package org.picketlink.identity.federation.web.handlers.saml2;

import java.security.PublicKey;
import org.apache.log4j.Logger;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.w3c.dom.Document;

/* loaded from: input_file:WEB-INF/lib/picketlink-web-1.0.0.CR1.jar:org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureValidationHandler.class */
public class SAML2SignatureValidationHandler extends BaseSAML2Handler {
    private static Logger log = Logger.getLogger(SAML2SignatureValidationHandler.class);
    private boolean trace = log.isTraceEnabled();

    public void handleRequestType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
        if (((Boolean) sAML2HandlerRequest.getOptions().get(GeneralConstants.IGNORE_SIGNATURES)) == Boolean.TRUE) {
            return;
        }
        Document requestDocument = sAML2HandlerRequest.getRequestDocument();
        if (this.trace) {
            log.trace("Will validate :" + DocumentUtil.asString(requestDocument));
        }
        try {
            if (validateSender(requestDocument, (PublicKey) sAML2HandlerRequest.getOptions().get(GeneralConstants.SENDER_PUBLIC_KEY))) {
            } else {
                throw new ProcessingException();
            }
        } catch (ProcessingException e) {
            sAML2HandlerResponse.setError(100, "Signature Validation Failed");
            throw e;
        }
    }

    @Override // org.picketlink.identity.federation.web.handlers.saml2.BaseSAML2Handler
    public void handleStatusResponseType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
        if (((Boolean) sAML2HandlerRequest.getOptions().get(GeneralConstants.IGNORE_SIGNATURES)) == Boolean.TRUE) {
            return;
        }
        Document requestDocument = sAML2HandlerRequest.getRequestDocument();
        if (this.trace) {
            log.trace("Document for validation=" + DocumentUtil.asString(requestDocument));
        }
        validateSender(requestDocument, (PublicKey) sAML2HandlerRequest.getOptions().get(GeneralConstants.SENDER_PUBLIC_KEY));
    }

    private boolean validateSender(Document document, PublicKey publicKey) throws ProcessingException {
        try {
            return XMLSignatureUtil.validate(document, publicKey);
        } catch (Exception e) {
            log.error("Error validating signature:", e);
            throw new ProcessingException("Error validating signature.");
        }
    }
}
