package edu.internet2.middleware.shibboleth.serviceprovider;

import edu.internet2.middleware.shibboleth.common.Trust;
import edu.internet2.middleware.shibboleth.metadata.AttributeAuthorityDescriptor;
import edu.internet2.middleware.shibboleth.metadata.Endpoint;
import edu.internet2.middleware.shibboleth.serviceprovider.ServiceProviderConfig;
import java.util.Iterator;
import org.apache.log4j.Logger;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAuthorityBinding;
import org.opensaml.SAMLBinding;
import org.opensaml.SAMLBindingFactory;
import org.opensaml.SAMLException;
import org.opensaml.SAMLRequest;
import org.opensaml.SAMLResponse;
import org.opensaml.SAMLSOAPHTTPBinding;
import org.opensaml.TrustException;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/serviceprovider/ShibBinding.class */
public class ShibBinding {
    private static Logger log;
    private static ServiceProviderContext context;
    private String applicationId;
    static Class class$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("edu.internet2.middleware.shibboleth.serviceprovider.ShibBinding");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        log = Logger.getLogger(cls);
        context = ServiceProviderContext.getInstance();
    }

    public ShibBinding(String str) {
        this.applicationId = null;
        this.applicationId = str;
    }

    public SAMLResponse send(SAMLRequest sAMLRequest, AttributeAuthorityDescriptor attributeAuthorityDescriptor, String[] strArr, SAMLAuthorityBinding[] sAMLAuthorityBindingArr, Trust trust) throws SAMLException {
        ServiceProviderConfig.ApplicationInfo application = context.getServiceProviderConfig().getApplication(this.applicationId);
        SAMLBinding sAMLBinding = null;
        String str = null;
        if (sAMLAuthorityBindingArr != null) {
            for (SAMLAuthorityBinding sAMLAuthorityBinding : sAMLAuthorityBindingArr) {
                try {
                    if (!sAMLAuthorityBinding.getBinding().equals(str)) {
                        str = sAMLAuthorityBinding.getBinding();
                        sAMLBinding = SAMLBindingFactory.getInstance(sAMLAuthorityBinding.getBinding());
                    }
                    SAMLResponse send = sAMLBinding.send(sAMLAuthorityBinding.getLocation(), sAMLRequest);
                    validateResponseSignatures(attributeAuthorityDescriptor, application, send);
                    return send;
                } catch (TrustException e) {
                    log.error(new StringBuffer("Unable to validate signatures on attribute response: ").append(e).toString());
                } catch (SAMLException e2) {
                    log.error(new StringBuffer("Unable to query attributes: ").append(e2).toString());
                }
            }
        }
        Iterator endpoints = attributeAuthorityDescriptor.getAttributeServiceManager().getEndpoints();
        while (endpoints.hasNext()) {
            Endpoint endpoint = (Endpoint) endpoints.next();
            try {
                if (!endpoint.getBinding().equals(str)) {
                    str = endpoint.getBinding();
                    sAMLBinding = SAMLBindingFactory.getInstance(endpoint.getBinding());
                }
                if (sAMLBinding instanceof SAMLSOAPHTTPBinding) {
                    ((SAMLSOAPHTTPBinding) sAMLBinding).addHook(new ShibHttpHook(attributeAuthorityDescriptor, trust));
                }
                SAMLResponse send2 = sAMLBinding.send(endpoint.getLocation(), sAMLRequest);
                validateResponseSignatures(attributeAuthorityDescriptor, application, send2);
                return send2;
            } catch (TrustException e3) {
                log.error(new StringBuffer("Unable to validate signatures on attribute response: ").append(e3).toString());
            } catch (SAMLException e4) {
                log.error(new StringBuffer("Unable to query attributes: ").append(e4).toString());
            }
        }
        return null;
    }

    public static void validateResponseSignatures(AttributeAuthorityDescriptor attributeAuthorityDescriptor, ServiceProviderConfig.ApplicationInfo applicationInfo, SAMLResponse sAMLResponse) throws TrustException {
        if (sAMLResponse.isSigned() && !applicationInfo.validate(sAMLResponse, attributeAuthorityDescriptor)) {
            throw new TrustException("Unable to validate signature of response");
        }
        Iterator assertions = sAMLResponse.getAssertions();
        while (assertions.hasNext()) {
            SAMLAssertion sAMLAssertion = (SAMLAssertion) assertions.next();
            Iterator conditions = sAMLAssertion.getConditions();
            while (conditions.hasNext()) {
            }
            if (sAMLAssertion.isSigned() && !applicationInfo.validate(sAMLAssertion, attributeAuthorityDescriptor)) {
                throw new TrustException("Unable to validate signature of assertion in response");
            }
        }
    }
}
