package edu.internet2.middleware.shibboleth.serviceprovider;

import edu.internet2.middleware.shibboleth.common.Constants;
import edu.internet2.middleware.shibboleth.common.Credentials;
import edu.internet2.middleware.shibboleth.common.Trust;
import edu.internet2.middleware.shibboleth.metadata.RoleDescriptor;
import java.net.HttpURLConnection;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.opensaml.SAMLException;
import org.opensaml.SAMLSOAPHTTPBinding;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/serviceprovider/ShibHttpHook.class */
public class ShibHttpHook implements SAMLSOAPHTTPBinding.HTTPHook {
    private static Logger log;
    ServiceProviderContext context = ServiceProviderContext.getInstance();
    ServiceProviderConfig config = this.context.getServiceProviderConfig();
    Credentials credentials = this.config.getCredentials();
    RoleDescriptor role;
    Trust trust;
    static Class class$0;

    /* loaded from: input_file:edu/internet2/middleware/shibboleth/serviceprovider/ShibHttpHook$ShibKeyManager.class */
    class ShibKeyManager implements X509KeyManager {
        public String fred = "Fred";
        public String[] freds = {this.fred};
        final ShibHttpHook this$0;

        ShibKeyManager(ShibHttpHook shibHttpHook) {
            this.this$0 = shibHttpHook;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.freds;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.fred;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this.freds;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return this.fred;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.this$0.credentials.getCredential().getX509CertificateChain();
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.this$0.credentials.getCredential().getPrivateKey();
        }
    }

    /* loaded from: input_file:edu/internet2/middleware/shibboleth/serviceprovider/ShibHttpHook$ShibTrustManager.class */
    class ShibTrustManager implements X509TrustManager {
        final ShibHttpHook this$0;

        ShibTrustManager(ShibHttpHook shibHttpHook) {
            this.this$0 = shibHttpHook;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            ShibHttpHook.log.error("ShibHttpHook method getAcceptedIssuers should not have been called.");
            return new X509Certificate[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            ShibHttpHook.log.error("ShibHttpHook method checkClientTrusted should not have been called.");
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (this.this$0.trust.validate(x509CertificateArr[0], x509CertificateArr, this.this$0.role)) {
                ShibHttpHook.log.debug("ShibHttpHook accepted AA Server Certificate.");
            } else {
                ShibHttpHook.log.info("ShibHttpHook rejected AA Server Certificate.");
                throw new CertificateException("Cannot validate AA Server Certificate in Metadata");
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("org.opensaml.SAMLSOAPHTTPBinding$HTTPHook");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        log = Logger.getLogger(cls);
    }

    public ShibHttpHook(RoleDescriptor roleDescriptor, Trust trust) {
        this.role = roleDescriptor;
        this.trust = trust;
    }

    public boolean incoming(HttpServletRequest httpServletRequest, Object obj, Object obj2) throws SAMLException {
        log.error("ShibHttpHook method incoming-1 should not have been called.");
        return true;
    }

    public boolean outgoing(HttpServletResponse httpServletResponse, Object obj, Object obj2) throws SAMLException {
        log.error("ShibHttpHook method outgoing-1 should not have been called.");
        return true;
    }

    public boolean incoming(HttpURLConnection httpURLConnection, Object obj, Object obj2) throws SAMLException {
        return true;
    }

    public boolean outgoing(HttpURLConnection httpURLConnection, Object obj, Object obj2) throws SAMLException {
        httpURLConnection.setRequestProperty("Shibboleth", Constants.SHIB_VERSION);
        if (!(httpURLConnection instanceof HttpsURLConnection)) {
            return true;
        }
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            try {
                sSLContext.init(new KeyManager[]{new ShibKeyManager(this)}, new TrustManager[]{new ShibTrustManager(this)}, new SecureRandom());
                httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
                return true;
            } catch (KeyManagementException e) {
                return false;
            }
        } catch (NoSuchAlgorithmException e2) {
            log.error("Cannot find required SSL support");
            return true;
        }
    }
}
