package de.governikus.gov.autent.common.idprovider.saml;

import de.bos_bremen.gov.autent.common.AttributeNameNPA;
import de.bos_bremen.gov.autent.common.Constants;
import de.bos_bremen.gov.autent.common.ErrorCode;
import de.bos_bremen.gov.autent.common.ErrorCodeException;
import de.bos_bremen.gov.autent.common.XMLSignatureHandler;
import de.bund.bsi.eid230.IdentityFlavourType;
import de.bund.bsi.eid230.LevelOfAssuranceType;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.xml.ParserPool;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.config.InitializationService;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.Unmarshaller;
import org.opensaml.core.xml.io.UnmarshallerFactory;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.IDPEntry;
import org.opensaml.saml.saml2.core.Scoping;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.soap.wstrust.Claims;
import org.opensaml.xmlsec.encryption.EncryptedData;
import org.opensaml.xmlsec.encryption.support.Decrypter;
import org.opensaml.xmlsec.encryption.support.DecryptionException;
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:de/governikus/gov/autent/common/idprovider/saml/RequestParser.class */
public class RequestParser implements Serializable {
    private static final long serialVersionUID = 1454532543;
    private final String providerName;
    private final String requestId;
    private final String sessionID;
    private final String subjectName;
    private final Integer proxyCount;
    private transient QESAttributes qesAttributes;
    private EidasAttributes eidasAttributes;
    private transient AuthnRequest parsedRequest;
    private final byte[] serializedRequest;
    private final ErrorCode demoSamlErrorCode;
    private TransactionAttestation transactionAttestation;
    private LevelOfAssuranceType levelOfAssuranceType;
    private PrivateKey decryptionKey;
    private PrivateKey decryptionKey2;
    private X509Certificate encryptionCert;
    private X509Certificate encryptionCert2;
    private static final Logger log = LoggerFactory.getLogger(RequestParser.class);
    private static final QName ENC_BSIEXTENSIONS_QNAME = new QName(Constants.BSI_EXTENSION_NAME.getNamespaceURI(), "Encrypted" + Constants.BSI_EXTENSION_NAME.getLocalPart(), Constants.BSI_EXTENSION_NAME.getPrefix());
    private final List<String> providerIds = new LinkedList();
    private HashMap<String, Boolean> requestedAttributes = null;
    private boolean extensionsParsed = false;
    private boolean firstAutentKeyUsed = true;
    private boolean firstSPKeyUsed = true;
    private final HashMap<String, Parameter> requestedAttributeParams = new HashMap<>();
    private HashMap<String, byte[]> requestHashes = null;

    /* loaded from: input_file:de/governikus/gov/autent/common/idprovider/saml/RequestParser$EidasAttributes.class */
    public static class EidasAttributes implements Serializable {
        private static final long serialVersionUID = 1;
        private LevelOfAssuranceType levelOfAssurance = LevelOfAssuranceType.HTTP_EIDAS_EUROPA_EU_LO_A_HIGH;
        private String sendingMemberState;
        private boolean useEidas;
        private boolean testMode;

        public LevelOfAssuranceType getLevelOfAssurance() {
            return this.levelOfAssurance;
        }

        public String getSendingMemberState() {
            return this.sendingMemberState;
        }

        public boolean isUseEidas() {
            return this.useEidas;
        }

        public boolean isTestMode() {
            return this.testMode;
        }

        public void setSendingMemberState(String str) {
            this.sendingMemberState = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/governikus/gov/autent/common/idprovider/saml/RequestParser$Parameter.class */
    public static final class Parameter implements Serializable {
        private static final long serialVersionUID = 1;
        String value;
        String target;

        public Parameter(String str, String str2) {
            this.value = str;
            this.target = str2;
        }
    }

    /* loaded from: input_file:de/governikus/gov/autent/common/idprovider/saml/RequestParser$QESAttributes.class */
    public static class QESAttributes implements Serializable {
        private static final long serialVersionUID = 1;
        private Date certExpiry;
        private boolean certIncludeArtisticName;
        private boolean certIncludeDateOfBirth;
        private boolean certIncludePlaceOfBirth;
        private boolean certIncludePlaceOfResidence;
        private boolean dateOfExpiry;
        private boolean indoctrination;
        private boolean publishRequest;
        private String additionalData;
        private byte[] revocationStringHash;

        public Date getCertExpiry() {
            return this.certExpiry;
        }

        public boolean isCertIncludeArtisticName() {
            return this.certIncludeArtisticName;
        }

        public boolean isCertIncludeDateOfBirth() {
            return this.certIncludeDateOfBirth;
        }

        public boolean isCertIncludePlaceOfBirth() {
            return this.certIncludePlaceOfBirth;
        }

        public boolean isCertIncludePlaceOfResidence() {
            return this.certIncludePlaceOfResidence;
        }

        public boolean isDateOfExpiry() {
            return this.dateOfExpiry;
        }

        public boolean isIndoctrination() {
            return this.indoctrination;
        }

        public boolean isPublishRequest() {
            return this.publishRequest;
        }

        public String getAdditionalData() {
            return this.additionalData;
        }

        public byte[] getRevocationStringHash() {
            return this.revocationStringHash;
        }

        private QESAttributes() {
        }
    }

    /* loaded from: input_file:de/governikus/gov/autent/common/idprovider/saml/RequestParser$TransactionAttestation.class */
    public static class TransactionAttestation implements Serializable {
        private static final long serialVersionUID = 1;
        private String transactionAttestationFormat;
        private String transactionContext;

        public String getTransactionAttestationFormat() {
            return this.transactionAttestationFormat;
        }

        public String getTransactionContext() {
            return this.transactionContext;
        }

        public TransactionAttestation(String str, String str2) {
            this.transactionAttestationFormat = str;
            this.transactionContext = str2;
        }

        private TransactionAttestation() {
        }
    }

    private static synchronized void enableDefaultUnmarshallerForRequestedAttributes() {
        UnmarshallerFactory unmarshallerFactory = XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
        if (unmarshallerFactory.getUnmarshallers().get(Constants.BSI_EXTENSION_NAME) == null) {
            Unmarshaller unmarshaller = (Unmarshaller) unmarshallerFactory.getUnmarshallers().get(new QName("http://www.opensaml.org/xmltooling-config", "DEFAULT"));
            unmarshallerFactory.registerUnmarshaller(Constants.BSI_EXTENSION_NAME, unmarshaller);
            unmarshallerFactory.registerUnmarshaller(Constants.BOS_EXTENSION_NAME, unmarshaller);
            unmarshallerFactory.registerUnmarshaller(Constants.BDR_EXTENSION_NAME, unmarshaller);
        }
    }

    public String getSubjectName() {
        return this.subjectName;
    }

    public AuthnRequest getParsedRequest() {
        return this.parsedRequest;
    }

    public String getProviderName() {
        return this.providerName;
    }

    public String getRequestId() {
        return this.requestId;
    }

    public Integer getProxyCount() {
        return this.proxyCount;
    }

    public List<String> getProviderIds() {
        return this.providerIds;
    }

    public RequestParser(byte[] bArr, String str, ErrorCode errorCode) throws XMLParserException, UnmarshallingException, InitializationException {
        this.serializedRequest = bArr;
        this.sessionID = str;
        this.demoSamlErrorCode = errorCode;
        parse();
        this.requestId = this.parsedRequest.getID();
        if (this.parsedRequest.getIssuer() == null || this.parsedRequest.getProviderName() != null) {
            this.providerName = this.parsedRequest.getProviderName();
        } else {
            this.providerName = this.parsedRequest.getIssuer().getValue();
        }
        Subject subject = this.parsedRequest.getSubject();
        if (subject != null) {
            this.subjectName = subject.getNameID().getValue();
        } else {
            this.subjectName = null;
        }
        Scoping scoping = this.parsedRequest.getScoping();
        if (scoping == null) {
            this.proxyCount = null;
            return;
        }
        this.proxyCount = scoping.getProxyCount();
        if (scoping.getIDPList() != null) {
            Iterator it = scoping.getIDPList().getIDPEntrys().iterator();
            while (it.hasNext()) {
                this.providerIds.add(((IDPEntry) it.next()).getProviderID());
            }
        }
    }

    private void parse() throws XMLParserException, UnmarshallingException, InitializationException {
        ParserPool parserPool = null;
        try {
            parserPool = XMLObjectProviderRegistrySupport.getParserPool();
        } catch (NullPointerException e) {
        }
        if (parserPool == null) {
            try {
                InitializationService.initialize();
                parserPool = XMLObjectProviderRegistrySupport.getParserPool();
                if (parserPool == null) {
                    log.error("parse() cannot get ParserPool from OpenSAML Configuration");
                }
            } catch (InitializationException e2) {
                log.error("parse() cannot bootstrap OpenSAML", e2);
                throw e2;
            }
        }
        Document parse = ((ParserPool) Objects.requireNonNull(parserPool)).parse(new ByteArrayInputStream(this.serializedRequest));
        AuthnRequest unmarshall = XMLObjectProviderRegistrySupport.getUnmarshallerFactory().getUnmarshaller(parse.getDocumentElement()).unmarshall(parse.getDocumentElement());
        if (!(unmarshall instanceof AuthnRequest)) {
            throw new IllegalArgumentException("Cannot handle class " + unmarshall.getClass().getName());
        }
        this.parsedRequest = unmarshall;
    }

    public synchronized HashMap<String, Boolean> getRequestedAttributes() {
        if (this.extensionsParsed) {
            return this.requestedAttributes;
        }
        throw new IllegalStateException("Extension were not parsed yet. Call parseExtensions() after enabling decryption.");
    }

    public synchronized QESAttributes getQesAttributes() {
        if (this.extensionsParsed) {
            return this.qesAttributes;
        }
        throw new IllegalStateException("Extension were not parsed yet. Call parseExtensions() after enabling decryption.");
    }

    public synchronized EidasAttributes getEidasAttributes() {
        if (this.extensionsParsed) {
            return this.eidasAttributes;
        }
        throw new IllegalStateException("Extension were not parsed yet. Call parseExtensions() after enabling decryption.");
    }

    public synchronized String getRequestedAttributeParam(String str) {
        if (!this.extensionsParsed) {
            throw new IllegalStateException("Extension were not parsed yet. Call parseExtensions() after enabling decryption.");
        }
        Parameter parameter = this.requestedAttributeParams.get(str);
        if (parameter == null) {
            return null;
        }
        return parameter.value;
    }

    public synchronized Map<String, String> getRequestedAttributeParamsForTarget(String str) {
        if (!this.extensionsParsed) {
            throw new IllegalStateException("Extension were not parsed yet. Call parseExtensions() after enabling decryption.");
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Parameter> entry : this.requestedAttributeParams.entrySet()) {
            if (str.equals(entry.getValue().target)) {
                hashMap.put(entry.getKey(), entry.getValue().value);
            }
        }
        return hashMap;
    }

    public synchronized TransactionAttestation getTransactionAttestation() {
        if (this.extensionsParsed) {
            return this.transactionAttestation;
        }
        throw new IllegalStateException("Extension were not parsed yet. Call parseExtensions() after enabling decryption.");
    }

    public void parseExtensions() throws ErrorCodeException {
        if (this.parsedRequest.getExtensions() == null || this.extensionsParsed) {
            this.extensionsParsed = true;
            return;
        }
        this.extensionsParsed = true;
        enableDefaultUnmarshallerForRequestedAttributes();
        for (XMLObject xMLObject : this.parsedRequest.getExtensions().getOrderedChildren()) {
            if (ENC_BSIEXTENSIONS_QNAME.equals(xMLObject.getElementQName())) {
                xMLObject = (XMLObject) xMLObject.getOrderedChildren().get(0);
            }
            if ((xMLObject instanceof EncryptedData) && this.encryptionCert != null) {
                EncryptedData encryptedData = (EncryptedData) xMLObject;
                try {
                    xMLObject = new Decrypter((KeyInfoCredentialResolver) null, new StaticKeyInfoCredentialResolver(CredentialSupport.getSimpleCredential(this.encryptionCert, this.decryptionKey)), new InlineEncryptedKeyResolver()).decryptData(encryptedData, true);
                } catch (DecryptionException e) {
                    boolean z = false;
                    if (this.encryptionCert2 != null) {
                        try {
                            xMLObject = new Decrypter((KeyInfoCredentialResolver) null, new StaticKeyInfoCredentialResolver(CredentialSupport.getSimpleCredential(this.encryptionCert2, this.decryptionKey2)), new InlineEncryptedKeyResolver()).decryptData(encryptedData, true);
                            z = true;
                            this.firstAutentKeyUsed = false;
                        } catch (DecryptionException e2) {
                            if (log.isTraceEnabled()) {
                                log.trace(e2.getMessage(), e2);
                            }
                        }
                    }
                    if (!z || ErrorCode.CANNOT_DECRYPT.equals(this.demoSamlErrorCode)) {
                        log.error("<unknown>: " + this.sessionID + ": can not decrypt all extensions for " + this.providerName, e);
                        throw new ErrorCodeException(ErrorCode.CANNOT_DECRYPT, e);
                    }
                }
            }
            handleBsiExtension(xMLObject);
            handleBosExtension(xMLObject);
            handleClaimsExtension(xMLObject);
            handleBdrExtension(xMLObject);
        }
        this.encryptionCert = null;
        this.decryptionKey = null;
        this.encryptionCert2 = null;
        this.decryptionKey2 = null;
    }

    public boolean isFirstAutentKeyUsed() {
        return this.firstAutentKeyUsed;
    }

    public boolean isFirstSPKeyUsed() {
        return this.firstSPKeyUsed;
    }

    public void setFirstSPKeyUsed(boolean z) {
        this.firstSPKeyUsed = z;
    }

    private void handleBosExtension(XMLObject xMLObject) {
        if (Constants.BOS_EXTENSION_NAME.equals(xMLObject.getElementQName())) {
            List<XMLObject> extractNamedChildList = extractNamedChildList(xMLObject, "Parameter");
            if (((List) Objects.requireNonNull(extractNamedChildList)).size() != xMLObject.getOrderedChildren().size()) {
                throw new IllegalArgumentException("schema violation: there is at least one child attribute not with the name \"Parameter\" in " + xMLObject.getElementQName());
            }
            for (XMLObject xMLObject2 : extractNamedChildList) {
                this.requestedAttributeParams.put(xMLObject2.getDOM().getAttribute("name"), new Parameter(xMLObject2.getDOM().getAttribute("value"), xMLObject2.getDOM().getAttribute("target")));
            }
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:102:0x030b A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:105:0x0063 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:46:0x01d0 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:58:0x0202 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:65:0x022e A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:72:0x025a A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:79:0x0286 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:86:0x02b2 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:93:0x02de A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:96:0x02ee A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:99:0x02fe A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void handleBdrExtension(org.opensaml.core.xml.XMLObject r6) {
        /*
            Method dump skipped, instructions count: 799
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: de.governikus.gov.autent.common.idprovider.saml.RequestParser.handleBdrExtension(org.opensaml.core.xml.XMLObject):void");
    }

    private void handleBsiExtension(XMLObject xMLObject) {
        if (Constants.BSI_EXTENSION_NAME.equals(xMLObject.getElementQName())) {
            String extractNamedAttribute = extractNamedAttribute(xMLObject, "Version", Constants.BSI_EXTENSION_NAME.getNamespaceURI());
            if (extractNamedAttribute == null || !extractNamedAttribute.matches("^1(\\.0)?$|^2(\\.0)?$")) {
                throw new IllegalArgumentException("unsupported extension version");
            }
            String substring = extractNamedAttribute.substring(0, 1);
            this.requestedAttributeParams.put("requestVersion", new Parameter(substring, "eID-Service"));
            if ("1".equals(substring)) {
                XMLObject xMLObject2 = null;
                try {
                    xMLObject2 = extractNamedChild(xMLObject, "PreSharedKey");
                } catch (IllegalArgumentException e) {
                    if (log.isTraceEnabled()) {
                        log.trace(e.getMessage(), e);
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("<unknown>: " + this.sessionID + ": no psk given in SAML request, we will generate one");
                    }
                }
                if (xMLObject2 != null) {
                    this.requestedAttributeParams.put("psk", new Parameter(extractNamedChild(xMLObject2, "Key").getDOM().getTextContent(), "eID-Service"));
                }
            }
            XMLObject extractNamedChild = extractNamedChild(xMLObject, "RequestedAttributes");
            if ("true".equals(xMLObject.getDOM().getAttribute("RequestAllDefaults"))) {
                return;
            }
            this.requestedAttributes = new HashMap<>();
            List<XMLObject> extractNamedChildList = extractNamedChildList(extractNamedChild, "Attribute");
            if (extractNamedChildList.size() != extractNamedChild.getOrderedChildren().size()) {
                throw new IllegalArgumentException("schema violation: there is at least one child attribute not with the name \"Attribute\" in " + xMLObject.getElementQName());
            }
            for (XMLObject xMLObject3 : extractNamedChildList) {
                String extractNamedAttribute2 = extractNamedAttribute(xMLObject3, "Name", "urn:oasis:names:tc:SAML:2.0:assertion");
                String extractNamedAttribute3 = extractNamedAttribute(xMLObject3, "Required", Constants.BSI_EXTENSION_NAME.getNamespaceURI());
                if (extractNamedAttribute3 == null || extractNamedAttribute3.isEmpty()) {
                    extractNamedAttribute3 = extractNamedAttribute(xMLObject3, "RequiredAttribute", Constants.BSI_EXTENSION_NAME.getNamespaceURI());
                }
                if (extractNamedAttribute3 == null || extractNamedAttribute3.isEmpty()) {
                    extractNamedAttribute3 = "true";
                }
                if (AttributeNameNPA.CommunityIdVerification.toString().equals(extractNamedAttribute2)) {
                    extractNamedAttribute2 = AttributeNameNPA.PlaceVerification.toString();
                }
                if (AttributeNameNPA.RestrictedId.toString().equals(extractNamedAttribute2)) {
                    extractNamedAttribute2 = AttributeNameNPA.RestrictedID.toString();
                }
                this.requestedAttributes.put(extractNamedAttribute2, Boolean.valueOf(extractNamedAttribute3));
                if (AttributeNameNPA.PlaceVerification.toString().equals(extractNamedAttribute2) && !xMLObject3.getOrderedChildren().isEmpty()) {
                    XMLObject extractNamedChild2 = extractNamedChild(xMLObject3, "AttributeValue");
                    if ("1".equals(substring)) {
                        this.requestedAttributeParams.put("communityIDPattern", new Parameter(extractNamedChild2.getDOM().getTextContent(), null));
                    } else if ("2".equals(substring)) {
                        this.requestedAttributeParams.put("communityIDPattern", new Parameter(extractNamedChild(extractNamedChild2, "CommunityID").getDOM().getTextContent(), null));
                    }
                } else if (AttributeNameNPA.AgeVerification.toString().equals(extractNamedAttribute2) && !xMLObject3.getOrderedChildren().isEmpty()) {
                    XMLObject extractNamedChild3 = extractNamedChild(xMLObject3, "AttributeValue");
                    if ("1".equals(substring)) {
                        this.requestedAttributeParams.put("requiredAge", new Parameter(extractNamedChild3.getDOM().getTextContent(), null));
                    } else if ("2".equals(substring)) {
                        this.requestedAttributeParams.put("requiredAge", new Parameter(extractNamedChild(extractNamedChild3, "Age").getDOM().getTextContent(), null));
                    }
                } else if (AttributeNameNPA.UseEidas.toString().equals(extractNamedAttribute2) && !xMLObject3.getOrderedChildren().isEmpty()) {
                    if (this.eidasAttributes == null) {
                        this.eidasAttributes = new EidasAttributes();
                    }
                    this.eidasAttributes.useEidas = Boolean.parseBoolean(extractNamedChild(xMLObject3, "AttributeValue").getDOM().getTextContent());
                } else if (AttributeNameNPA.EidasExtension.toString().equals(extractNamedAttribute2) && !xMLObject3.getOrderedChildren().isEmpty()) {
                    if (this.eidasAttributes == null) {
                        this.eidasAttributes = new EidasAttributes();
                    }
                    XMLObject extractNamedChild4 = extractNamedChild(xMLObject3, "AttributeValue");
                    try {
                        String textContent = extractNamedChild(extractNamedChild4, "LevelOfAssurance").getDOM().getTextContent();
                        if ("test".equals(textContent)) {
                            this.eidasAttributes.testMode = true;
                        }
                        this.eidasAttributes.levelOfAssurance = LevelOfAssuranceType.fromValue(textContent);
                    } catch (IllegalArgumentException e2) {
                    }
                    try {
                        this.eidasAttributes.sendingMemberState = extractNamedChild(extractNamedChild4, "SendingMemberState").getDOM().getTextContent();
                    } catch (IllegalArgumentException e3) {
                    }
                } else if (AttributeNameNPA.TransactionAttestation.toString().equals(extractNamedAttribute2) && !xMLObject3.getOrderedChildren().isEmpty()) {
                    if (this.transactionAttestation == null) {
                        this.transactionAttestation = new TransactionAttestation();
                    }
                    XMLObject extractNamedChild5 = extractNamedChild(xMLObject3, "AttributeValue");
                    try {
                        this.transactionAttestation.transactionAttestationFormat = extractNamedChild(extractNamedChild5, "TransactionAttestationFormat").getDOM().getTextContent();
                    } catch (IllegalArgumentException e4) {
                    }
                    try {
                        this.transactionAttestation.transactionContext = extractNamedChild(extractNamedChild5, "TransactionContext").getDOM().getTextContent();
                    } catch (IllegalArgumentException e5) {
                    }
                } else if (AttributeNameNPA.LevelOfAssurance.toString().equals(extractNamedAttribute2) && !xMLObject3.getOrderedChildren().isEmpty()) {
                    this.levelOfAssuranceType = LevelOfAssuranceType.fromValue(extractNamedChild(xMLObject3, "AttributeValue").getDOM().getTextContent());
                } else if (AttributeNameNPA.IdentityFlavour.toString().equals(extractNamedAttribute2) && !xMLObject3.getOrderedChildren().isEmpty()) {
                    if (!IdentityFlavourType.NATURAL_PERSON.value().equals(extractNamedChild(xMLObject3, "AttributeValue").getDOM().getTextContent())) {
                        throw new IllegalArgumentException("Only " + IdentityFlavourType.NATURAL_PERSON.value() + " supported as IdentityFlavour");
                    }
                }
            }
        }
    }

    private void handleClaimsExtension(XMLObject xMLObject) {
        if (Claims.ELEMENT_NAME.equals(xMLObject.getElementQName())) {
            this.requestedAttributes = new HashMap<>();
            List<XMLObject> extractNamedChildList = extractNamedChildList(xMLObject, "ClaimType");
            if (((List) Objects.requireNonNull(extractNamedChildList)).size() != xMLObject.getOrderedChildren().size()) {
                throw new IllegalArgumentException("schema violation: there is at least one child attribute not with the name \"ClaimType\" in " + xMLObject.getElementQName());
            }
            Iterator<XMLObject> it = extractNamedChildList.iterator();
            while (it.hasNext()) {
                this.requestedAttributes.put(it.next().getDOM().getAttributeNS("urn:de:egov:names:safe:1.0:claimtype", "Uri"), Boolean.TRUE);
            }
        }
    }

    private List<XMLObject> extractNamedChildList(XMLObject xMLObject, String str) {
        LinkedList linkedList = new LinkedList();
        if (xMLObject == null || xMLObject.getOrderedChildren() == null) {
            return null;
        }
        for (XMLObject xMLObject2 : xMLObject.getOrderedChildren()) {
            if (str.equals(xMLObject2.getElementQName().getLocalPart())) {
                linkedList.add(xMLObject2);
            }
        }
        return linkedList;
    }

    private XMLObject extractNamedChild(XMLObject xMLObject, String str) {
        List<XMLObject> extractNamedChildList = extractNamedChildList(xMLObject, str);
        if (extractNamedChildList == null || extractNamedChildList.size() != 1) {
            throw new IllegalArgumentException("schema violation: can not find 1 element with name " + str + " as the child of " + (xMLObject == null ? "null, " : xMLObject.getElementQName()) + ", found " + (extractNamedChildList != null ? extractNamedChildList.size() : 0));
        }
        return extractNamedChildList.get(0);
    }

    private String extractNamedAttribute(XMLObject xMLObject, String str, String str2) {
        String attributeNS = xMLObject.getDOM().getAttributeNS(str2, str);
        if (attributeNS == null || attributeNS.isEmpty()) {
            attributeNS = xMLObject.getDOM().getAttribute(str);
        }
        return attributeNS;
    }

    @Deprecated
    public void checkSignature(X509Certificate x509Certificate) throws ErrorCodeException {
        checkSignature(x509Certificate, null);
    }

    public void checkSignature(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws ErrorCodeException {
        this.firstSPKeyUsed = XMLSignatureHandler.checkSignature(this.parsedRequest.getSignature(), new X509Certificate[]{x509Certificate, x509Certificate2}) == 0;
    }

    public Date getIssueInstant() {
        return new Date(this.parsedRequest.getIssueInstant().getMillis());
    }

    public void enableDecryption(PrivateKey privateKey, X509Certificate x509Certificate, PrivateKey privateKey2, X509Certificate x509Certificate2) {
        this.decryptionKey = privateKey;
        this.encryptionCert = x509Certificate;
        this.decryptionKey2 = privateKey2;
        this.encryptionCert2 = x509Certificate2;
    }

    public void setRequestRawData(String str) {
        this.requestHashes = new HashMap<>();
        for (String str2 : new String[]{"SHA256"}) {
            try {
                this.requestHashes.put(str2, MessageDigest.getInstance(str2).digest(str.replaceAll("[^A-Za-z0-9\\+/=]", "").getBytes(StandardCharsets.UTF_8)));
            } catch (NoSuchAlgorithmException e) {
                if (log.isTraceEnabled()) {
                    log.trace(e.getMessage(), e);
                }
                log.warn("<unknown>: " + this.sessionID + ": cannot create " + str2 + " digest");
            }
        }
    }

    public byte[] getRequestHash(String str) throws NoSuchAlgorithmException {
        if (this.requestHashes == null) {
            return null;
        }
        byte[] bArr = this.requestHashes.get(str.replace("-", ""));
        if (bArr == null) {
            throw new NoSuchAlgorithmException("unsupported as request hash: " + str);
        }
        return bArr;
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException, InitializationException {
        objectInputStream.defaultReadObject();
        try {
            parse();
        } catch (XMLParserException | UnmarshallingException e) {
            throw new IOException("cannot parse data which has been parsed before", e);
        }
    }

    public LevelOfAssuranceType getLevelOfAssuranceType() {
        return this.levelOfAssuranceType;
    }
}
