package org.springframework.security.saml.websso;

import java.util.Random;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLException;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.SAMLVersion;
import org.opensaml.common.binding.artifact.SAMLArtifactMap;
import org.opensaml.common.binding.decoding.BasicURLComparator;
import org.opensaml.common.binding.decoding.URIComparator;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameIDType;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.StatusMessage;
import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.security.MetadataCriteria;
import org.opensaml.security.SAMLSignatureProfileValidator;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.opensaml.xml.security.criteria.UsageCriteria;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.opensaml.xml.validation.ValidationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.saml.context.SAMLMessageContext;
import org.springframework.security.saml.metadata.MetadataManager;
import org.springframework.security.saml.processor.SAMLProcessor;
import org.springframework.security.saml.util.SAMLUtil;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-saml2-core-1.0.2.RELEASE.jar:org/springframework/security/saml/websso/AbstractProfileBase.class */
public abstract class AbstractProfileBase implements InitializingBean {
    private int responseSkew;
    private int maxAssertionTime;
    protected final Logger log;
    protected MetadataManager metadata;
    protected SAMLProcessor processor;
    protected SAMLArtifactMap artifactMap;
    protected XMLObjectBuilderFactory builderFactory;
    protected URIComparator uriComparator;

    public AbstractProfileBase() {
        this.responseSkew = 60;
        this.maxAssertionTime = 3000;
        this.log = LoggerFactory.getLogger(getClass());
        this.builderFactory = Configuration.getBuilderFactory();
        this.uriComparator = new BasicURLComparator();
    }

    public AbstractProfileBase(SAMLProcessor sAMLProcessor, MetadataManager metadataManager) {
        this();
        this.processor = sAMLProcessor;
        this.metadata = metadataManager;
    }

    public abstract String getProfileIdentifier();

    public void setResponseSkew(int i) {
        this.responseSkew = i;
    }

    public int getResponseSkew() {
        return this.responseSkew;
    }

    public int getMaxAssertionTime() {
        return this.maxAssertionTime;
    }

    public void setMaxAssertionTime(int i) {
        this.maxAssertionTime = i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendMessage(SAMLMessageContext sAMLMessageContext, boolean z) throws MetadataProviderException, SAMLException, MessageEncodingException {
        this.processor.sendMessage(sAMLMessageContext, z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendMessage(SAMLMessageContext sAMLMessageContext, boolean z, String str) throws MetadataProviderException, SAMLException, MessageEncodingException {
        this.processor.sendMessage(sAMLMessageContext, z, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Status getStatus(String str, String str2) {
        StatusCode statusCode = (StatusCode) ((SAMLObjectBuilder) this.builderFactory.getBuilder(StatusCode.DEFAULT_ELEMENT_NAME)).mo5094buildObject();
        statusCode.setValue(str);
        Status status = (Status) ((SAMLObjectBuilder) this.builderFactory.getBuilder(Status.DEFAULT_ELEMENT_NAME)).mo5094buildObject();
        status.setStatusCode(statusCode);
        if (str2 != null) {
            StatusMessage statusMessage = (StatusMessage) ((SAMLObjectBuilder) this.builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME)).mo5094buildObject();
            statusMessage.setMessage(str2);
            status.setStatusMessage(statusMessage);
        }
        return status;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void buildCommonAttributes(String str, RequestAbstractType requestAbstractType, Endpoint endpoint) {
        requestAbstractType.setID(generateID());
        requestAbstractType.setIssuer(getIssuer(str));
        requestAbstractType.setVersion(SAMLVersion.VERSION_20);
        requestAbstractType.setIssueInstant(new DateTime());
        if (endpoint != null) {
            requestAbstractType.setDestination(endpoint.getLocation());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Issuer getIssuer(String str) {
        Issuer issuer = (Issuer) ((SAMLObjectBuilder) this.builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME)).mo5094buildObject();
        issuer.setValue(str);
        return issuer;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String generateID() {
        Random random = new Random();
        return 'a' + Long.toString(Math.abs(random.nextLong()), 20) + Long.toString(Math.abs(random.nextLong()), 20);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void verifyIssuer(Issuer issuer, SAMLMessageContext sAMLMessageContext) throws SAMLException {
        if (issuer.getFormat() != null && !issuer.getFormat().equals(NameIDType.ENTITY)) {
            throw new SAMLException("Issuer invalidated by issuer type " + issuer.getFormat());
        }
        if (!sAMLMessageContext.getPeerEntityMetadata().getEntityID().equals(issuer.getValue())) {
            throw new SAMLException("Issuer invalidated by issuer value " + issuer.getValue());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void verifyEndpoint(Endpoint endpoint, String str) throws SAMLException {
        if (str != null && !this.uriComparator.compare(str, endpoint.getLocation()) && !this.uriComparator.compare(str, endpoint.getResponseLocation())) {
            throw new SAMLException("Intended destination " + str + " doesn't match any of the endpoint URLs on endpoint " + endpoint.getLocation() + " for profile " + getProfileIdentifier());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void verifySignature(Signature signature, String str, SignatureTrustEngine signatureTrustEngine) throws SecurityException, ValidationException {
        if (signatureTrustEngine == null) {
            throw new SecurityException("Trust engine is not set, signature can't be verified");
        }
        new SAMLSignatureProfileValidator().validate(signature);
        CriteriaSet criteriaSet = new CriteriaSet();
        criteriaSet.add(new EntityIDCriteria(str));
        criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
        criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
        this.log.debug("Verifying signature", signature);
        if (!signatureTrustEngine.validate(signature, criteriaSet)) {
            throw new ValidationException("Signature is not trusted or invalid");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getEndpointBinding(Endpoint endpoint) {
        return SAMLUtil.getBindingForEndpoint(endpoint);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isEndpointMatching(Endpoint endpoint, String str) {
        return str.equals(getEndpointBinding(endpoint));
    }

    @Autowired
    public void setMetadata(MetadataManager metadataManager) {
        this.metadata = metadataManager;
    }

    @Autowired(required = false)
    public void setProcessor(SAMLProcessor sAMLProcessor) {
        this.processor = sAMLProcessor;
    }

    public void setArtifactMap(SAMLArtifactMap sAMLArtifactMap) {
        this.artifactMap = sAMLArtifactMap;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.metadata, "Metadata must be set");
        Assert.notNull(this.processor, "SAML Processor must be set");
    }
}
