package org.springframework.security.saml.processor;

import java.util.Arrays;
import java.util.Collection;
import javax.xml.namespace.QName;
import org.opensaml.common.SAMLException;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.security.provider.BasicSecurityPolicy;
import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
import org.opensaml.ws.transport.InTransport;
import org.opensaml.xml.security.SecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.saml.context.SAMLMessageContext;
import org.springframework.security.saml.metadata.MetadataManager;
import org.springframework.security.saml.util.SAMLUtil;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/spring-security-saml2-core-1.0.9.RELEASE.jar:org/springframework/security/saml/processor/SAMLProcessorImpl.class */
public class SAMLProcessorImpl implements SAMLProcessor {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SAMLProcessorImpl.class);
    protected Collection<SAMLBinding> bindings;

    public SAMLProcessorImpl(SAMLBinding sAMLBinding) {
        this.bindings = Arrays.asList(sAMLBinding);
    }

    public SAMLProcessorImpl(Collection<SAMLBinding> collection) {
        this.bindings = collection;
    }

    public SAMLMessageContext retrieveMessage(SAMLMessageContext sAMLMessageContext, SAMLBinding sAMLBinding) throws SAMLException, MetadataProviderException, MessageDecodingException, SecurityException {
        log.debug("Retrieving message using binding {}", sAMLBinding.getBindingURI());
        verifyContext(sAMLMessageContext);
        populateSecurityPolicy(sAMLMessageContext, sAMLBinding);
        QName peerEntityRole = sAMLMessageContext.getPeerEntityRole();
        if (peerEntityRole == null) {
            peerEntityRole = IDPSSODescriptor.DEFAULT_ELEMENT_NAME;
        }
        sAMLMessageContext.setPeerEntityRole(peerEntityRole);
        sAMLMessageContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
        sAMLMessageContext.setInboundSAMLBinding(sAMLBinding.getBindingURI());
        sAMLBinding.getMessageDecoder().decode(sAMLMessageContext);
        if (sAMLMessageContext.getPeerEntityMetadata() == null) {
            throw new MetadataProviderException("Metadata for issuer " + sAMLMessageContext.getInboundMessageIssuer() + " wasn't found");
        }
        sAMLMessageContext.setPeerEntityId(sAMLMessageContext.getPeerEntityMetadata().getEntityID());
        sAMLMessageContext.setPeerExtendedMetadata(((MetadataManager) sAMLMessageContext.getMetadataProvider()).getExtendedMetadata(sAMLMessageContext.getPeerEntityId()));
        return sAMLMessageContext;
    }

    protected void populateSecurityPolicy(SAMLMessageContext sAMLMessageContext, SAMLBinding sAMLBinding) {
        BasicSecurityPolicy basicSecurityPolicy = new BasicSecurityPolicy();
        sAMLBinding.getSecurityPolicy(basicSecurityPolicy.getPolicyRules(), sAMLMessageContext);
        sAMLMessageContext.setSecurityPolicyResolver(new StaticSecurityPolicyResolver(basicSecurityPolicy));
    }

    @Override // org.springframework.security.saml.processor.SAMLProcessor
    public SAMLMessageContext retrieveMessage(SAMLMessageContext sAMLMessageContext, String str) throws SAMLException, MetadataProviderException, MessageDecodingException, SecurityException {
        return retrieveMessage(sAMLMessageContext, getBinding(str));
    }

    @Override // org.springframework.security.saml.processor.SAMLProcessor
    public SAMLMessageContext retrieveMessage(SAMLMessageContext sAMLMessageContext) throws SAMLException, MetadataProviderException, MessageDecodingException, SecurityException {
        return retrieveMessage(sAMLMessageContext, getBinding(sAMLMessageContext.getInboundMessageTransport()));
    }

    @Override // org.springframework.security.saml.processor.SAMLProcessor
    public SAMLMessageContext sendMessage(SAMLMessageContext sAMLMessageContext, boolean z) throws SAMLException, MetadataProviderException, MessageEncodingException {
        Endpoint peerEntityEndpoint = sAMLMessageContext.getPeerEntityEndpoint();
        if (peerEntityEndpoint == null) {
            throw new SAMLException("Could not get peer entity endpoint");
        }
        return sendMessage(sAMLMessageContext, z, getBinding(peerEntityEndpoint));
    }

    @Override // org.springframework.security.saml.processor.SAMLProcessor
    public SAMLMessageContext sendMessage(SAMLMessageContext sAMLMessageContext, boolean z, String str) throws SAMLException, MetadataProviderException, MessageEncodingException {
        return sendMessage(sAMLMessageContext, z, getBinding(str));
    }

    protected SAMLMessageContext sendMessage(SAMLMessageContext sAMLMessageContext, boolean z, SAMLBinding sAMLBinding) throws SAMLException, MetadataProviderException, MessageEncodingException {
        verifyContext(sAMLMessageContext);
        if (z) {
            Assert.notNull(sAMLMessageContext.getLocalSigningCredential(), "Cannot sign outgoing message as no signing credential is set in the context");
            sAMLMessageContext.setOutboundSAMLMessageSigningCredential(sAMLMessageContext.getLocalSigningCredential());
        }
        sAMLBinding.getMessageEncoder().encode(sAMLMessageContext);
        return sAMLMessageContext;
    }

    protected void verifyContext(SAMLMessageContext sAMLMessageContext) throws MetadataProviderException {
        Assert.notNull(sAMLMessageContext.getMetadataProvider(), "Metadata provider must be set in the context");
        Assert.notNull(sAMLMessageContext.getLocalEntityId(), "Local entity id must be set in the context");
        Assert.notNull(sAMLMessageContext.getLocalEntityRole(), "Local entity role must be set in the context");
        Assert.notNull(sAMLMessageContext.getLocalEntityMetadata(), "Local entity metadata must be set in the context");
        Assert.notNull(sAMLMessageContext.getLocalEntityRoleMetadata(), "Local entity role metadata must be set in the context");
        Assert.notNull(sAMLMessageContext.getLocalExtendedMetadata(), "Local extended metadata must be set in the context");
        Assert.notNull(sAMLMessageContext.getLocalTrustEngine(), "SignatureTrustEngine must be set in the samlContext");
        Assert.notNull(sAMLMessageContext.getLocalSSLTrustEngine(), "SSL Trust Engine must be set in the samlContext");
    }

    protected SAMLBinding getBinding(InTransport inTransport) throws SAMLException {
        for (SAMLBinding sAMLBinding : this.bindings) {
            if (sAMLBinding.supports(inTransport)) {
                return sAMLBinding;
            }
        }
        throw new SAMLException("Unsupported request");
    }

    protected SAMLBinding getBinding(Endpoint endpoint) throws SAMLException, MetadataProviderException {
        return getBinding(SAMLUtil.getBindingForEndpoint(endpoint));
    }

    protected SAMLBinding getBinding(String str) throws SAMLException {
        for (SAMLBinding sAMLBinding : this.bindings) {
            if (sAMLBinding.getBindingURI().equals(str)) {
                return sAMLBinding;
            }
        }
        throw new SAMLException("Binding " + str + " is not available, please check your configuration");
    }
}
