package edu.internet2.middleware.shibboleth.common.provider;

import edu.internet2.middleware.shibboleth.common.Trust;
import edu.internet2.middleware.shibboleth.metadata.KeyDescriptor;
import edu.internet2.middleware.shibboleth.metadata.RoleDescriptor;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import org.apache.log4j.Logger;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.keyresolver.KeyResolverException;
import org.opensaml.SAMLException;
import org.opensaml.SAMLSignedObject;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/common/provider/BasicTrust.class */
public class BasicTrust implements Trust {
    private static Logger log;
    static Class class$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("edu.internet2.middleware.shibboleth.common.provider.BasicTrust");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        log = Logger.getLogger(cls.getName());
    }

    @Override // edu.internet2.middleware.shibboleth.common.Trust
    public boolean validate(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr, RoleDescriptor roleDescriptor, boolean z) {
        if (roleDescriptor == null || x509Certificate == null) {
            log.error("Appropriate data was not supplied for trust evaluation.");
            return false;
        }
        Iterator keyDescriptors = roleDescriptor.getKeyDescriptors();
        while (keyDescriptors.hasNext()) {
            KeyDescriptor keyDescriptor = (KeyDescriptor) keyDescriptors.next();
            if (keyDescriptor.getUse() == 0) {
                log.debug("Skipping key descriptor with inappropriate usage indicator.");
            } else {
                KeyInfo keyInfo = keyDescriptor.getKeyInfo();
                if (keyInfo.containsX509Data()) {
                    log.debug("Attempting to match X509 certificate.");
                    try {
                        if (Arrays.equals(keyInfo.getX509Certificate().getEncoded(), x509Certificate.getEncoded())) {
                            log.debug("Match successful.");
                            return true;
                        }
                        log.debug("Certificate did not match.");
                    } catch (KeyResolverException e) {
                        log.error("Error extracting X509 certificate from metadata.");
                    } catch (CertificateEncodingException e2) {
                        log.error("Error while comparing X509 encoded data.");
                    }
                } else {
                    continue;
                }
            }
        }
        return false;
    }

    @Override // edu.internet2.middleware.shibboleth.common.Trust
    public boolean validate(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr, RoleDescriptor roleDescriptor) {
        return validate(x509Certificate, x509CertificateArr, roleDescriptor, true);
    }

    @Override // edu.internet2.middleware.shibboleth.common.Trust
    public boolean validate(SAMLSignedObject sAMLSignedObject, RoleDescriptor roleDescriptor) {
        Iterator keyDescriptors = roleDescriptor.getKeyDescriptors();
        while (keyDescriptors.hasNext()) {
            KeyDescriptor keyDescriptor = (KeyDescriptor) keyDescriptors.next();
            if (keyDescriptor.getUse() != 0) {
                try {
                    try {
                        sAMLSignedObject.verify(keyDescriptor.getKeyInfo().getPublicKey());
                        return true;
                    } catch (SAMLException e) {
                    }
                } catch (KeyResolverException e2) {
                }
            }
        }
        return false;
    }
}
