package com.ibm.ws.wssecurity.saml.saml20.assertion.utils;

import com.ibm.ws.wssecurity.saml.config.impl.SamlConfigUtil;
import com.ibm.ws.wssecurity.saml.saml20.assertion.Assertion;
import com.ibm.ws.wssecurity.saml.security.impl.SAMLSignatureVerification;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.saml.config.ConsumerConfig;
import java.security.KeyStore;
import org.apache.axiom.om.OMElement;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/saml/saml20/assertion/utils/SAMLVerifier.class */
public class SAMLVerifier {
    private static final TraceComponent tc = Tr.register(SAMLVerifier.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.samlmessages");

    public static boolean verifySAMLHeader(Assertion assertion) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "verifySAMLHeader(Assertion)");
        }
        boolean z = true;
        if (assertion.getID() == null || assertion.getID().trim().length() == 0) {
            z = false;
        }
        if (assertion.getIssueInstant() == null) {
            z = false;
        }
        if (assertion.getIssuer() == null || assertion.getIssuer().getValue() == null || assertion.getIssuer().getValue().length() == 0) {
            z = false;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "verifySAMLHeader(Assertion): " + new Boolean(z).toString());
        }
        return z;
    }

    public static boolean verifySAMLCondition(Assertion assertion) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "verifySAMLCondition(Assertion)");
        }
        boolean z = true;
        if (assertion.getConditions() != null) {
            try {
                z = assertion.getConditions().validate();
            } catch (Exception e) {
                z = false;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "verifySAMLCondition(Assertion) : returning " + z);
        }
        return z;
    }

    public static boolean verifySAMLAssertion(OMElement oMElement, ConsumerConfig consumerConfig) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "verifySAMLAssertion(OMElement, ConsumerConfig)");
        }
        boolean verify = SAMLSignatureVerification.verify(oMElement, SamlConfigUtil.getTrustKeyInformation(consumerConfig), (KeyStore) null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "verifySAMLAssertion(OMElement, ConsumerConfig): " + new Boolean(verify).toString());
        }
        return verify;
    }
}
