package com.nimbusds.oauth2.sdk.assertions.saml2;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.id.Issuer;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.PublicKey;
import javax.crypto.SecretKey;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.config.InitializationService;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.credential.UsageType;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
import org.w3c.dom.Element;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: classes3.dex */
public class SAML2AssertionValidator {
    private final SAML2AssertionDetailsVerifier detailsVerifier;

    static {
        try {
            InitializationService.initialize();
        } catch (InitializationException e10) {
            throw new RuntimeException(e10.getMessage(), e10);
        }
    }

    public SAML2AssertionValidator(SAML2AssertionDetailsVerifier sAML2AssertionDetailsVerifier) {
        if (sAML2AssertionDetailsVerifier == null) {
            throw new IllegalArgumentException("The SAML 2.0 assertion details verifier must not be null");
        }
        this.detailsVerifier = sAML2AssertionDetailsVerifier;
    }

    public static Assertion parse(String str) throws ParseException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        try {
            Element documentElement = newInstance.newDocumentBuilder().parse(new InputSource(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)))).getDocumentElement();
            Assertion unmarshall = XMLObjectProviderRegistrySupport.getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement);
            if (unmarshall instanceof Assertion) {
                return unmarshall;
            }
            throw new ParseException("Top-level XML element not a SAML 2.0 assertion");
        } catch (IOException | ParserConfigurationException | SAXException | UnmarshallingException e10) {
            throw new ParseException("SAML 2.0 assertion parsing failed: " + e10.getMessage(), e10);
        }
    }

    public static void verifySignature(Signature signature, Key key) throws BadSAML2AssertionException {
        BasicCredential basicCredential;
        try {
            new SAMLSignatureProfileValidator().validate(signature);
            if (key instanceof SecretKey) {
                basicCredential = new BasicCredential((SecretKey) key);
            } else {
                if (!(key instanceof PublicKey)) {
                    throw new BadSAML2AssertionException("Unsupported key type: " + key.getAlgorithm());
                }
                basicCredential = new BasicCredential((PublicKey) key);
                basicCredential.setUsageType(UsageType.SIGNING);
            }
            try {
                SignatureValidator.validate(signature, basicCredential);
            } catch (SignatureException e10) {
                throw new BadSAML2AssertionException("Bad SAML 2.0 signature: " + e10.getMessage(), e10);
            }
        } catch (SignatureException e11) {
            throw new BadSAML2AssertionException("Invalid SAML 2.0 signature format: " + e11.getMessage(), e11);
        }
    }

    public SAML2AssertionDetailsVerifier getDetailsVerifier() {
        return this.detailsVerifier;
    }

    public Assertion validate(String str, Issuer issuer, Key key) throws BadSAML2AssertionException {
        try {
            return validate(parse(str), issuer, key);
        } catch (ParseException e10) {
            throw new BadSAML2AssertionException("Invalid SAML 2.0 assertion: " + e10.getMessage(), e10);
        }
    }

    public Assertion validate(Assertion assertion, Issuer issuer, Key key) throws BadSAML2AssertionException {
        try {
            SAML2AssertionDetails parse = SAML2AssertionDetails.parse(assertion);
            this.detailsVerifier.verify(parse);
            if (issuer.equals(parse.getIssuer())) {
                if (!assertion.isSigned()) {
                    throw new BadSAML2AssertionException("Missing XML signature");
                }
                verifySignature(assertion.getSignature(), key);
                return assertion;
            }
            throw new BadSAML2AssertionException("Unexpected issuer: " + parse.getIssuer());
        } catch (ParseException e10) {
            throw new BadSAML2AssertionException("Invalid SAML 2.0 assertion: " + e10.getMessage(), e10);
        }
    }
}
