package org.apache.ws.security.validate;

import java.util.List;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.saml.SAMLKeyInfo;
import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.apache.ws.security.saml.ext.OpenSAMLUtil;

/* loaded from: input_file:WEB-INF/lib/wss4j-1.6.0.jar:org/apache/ws/security/validate/SamlAssertionValidator.class */
public class SamlAssertionValidator extends SignatureTrustValidator {
    @Override // org.apache.ws.security.validate.SignatureTrustValidator, org.apache.ws.security.validate.Validator
    public Credential validate(Credential credential, RequestData requestData) throws WSSecurityException {
        if (credential == null || credential.getAssertion() == null) {
            throw new WSSecurityException(0, "noCredential");
        }
        AssertionWrapper assertion = credential.getAssertion();
        String str = null;
        List<String> confirmationMethods = assertion.getConfirmationMethods();
        if (confirmationMethods != null && confirmationMethods.size() > 0) {
            str = confirmationMethods.get(0);
        }
        if (OpenSAMLUtil.isMethodHolderOfKey(str)) {
            if (assertion.getSubjectKeyInfo() == null) {
                throw new WSSecurityException(0, "noKeyInSAMLToken");
            }
            if (!assertion.isSigned()) {
                throw new WSSecurityException(0, "invalidSAMLsecurity");
            }
        }
        if (assertion.isSigned()) {
            verifySignedAssertion(assertion, requestData);
        }
        return credential;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Credential verifySignedAssertion(AssertionWrapper assertionWrapper, RequestData requestData) throws WSSecurityException {
        Credential credential = new Credential();
        SAMLKeyInfo signatureKeyInfo = assertionWrapper.getSignatureKeyInfo();
        credential.setPublicKey(signatureKeyInfo.getPublicKey());
        credential.setCertificates(signatureKeyInfo.getCerts());
        return super.validate(credential, requestData);
    }
}
