package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;

import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import java.io.IOException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactoryConfigurationError;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.xml.XMLObject;

/* loaded from: input_file:at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.class */
public class MOASPMetadataSignatureFilter implements MetadataFilter {
    private String trustProfileID;

    public MOASPMetadataSignatureFilter(String str) {
        this.trustProfileID = null;
        this.trustProfileID = str;
    }

    public void doFilter(XMLObject xMLObject) throws FilterException {
        if (xMLObject instanceof EntityDescriptor) {
            checkSignature(xMLObject, ((EntityDescriptor) xMLObject).getEntityID());
            return;
        }
        if (!(xMLObject instanceof EntitiesDescriptor)) {
            Logger.warn("Metadata root-element is not of type 'EntityDescriptor' or 'EntitiesDescriptor'");
            throw new FilterException("Metadata root-element is not of type 'EntityDescriptor' or 'EntitiesDescriptor'");
        }
        EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) xMLObject;
        if (entitiesDescriptor.getEntityDescriptors() == null || entitiesDescriptor.getEntityDescriptors().size() <= 1) {
            Logger.warn("Metadata root-element is of type 'EntitiesDescriptor' but only include one 'EntityDescriptor'");
            throw new FilterException("Metadata root-element is not of type 'EntitiesDescriptor' but only include one 'EntityDescriptor");
        }
        String name = entitiesDescriptor.getName();
        if (MiscUtil.isEmpty(name)) {
            name = entitiesDescriptor.getID();
        }
        checkSignature(xMLObject, name);
    }

    private void checkSignature(XMLObject xMLObject, String str) throws FilterException {
        if (!((EntityDescriptor) xMLObject).isSigned()) {
            Logger.warn("Metadata root-element MUST be signed.");
            throw new FilterException("Metadata root-element MUST be signed.'");
        }
        try {
            IVerifiyXMLSignatureResponse verify = new SignatureVerificationUtils().verify(DOMUtils.serializeNode(xMLObject.getDOM(), "UTF-8"), this.trustProfileID);
            if (verify.getSignatureCheckCode() != 0) {
                Logger.warn("Metadata signature-verification FAILED! Metadata: " + str + " StatusCode:" + verify.getSignatureCheckCode());
            }
            if (verify.getCertificateCheckCode() != 0) {
                Logger.warn("Metadata certificate-verification FAILED! Metadata: " + str + " StatusCode:" + verify.getCertificateCheckCode());
                throw new FilterException("Metadata certificate-verification FAILED! Metadata: " + str + " StatusCode:" + verify.getCertificateCheckCode());
            }
            Logger.debug("SAML metadata for entityID:" + str + " is valid");
        } catch (MOAIDException | IOException | TransformerException | TransformerFactoryConfigurationError e) {
            Logger.error("Metadata verification for Entity:" + str + " has an interal error.", e);
            throw new FilterException("Metadata verification has an interal error. Message:" + e.getMessage());
        }
    }
}
