package org.jenkinsci.plugins.saml;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.codec.binary.Base64;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.opensaml.Configuration;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Response;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.validation.ValidationException;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/saml.jar:org/jenkinsci/plugins/saml/SamlResponseHandler.class */
public class SamlResponseHandler {
    private final String certificate;

    public SamlResponseHandler(String str) {
        this.certificate = str;
    }

    public SamlAuthenticationToken handle(String str) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decodeBase64(this.certificate.getBytes("UTF-8")));
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
            BasicX509Credential basicX509Credential = new BasicX509Credential();
            basicX509Credential.setPublicKey(KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(x509Certificate.getPublicKey().getEncoded())));
            ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(Base64.decodeBase64(str));
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            Element documentElement = newInstance.newDocumentBuilder().parse(byteArrayInputStream2).getDocumentElement();
            Response response = (Response) Configuration.getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement);
            Assertion assertion = response.getAssertions().get(0);
            new SignatureValidator(basicX509Credential).validate(assertion.getSignature());
            String value = assertion.getSubject().getNameID().getValue();
            return new SamlAuthenticationToken(response.getStatus().getStatusCode().getValue(), assertion.getIssuer().getValue(), assertion.getConditions().getAudienceRestrictions().get(0).getAudiences().get(0).getAudienceURI(), value);
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException(e);
        } catch (IOException e2) {
            throw new IllegalStateException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new IllegalStateException(e3);
        } catch (CertificateException e4) {
            throw new IllegalStateException(e4);
        } catch (InvalidKeySpecException e5) {
            throw new IllegalStateException(e5);
        } catch (ParserConfigurationException e6) {
            throw new IllegalStateException(e6);
        } catch (UnmarshallingException e7) {
            throw new IllegalStateException(e7);
        } catch (ValidationException e8) {
            throw new IllegalStateException(e8);
        } catch (SAXException e9) {
            throw new IllegalStateException(e9);
        }
    }
}
