package org.picketlink.identity.federation.web.handlers.saml2;

import java.io.IOException;
import java.net.URL;
import java.util.StringTokenizer;
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.core.config.IDPType;
import org.picketlink.identity.federation.core.config.SPType;
import org.picketlink.identity.federation.core.config.TrustType;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.web.constants.GeneralConstants;

/* JADX WARN: Classes with same name are omitted:
  input_file:seam-sp.war:WEB-INF/lib/picketlink-web-1.0.1.jar:org/picketlink/identity/federation/web/handlers/saml2/SAML2IssuerTrustHandler.class
 */
/* loaded from: input_file:picketlink-web-1.0.1.jar:org/picketlink/identity/federation/web/handlers/saml2/SAML2IssuerTrustHandler.class */
public class SAML2IssuerTrustHandler extends BaseSAML2Handler {
    private static Logger log = Logger.getLogger(SAML2IssuerTrustHandler.class);
    private boolean trace = log.isTraceEnabled();
    private IDPTrustHandler idp = new IDPTrustHandler();
    private SPTrustHandler sp = new SPTrustHandler();

    /* JADX WARN: Classes with same name are omitted:
      input_file:seam-sp.war:WEB-INF/lib/picketlink-web-1.0.1.jar:org/picketlink/identity/federation/web/handlers/saml2/SAML2IssuerTrustHandler$IDPTrustHandler.class
     */
    /* loaded from: input_file:picketlink-web-1.0.1.jar:org/picketlink/identity/federation/web/handlers/saml2/SAML2IssuerTrustHandler$IDPTrustHandler.class */
    private class IDPTrustHandler {
        private IDPTrustHandler() {
        }

        public void handleRequestType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse, IDPType iDPType) throws ProcessingException {
            trustIssuer(iDPType, sAML2HandlerRequest.getIssuer().getValue());
        }

        public void handleStatusResponseType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse, IDPType iDPType) throws ProcessingException {
            trustIssuer(iDPType, sAML2HandlerRequest.getIssuer().getValue());
        }

        private void trustIssuer(IDPType iDPType, String str) throws ProcessingException {
            if (iDPType == null) {
                throw new IllegalStateException("IDP Configuration is null");
            }
            try {
                String domain = SAML2IssuerTrustHandler.getDomain(str);
                TrustType trust = iDPType.getTrust();
                if (trust == null) {
                    throw new ConfigurationException("trust element missing");
                }
                String domains = trust.getDomains();
                if (SAML2IssuerTrustHandler.this.trace) {
                    SAML2IssuerTrustHandler.log.trace("Domains that IDP trusts=" + domains + " and issuer domain=" + domain);
                }
                if (domains.indexOf(domain) < 0) {
                    StringTokenizer stringTokenizer = new StringTokenizer(domains, ",");
                    while (stringTokenizer != null && stringTokenizer.hasMoreTokens()) {
                        String nextToken = stringTokenizer.nextToken();
                        if (SAML2IssuerTrustHandler.this.trace) {
                            SAML2IssuerTrustHandler.log.trace("Matching uri bit=" + nextToken);
                        }
                        if (domain.indexOf(nextToken) > 0) {
                            if (SAML2IssuerTrustHandler.this.trace) {
                                SAML2IssuerTrustHandler.log.trace("Matched " + nextToken + " trust for " + domain);
                                return;
                            }
                            return;
                        }
                    }
                    throw new IssuerNotTrustedException(str);
                }
            } catch (Exception e) {
                throw new ProcessingException(new IssuerNotTrustedException(e.getLocalizedMessage(), e));
            }
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:seam-sp.war:WEB-INF/lib/picketlink-web-1.0.1.jar:org/picketlink/identity/federation/web/handlers/saml2/SAML2IssuerTrustHandler$SPTrustHandler.class
     */
    /* loaded from: input_file:picketlink-web-1.0.1.jar:org/picketlink/identity/federation/web/handlers/saml2/SAML2IssuerTrustHandler$SPTrustHandler.class */
    private class SPTrustHandler {
        private SPTrustHandler() {
        }

        public void handleRequestType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse, SPType sPType) throws ProcessingException {
            trustIssuer(sPType, sAML2HandlerRequest.getIssuer().getValue());
        }

        public void handleStatusResponseType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse, SPType sPType) throws ProcessingException {
            trustIssuer(sPType, sAML2HandlerRequest.getIssuer().getValue());
        }

        private void trustIssuer(SPType sPType, String str) throws ProcessingException {
            if (sPType == null) {
                throw new IllegalStateException("SP Configuration is null");
            }
            try {
                String domain = SAML2IssuerTrustHandler.getDomain(str);
                TrustType trust = sPType.getTrust();
                if (trust == null) {
                    throw new ConfigurationException("trust element missing");
                }
                String domains = trust.getDomains();
                if (SAML2IssuerTrustHandler.this.trace) {
                    SAML2IssuerTrustHandler.log.trace("Domains that SP trusts=" + domains + " and issuer domain=" + domain);
                }
                if (domains.indexOf(domain) < 0) {
                    StringTokenizer stringTokenizer = new StringTokenizer(domains, ",");
                    while (stringTokenizer != null && stringTokenizer.hasMoreTokens()) {
                        String nextToken = stringTokenizer.nextToken();
                        if (SAML2IssuerTrustHandler.this.trace) {
                            SAML2IssuerTrustHandler.log.trace("Matching uri bit=" + nextToken);
                        }
                        if (domain.indexOf(nextToken) > 0) {
                            if (SAML2IssuerTrustHandler.this.trace) {
                                SAML2IssuerTrustHandler.log.trace("Matched " + nextToken + " trust for " + domain);
                                return;
                            }
                            return;
                        }
                    }
                    throw new IssuerNotTrustedException(str);
                }
            } catch (Exception e) {
                throw new ProcessingException(new IssuerNotTrustedException(e.getLocalizedMessage(), e));
            }
        }
    }

    @Override // org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler
    public void handleRequestType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
        if (getType() == SAML2Handler.HANDLER_TYPE.IDP) {
            this.idp.handleRequestType(sAML2HandlerRequest, sAML2HandlerResponse, (IDPType) this.handlerChainConfig.getParameter(GeneralConstants.CONFIGURATION));
        } else {
            this.sp.handleRequestType(sAML2HandlerRequest, sAML2HandlerResponse, (SPType) this.handlerChainConfig.getParameter(GeneralConstants.CONFIGURATION));
        }
    }

    @Override // org.picketlink.identity.federation.web.handlers.saml2.BaseSAML2Handler, org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler
    public void handleStatusResponseType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
        if (getType() == SAML2Handler.HANDLER_TYPE.IDP) {
            this.idp.handleStatusResponseType(sAML2HandlerRequest, sAML2HandlerResponse, (IDPType) this.handlerChainConfig.getParameter(GeneralConstants.CONFIGURATION));
        } else {
            this.sp.handleStatusResponseType(sAML2HandlerRequest, sAML2HandlerResponse, (SPType) this.handlerChainConfig.getParameter(GeneralConstants.CONFIGURATION));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getDomain(String str) throws IOException {
        return new URL(str).getHost();
    }
}
