package org.opensaml.saml2.binding.decoding;

import java.util.List;
import javax.xml.namespace.QName;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.MessageContext;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.xml.parse.ParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/bundle/opensaml-2.4.1.jar:org/opensaml/saml2/binding/decoding/BaseSAML2MessageDecoder.class
 */
/* loaded from: input_file:WEB-INF/bundle/org.apache.servicemix.bundles.opensaml-2.4.1_1.jar:org/opensaml/saml2/binding/decoding/BaseSAML2MessageDecoder.class */
public abstract class BaseSAML2MessageDecoder extends BaseSAMLMessageDecoder {
    private final Logger log;

    public BaseSAML2MessageDecoder() {
        this.log = LoggerFactory.getLogger(BaseSAML2MessageDecoder.class);
    }

    public BaseSAML2MessageDecoder(ParserPool parserPool) {
        super(parserPool);
        this.log = LoggerFactory.getLogger(BaseSAML2MessageDecoder.class);
    }

    @Override // org.opensaml.ws.message.decoder.BaseMessageDecoder, org.opensaml.ws.message.decoder.MessageDecoder
    public void decode(MessageContext messageContext) throws MessageDecodingException, SecurityException {
        super.decode(messageContext);
        checkEndpointURI((SAMLMessageContext) messageContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void populateMessageContext(SAMLMessageContext sAMLMessageContext) throws MessageDecodingException {
        populateMessageIdIssueInstantIssuer(sAMLMessageContext);
        populateRelyingPartyMetadata(sAMLMessageContext);
    }

    protected void populateMessageIdIssueInstantIssuer(SAMLMessageContext sAMLMessageContext) throws MessageDecodingException {
        if (!(sAMLMessageContext instanceof SAMLMessageContext)) {
            this.log.debug("Invalid message context type, this policy rule only support SAMLMessageContext");
            return;
        }
        SAMLObject inboundSAMLMessage = sAMLMessageContext.getInboundSAMLMessage();
        if (inboundSAMLMessage == null) {
            this.log.error("Message context did not contain inbound SAML message");
            throw new MessageDecodingException("Message context did not contain inbound SAML message");
        }
        if (inboundSAMLMessage instanceof RequestAbstractType) {
            this.log.debug("Extracting ID, issuer and issue instant from request");
            extractRequestInfo(sAMLMessageContext, (RequestAbstractType) inboundSAMLMessage);
        } else {
            if (!(inboundSAMLMessage instanceof StatusResponseType)) {
                throw new MessageDecodingException("SAML 2 message was not a request or a response");
            }
            this.log.debug("Extracting ID, issuer and issue instant from status response");
            extractResponseInfo(sAMLMessageContext, (StatusResponseType) inboundSAMLMessage);
        }
        if (sAMLMessageContext.getInboundMessageIssuer() == null) {
            this.log.warn("Issuer could not be extracted from SAML 2 message");
        }
    }

    protected void extractResponseInfo(SAMLMessageContext sAMLMessageContext, StatusResponseType statusResponseType) throws MessageDecodingException {
        List<Assertion> assertions;
        sAMLMessageContext.setInboundSAMLMessageId(statusResponseType.getID());
        sAMLMessageContext.setInboundSAMLMessageIssueInstant(statusResponseType.getIssueInstant());
        String str = null;
        if (statusResponseType.getIssuer() != null) {
            str = extractEntityId(statusResponseType.getIssuer());
        } else if ((statusResponseType instanceof Response) && (assertions = ((Response) statusResponseType).getAssertions()) != null && assertions.size() > 0) {
            this.log.info("Status response message had no issuer, attempting to extract issuer from enclosed Assertion(s)");
            for (Assertion assertion : assertions) {
                if (assertion != null && assertion.getIssuer() != null) {
                    String extractEntityId = extractEntityId(assertion.getIssuer());
                    if (str != null && !str.equals(extractEntityId)) {
                        throw new MessageDecodingException("SAML 2 assertions, within response " + statusResponseType.getID() + " contain different issuer IDs");
                    }
                    str = extractEntityId;
                }
            }
        }
        sAMLMessageContext.setInboundMessageIssuer(str);
    }

    protected void extractRequestInfo(SAMLMessageContext sAMLMessageContext, RequestAbstractType requestAbstractType) throws MessageDecodingException {
        sAMLMessageContext.setInboundSAMLMessageId(requestAbstractType.getID());
        sAMLMessageContext.setInboundSAMLMessageIssueInstant(requestAbstractType.getIssueInstant());
        sAMLMessageContext.setInboundMessageIssuer(extractEntityId(requestAbstractType.getIssuer()));
    }

    protected String extractEntityId(Issuer issuer) throws MessageDecodingException {
        if (issuer == null) {
            return null;
        }
        if (issuer.getFormat() == null || issuer.getFormat().equals("urn:oasis:names:tc:SAML:2.0:nameid-format:entity")) {
            return issuer.getValue();
        }
        throw new MessageDecodingException("SAML 2 Issuer is not of ENTITY format type");
    }

    protected void populateRelyingPartyMetadata(SAMLMessageContext sAMLMessageContext) throws MessageDecodingException {
        List<RoleDescriptor> roleDescriptors;
        MetadataProvider metadataProvider = sAMLMessageContext.getMetadataProvider();
        if (metadataProvider != null) {
            try {
                EntityDescriptor entityDescriptor = metadataProvider.getEntityDescriptor(sAMLMessageContext.getInboundMessageIssuer());
                sAMLMessageContext.setPeerEntityMetadata(entityDescriptor);
                QName peerEntityRole = sAMLMessageContext.getPeerEntityRole();
                if (entityDescriptor != null && peerEntityRole != null && (roleDescriptors = entityDescriptor.getRoleDescriptors(peerEntityRole, SAMLConstants.SAML11P_NS)) != null && roleDescriptors.size() > 0) {
                    sAMLMessageContext.setPeerEntityRoleMetadata(roleDescriptors.get(0));
                }
            } catch (MetadataProviderException e) {
                this.log.error("Error retrieving metadata for relying party " + sAMLMessageContext.getInboundMessageIssuer(), (Throwable) e);
                throw new MessageDecodingException("Error retrieving metadata for relying party " + sAMLMessageContext.getInboundMessageIssuer(), e);
            }
        }
    }

    @Override // org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder
    protected String getIntendedDestinationEndpointURI(SAMLMessageContext sAMLMessageContext) throws MessageDecodingException {
        String safeTrimOrNullString;
        SAMLObject inboundSAMLMessage = sAMLMessageContext.getInboundSAMLMessage();
        if (inboundSAMLMessage instanceof RequestAbstractType) {
            safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(((RequestAbstractType) inboundSAMLMessage).getDestination());
        } else {
            if (!(inboundSAMLMessage instanceof StatusResponseType)) {
                this.log.error("Invalid SAML message type encountered: {}", inboundSAMLMessage.getElementQName().toString());
                throw new MessageDecodingException("Invalid SAML message type encountered");
            }
            safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(((StatusResponseType) inboundSAMLMessage).getDestination());
        }
        return safeTrimOrNullString;
    }
}
