package org.springframework.security.saml.websso;

import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLException;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.saml2.binding.artifact.SAML2ArtifactType0004;
import org.opensaml.saml2.binding.artifact.SAML2ArtifactType0004Builder;
import org.opensaml.saml2.core.Artifact;
import org.opensaml.saml2.core.ArtifactResolve;
import org.opensaml.saml2.core.ArtifactResponse;
import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.util.Base64;
import org.springframework.security.saml.SAMLConstants;
import org.springframework.security.saml.context.SAMLMessageContext;
import org.springframework.security.saml.metadata.ExtendedMetadata;
import org.springframework.security.saml.util.SAMLUtil;

/* loaded from: input_file:WEB-INF/lib/spring-security-saml2-core-1.0.10.RELEASE.jar:org/springframework/security/saml/websso/ArtifactResolutionProfileBase.class */
public abstract class ArtifactResolutionProfileBase extends AbstractProfileBase implements ArtifactResolutionProfile {
    @Override // org.springframework.security.saml.websso.AbstractProfileBase
    public String getProfileIdentifier() {
        return SAMLConstants.SAML2_ARTIFACT_PROFILE_URI;
    }

    @Override // org.springframework.security.saml.websso.ArtifactResolutionProfile
    public SAMLObject resolveArtifact(SAMLMessageContext sAMLMessageContext, String str, String str2) throws MessageDecodingException {
        try {
            SAML2ArtifactType0004 buildArtifact = new SAML2ArtifactType0004Builder().buildArtifact(Base64.decode(str));
            int parseEndpointIndex = parseEndpointIndex(buildArtifact.getEndpointIndex());
            EntityDescriptor entityDescriptor = this.metadata.getEntityDescriptor(buildArtifact.getSourceID());
            if (entityDescriptor == null) {
                throw new MetadataProviderException("Cannot localize sender entity by SHA-1 hash from the artifact");
            }
            ExtendedMetadata extendedMetadata = this.metadata.getExtendedMetadata(entityDescriptor.getEntityID());
            IDPSSODescriptor iDPSSODescriptor = SAMLUtil.getIDPSSODescriptor(entityDescriptor);
            Endpoint artifactResolutionService = SAMLUtil.getArtifactResolutionService(iDPSSODescriptor, parseEndpointIndex);
            ArtifactResolve createArtifactResolve = createArtifactResolve(sAMLMessageContext, str, artifactResolutionService);
            sAMLMessageContext.setCommunicationProfileId(getProfileIdentifier());
            sAMLMessageContext.setInboundSAMLBinding(artifactResolutionService.getBinding());
            sAMLMessageContext.setOutboundMessage(createArtifactResolve);
            sAMLMessageContext.setOutboundSAMLMessage(createArtifactResolve);
            sAMLMessageContext.setPeerEntityEndpoint(artifactResolutionService);
            sAMLMessageContext.setPeerEntityId(entityDescriptor.getEntityID());
            sAMLMessageContext.setPeerEntityMetadata(entityDescriptor);
            sAMLMessageContext.setPeerEntityRole(iDPSSODescriptor.getElementQName());
            sAMLMessageContext.setPeerEntityRoleMetadata(iDPSSODescriptor);
            sAMLMessageContext.setPeerExtendedMetadata(extendedMetadata);
            getArtifactResponse(str2, sAMLMessageContext);
            ArtifactResponse artifactResponse = (ArtifactResponse) sAMLMessageContext.getInboundSAMLMessage();
            if (artifactResponse == null) {
                throw new MessageDecodingException("Did not receive an artifact response message.");
            }
            DateTime issueInstant = artifactResponse.getIssueInstant();
            if (!SAMLUtil.isDateTimeSkewValid(getResponseSkew(), issueInstant)) {
                throw new MessageDecodingException("ArtifactResponse issue time is either too old or with date in the future, skew " + getResponseSkew() + ", time " + issueInstant);
            }
            SAMLObject message = artifactResponse.getMessage();
            if (message == null) {
                throw new MessageDecodingException("No inbound message in artifact response message.");
            }
            return message;
        } catch (SAMLException e) {
            throw new MessageDecodingException("Error during message processing", e);
        } catch (MetadataProviderException e2) {
            throw new MessageDecodingException("Error processing metadata", e2);
        } catch (MessageDecodingException e3) {
            throw new MessageDecodingException("Could not decode artifact response message", e3);
        } catch (MessageEncodingException e4) {
            throw new MessageDecodingException("Could not encode artifact resolve message", e4);
        } catch (SecurityException e5) {
            throw new MessageDecodingException("Security error when decoding artifact response message", e5);
        }
    }

    protected abstract void getArtifactResponse(String str, SAMLMessageContext sAMLMessageContext) throws SAMLException, MessageEncodingException, MessageDecodingException, MetadataProviderException, SecurityException;

    protected ArtifactResolve createArtifactResolve(SAMLMessageContext sAMLMessageContext, String str, Endpoint endpoint) {
        XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
        SAMLObjectBuilder sAMLObjectBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Artifact.DEFAULT_ELEMENT_NAME);
        SAMLObjectBuilder sAMLObjectBuilder2 = (SAMLObjectBuilder) builderFactory.getBuilder(ArtifactResolve.DEFAULT_ELEMENT_NAME);
        Artifact artifact = (Artifact) sAMLObjectBuilder.mo16459buildObject();
        artifact.setArtifact(str);
        ArtifactResolve artifactResolve = (ArtifactResolve) sAMLObjectBuilder2.mo16459buildObject();
        artifactResolve.setArtifact(artifact);
        buildCommonAttributes(sAMLMessageContext.getLocalEntityId(), artifactResolve, endpoint);
        return artifactResolve;
    }

    private int parseEndpointIndex(byte[] bArr) {
        int i = 0;
        for (int i2 = 0; i2 < bArr.length; i2++) {
            i = (i << (i2 * 4)) | bArr[i2];
        }
        return i;
    }
}
