package org.nuxeo.ecm.platform.auth.saml.sso;

import javax.servlet.http.HttpServletRequest;
import org.joda.time.DateTime;
import org.nuxeo.ecm.platform.auth.saml.AbstractSAMLProfile;
import org.opensaml.common.SAMLException;
import org.opensaml.common.SAMLVersion;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.xml.encryption.DecryptionException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.validation.ValidationException;

/* loaded from: input_file:org/nuxeo/ecm/platform/auth/saml/sso/WebSSOProfileImpl.class */
public class WebSSOProfileImpl extends AbstractSAMLProfile implements WebSSOProfile {
    public WebSSOProfileImpl(SingleSignOnService singleSignOnService) {
        super(singleSignOnService);
    }

    @Override // org.nuxeo.ecm.platform.auth.saml.AbstractSAMLProfile
    public String getProfileIdentifier() {
        return WebSSOProfile.PROFILE_URI;
    }

    /* JADX WARN: Removed duplicated region for block: B:73:0x0284  */
    /* JADX WARN: Removed duplicated region for block: B:75:0x0298  */
    @Override // org.nuxeo.ecm.platform.auth.saml.sso.WebSSOProfile
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.nuxeo.ecm.platform.auth.saml.SAMLCredential processAuthenticationResponse(org.opensaml.common.binding.SAMLMessageContext r11) throws org.opensaml.common.SAMLException {
        /*
            Method dump skipped, instructions count: 756
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.nuxeo.ecm.platform.auth.saml.sso.WebSSOProfileImpl.processAuthenticationResponse(org.opensaml.common.binding.SAMLMessageContext):org.nuxeo.ecm.platform.auth.saml.SAMLCredential");
    }

    @Override // org.nuxeo.ecm.platform.auth.saml.sso.WebSSOProfile
    public AuthnRequest buildAuthRequest(HttpServletRequest httpServletRequest) throws SAMLException {
        AuthnRequest build = build(AuthnRequest.DEFAULT_ELEMENT_NAME);
        build.setID(newUUID());
        build.setVersion(SAMLVersion.VERSION_20);
        build.setIssueInstant(new DateTime());
        build.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        build.setAssertionConsumerServiceURL(getStartPageURL(httpServletRequest));
        Issuer build2 = build(Issuer.DEFAULT_ELEMENT_NAME);
        build2.setValue(getBaseURL(httpServletRequest));
        build.setIssuer(build2);
        NameIDPolicy build3 = build(NameIDPolicy.DEFAULT_ELEMENT_NAME);
        build3.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        build.setNameIDPolicy(build3);
        RequestedAuthnContext build4 = build(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
        build4.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
        build.setRequestedAuthnContext(build4);
        AuthnContextClassRef build5 = build(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
        build5.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
        build4.getAuthnContextClassRefs().add(build5);
        return build;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.nuxeo.ecm.platform.auth.saml.AbstractSAMLProfile
    public void validateAssertion(Assertion assertion, SAMLMessageContext sAMLMessageContext) throws SAMLException, SecurityException, ValidationException, DecryptionException {
        SPSSODescriptor localEntityRoleMetadata;
        super.validateAssertion(assertion, sAMLMessageContext);
        if (assertion.getSignature() == null && (localEntityRoleMetadata = sAMLMessageContext.getLocalEntityRoleMetadata()) != null && localEntityRoleMetadata.getWantAssertionsSigned().booleanValue() && !sAMLMessageContext.isInboundSAMLMessageAuthenticated()) {
            throw new SAMLException("Metadata includes wantAssertionSigned, but neither Response nor included Assertion is signed");
        }
    }
}
