package com.bea.security.saml2.service;

import com.bea.common.logger.spi.LoggerSpi;
import com.bea.security.saml2.Saml2Logger;
import com.bea.security.saml2.binding.BindingHandlerException;
import com.bea.security.saml2.binding.BindingSender;
import com.bea.security.saml2.config.SAML2ConfigSpi;
import com.bea.security.saml2.util.SAML2Constants;
import com.bea.security.saml2.util.SAML2Utils;
import com.bea.security.saml2.util.key.SAML2KeyManager;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/bea/security/saml2/service/AbstractService.class */
public abstract class AbstractService implements Service {
    protected LoggerSpi log;
    protected SAML2ConfigSpi config;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractService(SAML2ConfigSpi sAML2ConfigSpi) {
        this.config = sAML2ConfigSpi;
        this.log = sAML2ConfigSpi.getLogger();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void logRequest(HttpServletRequest httpServletRequest) {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Request URI: " + httpServletRequest.getRequestURI());
            this.log.debug("Method: " + httpServletRequest.getMethod());
            this.log.debug("Query string: " + httpServletRequest.getQueryString());
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String str = (String) headerNames.nextElement();
                this.log.debug("\t" + str + ": " + httpServletRequest.getHeader(str));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getBindingTypeFromURI(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BindingHandlerException {
        String requestURI = httpServletRequest.getRequestURI();
        if (requestURI.endsWith(SAML2Constants.POST_URI)) {
            return SAML2Constants.HTTP_POST;
        }
        if (requestURI.endsWith(SAML2Constants.ARTIFACT_URI)) {
            return SAML2Constants.HTTP_ARTIFACT;
        }
        if (requestURI.endsWith(SAML2Constants.REDIRECT_URI)) {
            return SAML2Constants.HTTP_REDIRECT;
        }
        throw new BindingHandlerException("Unable to detect binding type from request URI", 400);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BindingSender getSender(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws BindingHandlerException {
        return this.config.getBindingHandlerFactory().newBindingSender(str, httpServletRequest, httpServletResponse);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean logAndSendError(HttpServletResponse httpServletResponse, int i, Exception exc) throws IOException {
        logError(exc);
        httpServletResponse.sendError(i);
        return true;
    }

    protected void logError(Exception exc) {
        if (this.log == null || !this.log.isDebugEnabled()) {
            return;
        }
        String message = exc.getMessage();
        Throwable cause = exc.getCause();
        this.log.debug(message);
        if (cause != null) {
            this.log.debug("Caused by: " + cause.getMessage());
        }
        this.log.debug("exception info", exc);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkSSOCertificate() throws SAML2Exception {
        SAML2KeyManager.KeyInfo sSOKeyInfo = this.config.getSAML2KeyManager().getSSOKeyInfo();
        String sSOSigningKeyAlias = this.config.getLocalConfiguration().getSSOSigningKeyAlias();
        Certificate certificate = null;
        if (sSOKeyInfo != null) {
            certificate = sSOKeyInfo.getCert();
        }
        if (certificate != null) {
            try {
                ((X509Certificate) certificate).checkValidity();
            } catch (CertificateExpiredException e) {
                if (this.log != null && this.log.isDebugEnabled()) {
                    this.log.debug("Using expired certificate at alias " + sSOSigningKeyAlias + " for signing.");
                    this.log.debug("allow expired cert is " + SAML2Utils.ALLOW_EXPIRE_CERTS);
                }
                if (!SAML2Utils.ALLOW_EXPIRE_CERTS) {
                    throw new SAML2Exception(Saml2Logger.getSignWithExpiredCert(sSOSigningKeyAlias), e, 500);
                }
            } catch (CertificateNotYetValidException e2) {
                if (this.log != null && this.log.isDebugEnabled()) {
                    this.log.debug("Using not yet valid certificate at alias " + sSOSigningKeyAlias + " for signing.");
                    this.log.debug("allow expired cert is " + SAML2Utils.ALLOW_EXPIRE_CERTS);
                }
                if (!SAML2Utils.ALLOW_EXPIRE_CERTS) {
                    throw new SAML2Exception(Saml2Logger.getSignWithNotYetValidCert(sSOSigningKeyAlias), e2, 500);
                }
            }
        }
    }
}
