package org.opensaml.saml.common.binding.security.impl;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignaturePrevalidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:m2repo/org/opensaml/opensaml-saml-impl/3.3.0/opensaml-saml-impl-3.3.0.jar:org/opensaml/saml/common/binding/security/impl/SAMLProtocolMessageXMLSignatureSecurityHandler.class */
public class SAMLProtocolMessageXMLSignatureSecurityHandler extends BaseSAMLXMLSignatureSecurityHandler {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) SAMLProtocolMessageXMLSignatureSecurityHandler.class);

    @Nullable
    private SignaturePrevalidator signaturePrevalidator;

    public SAMLProtocolMessageXMLSignatureSecurityHandler() {
        setSignaturePrevalidator(new SAMLSignatureProfileValidator());
    }

    @Nullable
    public SignaturePrevalidator getSignaturePrevalidator() {
        return this.signaturePrevalidator;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void setSignaturePrevalidator(@Nullable SignaturePrevalidator signaturePrevalidator) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.signaturePrevalidator = signaturePrevalidator;
    }

    public void doInvoke(@Nonnull MessageContext messageContext) throws MessageHandlerException {
        Object message = messageContext.getMessage();
        if (!(message instanceof SignableSAMLObject)) {
            this.log.debug("{} Extracted SAML message was not a SignableSAMLObject, cannot process signature", getLogPrefix());
            return;
        }
        SignableSAMLObject signableSAMLObject = (SignableSAMLObject) message;
        if (!signableSAMLObject.isSigned()) {
            this.log.debug("{} SAML protocol message was not signed, skipping XML signature processing", getLogPrefix());
            return;
        }
        Signature signature = signableSAMLObject.getSignature();
        performPrevalidation(signature);
        doEvaluate(signature, signableSAMLObject, messageContext);
    }

    protected void doEvaluate(@Nonnull Signature signature, @Nonnull SignableSAMLObject signableSAMLObject, @Nonnull MessageContext messageContext) throws MessageHandlerException {
        SAMLPeerEntityContext sAMLPeerEntityContext = getSAMLPeerEntityContext();
        if (sAMLPeerEntityContext.getEntityId() == null) {
            this.log.debug("{} Context issuer unavailable, cannot attempt SAML protocol message signature validation", getLogPrefix());
            throw new MessageHandlerException("Context issuer unavailable, cannot validate signature");
        }
        String entityId = sAMLPeerEntityContext.getEntityId();
        String qName = signableSAMLObject.getElementQName().toString();
        this.log.debug("{} Attempting to verify signature on signed SAML protocol message type: {}", getLogPrefix(), qName);
        if (!evaluate(signature, entityId, messageContext)) {
            this.log.debug("{} Validation of protocol message signature failed for context issuer '{}', message type: {}", getLogPrefix(), entityId, qName);
            throw new MessageHandlerException("Validation of protocol message signature failed");
        }
        this.log.debug("{} Validation of protocol message signature succeeded, message type: {}", getLogPrefix(), qName);
        if (sAMLPeerEntityContext.isAuthenticated()) {
            return;
        }
        this.log.debug("{} Authentication via protocol message signature succeeded for context issuer entity ID {}", getLogPrefix(), entityId);
        sAMLPeerEntityContext.setAuthenticated(true);
    }

    protected void performPrevalidation(@Nonnull Signature signature) throws MessageHandlerException {
        if (getSignaturePrevalidator() != null) {
            try {
                getSignaturePrevalidator().validate(signature);
            } catch (SignatureException e) {
                this.log.debug("{} Protocol message signature failed signature pre-validation", getLogPrefix(), e);
                throw new MessageHandlerException("Protocol message signature failed signature pre-validation", e);
            }
        }
    }
}
