package edu.internet2.middleware.shibboleth.common;

import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
import edu.internet2.middleware.shibboleth.metadata.IDPSSODescriptor;
import edu.internet2.middleware.shibboleth.metadata.MetadataException;
import edu.internet2.middleware.shibboleth.serviceprovider.ServiceProviderConfig;
import edu.internet2.middleware.shibboleth.serviceprovider.ServiceProviderContext;
import java.util.ArrayList;
import org.apache.log4j.Logger;
import org.opensaml.NoSuchProviderException;
import org.opensaml.ReplayCache;
import org.opensaml.SAMLBrowserProfile;
import org.opensaml.SAMLBrowserProfileFactory;
import org.opensaml.SAMLException;
import org.opensaml.TrustException;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/common/ShibBrowserProfile.class */
public class ShibBrowserProfile {
    private static Logger log;
    protected ArrayList policies = new ArrayList();
    protected SAMLBrowserProfile profile = SAMLBrowserProfileFactory.getInstance();
    private static ServiceProviderContext context;
    private String applicationId;
    static Class class$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("edu.internet2.middleware.shibboleth.common.ShibBrowserProfile");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        log = Logger.getLogger(cls.getName());
        context = ServiceProviderContext.getInstance();
    }

    public ShibBrowserProfile(String str) throws NoSuchProviderException {
        this.applicationId = null;
        this.applicationId = str;
    }

    public SAMLBrowserProfile.BrowserProfileResponse receive(StringBuffer stringBuffer, SAMLBrowserProfile.BrowserProfileRequest browserProfileRequest, String str, ReplayCache replayCache, SAMLBrowserProfile.ArtifactMapper artifactMapper, int i) throws SAMLException {
        stringBuffer.setLength(0);
        SAMLBrowserProfile.BrowserProfileResponse receive = this.profile.receive(stringBuffer, browserProfileRequest, str, replayCache, artifactMapper, i);
        String issuer = receive.assertion.getIssuer();
        String nameQualifier = receive.authnStatement.getSubject().getNameIdentifier().getNameQualifier();
        ServiceProviderConfig.ApplicationInfo application = context.getServiceProviderConfig().getApplication(this.applicationId);
        EntityDescriptor lookup = application.lookup(issuer);
        String str2 = issuer;
        if (lookup == null) {
            str2 = nameQualifier;
            lookup = application.lookup(nameQualifier);
        }
        if (lookup == null) {
            log.error(new StringBuffer("assertion issuer not found in metadata(Issuer =").append((Object) stringBuffer).append(", NameQualifier=").append(nameQualifier).toString());
            throw new MetadataException("ShibBrowserProfile.receive() metadata lookup failed, unable to process assertion");
        }
        stringBuffer.append(str2);
        IDPSSODescriptor iDPSSODescriptor = lookup.getIDPSSODescriptor(i == 1 ? "urn:oasis:names:tc:SAML:1.1:protocol" : "urn:oasis:names:tc:SAML:1.0:protocol");
        if (receive.response.isSigned() && !application.validate(receive.response, iDPSSODescriptor)) {
            throw new TrustException("ShibBrowserProfile cannot validate signature on response from SSO");
        }
        if (!receive.assertion.isSigned() || application.validate(receive.assertion, iDPSSODescriptor)) {
            return receive;
        }
        throw new TrustException("ShibBrowserProfile cannot validate signature on assertion from SSO");
    }
}
