package com.bea.security.saml2.binding.impl;

import com.bea.security.saml2.Saml2Logger;
import com.bea.security.saml2.binding.BindingHandlerException;
import com.bea.security.saml2.config.SAML2ConfigSpi;
import com.bea.security.saml2.util.SAML2Utils;
import java.security.PublicKey;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.saml2.core.Request;
import org.opensaml.saml2.core.StatusResponse;
import org.opensaml.xml.XMLObject;

/* loaded from: input_file:com/bea/security/saml2/binding/impl/HttpRedirectBindingReceiver.class */
public class HttpRedirectBindingReceiver extends BaseHttpBindingReceiver {
    private boolean logdebug;

    public HttpRedirectBindingReceiver(SAML2ConfigSpi sAML2ConfigSpi, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        super(sAML2ConfigSpi, httpServletRequest, httpServletResponse);
        this.logdebug = false;
        if (this.log == null || !this.log.isDebugEnabled()) {
            return;
        }
        this.logdebug = true;
    }

    @Override // com.bea.security.saml2.binding.BindingReceiver
    public Request receiveRequest() throws BindingHandlerException {
        Request samlObject = getSamlObject("SAMLRequest");
        if (samlObject instanceof Request) {
            return samlObject;
        }
        throw new BindingHandlerException(Saml2Logger.getSAML2SamlMessageTypeError("Request"), 400);
    }

    @Override // com.bea.security.saml2.binding.BindingReceiver
    public StatusResponse receiveResponse() throws BindingHandlerException {
        StatusResponse samlObject = getSamlObject("SAMLResponse");
        if (samlObject instanceof StatusResponse) {
            return samlObject;
        }
        throw new BindingHandlerException(Saml2Logger.getSAML2SamlMessageTypeError("StatusResponse"), 400);
    }

    @Override // com.bea.security.saml2.binding.impl.BaseHttpBindingReceiver, com.bea.security.saml2.binding.BindingReceiver
    public boolean verifySignature(PublicKey publicKey) throws BindingHandlerException {
        String parameter = this.httpRequest.getParameter("SigAlg");
        if (this.logdebug) {
            this.log.debug("get signature algorithm from http request, value is: " + parameter);
        }
        if (parameter == null || parameter.equals("")) {
            return false;
        }
        String parameter2 = this.httpRequest.getParameter("Signature");
        if (this.logdebug) {
            this.log.debug("get BASE64 encoded signature from http request, value is: " + parameter2);
        }
        if (parameter2 == null || parameter2.equals("")) {
            throw new BindingHandlerException(Saml2Logger.getSAML2CouldnotGetSigFromHttpreq("Signature"), 400);
        }
        if (publicKey == null) {
            throw new BindingHandlerException(Saml2Logger.getSAML2NoVerifyKeyFor("SAMLRequest"), 404);
        }
        try {
            byte[] base64Decode = SAML2Utils.base64Decode(parameter2);
            String queryString = this.httpRequest.getQueryString();
            String substring = queryString.substring(0, queryString.indexOf("Signature") - 1);
            String xmlSigAlgoToSigAlgo = BindingUtil.xmlSigAlgoToSigAlgo(parameter);
            if (this.logdebug) {
                this.log.debug("verify signature: signature value: " + base64Decode);
                this.log.debug("verify signature: string to be veritifed: " + substring);
                this.log.debug("verify signature: signature algorithm: " + xmlSigAlgoToSigAlgo);
            }
            return SAML2Utils.verifyStringSignature(substring.getBytes(BindingUtil.DEFAULT_ENCODING), base64Decode, xmlSigAlgoToSigAlgo, publicKey);
        } catch (Exception e) {
            throw new BindingHandlerException("", e, 403);
        }
    }

    private XMLObject getSamlObject(String str) throws BindingHandlerException {
        String parameter = this.httpRequest.getParameter(str);
        if (this.logdebug) {
            this.log.debug("get " + str + " from http request, value:" + parameter);
        }
        if (parameter == null || parameter.equals("")) {
            throw new BindingHandlerException(Saml2Logger.getSAML2NoSamlMsgInHttpreq(str), 400);
        }
        try {
            return BindingUtil.unmarshall(BindingUtil.deflateDecode(SAML2Utils.base64Decode(parameter)));
        } catch (Exception e) {
            if (this.logdebug) {
                this.log.debug("can't unmarshall to a saml object.", e);
            }
            throw new BindingHandlerException("", e, 400);
        }
    }
}
