package org.picketlink.identity.federation.web.handlers.saml2;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Map;
import java.util.StringTokenizer;
import org.hsqldb.DatabaseURL;
import org.jboss.security.audit.AuditLevel;
import org.picketlink.common.constants.GeneralConstants;
import org.picketlink.common.constants.LDAPConstants;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.config.federation.IDPType;
import org.picketlink.config.federation.ProviderType;
import org.picketlink.config.federation.TrustType;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditEvent;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditEventType;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;

/* loaded from: input_file:WEB-INF/lib/picketlink-federation-2.5.3.SP4.jar:org/picketlink/identity/federation/web/handlers/saml2/SAML2IssuerTrustHandler.class */
public class SAML2IssuerTrustHandler extends BaseSAML2Handler {
    private final IDPTrustHandler idp = new IDPTrustHandler();
    private final SPTrustHandler sp = new SPTrustHandler();

    /* loaded from: input_file:WEB-INF/lib/picketlink-federation-2.5.3.SP4.jar:org/picketlink/identity/federation/web/handlers/saml2/SAML2IssuerTrustHandler$IDPTrustHandler.class */
    private class IDPTrustHandler {
        private IDPTrustHandler() {
        }

        public void handleRequestType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse, IDPType iDPType) throws ProcessingException {
            RequestAbstractType requestAbstractType = (RequestAbstractType) sAML2HandlerRequest.getSAML2Object();
            if (requestAbstractType == null) {
                throw BaseSAML2Handler.logger.nullValueError("AuthnRequest");
            }
            trustIssuer(iDPType, requestAbstractType.getIssuer().getValue());
        }

        public void handleStatusResponseType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse, IDPType iDPType) throws ProcessingException {
            trustIssuer(iDPType, sAML2HandlerRequest.getIssuer().getValue());
        }

        private void trustIssuer(IDPType iDPType, String str) throws ProcessingException {
            if (iDPType == null) {
                throw BaseSAML2Handler.logger.nullArgumentError("IDP Configuration");
            }
            try {
                String domain = SAML2IssuerTrustHandler.getDomain(str);
                TrustType trust = iDPType.getTrust();
                if (trust == null) {
                    throw BaseSAML2Handler.logger.samlHandlerTrustElementMissingError();
                }
                String domains = trust.getDomains();
                BaseSAML2Handler.logger.trace("Domains that IDP trusts = " + domains + " and issuer domain = " + domain);
                if (domains.indexOf(domain) < 0) {
                    StringTokenizer stringTokenizer = new StringTokenizer(domains, LDAPConstants.COMMA);
                    while (stringTokenizer != null && stringTokenizer.hasMoreTokens()) {
                        String nextToken = stringTokenizer.nextToken();
                        BaseSAML2Handler.logger.trace("Matching uri bit = " + nextToken);
                        if (domain.indexOf(nextToken) > 0) {
                            BaseSAML2Handler.logger.trace("Matched " + nextToken + " trust for " + domain);
                            return;
                        }
                    }
                    throw BaseSAML2Handler.logger.samlIssuerNotTrustedError(str);
                }
            } catch (Exception e) {
                throw new ProcessingException(BaseSAML2Handler.logger.samlIssuerNotTrustedException(e));
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/picketlink-federation-2.5.3.SP4.jar:org/picketlink/identity/federation/web/handlers/saml2/SAML2IssuerTrustHandler$SPTrustHandler.class */
    private class SPTrustHandler {
        private SPTrustHandler() {
        }

        public void handleRequestType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse, ProviderType providerType) throws ProcessingException {
            trustIssuer(providerType, sAML2HandlerRequest);
        }

        public void handleStatusResponseType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse, ProviderType providerType) throws ProcessingException {
            trustIssuer(providerType, sAML2HandlerRequest);
        }

        private void trustIssuer(ProviderType providerType, SAML2HandlerRequest sAML2HandlerRequest) throws ProcessingException {
            if (providerType == null) {
                throw BaseSAML2Handler.logger.nullArgumentError("SP Configuration");
            }
            String value = sAML2HandlerRequest.getIssuer().getValue();
            Map<String, Object> options = sAML2HandlerRequest.getOptions();
            PicketLinkAuditHelper picketLinkAuditHelper = (PicketLinkAuditHelper) options.get(GeneralConstants.AUDIT_HELPER);
            String str = (String) options.get(GeneralConstants.CONTEXT_PATH);
            try {
                String domain = SAML2IssuerTrustHandler.getDomain(value);
                TrustType trust = providerType.getTrust();
                if (trust == null) {
                    throw BaseSAML2Handler.logger.samlHandlerTrustElementMissingError();
                }
                String domains = trust.getDomains();
                BaseSAML2Handler.logger.trace("Domains that SP trusts = " + domains + " and issuer domain = " + domain);
                if (domains.indexOf(domain) < 0) {
                    StringTokenizer stringTokenizer = new StringTokenizer(domains, LDAPConstants.COMMA);
                    while (stringTokenizer != null && stringTokenizer.hasMoreTokens()) {
                        String nextToken = stringTokenizer.nextToken();
                        BaseSAML2Handler.logger.trace("Matching uri bit = " + nextToken);
                        if (domain.indexOf(nextToken) > 0) {
                            BaseSAML2Handler.logger.trace("Matched " + nextToken + " trust for " + domain);
                            return;
                        }
                    }
                    if (picketLinkAuditHelper != null) {
                        PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                        picketLinkAuditEvent.setWhoIsAuditing(str);
                        picketLinkAuditEvent.setType(PicketLinkAuditEventType.ERROR_TRUSTED_DOMAIN);
                        picketLinkAuditHelper.audit(picketLinkAuditEvent);
                    }
                    throw BaseSAML2Handler.logger.samlIssuerNotTrustedError(value);
                }
            } catch (Exception e) {
                throw new ProcessingException(BaseSAML2Handler.logger.samlIssuerNotTrustedException(e));
            }
        }
    }

    @Override // org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler
    public void handleRequestType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
        if (getType() == SAML2Handler.HANDLER_TYPE.IDP) {
            this.idp.handleRequestType(sAML2HandlerRequest, sAML2HandlerResponse, (IDPType) this.handlerChainConfig.getParameter(GeneralConstants.CONFIGURATION));
        } else {
            this.sp.handleRequestType(sAML2HandlerRequest, sAML2HandlerResponse, (ProviderType) this.handlerChainConfig.getParameter(GeneralConstants.CONFIGURATION));
        }
    }

    @Override // org.picketlink.identity.federation.web.handlers.saml2.BaseSAML2Handler, org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler
    public void handleStatusResponseType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
        if (getType() == SAML2Handler.HANDLER_TYPE.IDP) {
            this.idp.handleStatusResponseType(sAML2HandlerRequest, sAML2HandlerResponse, (IDPType) this.handlerChainConfig.getParameter(GeneralConstants.CONFIGURATION));
        } else {
            this.sp.handleStatusResponseType(sAML2HandlerRequest, sAML2HandlerResponse, (ProviderType) this.handlerChainConfig.getParameter(GeneralConstants.CONFIGURATION));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getDomain(String str) throws IOException {
        try {
            return new URL(str).getHost();
        } catch (MalformedURLException e) {
            return new URL(DatabaseURL.S_HTTP + str).getHost();
        }
    }
}
