package org.jboss.identity.federation.bindings.tomcat.sp;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.URLEncoder;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import javax.xml.bind.JAXBException;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.bindings.config.KeyProviderType;
import org.jboss.identity.federation.bindings.interfaces.TrustKeyManager;
import org.jboss.identity.federation.bindings.util.PostBindingUtil;
import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.SignatureInfoHolder;
import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.class */
public class SPPostSignatureFormAuthenticator extends SPPostFormAuthenticator {
    private static Logger log = Logger.getLogger(SPPostSignatureFormAuthenticator.class);
    private TrustKeyManager keyManager;

    @Override // org.jboss.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator
    public void start() throws LifecycleException {
        super.start();
        KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
        if (keyProvider == null) {
            throw new LifecycleException("KeyProvider is null");
        }
        try {
            ClassLoader contextClassLoader = SecurityActions.getContextClassLoader();
            String className = keyProvider.getClassName();
            if (className == null) {
                throw new RuntimeException("KeyManager class name is null");
            }
            this.keyManager = (TrustKeyManager) contextClassLoader.loadClass(className).newInstance();
            this.keyManager.setAuthProperties(keyProvider.getAuth());
            this.keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
            log.trace("Key Provider=" + keyProvider.getClassName());
        } catch (Exception e) {
            log.error("Exception reading configuration:", e);
            throw new LifecycleException(e.getLocalizedMessage());
        }
    }

    @Override // org.jboss.identity.federation.bindings.tomcat.sp.SPPostFormAuthenticator
    protected void sendRequestToIDP(AuthnRequestType authnRequestType, String str, Response response) throws IOException, SAXException, JAXBException, GeneralSecurityException {
        SAML2Request sAML2Request = new SAML2Request();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        sAML2Request.marshall(authnRequestType, byteArrayOutputStream);
        String base64Encode = PostBindingUtil.base64Encode(byteArrayOutputStream.toString());
        String destination = authnRequestType.getDestination();
        PrivateKey signingKey = this.keyManager.getSigningKey();
        String encode = URLEncoder.encode(SignatureUtil.getXMLSignatureAlgorithmURI(signingKey.getAlgorithm()), "UTF-8");
        PostBindingUtil.sendPost(new DestinationInfoHolder(destination, base64Encode, str), new SignatureInfoHolder(SignatureUtil.sign(base64Encode, signingKey), encode), response, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jboss.identity.federation.bindings.tomcat.sp.BaseFormAuthenticator
    public boolean validate(Request request) throws IOException, GeneralSecurityException {
        boolean validate = super.validate(request);
        if (!validate) {
            return validate;
        }
        String parameter = request.getParameter("SAMLResponse");
        String parameter2 = request.getParameter("Signature");
        if (parameter2 == null || parameter2.length() == 0) {
            log.error("Signature Value missing in response from IDP");
            return false;
        }
        String parameter3 = request.getParameter("sigAlg");
        if (parameter3 != null && parameter3.length() != 0) {
            return PostBindingUtil.validateSignature(parameter.getBytes("UTF-8"), parameter2, this.keyManager.getValidatingKey(request.getRemoteAddr()));
        }
        log.error("Signature Algorithm missing in the response from IDP");
        return false;
    }
}
