package cn.com.jit.assp.ias.saml.saml11.provider;

import cn.com.jit.assp.ias.saml.saml11.ExpiredAssertionException;
import cn.com.jit.assp.ias.saml.saml11.FatalProfileException;
import cn.com.jit.assp.ias.saml.saml11.LocalString;
import cn.com.jit.assp.ias.saml.saml11.ReplayCache;
import cn.com.jit.assp.ias.saml.saml11.ReplayedAssertionException;
import cn.com.jit.assp.ias.saml.saml11.SAMLAssertion;
import cn.com.jit.assp.ias.saml.saml11.SAMLAuthenticationStatement;
import cn.com.jit.assp.ias.saml.saml11.SAMLBrowserProfile;
import cn.com.jit.assp.ias.saml.saml11.SAMLConfig;
import cn.com.jit.assp.ias.saml.saml11.SAMLConstants;
import cn.com.jit.assp.ias.saml.saml11.SAMLException;
import cn.com.jit.assp.ias.saml.saml11.SAMLRequest;
import cn.com.jit.assp.ias.saml.saml11.SAMLResponse;
import cn.com.jit.assp.ias.saml.saml11.SAMLStatement;
import cn.com.jit.assp.ias.saml.saml11.SAMLSubject;
import cn.com.jit.assp.ias.saml.saml11.SAMLValidityChecker;
import cn.com.jit.assp.ias.saml.saml11.UnsupportedProfileException;
import cn.com.jit.assp.ias.saml.saml11.artifact.ArtifactParseException;
import cn.com.jit.assp.ias.saml.saml11.artifact.ArtifactParserException;
import cn.com.jit.assp.ias.saml.saml11.artifact.SAMLArtifact;
import cn.com.jit.cinas.commons.i18n.TextBundle;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import org.w3c.dom.Element;

/* loaded from: input_file:cn/com/jit/assp/ias/saml/saml11/provider/ArtifactBrowserProfileProvider.class */
public final class ArtifactBrowserProfileProvider implements SAMLBrowserProfile {
    private static final Logger log;
    private static final TextBundle bundle;
    private static int skew;
    static Class class$cn$com$jit$assp$ias$saml$saml11$provider$ArtifactBrowserProfileProvider;

    public ArtifactBrowserProfileProvider(Element element) {
    }

    @Override // cn.com.jit.assp.ias.saml.saml11.SAMLBrowserProfile
    public final SAMLBrowserProfile.BrowserProfileRequest receive(HttpServletRequest httpServletRequest) throws UnsupportedProfileException {
        SAMLBrowserProfile.BrowserProfileRequest browserProfileRequest = new SAMLBrowserProfile.BrowserProfileRequest();
        browserProfileRequest.SAMLArt = new String[1];
        browserProfileRequest.SAMLArt[0] = httpServletRequest.getParameter(SAMLConstants.KEY_SAML_URL_ARTIFACT);
        if (browserProfileRequest.SAMLArt[0] == null || browserProfileRequest.SAMLArt[0].trim().equals("")) {
            throw new UnsupportedProfileException(bundle.getText(LocalString.ERROR_NO_ARTIFACT_PARAMETER));
        }
        browserProfileRequest.TARGET = httpServletRequest.getParameter(SAMLConstants.KEY_SAML_URL_TARGET);
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("visit url : ").append(browserProfileRequest.TARGET).toString());
        }
        return browserProfileRequest;
    }

    @Override // cn.com.jit.assp.ias.saml.saml11.SAMLBrowserProfile
    public final SAMLBrowserProfile.BrowserProfileResponse receive(StringBuffer stringBuffer, SAMLBrowserProfile.BrowserProfileRequest browserProfileRequest, String str, ReplayCache replayCache, SAMLBrowserProfile.ArtifactMapper artifactMapper, int i) throws SAMLException {
        SAMLAssertion sAMLAssertion = null;
        SAMLAuthenticationStatement sAMLAuthenticationStatement = null;
        if (browserProfileRequest.SAMLArt == null || browserProfileRequest.SAMLArt.length == 0 || isNull(browserProfileRequest.SAMLArt[0])) {
            throw new FatalProfileException(bundle.getText(LocalString.ERROR_NO_ARTIFACT_PARAMETER));
        }
        if (artifactMapper == null) {
            throw new FatalProfileException("support of artifact profile requires ArtifactMapper interface object");
        }
        String str2 = browserProfileRequest.SAMLArt[0];
        try {
            log.debug(new StringBuffer().append("processing encoded artifact (").append(str2).append(")").toString());
            if (replayCache == null) {
                log.warn("replay cache was not provided, this is a potential security risk!");
            } else if (!replayCache.check(new StringBuffer().append("A_").append(str2).toString(), new Date(System.currentTimeMillis() + (2 * skew)))) {
                log.warn(new StringBuffer().append("Replaying attack ! [SAMLArt = ").append(str2).append("]").toString());
                throw new ReplayedAssertionException(bundle.getText(LocalString.ERROR_REPLAYED_ARTIFACT));
            }
            SAMLRequest sAMLRequest = new SAMLRequest(Arrays.asList(SAMLArtifact.getTypeCode(str2).getParser().parse(str2)));
            sAMLRequest.setMinorVersion(i);
            SAMLResponse resolve = artifactMapper.resolve(sAMLRequest);
            try {
                SAMLAssertion sAMLAssertion2 = (SAMLAssertion) resolve.getAssertions().next();
                if (!SAMLValidityChecker.checkValidity(sAMLAssertion2)) {
                    throw new ExpiredAssertionException(bundle.getText(LocalString.ERROR_ASSERTION_EXPIRED));
                }
                Iterator statements = sAMLAssertion2.getStatements();
                while (sAMLAuthenticationStatement == null && statements.hasNext()) {
                    SAMLStatement sAMLStatement = (SAMLStatement) statements.next();
                    if (sAMLStatement instanceof SAMLAuthenticationStatement) {
                        SAMLAuthenticationStatement sAMLAuthenticationStatement2 = (SAMLAuthenticationStatement) sAMLStatement;
                        Iterator confirmationMethods = sAMLAuthenticationStatement2.getSubject().getConfirmationMethods();
                        while (confirmationMethods.hasNext()) {
                            String str3 = (String) confirmationMethods.next();
                            if (str3.equals(SAMLSubject.CONF_BEARER) || str3.equals(SAMLSubject.CONF_ARTIFACT) || str3.equals(SAMLSubject.CONF_ARTIFACT01)) {
                                sAMLAuthenticationStatement = sAMLAuthenticationStatement2;
                                sAMLAssertion = sAMLAssertion2;
                                break;
                            }
                        }
                    }
                }
                if (sAMLAuthenticationStatement == null) {
                    throw new FatalProfileException(bundle.getText(LocalString.ERROR_NO_AUTHN_STATEMENT));
                }
                SAMLBrowserProfile.BrowserProfileResponse browserProfileResponse = new SAMLBrowserProfile.BrowserProfileResponse();
                browserProfileResponse.response = resolve;
                browserProfileResponse.assertion = sAMLAssertion;
                browserProfileResponse.authnStatement = sAMLAuthenticationStatement;
                browserProfileResponse.TARGET = browserProfileRequest.TARGET;
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("visit url : ").append(browserProfileResponse.TARGET).toString());
                }
                return browserProfileResponse;
            } catch (SAMLException e) {
                if (stringBuffer != null) {
                    Iterator assertions = resolve.getAssertions();
                    if (assertions.hasNext()) {
                        stringBuffer.append(((SAMLAssertion) assertions.next()).getIssuer());
                    }
                }
                throw e;
            }
        } catch (ArtifactParseException e2) {
            log.error(new StringBuffer().append("invalid artifact (").append(str2).append(")").toString());
            throw new FatalProfileException(bundle.getText(LocalString.ERROR_ARTIFACT_PARSE_EXCEPTION));
        } catch (ArtifactParserException e3) {
            log.error(new StringBuffer().append("unrecognized artifact type (").append(str2).append(")").toString());
            throw new FatalProfileException(bundle.getText(LocalString.ERROR_ARTIFACT_PARSER_EXCEPTION));
        }
    }

    private static final boolean isNull(String str) {
        return str == null || str.trim().equals("");
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$cn$com$jit$assp$ias$saml$saml11$provider$ArtifactBrowserProfileProvider == null) {
            cls = class$("cn.com.jit.assp.ias.saml.saml11.provider.ArtifactBrowserProfileProvider");
            class$cn$com$jit$assp$ias$saml$saml11$provider$ArtifactBrowserProfileProvider = cls;
        } else {
            cls = class$cn$com$jit$assp$ias$saml$saml11$provider$ArtifactBrowserProfileProvider;
        }
        log = Logger.getLogger(cls);
        bundle = TextBundle.getInstance(LocalString.PATH);
        skew = 1000 * SAMLConfig.instance().getIntProperty(SAMLConfig.KEY_CLOCK_SKEW);
    }
}
