package edu.internet2.middleware.shibboleth.idp;

import edu.internet2.middleware.shibboleth.aa.AAAttribute;
import edu.internet2.middleware.shibboleth.aa.AAAttributeSet;
import edu.internet2.middleware.shibboleth.aa.AAException;
import edu.internet2.middleware.shibboleth.aa.arp.ArpEngine;
import edu.internet2.middleware.shibboleth.aa.arp.ArpProcessingException;
import edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver;
import edu.internet2.middleware.shibboleth.artifact.ArtifactMapper;
import edu.internet2.middleware.shibboleth.common.Credential;
import edu.internet2.middleware.shibboleth.common.NameMapper;
import edu.internet2.middleware.shibboleth.common.RelyingParty;
import edu.internet2.middleware.shibboleth.common.ServiceProviderMapper;
import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
import edu.internet2.middleware.shibboleth.common.Trust;
import edu.internet2.middleware.shibboleth.common.provider.ShibbolethTrust;
import edu.internet2.middleware.shibboleth.metadata.EntitiesDescriptor;
import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
import edu.internet2.middleware.shibboleth.metadata.Metadata;
import edu.internet2.middleware.shibboleth.metadata.MetadataException;
import java.net.URI;
import java.net.URL;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import org.apache.log4j.Logger;
import org.opensaml.InvalidCryptoException;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAttribute;
import org.opensaml.SAMLException;
import org.opensaml.SAMLResponse;
import org.opensaml.artifact.Artifact;
import org.w3c.dom.Element;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/idp/IdPProtocolSupport.class */
public class IdPProtocolSupport implements Metadata {
    private static Logger log;
    private Logger transactionLog;
    private IdPConfig config;
    private NameMapper nameMapper;
    private ServiceProviderMapper spMapper;
    private ArpEngine arpEngine;
    private AttributeResolver resolver;
    private ArtifactMapper artifactMapper;
    private Semaphore throttle;
    static Class class$0;
    private ArrayList metadata = new ArrayList();
    private Trust trust = new ShibbolethTrust();

    /* loaded from: input_file:edu/internet2/middleware/shibboleth/idp/IdPProtocolSupport$Semaphore.class */
    private class Semaphore {
        private int value;
        final IdPProtocolSupport this$0;

        public Semaphore(IdPProtocolSupport idPProtocolSupport, int i) {
            this.this$0 = idPProtocolSupport;
            this.value = i;
        }

        public synchronized void enter() {
            this.value--;
            if (this.value < 0) {
                try {
                    wait();
                } catch (InterruptedException e) {
                }
            }
        }

        public synchronized void exit() {
            this.value++;
            notify();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("edu.internet2.middleware.shibboleth.idp.IdPProtocolSupport");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        log = Logger.getLogger(cls.getName());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public IdPProtocolSupport(IdPConfig idPConfig, Logger logger, NameMapper nameMapper, ServiceProviderMapper serviceProviderMapper, ArpEngine arpEngine, AttributeResolver attributeResolver, ArtifactMapper artifactMapper) throws ShibbolethConfigurationException {
        this.transactionLog = logger;
        this.config = idPConfig;
        this.nameMapper = nameMapper;
        this.spMapper = serviceProviderMapper;
        serviceProviderMapper.setMetadata(this);
        this.arpEngine = arpEngine;
        this.resolver = attributeResolver;
        this.artifactMapper = artifactMapper;
        this.throttle = new Semaphore(this, idPConfig.getMaxThreads());
    }

    public Logger getTransactionLog() {
        return this.transactionLog;
    }

    public IdPConfig getIdPConfig() {
        return this.config;
    }

    public NameMapper getNameMapper() {
        return this.nameMapper;
    }

    public ServiceProviderMapper getServiceProviderMapper() {
        return this.spMapper;
    }

    public void signAssertions(SAMLAssertion[] sAMLAssertionArr, RelyingParty relyingParty) throws InvalidCryptoException, SAMLException {
        String str;
        if (relyingParty.getIdentityProvider().getSigningCredential() == null || relyingParty.getIdentityProvider().getSigningCredential().getPrivateKey() == null) {
            throw new InvalidCryptoException(SAMLException.RESPONDER, "Invalid signing credential.");
        }
        for (SAMLAssertion sAMLAssertion : sAMLAssertionArr) {
            if (relyingParty.getIdentityProvider().getSigningCredential().getCredentialType() == Credential.RSA) {
                str = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
            } else {
                if (relyingParty.getIdentityProvider().getSigningCredential().getCredentialType() != Credential.DSA) {
                    throw new InvalidCryptoException(SAMLException.RESPONDER, "The Shibboleth IdP currently only supports signing with RSA and DSA keys.");
                }
                str = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
            }
            try {
                this.throttle.enter();
                sAMLAssertion.sign(str, relyingParty.getIdentityProvider().getSigningCredential().getPrivateKey(), Arrays.asList(relyingParty.getIdentityProvider().getSigningCredential().getX509CertificateChain()));
                this.throttle.exit();
            } catch (Throwable th) {
                this.throttle.exit();
                throw th;
            }
        }
    }

    public void signResponse(SAMLResponse sAMLResponse, RelyingParty relyingParty) throws SAMLException {
        String str;
        if (relyingParty.getIdentityProvider().getSigningCredential() == null || relyingParty.getIdentityProvider().getSigningCredential().getPrivateKey() == null) {
            throw new InvalidCryptoException(SAMLException.RESPONDER, "Invalid signing credential.");
        }
        if (relyingParty.getIdentityProvider().getSigningCredential().getCredentialType() == Credential.RSA) {
            str = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
        } else {
            if (relyingParty.getIdentityProvider().getSigningCredential().getCredentialType() != Credential.DSA) {
                throw new InvalidCryptoException(SAMLException.RESPONDER, "The Shibboleth IdP currently only supports signing with RSA and DSA keys.");
            }
            str = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
        }
        try {
            this.throttle.enter();
            sAMLResponse.sign(str, relyingParty.getIdentityProvider().getSigningCredential().getPrivateKey(), Arrays.asList(relyingParty.getIdentityProvider().getSigningCredential().getX509CertificateChain()));
        } finally {
            this.throttle.exit();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addMetadataProvider(Element element) {
        log.debug("Found Metadata Provider configuration element.");
        if (!element.getTagName().equals("MetadataProvider")) {
            log.error("Error while attemtping to load Metadata Provider.  Malformed provider specificaion.");
            return;
        }
        try {
            this.metadata.add(MetadataProviderFactory.loadProvider(element));
        } catch (MetadataException e) {
            log.error("Unable to load Metadata Provider.  Skipping...");
        }
    }

    public int providerCount() {
        return this.metadata.size();
    }

    @Override // edu.internet2.middleware.shibboleth.metadata.Metadata
    public EntityDescriptor lookup(String str, boolean z) {
        Iterator it = this.metadata.iterator();
        while (it.hasNext()) {
            EntityDescriptor lookup = ((Metadata) it.next()).lookup(str);
            if (lookup != null) {
                return lookup;
            }
        }
        return null;
    }

    @Override // edu.internet2.middleware.shibboleth.metadata.Metadata
    public EntityDescriptor lookup(Artifact artifact, boolean z) {
        Iterator it = this.metadata.iterator();
        while (it.hasNext()) {
            EntityDescriptor lookup = ((Metadata) it.next()).lookup(artifact);
            if (lookup != null) {
                return lookup;
            }
        }
        return null;
    }

    @Override // edu.internet2.middleware.shibboleth.metadata.Metadata
    public EntityDescriptor lookup(String str) {
        return lookup(str, true);
    }

    @Override // edu.internet2.middleware.shibboleth.metadata.Metadata
    public EntityDescriptor lookup(Artifact artifact) {
        return lookup(artifact, true);
    }

    @Override // edu.internet2.middleware.shibboleth.metadata.Metadata
    public EntityDescriptor getRootEntity() {
        return null;
    }

    @Override // edu.internet2.middleware.shibboleth.metadata.Metadata
    public EntitiesDescriptor getRootEntities() {
        return null;
    }

    public SAMLAttribute[] getReleaseAttributes(Principal principal, RelyingParty relyingParty, String str, URL url) throws AAException {
        try {
            return getReleaseAttributes(principal, relyingParty, str, url, this.arpEngine.listPossibleReleaseAttributes(principal, str, url));
        } catch (ArpProcessingException e) {
            log.error(new StringBuffer("An error occurred while processing the ARPs for principal (").append(principal.getName()).append(") :").append(e.getMessage()).toString());
            throw new AAException("Error retrieving data for principal.");
        }
    }

    public SAMLAttribute[] getReleaseAttributes(Principal principal, RelyingParty relyingParty, String str, URL url, URI[] uriArr) throws AAException {
        try {
            AAAttributeSet aAAttributeSet = new AAAttributeSet();
            for (int i = 0; i < uriArr.length; i++) {
                aAAttributeSet.add(relyingParty.wantsSchemaHack() ? new AAAttribute(uriArr[i].toString(), true) : new AAAttribute(uriArr[i].toString(), false));
            }
            return resolveAttributes(principal, str, relyingParty.getIdentityProvider().getProviderId(), url, aAAttributeSet);
        } catch (SAMLException e) {
            log.error(new StringBuffer("An error occurred while creating attributes for principal (").append(principal.getName()).append(") :").append(e.getMessage()).toString());
            throw new AAException("Error retrieving data for principal.");
        } catch (ArpProcessingException e2) {
            log.error(new StringBuffer("An error occurred while processing the ARPs for principal (").append(principal.getName()).append(") :").append(e2.getMessage()).toString());
            throw new AAException("Error retrieving data for principal.");
        }
    }

    public SAMLAttribute[] resolveAttributes(Principal principal, String str, String str2, URL url, AAAttributeSet aAAttributeSet) throws ArpProcessingException {
        this.resolver.resolveAttributes(principal, str, str2, aAAttributeSet);
        this.arpEngine.filterAttributes(aAAttributeSet, principal, str, url);
        return aAAttributeSet.getAttributes();
    }

    public SAMLAttribute[] resolveAttributesNoPolicies(Principal principal, String str, String str2, AAAttributeSet aAAttributeSet) {
        this.resolver.resolveAttributes(principal, str, str2, aAAttributeSet);
        return aAAttributeSet.getAttributes();
    }

    public void destroy() {
        this.resolver.destroy();
        this.arpEngine.destroy();
    }

    public ArtifactMapper getArtifactMapper() {
        return this.artifactMapper;
    }

    public Trust getTrust() {
        return this.trust;
    }
}
