package org.opensaml;

import java.io.ByteArrayInputStream;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.TreeMap;
import java.util.Vector;
import org.apache.log4j.Logger;
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.utils.Base64;

/* loaded from: input_file:META-INF/lib/opensaml-1.1.jar:org/opensaml/SAMLPOSTProfile.class */
public class SAMLPOSTProfile {
    private static Logger log;
    private static TreeMap replayExpMap;
    private static HashSet replayCache;
    static Class class$org$opensaml$SAMLPOSTProfile;

    public static SAMLAssertion getSSOAssertion(SAMLResponse sAMLResponse, Collection collection) throws SAMLException {
        int i = 0;
        boolean z = false;
        Iterator assertions = sAMLResponse.getAssertions();
        while (assertions.hasNext()) {
            i++;
            z = false;
            SAMLAssertion sAMLAssertion = (SAMLAssertion) assertions.next();
            Date notBefore = sAMLAssertion.getNotBefore();
            Date notOnOrAfter = sAMLAssertion.getNotOnOrAfter();
            if (notBefore != null && notOnOrAfter != null) {
                if (notBefore.getTime() - 300000 > System.currentTimeMillis()) {
                    z = true;
                } else if (notOnOrAfter.getTime() + 300000 <= System.currentTimeMillis()) {
                    z = true;
                } else {
                    Iterator conditions = sAMLAssertion.getConditions();
                    while (true) {
                        if (conditions.hasNext()) {
                            SAMLCondition sAMLCondition = (SAMLCondition) conditions.next();
                            if ((sAMLCondition instanceof SAMLAudienceRestrictionCondition) && ((SAMLAudienceRestrictionCondition) sAMLCondition).eval(collection)) {
                            }
                        } else {
                            Iterator statements = sAMLAssertion.getStatements();
                            while (statements.hasNext()) {
                                SAMLStatement sAMLStatement = (SAMLStatement) statements.next();
                                if (sAMLStatement instanceof SAMLAuthenticationStatement) {
                                    Iterator confirmationMethods = ((SAMLAuthenticationStatement) sAMLStatement).getSubject().getConfirmationMethods();
                                    while (confirmationMethods.hasNext()) {
                                        if (((String) confirmationMethods.next()).equals(SAMLSubject.CONF_BEARER)) {
                                            return sAMLAssertion;
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        if (z && i == 1) {
            throw new ExpiredAssertionException(SAMLException.RESPONDER, "SAMLPOSTProfile.getSSOAssertion() unable to find a SSO assertion with valid time condition");
        }
        throw new FatalProfileException(SAMLException.RESPONDER, "SAMLPOSTProfile.getSSOAssertion() unable to find a valid SSO assertion");
    }

    public static SAMLAuthenticationStatement getSSOStatement(SAMLAssertion sAMLAssertion) throws SAMLException {
        Iterator statements = sAMLAssertion.getStatements();
        while (statements.hasNext()) {
            SAMLStatement sAMLStatement = (SAMLStatement) statements.next();
            if (sAMLStatement instanceof SAMLAuthenticationStatement) {
                Iterator confirmationMethods = ((SAMLAuthenticationStatement) sAMLStatement).getSubject().getConfirmationMethods();
                while (confirmationMethods.hasNext()) {
                    if (((String) confirmationMethods.next()).equals(SAMLSubject.CONF_BEARER)) {
                        return (SAMLAuthenticationStatement) sAMLStatement;
                    }
                }
            }
        }
        throw new FatalProfileException(SAMLException.RESPONDER, "SAMLPOSTProfile.getSSOStatement() unable to find a valid SSO statement");
    }

    public static synchronized boolean checkReplayCache(SAMLAssertion sAMLAssertion) {
        Set keySet = replayExpMap.headMap(new Date()).keySet();
        Iterator it = keySet.iterator();
        while (it.hasNext()) {
            replayCache.remove(replayExpMap.get(it.next()));
        }
        keySet.clear();
        if (!replayCache.add(sAMLAssertion.getId())) {
            return false;
        }
        Date date = new Date(sAMLAssertion.getNotOnOrAfter().getTime() + 300000);
        while (replayExpMap.containsKey(date)) {
            date.setTime(date.getTime() + 1);
        }
        replayExpMap.put(date, sAMLAssertion.getId());
        return true;
    }

    public static SAMLResponse accept(byte[] bArr, String str, int i, boolean z) throws SAMLException {
        try {
            SAMLResponse sAMLResponse = new SAMLResponse(new ByteArrayInputStream(Base64.decode(bArr)));
            if (z) {
                process(sAMLResponse, str, i);
            }
            return sAMLResponse;
        } catch (Base64DecodingException e) {
            throw new InvalidAssertionException(SAMLException.REQUESTER, "SAMLPOSTProfile.accept() unable to decode base64 response");
        }
    }

    public static void process(SAMLResponse sAMLResponse, String str, int i) throws SAMLException {
        if (str == null || str.length() == 0 || !str.equals(sAMLResponse.getRecipient())) {
            throw new InvalidAssertionException(SAMLException.REQUESTER, new StringBuffer().append("SAMLPOSTProfile.accept() detected recipient mismatch: ").append(sAMLResponse.getRecipient()).toString());
        }
        if (sAMLResponse.getIssueInstant().getTime() + (1000 * i) + 300000 < System.currentTimeMillis()) {
            throw new ExpiredAssertionException(SAMLException.RESPONDER, "SAMLPOSTProfile.accept() detected expired response");
        }
    }

    public static SAMLResponse prepare(String str, String str2, Collection collection, String str3, String str4, String str5, String str6, String str7, Date date, Collection collection2) throws SAMLException {
        return prepare(str, str2, collection, new SAMLNameIdentifier(str3, str4, str5), str6, str7, date, collection2);
    }

    public static SAMLResponse prepare(String str, String str2, Collection collection, SAMLNameIdentifier sAMLNameIdentifier, String str3, String str4, Date date, Collection collection2) throws SAMLException {
        log.info("Creating SAML Response.");
        if (str == null || str.length() == 0) {
            throw new SAMLException(SAMLException.RESPONDER, "SAMLPOSTProfile.prepare() requires recipient");
        }
        Vector vector = new Vector(1);
        if (collection != null && collection.size() > 0) {
            vector.add(new SAMLAudienceRestrictionCondition(collection));
        }
        return new SAMLResponse(null, str, Arrays.asList(new SAMLAssertion(str2, new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 300000), vector, null, Arrays.asList(new SAMLAuthenticationStatement(new SAMLSubject(sAMLNameIdentifier, Arrays.asList(SAMLSubject.CONF_BEARER), null, null), str4, date, str3, null, collection2)))), null);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$opensaml$SAMLPOSTProfile == null) {
            cls = class$("org.opensaml.SAMLPOSTProfile");
            class$org$opensaml$SAMLPOSTProfile = cls;
        } else {
            cls = class$org$opensaml$SAMLPOSTProfile;
        }
        log = Logger.getLogger(cls.getName());
        replayExpMap = new TreeMap();
        replayCache = new HashSet();
    }
}
