package edu.internet2.middleware.shibboleth.serviceprovider;

import edu.internet2.middleware.shibboleth.common.Credential;
import edu.internet2.middleware.shibboleth.common.Credentials;
import edu.internet2.middleware.shibboleth.metadata.AttributeAuthorityDescriptor;
import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
import edu.internet2.middleware.shibboleth.serviceprovider.ServiceProviderConfig;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import org.apache.log4j.Logger;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAttributeQuery;
import org.opensaml.SAMLAuthenticationStatement;
import org.opensaml.SAMLException;
import org.opensaml.SAMLRequest;
import org.opensaml.SAMLResponse;
import org.opensaml.SAMLSubject;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/serviceprovider/AttributeRequestor.class */
public class AttributeRequestor {
    private static Logger log;
    private static ServiceProviderContext context;
    static Class class$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("edu.internet2.middleware.shibboleth.serviceprovider.AttributeRequestor");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        log = Logger.getLogger(cls);
        context = ServiceProviderContext.getInstance();
    }

    private AttributeRequestor() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean fetchAttributes(Session session) {
        log.debug(new StringBuffer("Fetching attributes for session ").append(session.getSessionId()).append(" from ").append(session.getEntityId()).toString());
        ServiceProviderConfig serviceProviderConfig = context.getServiceProviderConfig();
        ServiceProviderConfig.ApplicationInfo application = serviceProviderConfig.getApplication(session.getApplicationId());
        SAMLResponse attributeResponse = session.getAttributeResponse();
        EntityDescriptor lookup = application.lookup(session.getEntityId());
        if (lookup == null) {
            log.error(new StringBuffer("Entity(Site) deleted from Metadata since authentication POST received: ").append(session.getEntityId()).toString());
            return false;
        }
        AttributeAuthorityDescriptor attributeAuthorityDescriptor = lookup.getAttributeAuthorityDescriptor("urn:oasis:names:tc:SAML:1.1:protocol");
        if (attributeAuthorityDescriptor == null) {
            log.error(new StringBuffer("No Attribute Authority in Metadata for ID=").append(lookup.getId()).toString());
            return false;
        }
        if (attributeResponse == null) {
            try {
                SAMLAuthenticationStatement authenticationStatement = session.getAuthenticationStatement();
                if (authenticationStatement == null) {
                    log.error("Session contains no Authentication Statement.");
                    return false;
                }
                SAMLSubject subject = authenticationStatement.getSubject();
                if (subject == null) {
                    log.error("Session Authentication Statement contains no Subject.");
                    return false;
                }
                SAMLSubject sAMLSubject = (SAMLSubject) subject.clone();
                log.debug(new StringBuffer("Subject (Handle) is ").append(sAMLSubject.getNameIdentifier()).toString());
                try {
                    SAMLRequest sAMLRequest = new SAMLRequest(new SAMLAttributeQuery(sAMLSubject, application.getProviderId(), application.getAttributeDesignators()));
                    String credentialIdForEntity = application.getCredentialIdForEntity(lookup);
                    if (credentialIdForEntity != null) {
                        possiblySignRequest(serviceProviderConfig.getCredentials(), sAMLRequest, credentialIdForEntity);
                    }
                    try {
                        attributeResponse = new ShibBinding(session.getApplicationId()).send(sAMLRequest, attributeAuthorityDescriptor, null, null, application);
                    } catch (SAMLException e) {
                    }
                    if (attributeResponse == null) {
                        log.error(new StringBuffer("AttributeRequestor Query to remote AA returned no response from ").append(session.getEntityId()).toString());
                        return false;
                    }
                } catch (SAMLException e2) {
                    log.error(new StringBuffer("AttributeRequestor unable to build SAML Query for Session ").append(session.getSessionId()).toString());
                    return false;
                }
            } catch (Exception e3) {
                log.error("Unable to generate the query SAMLSubject from the Authenticaiton.");
                return false;
            }
        } else {
            log.info("Bypassing Attribute Query because Attributes already Pushed.");
        }
        int i = 0;
        Iterator assertions = attributeResponse.getAssertions();
        ArrayList arrayList = new ArrayList();
        while (assertions.hasNext()) {
            arrayList.add(assertions.next());
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            try {
                application.applyAAP((SAMLAssertion) it.next(), attributeAuthorityDescriptor);
                i++;
            } catch (SAMLException e4) {
                attributeResponse.removeAssertion(i);
            }
        }
        session.setAttributeResponse(attributeResponse);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void possiblySignRequest(Credentials credentials, SAMLRequest sAMLRequest, String str) {
        if (credentials == null) {
            log.error("No Credentials Element in SP Config file.");
            return;
        }
        Credential credential = credentials.getCredential(str);
        if (credential == null) {
            log.error(new StringBuffer("No credential found for id ").append(str).toString());
            return;
        }
        try {
            sAMLRequest.sign("http://www.w3.org/2000/09/xmldsig#rsa-sha1", credential.getPrivateKey(), Arrays.asList(credential.getX509CertificateChain()));
            log.debug(new StringBuffer("Attribute Request signed with ").append(str).toString());
        } catch (SAMLException e) {
            log.error("Unable to sign Attribute Request", e);
        }
    }
}
