifactMap = sAMLArtifactMap;
        this.useQueryResourceAsEntityId = true;
    }

    @Override // org.opensaml.ws.message.decoder.BaseMessageDecoder, org.opensaml.ws.message.decoder.MessageDecoder
    public void decode(MessageContext messageContext) throws MessageDecodingException, SecurityException {
        super.decode(messageContext);
        SAMLMessageContext sAMLMessageContext = (SAMLMessageContext) messageContext;
        if (sAMLMessageContext.getInboundSAMLMessage() instanceof ResponseAbstractType) {
            checkEndpointURI(sAMLMessageContext);
        }
    }

    public SAMLArtifactMap getArtifactMap() {
        return this.artifactMap;
    }

    public boolean getUseQueryResourceAsEntityId() {
        return this.useQueryResourceAsEntityId;
    }

    public void setUseQueryResourceAsEntityId(boolean z) {
        this.useQueryResourceAsEntityId = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void populateMessageContext(SAMLMessageContext sAMLMessageContext) throws MessageDecodingException {
        populateMessageIdIssueInstantIssuer(sAMLMessageContext);
        populateRelyingPartyMetadata(sAMLMessageContext);
    }

    protected void populateMessageIdIssueInstantIssuer(SAMLMessageContext sAMLMessageContext) throws MessageDecodingException {
        SAMLObject inboundSAMLMessage = sAMLMessageContext.getInboundSAMLMessage();
        if (inboundSAMLMessage == null) {
            return;
        }
        if (inboundSAMLMessage instanceof RequestAbstractType) {
            this.log.debug("Extracting ID, issuer and issue instant from request");
            extractRequestInfo(sAMLMessageContext, (RequestAbstractType) inboundSAMLMessage);
        } else {
            if (!(inboundSAMLMessage instanceof Response)) {
                throw new MessageDecodingException("SAML 1.x message was not a request or a response");
            }
            this.log.debug("Extracting ID, issuer and issue instant from response");
            extractResponseInfo(sAMLMessageContext, (Response) inboundSAMLMessage);
        }
    }

    protected void extractRequestInfo(SAMLMessageContext sAMLMessageContext, RequestAbstractType requestAbstractType) {
        sAMLMessageContext.setInboundSAMLMessageId(requestAbstractType.getID());
        sAMLMessageContext.setInboundSAMLMessageIssueInstant(requestAbstractType.getIssueInstant());
        if (requestAbstractType instanceof Request) {
            Request request = (Request) requestAbstractType;
            if (request.getAttributeQuery() != null) {
                extractAttributeQueryInfo(sAMLMessageContext, request.getAttributeQuery());
            }
            if (request.getAuthorizationDecisionQuery() != null) {
                extractAuthorizationDecisionQueryInfo(sAMLMessageContext, request.getAuthorizationDecisionQuery());
            }
            if (request.getAssertionArtifacts() != null) {
                extractAssertionArtifactInfo(sAMLMessageContext, request.getAssertionArtifacts());
            }
        }
    }

    protected void extractAttributeQueryInfo(SAMLMessageContext sAMLMessageContext, AttributeQuery attributeQuery) {
        if (this.useQueryResourceAsEntityId) {
            this.log.debug("Attempting to extract issuer from SAML 1 AttributeQuery Resource attribute");
            String safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(attributeQuery.getResource());
            if (safeTrimOrNullString != null) {
                sAMLMessageContext.setInboundMessageIssuer(safeTrimOrNullString);
                this.log.debug("Extracted issuer from SAML 1.x AttributeQuery: {}", safeTrimOrNullString);
            }
        }
    }

    protected void extractAuthorizationDecisionQueryInfo(SAMLMessageContext sAMLMessageContext, AuthorizationDecisionQuery authorizationDecisionQuery) {
        if (this.useQueryResourceAsEntityId) {
            this.log.debug("Attempting to extract issuer from SAML 1 AuthorizationDecisionQuery Resource attribute");
            String safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(authorizationDecisionQuery.getResource());
            if (safeTrimOrNullString != null) {
                sAMLMessageContext.setInboundMessageIssuer(safeTrimOrNullString);
                this.log.debug("Extracted issuer from SAML 1.x AuthorizationDecisionQuery: {}", safeTrimOrNullString);
            }
        }
    }

    protected void extractAssertionArtifactInfo(SAMLMessageContext sAMLMessageContext, List<AssertionArtifact> list) {
        if (list.size() == 0) {
            return;
        }
        this.log.debug("Attempting to extract issuer based on first AssertionArtifact in request");
        sAMLMessageContext.setInboundMessageIssuer(this.artifactMap.get(list.get(0).getAssertionArtifact()).getRelyingPartyId());
        this.log.debug("Extracted issuer from SAML 1.x AssertionArtifact: {}", sAMLMessageContext.getInboundMessageIssuer());
    }

    protected void extractResponseInfo(SAMLMessageContext sAMLMessageContext, Response response) throws MessageDecodingException {
        sAMLMessageContext.setInboundSAMLMessageId(response.getID());
        sAMLMessageContext.setInboundSAMLMessageIssueInstant(response.getIssueInstant());
        String str = null;
        List<Assertion> assertions = response.getAssertions();
        if (assertions != null && assertions.size() > 0) {
            this.log.info("Attempting to extract issuer from enclosed SAML 1.x Assertion(s)");
            for (Assertion assertion : assertions) {
                if (assertion != null && assertion.getIssuer() != null) {
                    if (str != null && !str.equals(assertion.getIssuer())) {
                        throw new MessageDecodingException("SAML 1.x assertions, within response " + response.getID() + " contain different issuer IDs");
                    }
                    str = assertion.getIssuer();
                }
            }
        }
        if (str == null) {
            this.log.warn("Issuer could not be extracted from standard SAML 1.x response message");
        }
        sAMLMessageContext.setInboundMessageIssuer(str);
    }

    protected void populateRelyingPartyMetadata(SAMLMessageContext sAMLMessageContext) throws MessageDecodingException {
        List<RoleDescriptor> roleDescriptors;
        MetadataProvider metadataProvider = sAMLMessageContext.getMetadataProvider();
        if (metadataProvider != null) {
            try {
                EntityDescriptor entityDescriptor = metadataProvider.getEntityDescriptor(sAMLMessageContext.getInboundMessageIssuer());
                sAMLMessageContext.setPeerEntityMetadata(entityDescriptor);
                QName peerEntityRole = sAMLMessageContext.getPeerEntityRole();
                if (entityDescriptor != null && peerEntityRole != null && (roleDescriptors = entityDescriptor.getRoleDescriptors(peerEntityRole, "urn:oasis:names:tc:SAML:1.1:protocol")) != null && roleDescriptors.size() > 0) {
                    sAMLMessageContext.setPeerEntityRoleMetadata(roleDescriptors.get(0));
                }
            } catch (MetadataProviderException e) {
                this.log.error("Error retrieving metadata for relying party " + sAMLMessageContext.getInboundMessageIssuer(), (Throwable) e);
                throw new MessageDecodingException("Error retrieving metadata for relying party " + sAMLMessageContext.getInboundMessageIssuer(), e);
            }
        }
    }

    @Override // org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder
    protected String getIntendedDestinationEndpointURI(SAMLMessageContext sAMLMessageContext) throws MessageDecodingException {
        SAMLObject inboundSAMLMessage = sAMLMessageContext.getInboundSAMLMessage();
        if (inboundSAMLMessage instanceof ResponseAbstractType) {
            return DatatypeHelper.safeTrimOrNullString(((ResponseAbstractType) inboundSAMLMessage).getRecipient());
        }
        if (inboundSAMLMessage instanceof RequestAbstractType) {
            return null;
        }
        this.log.error("Invalid SAML message type encountered: {}", inboundSAMLMessage.getElementQName().toString());
        throw new MessageDecodingException("Invalid SAML message type encountered");
    }
}
